[CVS] OpenPKG: openpkg-src/libwmf/ libwmf.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 08:02:25
Branch: HEAD Handle: 2005072807022400
Modified files:
openpkg-src/libwmf libwmf.spec
Log:
upgrading package: libwmf 0.2.8.3 - 0.2.8.4
Summary:
RevisionChanges Path
1.27+2 -2 openpkg-src/libwmf/libwmf.spec
patch -p0 '@@ .'
Index: openpkg-src/libwmf/libwmf.spec
$ cvs diff -u -r1.26 -r1.27 libwmf.spec
--- openpkg-src/libwmf/libwmf.spec10 Jun 2005 13:50:55 - 1.26
+++ openpkg-src/libwmf/libwmf.spec28 Jul 2005 06:02:24 - 1.27
@@ -32,8 +32,8 @@
Class:PLUS
Group:Graphics
License: LGPL
-Version: 0.2.8.3
-Release: 20050610
+Version: 0.2.8.4
+Release: 20050728
# list of sources
Source0:
http://osdn.dl.sourceforge.net/sourceforge/wvware/libwmf-%{version}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/crm114/ crm114.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 08:04:14
Branch: HEAD Handle: 2005072807041400
Modified files:
openpkg-src/crm114 crm114.spec
Log:
upgrading package: crm114 20050628 - 20050721
Summary:
RevisionChanges Path
1.36+6 -6 openpkg-src/crm114/crm114.spec
patch -p0 '@@ .'
Index: openpkg-src/crm114/crm114.spec
$ cvs diff -u -r1.35 -r1.36 crm114.spec
--- openpkg-src/crm114/crm114.spec1 Jul 2005 08:40:59 - 1.35
+++ openpkg-src/crm114/crm114.spec28 Jul 2005 06:04:14 - 1.36
@@ -23,9 +23,9 @@
##
# package version
-%define V_dist 20050628
-%define V_opkg 20050628
-%define V_name BlameCochrane
+%define V_dist 20050721
+%define V_opkg 20050721
+%define V_name BlameNeilArmstrong
# package information
Name: crm114
@@ -38,10 +38,10 @@
Group:Text
License: GPL
Version: %{V_opkg}
-Release: 20050701
+Release: 20050728
# list of sources
-Source0:
http://crm114.sourceforge.net/crm114-%{V_dist}.%{V_name}.src.tar.gz
+Source0:
http://crm114.sourceforge.net/crm114-%{V_dist}-%{V_name}.src.tar.gz
# build information
Prefix: %{l_prefix}
@@ -69,7 +69,7 @@
}
%prep
-%setup -q -n crm114-%{V_dist}.%{V_name}.src
+%setup -q -n crm114-%{V_dist}-%{V_name}.src
%build
%{l_shtool} subst \
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/cgdb/ cgdb.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 08:04:58
Branch: HEAD Handle: 2005072807045700
Modified files:
openpkg-src/cgdbcgdb.spec
Log:
track only releases
Summary:
RevisionChanges Path
1.8 +2 -2 openpkg-src/cgdb/cgdb.spec
patch -p0 '@@ .'
Index: openpkg-src/cgdb/cgdb.spec
$ cvs diff -u -r1.7 -r1.8 cgdb.spec
--- openpkg-src/cgdb/cgdb.spec22 May 2005 07:41:38 - 1.7
+++ openpkg-src/cgdb/cgdb.spec28 Jul 2005 06:04:57 - 1.8
@@ -33,7 +33,7 @@
Group:Development
License: GPL
Version: 0.5.2
-Release: 20050522
+Release: 20050728
# list of sources
Source0: http://osdn.dl.sourceforge.net/cgdb/cgdb-%{version}.tar.gz
@@ -60,7 +60,7 @@
prog cgdb = {
version = %{version}
url = http://prdownloads.sourceforge.net/cgdb/
-regex = cgdb-(__VER__)\.tar\.gz
+regex = cgdb-(\d+\.\d+\.\d+)\.tar\.gz
}
%prep
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/zlib/ zlib.patch zlib.sp...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 08:20:06
Branch: OPENPKG_2_4_SOLIDHandle: 2005072807200600
Modified files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/zlibzlib.patch zlib.spec
Log:
Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849)
Summary:
RevisionChanges Path
1.4.4.2 +25 -0 openpkg-src/zlib/zlib.patch
1.33.2.3+1 -1 openpkg-src/zlib/zlib.spec
patch -p0 '@@ .'
Index: openpkg-src/zlib/zlib.patch
$ cvs diff -u -r1.4.4.1 -r1.4.4.2 zlib.patch
--- openpkg-src/zlib/zlib.patch 6 Jul 2005 16:45:22 - 1.4.4.1
+++ openpkg-src/zlib/zlib.patch 28 Jul 2005 06:20:06 - 1.4.4.2
@@ -1,3 +1,5 @@
+Security Bugfix (OpenPKG-SA-2005.013-zlib; CAN-2005-2096)
+
Index: inftrees.c
--- inftrees.c.orig 2004-09-15 16:30:06 +0200
+++ inftrees.c 2005-07-06 18:31:14 +0200
@@ -10,3 +12,26 @@
return -1; /* incomplete set */
/* generate offsets into symbol table for each length for sorting */
+
+Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849)
+
+Index: inftrees.h
+--- inftrees.h.orig 2003-08-11 00:15:50 +0200
inftrees.h 2005-07-11 08:50:37 +0200
+@@ -36,12 +36,12 @@
+ */
+
+ /* Maximum size of dynamic tree. The maximum found in a long but non-
+- exhaustive search was 1004 code structures (850 for length/literals
+- and 154 for distances, the latter actually the result of an
++ exhaustive search was 1444 code structures (852 for length/literals
++ and 592 for distances, the latter actually the result of an
+exhaustive search). The true maximum is not known, but the value
+below is more than safe. */
+-#define ENOUGH 1440
+-#define MAXD 154
++#define ENOUGH 2048
++#define MAXD 592
+
+ /* Type of code to build for inftable() */
+ typedef enum {
@@ .
patch -p0 '@@ .'
Index: openpkg-src/zlib/zlib.spec
$ cvs diff -u -r1.33.2.2 -r1.33.2.3 zlib.spec
--- openpkg-src/zlib/zlib.spec6 Jul 2005 16:45:22 - 1.33.2.2
+++ openpkg-src/zlib/zlib.spec28 Jul 2005 06:20:06 - 1.33.2.3
@@ -33,7 +33,7 @@
Group:Compression
License: BSD
Version: 1.2.2
-Release: 2.4.1
+Release: 2.4.2
# list of sources
Source0: http://www.zlib.net/zlib-%{version}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/zlib/ zlib.patch zlib.sp...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 08:22:17
Branch: OPENPKG_2_3_SOLIDHandle: 2005072807221700
Modified files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/zlibzlib.patch zlib.spec
Log:
Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849)
Summary:
RevisionChanges Path
1.4.2.2 +25 -0 openpkg-src/zlib/zlib.patch
1.32.2.3+1 -1 openpkg-src/zlib/zlib.spec
patch -p0 '@@ .'
Index: openpkg-src/zlib/zlib.patch
$ cvs diff -u -r1.4.2.1 -r1.4.2.2 zlib.patch
--- openpkg-src/zlib/zlib.patch 6 Jul 2005 16:47:32 - 1.4.2.1
+++ openpkg-src/zlib/zlib.patch 28 Jul 2005 06:22:17 - 1.4.2.2
@@ -1,3 +1,5 @@
+Security Bugfix (OpenPKG-SA-2005.013-zlib; CAN-2005-2096)
+
Index: inftrees.c
--- inftrees.c.orig 2004-09-15 16:30:06 +0200
+++ inftrees.c 2005-07-06 18:31:14 +0200
@@ -10,3 +12,26 @@
return -1; /* incomplete set */
/* generate offsets into symbol table for each length for sorting */
+
+Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849)
+
+Index: inftrees.h
+--- inftrees.h.orig 2003-08-11 00:15:50 +0200
inftrees.h 2005-07-11 08:50:37 +0200
+@@ -36,12 +36,12 @@
+ */
+
+ /* Maximum size of dynamic tree. The maximum found in a long but non-
+- exhaustive search was 1004 code structures (850 for length/literals
+- and 154 for distances, the latter actually the result of an
++ exhaustive search was 1444 code structures (852 for length/literals
++ and 592 for distances, the latter actually the result of an
+exhaustive search). The true maximum is not known, but the value
+below is more than safe. */
+-#define ENOUGH 1440
+-#define MAXD 154
++#define ENOUGH 2048
++#define MAXD 592
+
+ /* Type of code to build for inftable() */
+ typedef enum {
@@ .
patch -p0 '@@ .'
Index: openpkg-src/zlib/zlib.spec
$ cvs diff -u -r1.32.2.2 -r1.32.2.3 zlib.spec
--- openpkg-src/zlib/zlib.spec6 Jul 2005 16:47:32 - 1.32.2.2
+++ openpkg-src/zlib/zlib.spec28 Jul 2005 06:22:17 - 1.32.2.3
@@ -34,7 +34,7 @@
Group:Compression
License: BSD
Version: 1.2.2
-Release: 2.3.1
+Release: 2.3.2
# list of sources
Source0: http://www.zlib.net/zlib-%{version}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/openpkg/ openpkg.spec zl...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 08:31:34
Branch: OPENPKG_2_3_SOLIDHandle: 2005072807313300
Modified files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/openpkg openpkg.spec zlib.patch
Log:
Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849)
Summary:
RevisionChanges Path
1.397.2.9 +1 -1 openpkg-src/openpkg/openpkg.spec
1.1.8.3 +24 -1 openpkg-src/openpkg/zlib.patch
patch -p0 '@@ .'
Index: openpkg-src/openpkg/openpkg.spec
$ cvs diff -u -r1.397.2.8 -r1.397.2.9 openpkg.spec
--- openpkg-src/openpkg/openpkg.spec 6 Jul 2005 17:51:20 -
1.397.2.8
+++ openpkg-src/openpkg/openpkg.spec 28 Jul 2005 06:31:33 -
1.397.2.9
@@ -39,7 +39,7 @@
# o any cc(1)
# the package version/release
-%define V_openpkg 2.3.4
+%define V_openpkg 2.3.5
# the used software versions
%define V_rpm 4.2.1
@@ .
patch -p0 '@@ .'
Index: openpkg-src/openpkg/zlib.patch
$ cvs diff -u -r1.1.8.2 -r1.1.8.3 zlib.patch
--- openpkg-src/openpkg/zlib.patch6 Jul 2005 17:51:20 - 1.1.8.2
+++ openpkg-src/openpkg/zlib.patch28 Jul 2005 06:31:33 - 1.1.8.3
@@ -1,4 +1,4 @@
-Fix Security Issue (OpenPKG-SA-2005.013, CAN-2005-2096)
+Security Bugfix (OpenPKG-SA-2005.013-zlib; CAN-2005-2096)
Index: inftrees.c
--- inftrees.c.orig 2004-09-15 16:30:06 +0200
@@ -12,3 +12,26 @@
return -1; /* incomplete set */
/* generate offsets into symbol table for each length for sorting */
+
+Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849)
+
+Index: inftrees.h
+--- inftrees.h.orig 2003-08-11 00:15:50 +0200
inftrees.h 2005-07-11 08:50:37 +0200
+@@ -36,12 +36,12 @@
+ */
+
+ /* Maximum size of dynamic tree. The maximum found in a long but non-
+- exhaustive search was 1004 code structures (850 for length/literals
+- and 154 for distances, the latter actually the result of an
++ exhaustive search was 1444 code structures (852 for length/literals
++ and 592 for distances, the latter actually the result of an
+exhaustive search). The true maximum is not known, but the value
+below is more than safe. */
+-#define ENOUGH 1440
+-#define MAXD 154
++#define ENOUGH 2048
++#define MAXD 592
+
+ /* Type of code to build for inftable() */
+ typedef enum {
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/ghostscript/ ghostscript...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 08:35:13
Branch: OPENPKG_2_3_SOLIDHandle: 2005072807351300
Modified files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/ghostscript ghostscript.patch ghostscript.spec
Log:
Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849)
Summary:
RevisionChanges Path
1.10.4.2+25 -1 openpkg-src/ghostscript/ghostscript.patch
1.66.2.4+1 -1 openpkg-src/ghostscript/ghostscript.spec
patch -p0 '@@ .'
Index: openpkg-src/ghostscript/ghostscript.patch
$ cvs diff -u -r1.10.4.1 -r1.10.4.2 ghostscript.patch
--- openpkg-src/ghostscript/ghostscript.patch 6 Jul 2005 18:04:00 -
1.10.4.1
+++ openpkg-src/ghostscript/ghostscript.patch 28 Jul 2005 06:35:13 -
1.10.4.2
@@ -87,7 +87,7 @@
-
-Security Bugfixes (CAN-2005-2096, OpenPKG-SA-2005.013)
+Security Bugfix (OpenPKG-SA-2005.013-zlib; CAN-2005-2096)
Index: zlib/inftrees.c
--- zlib/inftrees.c.orig 2004-09-15 16:30:06 +0200
@@ -102,3 +102,27 @@
/* generate offsets into symbol table for each length for sorting */
+-
+
+Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849)
+
+Index: zlib/inftrees.h
+--- zlib/inftrees.h.orig 2003-08-11 00:15:50 +0200
zlib/inftrees.h 2005-07-11 08:50:37 +0200
+@@ -36,12 +36,12 @@
+ */
+
+ /* Maximum size of dynamic tree. The maximum found in a long but non-
+- exhaustive search was 1004 code structures (850 for length/literals
+- and 154 for distances, the latter actually the result of an
++ exhaustive search was 1444 code structures (852 for length/literals
++ and 592 for distances, the latter actually the result of an
+exhaustive search). The true maximum is not known, but the value
+below is more than safe. */
+-#define ENOUGH 1440
+-#define MAXD 154
++#define ENOUGH 2048
++#define MAXD 592
+
+ /* Type of code to build for inftable() */
+ typedef enum {
@@ .
patch -p0 '@@ .'
Index: openpkg-src/ghostscript/ghostscript.spec
$ cvs diff -u -r1.66.2.3 -r1.66.2.4 ghostscript.spec
--- openpkg-src/ghostscript/ghostscript.spec 6 Jul 2005 18:04:03 -
1.66.2.3
+++ openpkg-src/ghostscript/ghostscript.spec 28 Jul 2005 06:35:13 -
1.66.2.4
@@ -43,7 +43,7 @@
Group:Graphics
License: Aladdin
Version: %{V_real}
-Release: 2.3.1
+Release: 2.3.2
# package options
%option with_x11 yes
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/qt/ qt.patch qt.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 08:36:51
Branch: HEAD Handle: 2005072807365100
Modified files:
openpkg-src/qt qt.patch qt.spec
Log:
Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849)
Summary:
RevisionChanges Path
1.13+20 -0 openpkg-src/qt/qt.patch
1.121 +1 -1 openpkg-src/qt/qt.spec
patch -p0 '@@ .'
Index: openpkg-src/qt/qt.patch
$ cvs diff -u -r1.12 -r1.13 qt.patch
--- openpkg-src/qt/qt.patch 7 Jul 2005 09:35:51 - 1.12
+++ openpkg-src/qt/qt.patch 28 Jul 2005 06:36:51 - 1.13
@@ -358,3 +358,23 @@
return -1; /* incomplete set */
/* generate offsets into symbol table for each length for sorting */
+Index: src/3rdparty/zlib/inftrees.h
+--- src/3rdparty/zlib/inftrees.h.orig2003-08-11 00:15:50 +0200
src/3rdparty/zlib/inftrees.h 2005-07-11 08:50:37 +0200
+@@ -36,12 +36,12 @@
+ */
+
+ /* Maximum size of dynamic tree. The maximum found in a long but non-
+- exhaustive search was 1004 code structures (850 for length/literals
+- and 154 for distances, the latter actually the result of an
++ exhaustive search was 1444 code structures (852 for length/literals
++ and 592 for distances, the latter actually the result of an
+exhaustive search). The true maximum is not known, but the value
+below is more than safe. */
+-#define ENOUGH 1440
+-#define MAXD 154
++#define ENOUGH 2048
++#define MAXD 592
+
+ /* Type of code to build for inftable() */
+ typedef enum {
@@ .
patch -p0 '@@ .'
Index: openpkg-src/qt/qt.spec
$ cvs diff -u -r1.120 -r1.121 qt.spec
--- openpkg-src/qt/qt.spec7 Jul 2005 09:35:51 - 1.120
+++ openpkg-src/qt/qt.spec28 Jul 2005 06:36:51 - 1.121
@@ -33,7 +33,7 @@
Group:XWindow
License: GPL
Version: 3.3.4
-Release: 20050707
+Release: 20050728
# package library options (each 'yes' builds more libraries)
%option with_shared no
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/qt/ qt.patch qt.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 08:38:02
Branch: OPENPKG_2_4_SOLIDHandle: 2005072807380200
Modified files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/qt qt.patch qt.spec
Log:
Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849)
Summary:
RevisionChanges Path
1.11.2.2+20 -0 openpkg-src/qt/qt.patch
1.119.2.3 +1 -1 openpkg-src/qt/qt.spec
patch -p0 '@@ .'
Index: openpkg-src/qt/qt.patch
$ cvs diff -u -r1.11.2.1 -r1.11.2.2 qt.patch
--- openpkg-src/qt/qt.patch 7 Jul 2005 09:37:18 - 1.11.2.1
+++ openpkg-src/qt/qt.patch 28 Jul 2005 06:38:02 - 1.11.2.2
@@ -358,3 +358,23 @@
return -1; /* incomplete set */
/* generate offsets into symbol table for each length for sorting */
+Index: src/3rdparty/zlib/inftrees.h
+--- src/3rdparty/zlib/inftrees.h.orig2003-08-11 00:15:50 +0200
src/3rdparty/zlib/inftrees.h 2005-07-11 08:50:37 +0200
+@@ -36,12 +36,12 @@
+ */
+
+ /* Maximum size of dynamic tree. The maximum found in a long but non-
+- exhaustive search was 1004 code structures (850 for length/literals
+- and 154 for distances, the latter actually the result of an
++ exhaustive search was 1444 code structures (852 for length/literals
++ and 592 for distances, the latter actually the result of an
+exhaustive search). The true maximum is not known, but the value
+below is more than safe. */
+-#define ENOUGH 1440
+-#define MAXD 154
++#define ENOUGH 2048
++#define MAXD 592
+
+ /* Type of code to build for inftable() */
+ typedef enum {
@@ .
patch -p0 '@@ .'
Index: openpkg-src/qt/qt.spec
$ cvs diff -u -r1.119.2.2 -r1.119.2.3 qt.spec
--- openpkg-src/qt/qt.spec7 Jul 2005 09:37:18 - 1.119.2.2
+++ openpkg-src/qt/qt.spec28 Jul 2005 06:38:02 - 1.119.2.3
@@ -33,7 +33,7 @@
Group:XWindow
License: GPL
Version: 3.3.4
-Release: 2.4.1
+Release: 2.4.2
# package library options (each 'yes' builds more libraries)
%option with_shared no
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/qt/ qt.patch qt.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 08:40:23
Branch: OPENPKG_2_3_SOLIDHandle: 2005072807402300
Modified files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/qt qt.patch qt.spec
Log:
Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849)
Summary:
RevisionChanges Path
1.10.2.2+20 -0 openpkg-src/qt/qt.patch
1.116.2.3 +1 -1 openpkg-src/qt/qt.spec
patch -p0 '@@ .'
Index: openpkg-src/qt/qt.patch
$ cvs diff -u -r1.10.2.1 -r1.10.2.2 qt.patch
--- openpkg-src/qt/qt.patch 7 Jul 2005 09:39:06 - 1.10.2.1
+++ openpkg-src/qt/qt.patch 28 Jul 2005 06:40:23 - 1.10.2.2
@@ -207,3 +207,23 @@
return -1; /* incomplete set */
/* generate offsets into symbol table for each length for sorting */
+Index: src/3rdparty/zlib/inftrees.h
+--- src/3rdparty/zlib/inftrees.h.orig2003-08-11 00:15:50 +0200
src/3rdparty/zlib/inftrees.h 2005-07-11 08:50:37 +0200
+@@ -36,12 +36,12 @@
+ */
+
+ /* Maximum size of dynamic tree. The maximum found in a long but non-
+- exhaustive search was 1004 code structures (850 for length/literals
+- and 154 for distances, the latter actually the result of an
++ exhaustive search was 1444 code structures (852 for length/literals
++ and 592 for distances, the latter actually the result of an
+exhaustive search). The true maximum is not known, but the value
+below is more than safe. */
+-#define ENOUGH 1440
+-#define MAXD 154
++#define ENOUGH 2048
++#define MAXD 592
+
+ /* Type of code to build for inftable() */
+ typedef enum {
@@ .
patch -p0 '@@ .'
Index: openpkg-src/qt/qt.spec
$ cvs diff -u -r1.116.2.2 -r1.116.2.3 qt.spec
--- openpkg-src/qt/qt.spec7 Jul 2005 09:39:06 - 1.116.2.2
+++ openpkg-src/qt/qt.spec28 Jul 2005 06:40:23 - 1.116.2.3
@@ -34,7 +34,7 @@
Group:XWindow
License: GPL
Version: 3.3.4
-Release: 2.3.1
+Release: 2.3.2
# package library options (each 'yes' builds more libraries)
%option with_shared no
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/ security.txt security.wml
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Project Master Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 28-Jul-2005 09:54:37 Branch: HEAD Handle: 2005072808543600 Modified files: openpkg-web security.txt security.wml Log: SA-2005.014-zlib; CAN-2005-1849 Summary: RevisionChanges Path 1.107 +2 -0 openpkg-web/security.txt 1.135 +1 -0 openpkg-web/security.wml patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.106 -r1.107 security.txt --- openpkg-web/security.txt 23 Jun 2005 18:39:47 - 1.106 +++ openpkg-web/security.txt 28 Jul 2005 07:54:36 - 1.107 @@ -1,3 +1,5 @@ +28-Jul-2005: Security Advisory: SOpenPKG-SA-2005.014-zlib +07-Jul-2005: Security Advisory: SOpenPKG-SA-2005.013-zlib 23-Jun-2005: Security Advisory: SOpenPKG-SA-2005.012-sudo 23-Jun-2005: Security Advisory: SOpenPKG-SA-2005.011-shtool 10-Jun-2005: Security Advisory: SOpenPKG-SA-2005.010-openpkg @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.134 -r1.135 security.wml --- openpkg-web/security.wml 8 Jul 2005 13:50:54 - 1.134 +++ openpkg-web/security.wml 28 Jul 2005 07:54:36 - 1.135 @@ -90,6 +90,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2005.014 zlib sa 2005.013 zlib sa 2005.012 sudo sa 2005.011 shtool @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2005.014-zlib.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Project Master Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 28-Jul-2005 10:08:15 Branch: HEAD Handle: 2005072809081400 Added files: openpkg-web/securityOpenPKG-SA-2005.014-zlib.txt Log: release OpenPKG Security Advisory 2005.014 (zlib) Summary: RevisionChanges Path 1.1 +134 -0 openpkg-web/security/OpenPKG-SA-2005.014-zlib.txt patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2005.014-zlib.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2005.014-zlib.txt --- /dev/null 2005-07-28 10:08:06 +0200 +++ OpenPKG-SA-2005.014-zlib.txt 2005-07-28 10:08:15 +0200 @@ -0,0 +1,134 @@ +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA1 + + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2005.014 28-Jul-2005 + + +Package: zlib +Vulnerability: denial of service +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT = zlib-1.2.2-20050706 = zlib-1.2.3-20050722 + = ghostscript-8.51-20050706 = ghostscript-8.51-20050722 + = openpkg-20050706-20050706 = openpkg-20050722-20050722 + = qt-3.3.4-20050707 = qt-3.3.4-20050728 + +OpenPKG 2.4 = zlib-1.2.2-2.4.1 = zlib-1.2.2-2.4.2 + = ghostscript-8.51-2.4.1= ghostscript-8.51-2.4.2 + = openpkg-2.4.1-2.4.1 = openpkg-2.4.2-2.4.2 + = qt-3.3.4-2.4.1= qt-3.3.4-2.4.2 + +OpenPKG 2.3 = zlib-1.2.2-2.3.1 = zlib-1.2.2-2.3.2 + = ghostscript-8.14-2.3.1= ghostscript-8.14-2.3.2 + = openpkg-2.3.4-2.3.4 = openpkg-2.3.5-2.3.5 + = qt-3.3.4-2.3.1= qt-3.3.4-2.3.2 + +Affected Releases: Dependent Packages: +OpenPKG CURRENT abiword aegis aide analog apache apache2 autotrace + blender bsdtar cadaver cairo citadel clamav + cups curl cvs cvsps cvsync dia doxygen emacs + ethereal exim expat file firefox flowtools gd + geoip gif2png gift-gnutella gift-openft gimp gmime + gnome-vfs gnupg gnuplot gnutls htdig imagemagick + ircd jitterbug kcd lbreakout lcms libarchive + librsync libwmf libxml lout lynx magicpoint mcrypt + mixmaster mng mozilla mplayer mrtg mysql mysql3 + mysql40 mysql41 mysqlcc nagios neon netpbm opencdk + openpkg openssh openssl pdflib perl-comp perl-gd + perl-tk pgpdump php php3 php5 pnet png postgresql + postgresql7 pstoedit python qt ratbox ripe-dbase + rrdtool ruby scribus sio subversion tardy tetex + tiff tightvnc transfig ttmkfdir w3m webalizer wml + wv xdelta xemacs xfig xmame xplanet xv zimg + +OpenPKG 2.4 aegis aide analog apache apache2 autotrace cadaver + cairo clamav curl cvs emacs exim expat file + firefox flowtools gd geoip gif2png gift-gnutella + gift-openft gimp gmime gnupg gnuplot htdig + imagemagick ircd lcms libwmf libxml lout lynx + magicpoint mng mozilla mrtg mysql mysql40 neon + netpbm opencdk openssh openssl pdflib perl-comp + perl-tk php php5 png postgresql postgresql7 + pstoedit python ratbox ripe-dbase rrdtool sio + subversion tardy tetex tiff tightvnc transfig + ttmkfdir w3m webalizer wml xdelta xfig xv + +OpenPKG 2.3 aegis aide analog apache apache2 autotrace cadaver + clamav curl cvs emacs exim expat file flowtools + gd geoip gif2png gift-gnutella gift-openft gimp + gmime gnupg gnuplot htdig imagemagick ircd lcms + libwmf libxml lout lynx mng mozilla
[CVS] OpenPKG: openpkg-src/perl-util/ perl-util.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Christoph Schug
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 10:30:06
Branch: HEAD Handle: 2005072809300500
Modified files:
openpkg-src/perl-util perl-util.spec
Log:
modifying package: perl-util-5.8.7 20050720 - 20050728
Summary:
RevisionChanges Path
1.205 +3 -3 openpkg-src/perl-util/perl-util.spec
patch -p0 '@@ .'
Index: openpkg-src/perl-util/perl-util.spec
$ cvs diff -u -r1.204 -r1.205 perl-util.spec
--- openpkg-src/perl-util/perl-util.spec 20 Jul 2005 06:13:09 -
1.204
+++ openpkg-src/perl-util/perl-util.spec 28 Jul 2005 08:30:05 -
1.205
@@ -35,7 +35,7 @@
%define V_class_methodmaker2.07
%define V_class_returnvalue0.53
%define V_class_xpath 1.4
-%define V_class_autouse1.17
+%define V_class_autouse1.18
%define V_class_accessor 0.19
%define V_class_accessor_assert1.30
%define V_class_accessor_chained 0.01
@@ -81,7 +81,7 @@
%define V_memoize 1.01
%define V_path_class 0.12
%define V_anydata 0.10
-%define V_ootools 2.12
+%define V_ootools 2.2
%define V_clone0.18
%define V_clone_pp 1.02
%define V_data_page2.00
@@ -98,7 +98,7 @@
Group:Language
License: GPL/Artistic
Version: %{V_perl}
-Release: 20050720
+Release: 20050728
# list of sources
Source0:
http://www.cpan.org/modules/by-module/Test/Test-%{V_test}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/opera/ opera.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 12:31:48
Branch: HEAD Handle: 2005072811314800
Modified files:
openpkg-src/opera opera.spec
Log:
split versions (Opera provides different sub-versions for different
platforms) and upgrade to latest versions available for each platform
Summary:
RevisionChanges Path
1.21+17 -13 openpkg-src/opera/opera.spec
patch -p0 '@@ .'
Index: openpkg-src/opera/opera.spec
$ cvs diff -u -r1.20 -r1.21 opera.spec
--- openpkg-src/opera/opera.spec 4 Jun 2005 06:49:55 - 1.20
+++ openpkg-src/opera/opera.spec 28 Jul 2005 10:31:48 - 1.21
@@ -23,9 +23,13 @@
##
# package version
-%define V_real 8.01
-%define V_comp 801
-%define V_date 20050602.1
+%define V_openpkg 8.0
+%define V_bsd_comp 802
+%define V_bsd_real 8.02-20050727.1
+%define V_lnx_comp 802
+%define V_lnx_real 8.02-20050727.1
+%define V_sol_comp 801
+%define V_sol_real 8.01-20050615.1
# package information
Name: opera
@@ -37,13 +41,13 @@
Class:EVAL
Group:Web
License: Commercial
-Version: %{V_real}
-Release: 20050604
+Version: %{V_openpkg}
+Release: 20050728
# list of sources
-Source0:
ftp://ftp.opera.com/pub/opera/unix/freebsd/%{V_comp}/opera-%{V_real}-%{V_date}-static-qt.i386.freebsd-en.tar.bz2
-Source1:
ftp://ftp.opera.com/pub/opera/unix/solaris/%{V_comp}/opera-%{V_real}-%{V_date}-static-qt-sol8-sparc-local-en.tar.bz2
-Source2:
ftp://ftp.opera.com/pub/opera/linux/%{V_comp}/final/en/i386/opera-%{V_real}-%{V_date}-static-qt.i386-en.tar.bz2
+Source0:
ftp://ftp.opera.com/pub/opera/unix/freebsd/%{V_bsd_comp}/final/en/shared/gcc-2.95/opera-%{V_bsd_real}-static-qt.i386.freebsd-en.tar.bz2
+Source1:
ftp://ftp.opera.com/pub/opera/linux/%{V_lnx_comp}/final/en/i386/static/opera-%{V_lnx_real}-static-qt.i386-en.tar.bz2
+Source2:
ftp://ftp.opera.com/pub/opera/unix/solaris/%{V_sol_comp}/final/en/static/opera-%{V_sol_real}-static-qt-sol8-sparc-local-en.tar.bz2
# build information
Prefix: %{l_prefix}
@@ -63,17 +67,17 @@
%track
prog opera:freebsd = {
-version = %{V_comp}
+version = %{V_bsd_comp}
url = ftp://ftp.opera.com/pub/opera/unix/freebsd/
regex = (\d\d\d(u\d+)?)[^b]
}
prog opera:linux = {
-version = %{V_comp}
+version = %{V_lnx_comp}
url = ftp://ftp.opera.com/pub/opera/linux/
regex = (\d\d\d(u\d+)?)[^b]
}
prog opera:solaris = {
-version = %{V_comp}
+version = %{V_sol_comp}
url = ftp://ftp.opera.com/pub/opera/unix/solaris/
regex = (\d\d\d(u\d+)?)[^b]
}
@@ -82,8 +86,8 @@
%setup -q -c -T
case %{l_platform -t} in
i?86-freebsd[45]* ) src=%{SOURCE0} ;;
-sun4?-sunos5* ) src=%{SOURCE1} ;;
-i?86-linux2* ) src=%{SOURCE2} ;;
+i?86-linux2* ) src=%{SOURCE1} ;;
+sun4?-sunos5* ) src=%{SOURCE2} ;;
* ) echo Platform \%{l_platform -t}\ not supported 12; exit 1
;;
esac
%{l_bzip2} -d -c $src | %{l_tar} xf -
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/spamassassin/ spamassass...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 12:56:09
Branch: OPENPKG_2_4_SOLIDHandle: 2005072811560800
Added files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/spamassassin
spamassassin.patch
Modified files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/spamassassin
spamassassin.spec
Log:
Security Fixes (CAN-2005-1266)
Summary:
RevisionChanges Path
1.1.8.1 +161 -0 openpkg-src/spamassassin/spamassassin.patch
1.59.2.2+3 -1 openpkg-src/spamassassin/spamassassin.spec
patch -p0 '@@ .'
Index: openpkg-src/spamassassin/spamassassin.patch
$ cvs diff -u -r0 -r1.1.8.1 spamassassin.patch
--- /dev/null 2005-07-28 12:55:58 +0200
+++ spamassassin.patch2005-07-28 12:56:09 +0200
@@ -0,0 +1,161 @@
+Security Fixes (CAN-2005-1266)
+
+Index: lib/Mail/SpamAssassin/Message.pm
+--- lib/Mail/SpamAssassin/Message.pm.orig2005-04-26 22:42:18 +0200
lib/Mail/SpamAssassin/Message.pm 2005-06-06 03:31:23 +0200
+@@ -122,7 +122,6 @@
+
+ # Go through all the headers of the message
+ my $header = '';
+- my $boundary;
+ while ( my $last = shift @message ) {
+ if ( $last =~ /^From\s/ ) {
+ # mbox formated mailbox
+@@ -157,72 +156,63 @@
+ }
+
+ # Store the non-modified headers in a scalar
+-$self-{'pristine_headers'} .= $last;
++unless ($self-{'missing_head_body_separator'}) {
++ $self-{'pristine_headers'} .= $last;
++}
+
+ # NB: Really need to figure out special folding rules here!
+ if ( $last =~ /^[ \t]+/ ) {# if its a continuation
+ if ($header) {
+ $header .= $last;# fold continuations
+-
+-# If we're currently dealing with a content-type header, and there's a
+-# boundary defined, use it. Since there could be multiple
+-# content-type headers in a message, the last one will be the one we
+-# should use, so just keep updating as they come in.
+-if ($header =~ /^content-type:\s*(\S.*)$/is) {
+- my($type,$temp_boundary) =
Mail::SpamAssassin::Util::parse_content_type($1);
+- $boundary = $temp_boundary if ($type =~ /^multipart/ defined
$temp_boundary);
+-}
+-
+-# Go onto the next header line, unless the next line is a
+-# multipart mime boundary, where we know we're going to stop
+-# below, so drop through for final header processing.
+-next unless (defined $boundary @message $message[0] =~
/^--\Q$boundary\E(?:--|\s*$)/);
+- }
+- else {
+-# There was no previous header and this is just out there?
+-# Ignore it!
+-next;
+ }
+ }
++else {
++ # Ok, there's a header here, let's go ahead and add it in.
++ if ($header) {
++# Yes, the /s is needed to match \n too.
++my ($key, $value) = split (/:\s*(?=.)/s, $header, 2);
+
+-# Ok, there's a header here, let's go ahead and add it in.
+-if ($header) {
+- # Yes, the /s is needed to match \n too.
+- my ($key, $value) = split (/:\s*(?=.)/s, $header, 2);
++# If it's not a valid header (aka: not in the form foo: bar),
skip it.
++if (defined $value) {
++ # limit the length of the pairs we store
++ if (length($key) MAX_HEADER_KEY_LENGTH) {
++$key = substr($key, 0, MAX_HEADER_KEY_LENGTH);
++$self-{'truncated_header'} = 1;
++ }
++ if (length($value) MAX_HEADER_VALUE_LENGTH) {
++$value = substr($value, 0, MAX_HEADER_VALUE_LENGTH);
++$self-{'truncated_header'} = 1;
++ }
++ $self-header($key, $value);
++}
++ }
+
+- # If it's not a valid header (aka: not in the form foo: bar), skip
it.
+- if (defined $value) {
+-# limit the length of the pairs we store
+-if (length($key) MAX_HEADER_KEY_LENGTH) {
+- $key = substr($key, 0, MAX_HEADER_KEY_LENGTH);
+- $self-{'truncated_header'} = 1;
+-}
+-if (length($value) MAX_HEADER_VALUE_LENGTH) {
+- $value = substr($value, 0, MAX_HEADER_VALUE_LENGTH);
+- $self-{'truncated_header'} = 1;
+-}
+-$self-header($key, $value);
++ # not a continuation...
++ $header = $last;
++}
+
+-# If we're currently dealing with a content-type header, and there's a
+-# boundary
[CVS] OpenPKG: openpkg-web/ security.txt security.wml
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 28-Jul-2005 13:11:43 Branch: HEAD Handle: 2005072812114300 Modified files: openpkg-web security.txt security.wml Log: link spamassassin SA into website Summary: RevisionChanges Path 1.108 +1 -0 openpkg-web/security.txt 1.136 +1 -0 openpkg-web/security.wml patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.107 -r1.108 security.txt --- openpkg-web/security.txt 28 Jul 2005 07:54:36 - 1.107 +++ openpkg-web/security.txt 28 Jul 2005 11:11:43 - 1.108 @@ -1,3 +1,4 @@ +28-Jul-2005: Security Advisory: SOpenPKG-SA-2005.015-spamassassin 28-Jul-2005: Security Advisory: SOpenPKG-SA-2005.014-zlib 07-Jul-2005: Security Advisory: SOpenPKG-SA-2005.013-zlib 23-Jun-2005: Security Advisory: SOpenPKG-SA-2005.012-sudo @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.135 -r1.136 security.wml --- openpkg-web/security.wml 28 Jul 2005 07:54:36 - 1.135 +++ openpkg-web/security.wml 28 Jul 2005 11:11:43 - 1.136 @@ -90,6 +90,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2005.015 spamassassin sa 2005.014 zlib sa 2005.013 zlib sa 2005.012 sudo @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/ethereal/ ethereal.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 13:27:38
Branch: HEAD Handle: 2005072812273800
Modified files:
openpkg-src/etherealethereal.spec
Log:
upgrading package: ethereal 0.10.11 - 0.10.12
Summary:
RevisionChanges Path
1.57+5 -2 openpkg-src/ethereal/ethereal.spec
patch -p0 '@@ .'
Index: openpkg-src/ethereal/ethereal.spec
$ cvs diff -u -r1.56 -r1.57 ethereal.spec
--- openpkg-src/ethereal/ethereal.spec13 Jun 2005 18:17:11 -
1.56
+++ openpkg-src/ethereal/ethereal.spec28 Jul 2005 11:27:38 -
1.57
@@ -32,8 +32,8 @@
Class:EVAL
Group:Network
License: GPL
-Version: 0.10.11
-Release: 20050613
+Version: 0.10.12
+Release: 20050728
# package options
%option with_zlibyes
@@ -97,6 +97,9 @@
-e 's;-all-static *;;g' \
-e 's;-static *;;g' \
Makefile.in
+%{l_shtool} subst \
+-e 's;\([, ]\)encrypt;\1myencrypt;g' \
+epan/radius_dict.c
%build
CC=%{l_cc} \
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/ security.txt security.wml openpkg-web/secu...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 28-Jul-2005 14:09:47 Branch: HEAD Handle: 2005072813094600 Added files: openpkg-web/securityOpenPKG-SA-2005.016-fetchmail.txt Modified files: openpkg-web security.txt security.wml Log: SA-2005.016-fetchmail; CAN-2005-2335 Summary: RevisionChanges Path 1.109 +1 -0 openpkg-web/security.txt 1.137 +1 -0 openpkg-web/security.wml 1.1 +72 -0 openpkg-web/security/OpenPKG-SA-2005.016-fetchmail.txt patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.108 -r1.109 security.txt --- openpkg-web/security.txt 28 Jul 2005 11:11:43 - 1.108 +++ openpkg-web/security.txt 28 Jul 2005 12:09:46 - 1.109 @@ -1,3 +1,4 @@ +28-Jul-2005: Security Advisory: SOpenPKG-SA-2005.016-fetchmail 28-Jul-2005: Security Advisory: SOpenPKG-SA-2005.015-spamassassin 28-Jul-2005: Security Advisory: SOpenPKG-SA-2005.014-zlib 07-Jul-2005: Security Advisory: SOpenPKG-SA-2005.013-zlib @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.136 -r1.137 security.wml --- openpkg-web/security.wml 28 Jul 2005 11:11:43 - 1.136 +++ openpkg-web/security.wml 28 Jul 2005 12:09:46 - 1.137 @@ -90,6 +90,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2005.016 fetchmail sa 2005.015 spamassassin sa 2005.014 zlib sa 2005.013 zlib @@ . patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2005.016-fetchmail.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2005.016-fetchmail.txt --- /dev/null 2005-07-28 14:09:46 +0200 +++ OpenPKG-SA-2005.016-fetchmail.txt 2005-07-28 14:09:47 +0200 @@ -0,0 +1,72 @@ + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2005.016 28-Jul-2005 + + +Package: fetchmail +Vulnerability: denial of service +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT = fetchmail-6.2.5-20050311 = fetchmail-6.2.5-20050728 +OpenPKG 2.4 = fetchmail-6.2.5-2.4.0= fetchmail-6.2.5-2.4.1 +OpenPKG 2.3 = fetchmail-6.2.5-2.3.0= fetchmail-6.2.5-2.3.1 + +Dependent Packages: none + +Description: + Ross Boylan reported a bug [0] in fetchmail [1] which turned out + being a remote buffer overflow vulnerability. A malicious POP3 server + could send a carefully crafted message and cause a denial of service + and possibly execute arbitrary code via long UIDL responses. The + Common Vulnerabilities and Exposures (CVE) project assigned the id + CAN-2005-2335 [2] to the problem. + + Please check whether you are affected by running prefix/bin/openpkg + rpm -q fetchmail. If you have the fetchmail package installed and + its version is affected (see above), we recommend that you immediately + upgrade it (see Solution) [3][4]. + +Solution: + Select the updated source RPM appropriate for your OpenPKG release + [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror + location, verify its integrity [9], build a corresponding binary RPM + from it [3] and update your OpenPKG installation by applying the + binary RPM [4]. For the most recent release OpenPKG 2.4, perform the + following operations to permanently fix the security problem (for + other releases adjust accordingly). + + $ ftp ftp.openpkg.org + ftp bin + ftp cd release/2.4/UPD + ftp get fetchmail-6.2.5-2.4.1.src.rpm + ftp bye + $ prefix/bin/openpkg rpm -v --checksig fetchmail-6.2.5-2.4.1.src.rpm + $ prefix/bin/openpkg rpm --rebuild fetchmail-6.2.5-2.4.1.src.rpm + $ su - + # prefix/bin/openpkg rpm -Fvh prefix/RPM/PKG/fetchmail-6.2.5-2.4.1.*.rpm + + +References: + [0] http://bugs.debian.org/cgi-bin
[CVS] OpenPKG: openpkg-src/fetchmail/ fetchmail.patch fetchmail.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 14:10:04
Branch: HEAD Handle: 2005072813100400
Modified files:
openpkg-src/fetchmail fetchmail.patch fetchmail.spec
Log:
SA-2005.016-fetchmail; CAN-2005-2335
Summary:
RevisionChanges Path
1.6 +35 -0 openpkg-src/fetchmail/fetchmail.patch
1.65+1 -1 openpkg-src/fetchmail/fetchmail.spec
patch -p0 '@@ .'
Index: openpkg-src/fetchmail/fetchmail.patch
$ cvs diff -u -r1.5 -r1.6 fetchmail.patch
--- openpkg-src/fetchmail/fetchmail.patch 29 Jan 2005 12:39:27 -
1.5
+++ openpkg-src/fetchmail/fetchmail.patch 28 Jul 2005 12:10:04 -
1.6
@@ -24,3 +24,38 @@
fetchsizelimit = 1;
/* Time to allocate memory to store the sizes */
+
+OpenPKG-SA-2005.016-fetchmail; CAN-2005-2335
+Patch from Ludwig Nussel @SUSE
+Index: fetchmail-6.2.5/pop3.c
+===
+--- pop3.c.625
pop3.c
+@@ -613,6 +613,8 @@ static int pop3_gettopid( int sock, int
+ return 0;
+ }
+
++#define str(s) #s
++#define UIDLFMT(n) %d % str(n) s
+ static int pop3_getuidl( int sock, int num , char *id)
+ {
+ int ok;
+@@ -620,7 +622,7 @@ static int pop3_getuidl( int sock, int n
+ gen_send(sock, UIDL %d, num);
+ if ((ok = pop3_ok(sock, buf)) != 0)
+ return(ok);
+-if (sscanf(buf, %d %s, num, id) != 2)
++if (sscanf(buf, UIDLFMT(IDLEN), num, id) != 2)
+ return(PS_PROTOCOL);
+ return(PS_SUCCESS);
+ }
+@@ -862,7 +864,7 @@ static int pop3_getrange(int sock,
+ {
+ if (DOTLINE(buf))
+ break;
+-else if (sscanf(buf, %d %s, num, id) == 2)
++else if (sscanf(buf, UIDLFMT(IDLEN), num, id) == 2)
+ {
+ struct idlist *old, *new;
+
+
@@ .
patch -p0 '@@ .'
Index: openpkg-src/fetchmail/fetchmail.spec
$ cvs diff -u -r1.64 -r1.65 fetchmail.spec
--- openpkg-src/fetchmail/fetchmail.spec 24 Mar 2005 11:18:45 -
1.64
+++ openpkg-src/fetchmail/fetchmail.spec 28 Jul 2005 12:10:04 -
1.65
@@ -33,7 +33,7 @@
Group:Mail
License: GPL
Version: 6.2.5
-Release: 20050311
+Release: 20050728
# list of sources
Source0: http://www.catb.org/~esr/fetchmail/fetchmail-%{version}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/fetchmail/ fetchmail.pat...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 14:14:59
Branch: OPENPKG_2_4_SOLIDHandle: 2005072813145900
Modified files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/fetchmail fetchmail.patch fetchmail.spec
Log:
MFC: SA-2005.016-fetchmail; CAN-2005-2335
Summary:
RevisionChanges Path
1.5.4.1 +35 -0 openpkg-src/fetchmail/fetchmail.patch
1.64.2.2+1 -1 openpkg-src/fetchmail/fetchmail.spec
patch -p0 '@@ .'
Index: openpkg-src/fetchmail/fetchmail.patch
$ cvs diff -u -r1.5 -r1.5.4.1 fetchmail.patch
--- openpkg-src/fetchmail/fetchmail.patch 29 Jan 2005 12:39:27 -
1.5
+++ openpkg-src/fetchmail/fetchmail.patch 28 Jul 2005 12:14:59 -
1.5.4.1
@@ -24,3 +24,38 @@
fetchsizelimit = 1;
/* Time to allocate memory to store the sizes */
+
+OpenPKG-SA-2005.016-fetchmail; CAN-2005-2335
+Patch from Ludwig Nussel @SUSE
+Index: fetchmail-6.2.5/pop3.c
+===
+--- pop3.c.625
pop3.c
+@@ -613,6 +613,8 @@ static int pop3_gettopid( int sock, int
+ return 0;
+ }
+
++#define str(s) #s
++#define UIDLFMT(n) %d % str(n) s
+ static int pop3_getuidl( int sock, int num , char *id)
+ {
+ int ok;
+@@ -620,7 +622,7 @@ static int pop3_getuidl( int sock, int n
+ gen_send(sock, UIDL %d, num);
+ if ((ok = pop3_ok(sock, buf)) != 0)
+ return(ok);
+-if (sscanf(buf, %d %s, num, id) != 2)
++if (sscanf(buf, UIDLFMT(IDLEN), num, id) != 2)
+ return(PS_PROTOCOL);
+ return(PS_SUCCESS);
+ }
+@@ -862,7 +864,7 @@ static int pop3_getrange(int sock,
+ {
+ if (DOTLINE(buf))
+ break;
+-else if (sscanf(buf, %d %s, num, id) == 2)
++else if (sscanf(buf, UIDLFMT(IDLEN), num, id) == 2)
+ {
+ struct idlist *old, *new;
+
+
@@ .
patch -p0 '@@ .'
Index: openpkg-src/fetchmail/fetchmail.spec
$ cvs diff -u -r1.64.2.1 -r1.64.2.2 fetchmail.spec
--- openpkg-src/fetchmail/fetchmail.spec 15 Jun 2005 18:59:11 -
1.64.2.1
+++ openpkg-src/fetchmail/fetchmail.spec 28 Jul 2005 12:14:59 -
1.64.2.2
@@ -33,7 +33,7 @@
Group:Mail
License: GPL
Version: 6.2.5
-Release: 2.4.0
+Release: 2.4.1
# list of sources
Source0: http://www.catb.org/~esr/fetchmail/fetchmail-%{version}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/fetchmail/ fetchmail.pat...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 14:15:14
Branch: OPENPKG_2_3_SOLIDHandle: 2005072813151400
Modified files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/fetchmail fetchmail.patch fetchmail.spec
Log:
MFC: SA-2005.016-fetchmail; CAN-2005-2335
Summary:
RevisionChanges Path
1.5.2.1 +35 -0 openpkg-src/fetchmail/fetchmail.patch
1.60.2.2+1 -1 openpkg-src/fetchmail/fetchmail.spec
patch -p0 '@@ .'
Index: openpkg-src/fetchmail/fetchmail.patch
$ cvs diff -u -r1.5 -r1.5.2.1 fetchmail.patch
--- openpkg-src/fetchmail/fetchmail.patch 29 Jan 2005 12:39:27 -
1.5
+++ openpkg-src/fetchmail/fetchmail.patch 28 Jul 2005 12:15:14 -
1.5.2.1
@@ -24,3 +24,38 @@
fetchsizelimit = 1;
/* Time to allocate memory to store the sizes */
+
+OpenPKG-SA-2005.016-fetchmail; CAN-2005-2335
+Patch from Ludwig Nussel @SUSE
+Index: fetchmail-6.2.5/pop3.c
+===
+--- pop3.c.625
pop3.c
+@@ -613,6 +613,8 @@ static int pop3_gettopid( int sock, int
+ return 0;
+ }
+
++#define str(s) #s
++#define UIDLFMT(n) %d % str(n) s
+ static int pop3_getuidl( int sock, int num , char *id)
+ {
+ int ok;
+@@ -620,7 +622,7 @@ static int pop3_getuidl( int sock, int n
+ gen_send(sock, UIDL %d, num);
+ if ((ok = pop3_ok(sock, buf)) != 0)
+ return(ok);
+-if (sscanf(buf, %d %s, num, id) != 2)
++if (sscanf(buf, UIDLFMT(IDLEN), num, id) != 2)
+ return(PS_PROTOCOL);
+ return(PS_SUCCESS);
+ }
+@@ -862,7 +864,7 @@ static int pop3_getrange(int sock,
+ {
+ if (DOTLINE(buf))
+ break;
+-else if (sscanf(buf, %d %s, num, id) == 2)
++else if (sscanf(buf, UIDLFMT(IDLEN), num, id) == 2)
+ {
+ struct idlist *old, *new;
+
+
@@ .
patch -p0 '@@ .'
Index: openpkg-src/fetchmail/fetchmail.spec
$ cvs diff -u -r1.60.2.1 -r1.60.2.2 fetchmail.spec
--- openpkg-src/fetchmail/fetchmail.spec 21 Feb 2005 17:06:42 -
1.60.2.1
+++ openpkg-src/fetchmail/fetchmail.spec 28 Jul 2005 12:15:14 -
1.60.2.2
@@ -34,7 +34,7 @@
Group:Mail
License: GPL
Version: 6.2.5
-Release: 2.3.0
+Release: 2.3.1
# list of sources
Source0: http://www.catb.org/~esr/fetchmail/fetchmail-%{version}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2005.016-fetchmail.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Project Master Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 28-Jul-2005 14:33:34 Branch: HEAD Handle: 200507281400 Modified files: openpkg-web/securityOpenPKG-SA-2005.016-fetchmail.txt Log: release OpenPKG Security Advisory 2005.016 (fetchmail) Summary: RevisionChanges Path 1.2 +10 -0 openpkg-web/security/OpenPKG-SA-2005.016-fetchmail.txt patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2005.016-fetchmail.txt $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2005.016-fetchmail.txt --- openpkg-web/security/OpenPKG-SA-2005.016-fetchmail.txt28 Jul 2005 12:09:46 - 1.1 +++ openpkg-web/security/OpenPKG-SA-2005.016-fetchmail.txt28 Jul 2005 12:33:34 - 1.2 @@ -1,3 +1,6 @@ +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA1 + OpenPKG Security AdvisoryThe OpenPKG Project @@ -70,3 +73,10 @@ for details on how to verify the integrity of this advisory. +-BEGIN PGP SIGNATURE- +Comment: OpenPKG [EMAIL PROTECTED] + +iD8DBQFC6M/NgHWT4GPEy58RAlopAKCaj7LsPJ6W4sMWY7qMZ1YGl47DhACgxAG8 +oqkFGO++EPKu+BcOzBp2UPg= +=3oJ+ +-END PGP SIGNATURE- @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/apache2/ apache2.patch apache2.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 28-Jul-2005 22:29:24
Branch: HEAD Handle: 2005072821292400
Modified files:
openpkg-src/apache2 apache2.patch apache2.spec
Log:
apply security fix
Summary:
RevisionChanges Path
1.7 +13 -0 openpkg-src/apache2/apache2.patch
1.64+1 -1 openpkg-src/apache2/apache2.spec
patch -p0 '@@ .'
Index: openpkg-src/apache2/apache2.patch
$ cvs diff -u -r1.6 -r1.7 apache2.patch
--- openpkg-src/apache2/apache2.patch 16 Sep 2004 09:38:44 - 1.6
+++ openpkg-src/apache2/apache2.patch 28 Jul 2005 20:29:24 - 1.7
@@ -1,3 +1,4 @@
+Index: server/Makefile.in.dist
--- server/Makefile.in.dist 2003-07-03 16:40:35.0 +0200
+++ server/Makefile.in 2003-07-03 16:41:19.0 +0200
@@ -55,7 +55,8 @@
@@ -10,3 +11,15 @@
done; \
sort -u $$tmp $@; \
rm -f $$tmp
+Index: modules/ssl/ssl_engine_kernel.c
+--- modules/ssl/ssl_engine_kernel.c.orig 2005-03-29 10:44:31 +0200
modules/ssl/ssl_engine_kernel.c 2005-07-28 22:25:38 +0200
+@@ -1398,7 +1398,7 @@
+ BIO_printf(bio, , nextUpdate: );
+ ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
+
+-n = BIO_read(bio, buff, sizeof(buff));
++n = BIO_read(bio, buff, sizeof(buff) - 1);
+ buff[n] = '\0';
+
+ BIO_free(bio);
@@ .
patch -p0 '@@ .'
Index: openpkg-src/apache2/apache2.spec
$ cvs diff -u -r1.63 -r1.64 apache2.spec
--- openpkg-src/apache2/apache2.spec 24 Jul 2005 19:32:58 - 1.63
+++ openpkg-src/apache2/apache2.spec 28 Jul 2005 20:29:24 - 1.64
@@ -39,7 +39,7 @@
Group:Web
License: ASF
Version: %{V_apache}
-Release: 20050724
+Release: 20050728
# package options (suexec related)
%option with_suexec yes
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
