[CVS] OpenPKG: openpkg-src/libwmf/ libwmf.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 08:02:25 Branch: HEAD Handle: 2005072807022400 Modified files: openpkg-src/libwmf libwmf.spec Log: upgrading package: libwmf 0.2.8.3 - 0.2.8.4 Summary: RevisionChanges Path 1.27+2 -2 openpkg-src/libwmf/libwmf.spec patch -p0 '@@ .' Index: openpkg-src/libwmf/libwmf.spec $ cvs diff -u -r1.26 -r1.27 libwmf.spec --- openpkg-src/libwmf/libwmf.spec10 Jun 2005 13:50:55 - 1.26 +++ openpkg-src/libwmf/libwmf.spec28 Jul 2005 06:02:24 - 1.27 @@ -32,8 +32,8 @@ Class:PLUS Group:Graphics License: LGPL -Version: 0.2.8.3 -Release: 20050610 +Version: 0.2.8.4 +Release: 20050728 # list of sources Source0: http://osdn.dl.sourceforge.net/sourceforge/wvware/libwmf-%{version}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/crm114/ crm114.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 08:04:14 Branch: HEAD Handle: 2005072807041400 Modified files: openpkg-src/crm114 crm114.spec Log: upgrading package: crm114 20050628 - 20050721 Summary: RevisionChanges Path 1.36+6 -6 openpkg-src/crm114/crm114.spec patch -p0 '@@ .' Index: openpkg-src/crm114/crm114.spec $ cvs diff -u -r1.35 -r1.36 crm114.spec --- openpkg-src/crm114/crm114.spec1 Jul 2005 08:40:59 - 1.35 +++ openpkg-src/crm114/crm114.spec28 Jul 2005 06:04:14 - 1.36 @@ -23,9 +23,9 @@ ## # package version -%define V_dist 20050628 -%define V_opkg 20050628 -%define V_name BlameCochrane +%define V_dist 20050721 +%define V_opkg 20050721 +%define V_name BlameNeilArmstrong # package information Name: crm114 @@ -38,10 +38,10 @@ Group:Text License: GPL Version: %{V_opkg} -Release: 20050701 +Release: 20050728 # list of sources -Source0: http://crm114.sourceforge.net/crm114-%{V_dist}.%{V_name}.src.tar.gz +Source0: http://crm114.sourceforge.net/crm114-%{V_dist}-%{V_name}.src.tar.gz # build information Prefix: %{l_prefix} @@ -69,7 +69,7 @@ } %prep -%setup -q -n crm114-%{V_dist}.%{V_name}.src +%setup -q -n crm114-%{V_dist}-%{V_name}.src %build %{l_shtool} subst \ @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/cgdb/ cgdb.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 08:04:58 Branch: HEAD Handle: 2005072807045700 Modified files: openpkg-src/cgdbcgdb.spec Log: track only releases Summary: RevisionChanges Path 1.8 +2 -2 openpkg-src/cgdb/cgdb.spec patch -p0 '@@ .' Index: openpkg-src/cgdb/cgdb.spec $ cvs diff -u -r1.7 -r1.8 cgdb.spec --- openpkg-src/cgdb/cgdb.spec22 May 2005 07:41:38 - 1.7 +++ openpkg-src/cgdb/cgdb.spec28 Jul 2005 06:04:57 - 1.8 @@ -33,7 +33,7 @@ Group:Development License: GPL Version: 0.5.2 -Release: 20050522 +Release: 20050728 # list of sources Source0: http://osdn.dl.sourceforge.net/cgdb/cgdb-%{version}.tar.gz @@ -60,7 +60,7 @@ prog cgdb = { version = %{version} url = http://prdownloads.sourceforge.net/cgdb/ -regex = cgdb-(__VER__)\.tar\.gz +regex = cgdb-(\d+\.\d+\.\d+)\.tar\.gz } %prep @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/zlib/ zlib.patch zlib.sp...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 08:20:06 Branch: OPENPKG_2_4_SOLIDHandle: 2005072807200600 Modified files: (Branch: OPENPKG_2_4_SOLID) openpkg-src/zlibzlib.patch zlib.spec Log: Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849) Summary: RevisionChanges Path 1.4.4.2 +25 -0 openpkg-src/zlib/zlib.patch 1.33.2.3+1 -1 openpkg-src/zlib/zlib.spec patch -p0 '@@ .' Index: openpkg-src/zlib/zlib.patch $ cvs diff -u -r1.4.4.1 -r1.4.4.2 zlib.patch --- openpkg-src/zlib/zlib.patch 6 Jul 2005 16:45:22 - 1.4.4.1 +++ openpkg-src/zlib/zlib.patch 28 Jul 2005 06:20:06 - 1.4.4.2 @@ -1,3 +1,5 @@ +Security Bugfix (OpenPKG-SA-2005.013-zlib; CAN-2005-2096) + Index: inftrees.c --- inftrees.c.orig 2004-09-15 16:30:06 +0200 +++ inftrees.c 2005-07-06 18:31:14 +0200 @@ -10,3 +12,26 @@ return -1; /* incomplete set */ /* generate offsets into symbol table for each length for sorting */ + +Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849) + +Index: inftrees.h +--- inftrees.h.orig 2003-08-11 00:15:50 +0200 inftrees.h 2005-07-11 08:50:37 +0200 +@@ -36,12 +36,12 @@ + */ + + /* Maximum size of dynamic tree. The maximum found in a long but non- +- exhaustive search was 1004 code structures (850 for length/literals +- and 154 for distances, the latter actually the result of an ++ exhaustive search was 1444 code structures (852 for length/literals ++ and 592 for distances, the latter actually the result of an +exhaustive search). The true maximum is not known, but the value +below is more than safe. */ +-#define ENOUGH 1440 +-#define MAXD 154 ++#define ENOUGH 2048 ++#define MAXD 592 + + /* Type of code to build for inftable() */ + typedef enum { @@ . patch -p0 '@@ .' Index: openpkg-src/zlib/zlib.spec $ cvs diff -u -r1.33.2.2 -r1.33.2.3 zlib.spec --- openpkg-src/zlib/zlib.spec6 Jul 2005 16:45:22 - 1.33.2.2 +++ openpkg-src/zlib/zlib.spec28 Jul 2005 06:20:06 - 1.33.2.3 @@ -33,7 +33,7 @@ Group:Compression License: BSD Version: 1.2.2 -Release: 2.4.1 +Release: 2.4.2 # list of sources Source0: http://www.zlib.net/zlib-%{version}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/zlib/ zlib.patch zlib.sp...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 08:22:17 Branch: OPENPKG_2_3_SOLIDHandle: 2005072807221700 Modified files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/zlibzlib.patch zlib.spec Log: Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849) Summary: RevisionChanges Path 1.4.2.2 +25 -0 openpkg-src/zlib/zlib.patch 1.32.2.3+1 -1 openpkg-src/zlib/zlib.spec patch -p0 '@@ .' Index: openpkg-src/zlib/zlib.patch $ cvs diff -u -r1.4.2.1 -r1.4.2.2 zlib.patch --- openpkg-src/zlib/zlib.patch 6 Jul 2005 16:47:32 - 1.4.2.1 +++ openpkg-src/zlib/zlib.patch 28 Jul 2005 06:22:17 - 1.4.2.2 @@ -1,3 +1,5 @@ +Security Bugfix (OpenPKG-SA-2005.013-zlib; CAN-2005-2096) + Index: inftrees.c --- inftrees.c.orig 2004-09-15 16:30:06 +0200 +++ inftrees.c 2005-07-06 18:31:14 +0200 @@ -10,3 +12,26 @@ return -1; /* incomplete set */ /* generate offsets into symbol table for each length for sorting */ + +Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849) + +Index: inftrees.h +--- inftrees.h.orig 2003-08-11 00:15:50 +0200 inftrees.h 2005-07-11 08:50:37 +0200 +@@ -36,12 +36,12 @@ + */ + + /* Maximum size of dynamic tree. The maximum found in a long but non- +- exhaustive search was 1004 code structures (850 for length/literals +- and 154 for distances, the latter actually the result of an ++ exhaustive search was 1444 code structures (852 for length/literals ++ and 592 for distances, the latter actually the result of an +exhaustive search). The true maximum is not known, but the value +below is more than safe. */ +-#define ENOUGH 1440 +-#define MAXD 154 ++#define ENOUGH 2048 ++#define MAXD 592 + + /* Type of code to build for inftable() */ + typedef enum { @@ . patch -p0 '@@ .' Index: openpkg-src/zlib/zlib.spec $ cvs diff -u -r1.32.2.2 -r1.32.2.3 zlib.spec --- openpkg-src/zlib/zlib.spec6 Jul 2005 16:47:32 - 1.32.2.2 +++ openpkg-src/zlib/zlib.spec28 Jul 2005 06:22:17 - 1.32.2.3 @@ -34,7 +34,7 @@ Group:Compression License: BSD Version: 1.2.2 -Release: 2.3.1 +Release: 2.3.2 # list of sources Source0: http://www.zlib.net/zlib-%{version}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/openpkg/ openpkg.spec zl...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 08:31:34 Branch: OPENPKG_2_3_SOLIDHandle: 2005072807313300 Modified files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/openpkg openpkg.spec zlib.patch Log: Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849) Summary: RevisionChanges Path 1.397.2.9 +1 -1 openpkg-src/openpkg/openpkg.spec 1.1.8.3 +24 -1 openpkg-src/openpkg/zlib.patch patch -p0 '@@ .' Index: openpkg-src/openpkg/openpkg.spec $ cvs diff -u -r1.397.2.8 -r1.397.2.9 openpkg.spec --- openpkg-src/openpkg/openpkg.spec 6 Jul 2005 17:51:20 - 1.397.2.8 +++ openpkg-src/openpkg/openpkg.spec 28 Jul 2005 06:31:33 - 1.397.2.9 @@ -39,7 +39,7 @@ # o any cc(1) # the package version/release -%define V_openpkg 2.3.4 +%define V_openpkg 2.3.5 # the used software versions %define V_rpm 4.2.1 @@ . patch -p0 '@@ .' Index: openpkg-src/openpkg/zlib.patch $ cvs diff -u -r1.1.8.2 -r1.1.8.3 zlib.patch --- openpkg-src/openpkg/zlib.patch6 Jul 2005 17:51:20 - 1.1.8.2 +++ openpkg-src/openpkg/zlib.patch28 Jul 2005 06:31:33 - 1.1.8.3 @@ -1,4 +1,4 @@ -Fix Security Issue (OpenPKG-SA-2005.013, CAN-2005-2096) +Security Bugfix (OpenPKG-SA-2005.013-zlib; CAN-2005-2096) Index: inftrees.c --- inftrees.c.orig 2004-09-15 16:30:06 +0200 @@ -12,3 +12,26 @@ return -1; /* incomplete set */ /* generate offsets into symbol table for each length for sorting */ + +Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849) + +Index: inftrees.h +--- inftrees.h.orig 2003-08-11 00:15:50 +0200 inftrees.h 2005-07-11 08:50:37 +0200 +@@ -36,12 +36,12 @@ + */ + + /* Maximum size of dynamic tree. The maximum found in a long but non- +- exhaustive search was 1004 code structures (850 for length/literals +- and 154 for distances, the latter actually the result of an ++ exhaustive search was 1444 code structures (852 for length/literals ++ and 592 for distances, the latter actually the result of an +exhaustive search). The true maximum is not known, but the value +below is more than safe. */ +-#define ENOUGH 1440 +-#define MAXD 154 ++#define ENOUGH 2048 ++#define MAXD 592 + + /* Type of code to build for inftable() */ + typedef enum { @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/ghostscript/ ghostscript...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 08:35:13 Branch: OPENPKG_2_3_SOLIDHandle: 2005072807351300 Modified files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/ghostscript ghostscript.patch ghostscript.spec Log: Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849) Summary: RevisionChanges Path 1.10.4.2+25 -1 openpkg-src/ghostscript/ghostscript.patch 1.66.2.4+1 -1 openpkg-src/ghostscript/ghostscript.spec patch -p0 '@@ .' Index: openpkg-src/ghostscript/ghostscript.patch $ cvs diff -u -r1.10.4.1 -r1.10.4.2 ghostscript.patch --- openpkg-src/ghostscript/ghostscript.patch 6 Jul 2005 18:04:00 - 1.10.4.1 +++ openpkg-src/ghostscript/ghostscript.patch 28 Jul 2005 06:35:13 - 1.10.4.2 @@ -87,7 +87,7 @@ - -Security Bugfixes (CAN-2005-2096, OpenPKG-SA-2005.013) +Security Bugfix (OpenPKG-SA-2005.013-zlib; CAN-2005-2096) Index: zlib/inftrees.c --- zlib/inftrees.c.orig 2004-09-15 16:30:06 +0200 @@ -102,3 +102,27 @@ /* generate offsets into symbol table for each length for sorting */ +- + +Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849) + +Index: zlib/inftrees.h +--- zlib/inftrees.h.orig 2003-08-11 00:15:50 +0200 zlib/inftrees.h 2005-07-11 08:50:37 +0200 +@@ -36,12 +36,12 @@ + */ + + /* Maximum size of dynamic tree. The maximum found in a long but non- +- exhaustive search was 1004 code structures (850 for length/literals +- and 154 for distances, the latter actually the result of an ++ exhaustive search was 1444 code structures (852 for length/literals ++ and 592 for distances, the latter actually the result of an +exhaustive search). The true maximum is not known, but the value +below is more than safe. */ +-#define ENOUGH 1440 +-#define MAXD 154 ++#define ENOUGH 2048 ++#define MAXD 592 + + /* Type of code to build for inftable() */ + typedef enum { @@ . patch -p0 '@@ .' Index: openpkg-src/ghostscript/ghostscript.spec $ cvs diff -u -r1.66.2.3 -r1.66.2.4 ghostscript.spec --- openpkg-src/ghostscript/ghostscript.spec 6 Jul 2005 18:04:03 - 1.66.2.3 +++ openpkg-src/ghostscript/ghostscript.spec 28 Jul 2005 06:35:13 - 1.66.2.4 @@ -43,7 +43,7 @@ Group:Graphics License: Aladdin Version: %{V_real} -Release: 2.3.1 +Release: 2.3.2 # package options %option with_x11 yes @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/qt/ qt.patch qt.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 08:36:51 Branch: HEAD Handle: 2005072807365100 Modified files: openpkg-src/qt qt.patch qt.spec Log: Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849) Summary: RevisionChanges Path 1.13+20 -0 openpkg-src/qt/qt.patch 1.121 +1 -1 openpkg-src/qt/qt.spec patch -p0 '@@ .' Index: openpkg-src/qt/qt.patch $ cvs diff -u -r1.12 -r1.13 qt.patch --- openpkg-src/qt/qt.patch 7 Jul 2005 09:35:51 - 1.12 +++ openpkg-src/qt/qt.patch 28 Jul 2005 06:36:51 - 1.13 @@ -358,3 +358,23 @@ return -1; /* incomplete set */ /* generate offsets into symbol table for each length for sorting */ +Index: src/3rdparty/zlib/inftrees.h +--- src/3rdparty/zlib/inftrees.h.orig2003-08-11 00:15:50 +0200 src/3rdparty/zlib/inftrees.h 2005-07-11 08:50:37 +0200 +@@ -36,12 +36,12 @@ + */ + + /* Maximum size of dynamic tree. The maximum found in a long but non- +- exhaustive search was 1004 code structures (850 for length/literals +- and 154 for distances, the latter actually the result of an ++ exhaustive search was 1444 code structures (852 for length/literals ++ and 592 for distances, the latter actually the result of an +exhaustive search). The true maximum is not known, but the value +below is more than safe. */ +-#define ENOUGH 1440 +-#define MAXD 154 ++#define ENOUGH 2048 ++#define MAXD 592 + + /* Type of code to build for inftable() */ + typedef enum { @@ . patch -p0 '@@ .' Index: openpkg-src/qt/qt.spec $ cvs diff -u -r1.120 -r1.121 qt.spec --- openpkg-src/qt/qt.spec7 Jul 2005 09:35:51 - 1.120 +++ openpkg-src/qt/qt.spec28 Jul 2005 06:36:51 - 1.121 @@ -33,7 +33,7 @@ Group:XWindow License: GPL Version: 3.3.4 -Release: 20050707 +Release: 20050728 # package library options (each 'yes' builds more libraries) %option with_shared no @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/qt/ qt.patch qt.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 08:38:02 Branch: OPENPKG_2_4_SOLIDHandle: 2005072807380200 Modified files: (Branch: OPENPKG_2_4_SOLID) openpkg-src/qt qt.patch qt.spec Log: Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849) Summary: RevisionChanges Path 1.11.2.2+20 -0 openpkg-src/qt/qt.patch 1.119.2.3 +1 -1 openpkg-src/qt/qt.spec patch -p0 '@@ .' Index: openpkg-src/qt/qt.patch $ cvs diff -u -r1.11.2.1 -r1.11.2.2 qt.patch --- openpkg-src/qt/qt.patch 7 Jul 2005 09:37:18 - 1.11.2.1 +++ openpkg-src/qt/qt.patch 28 Jul 2005 06:38:02 - 1.11.2.2 @@ -358,3 +358,23 @@ return -1; /* incomplete set */ /* generate offsets into symbol table for each length for sorting */ +Index: src/3rdparty/zlib/inftrees.h +--- src/3rdparty/zlib/inftrees.h.orig2003-08-11 00:15:50 +0200 src/3rdparty/zlib/inftrees.h 2005-07-11 08:50:37 +0200 +@@ -36,12 +36,12 @@ + */ + + /* Maximum size of dynamic tree. The maximum found in a long but non- +- exhaustive search was 1004 code structures (850 for length/literals +- and 154 for distances, the latter actually the result of an ++ exhaustive search was 1444 code structures (852 for length/literals ++ and 592 for distances, the latter actually the result of an +exhaustive search). The true maximum is not known, but the value +below is more than safe. */ +-#define ENOUGH 1440 +-#define MAXD 154 ++#define ENOUGH 2048 ++#define MAXD 592 + + /* Type of code to build for inftable() */ + typedef enum { @@ . patch -p0 '@@ .' Index: openpkg-src/qt/qt.spec $ cvs diff -u -r1.119.2.2 -r1.119.2.3 qt.spec --- openpkg-src/qt/qt.spec7 Jul 2005 09:37:18 - 1.119.2.2 +++ openpkg-src/qt/qt.spec28 Jul 2005 06:38:02 - 1.119.2.3 @@ -33,7 +33,7 @@ Group:XWindow License: GPL Version: 3.3.4 -Release: 2.4.1 +Release: 2.4.2 # package library options (each 'yes' builds more libraries) %option with_shared no @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/qt/ qt.patch qt.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 08:40:23 Branch: OPENPKG_2_3_SOLIDHandle: 2005072807402300 Modified files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/qt qt.patch qt.spec Log: Security Bugfix (OpenPKG-SA-2005.014-zlib; CAN-2005-1849) Summary: RevisionChanges Path 1.10.2.2+20 -0 openpkg-src/qt/qt.patch 1.116.2.3 +1 -1 openpkg-src/qt/qt.spec patch -p0 '@@ .' Index: openpkg-src/qt/qt.patch $ cvs diff -u -r1.10.2.1 -r1.10.2.2 qt.patch --- openpkg-src/qt/qt.patch 7 Jul 2005 09:39:06 - 1.10.2.1 +++ openpkg-src/qt/qt.patch 28 Jul 2005 06:40:23 - 1.10.2.2 @@ -207,3 +207,23 @@ return -1; /* incomplete set */ /* generate offsets into symbol table for each length for sorting */ +Index: src/3rdparty/zlib/inftrees.h +--- src/3rdparty/zlib/inftrees.h.orig2003-08-11 00:15:50 +0200 src/3rdparty/zlib/inftrees.h 2005-07-11 08:50:37 +0200 +@@ -36,12 +36,12 @@ + */ + + /* Maximum size of dynamic tree. The maximum found in a long but non- +- exhaustive search was 1004 code structures (850 for length/literals +- and 154 for distances, the latter actually the result of an ++ exhaustive search was 1444 code structures (852 for length/literals ++ and 592 for distances, the latter actually the result of an +exhaustive search). The true maximum is not known, but the value +below is more than safe. */ +-#define ENOUGH 1440 +-#define MAXD 154 ++#define ENOUGH 2048 ++#define MAXD 592 + + /* Type of code to build for inftable() */ + typedef enum { @@ . patch -p0 '@@ .' Index: openpkg-src/qt/qt.spec $ cvs diff -u -r1.116.2.2 -r1.116.2.3 qt.spec --- openpkg-src/qt/qt.spec7 Jul 2005 09:39:06 - 1.116.2.2 +++ openpkg-src/qt/qt.spec28 Jul 2005 06:40:23 - 1.116.2.3 @@ -34,7 +34,7 @@ Group:XWindow License: GPL Version: 3.3.4 -Release: 2.3.1 +Release: 2.3.2 # package library options (each 'yes' builds more libraries) %option with_shared no @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/ security.txt security.wml
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Project Master Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 28-Jul-2005 09:54:37 Branch: HEAD Handle: 2005072808543600 Modified files: openpkg-web security.txt security.wml Log: SA-2005.014-zlib; CAN-2005-1849 Summary: RevisionChanges Path 1.107 +2 -0 openpkg-web/security.txt 1.135 +1 -0 openpkg-web/security.wml patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.106 -r1.107 security.txt --- openpkg-web/security.txt 23 Jun 2005 18:39:47 - 1.106 +++ openpkg-web/security.txt 28 Jul 2005 07:54:36 - 1.107 @@ -1,3 +1,5 @@ +28-Jul-2005: Security Advisory: SOpenPKG-SA-2005.014-zlib +07-Jul-2005: Security Advisory: SOpenPKG-SA-2005.013-zlib 23-Jun-2005: Security Advisory: SOpenPKG-SA-2005.012-sudo 23-Jun-2005: Security Advisory: SOpenPKG-SA-2005.011-shtool 10-Jun-2005: Security Advisory: SOpenPKG-SA-2005.010-openpkg @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.134 -r1.135 security.wml --- openpkg-web/security.wml 8 Jul 2005 13:50:54 - 1.134 +++ openpkg-web/security.wml 28 Jul 2005 07:54:36 - 1.135 @@ -90,6 +90,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2005.014 zlib sa 2005.013 zlib sa 2005.012 sudo sa 2005.011 shtool @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2005.014-zlib.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Project Master Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 28-Jul-2005 10:08:15 Branch: HEAD Handle: 2005072809081400 Added files: openpkg-web/securityOpenPKG-SA-2005.014-zlib.txt Log: release OpenPKG Security Advisory 2005.014 (zlib) Summary: RevisionChanges Path 1.1 +134 -0 openpkg-web/security/OpenPKG-SA-2005.014-zlib.txt patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2005.014-zlib.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2005.014-zlib.txt --- /dev/null 2005-07-28 10:08:06 +0200 +++ OpenPKG-SA-2005.014-zlib.txt 2005-07-28 10:08:15 +0200 @@ -0,0 +1,134 @@ +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA1 + + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2005.014 28-Jul-2005 + + +Package: zlib +Vulnerability: denial of service +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT = zlib-1.2.2-20050706 = zlib-1.2.3-20050722 + = ghostscript-8.51-20050706 = ghostscript-8.51-20050722 + = openpkg-20050706-20050706 = openpkg-20050722-20050722 + = qt-3.3.4-20050707 = qt-3.3.4-20050728 + +OpenPKG 2.4 = zlib-1.2.2-2.4.1 = zlib-1.2.2-2.4.2 + = ghostscript-8.51-2.4.1= ghostscript-8.51-2.4.2 + = openpkg-2.4.1-2.4.1 = openpkg-2.4.2-2.4.2 + = qt-3.3.4-2.4.1= qt-3.3.4-2.4.2 + +OpenPKG 2.3 = zlib-1.2.2-2.3.1 = zlib-1.2.2-2.3.2 + = ghostscript-8.14-2.3.1= ghostscript-8.14-2.3.2 + = openpkg-2.3.4-2.3.4 = openpkg-2.3.5-2.3.5 + = qt-3.3.4-2.3.1= qt-3.3.4-2.3.2 + +Affected Releases: Dependent Packages: +OpenPKG CURRENT abiword aegis aide analog apache apache2 autotrace + blender bsdtar cadaver cairo citadel clamav + cups curl cvs cvsps cvsync dia doxygen emacs + ethereal exim expat file firefox flowtools gd + geoip gif2png gift-gnutella gift-openft gimp gmime + gnome-vfs gnupg gnuplot gnutls htdig imagemagick + ircd jitterbug kcd lbreakout lcms libarchive + librsync libwmf libxml lout lynx magicpoint mcrypt + mixmaster mng mozilla mplayer mrtg mysql mysql3 + mysql40 mysql41 mysqlcc nagios neon netpbm opencdk + openpkg openssh openssl pdflib perl-comp perl-gd + perl-tk pgpdump php php3 php5 pnet png postgresql + postgresql7 pstoedit python qt ratbox ripe-dbase + rrdtool ruby scribus sio subversion tardy tetex + tiff tightvnc transfig ttmkfdir w3m webalizer wml + wv xdelta xemacs xfig xmame xplanet xv zimg + +OpenPKG 2.4 aegis aide analog apache apache2 autotrace cadaver + cairo clamav curl cvs emacs exim expat file + firefox flowtools gd geoip gif2png gift-gnutella + gift-openft gimp gmime gnupg gnuplot htdig + imagemagick ircd lcms libwmf libxml lout lynx + magicpoint mng mozilla mrtg mysql mysql40 neon + netpbm opencdk openssh openssl pdflib perl-comp + perl-tk php php5 png postgresql postgresql7 + pstoedit python ratbox ripe-dbase rrdtool sio + subversion tardy tetex tiff tightvnc transfig + ttmkfdir w3m webalizer wml xdelta xfig xv + +OpenPKG 2.3 aegis aide analog apache apache2 autotrace cadaver + clamav curl cvs emacs exim expat file flowtools + gd geoip gif2png gift-gnutella gift-openft gimp + gmime gnupg gnuplot htdig imagemagick ircd lcms + libwmf libxml lout lynx mng mozilla
[CVS] OpenPKG: openpkg-src/perl-util/ perl-util.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Christoph Schug Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 10:30:06 Branch: HEAD Handle: 2005072809300500 Modified files: openpkg-src/perl-util perl-util.spec Log: modifying package: perl-util-5.8.7 20050720 - 20050728 Summary: RevisionChanges Path 1.205 +3 -3 openpkg-src/perl-util/perl-util.spec patch -p0 '@@ .' Index: openpkg-src/perl-util/perl-util.spec $ cvs diff -u -r1.204 -r1.205 perl-util.spec --- openpkg-src/perl-util/perl-util.spec 20 Jul 2005 06:13:09 - 1.204 +++ openpkg-src/perl-util/perl-util.spec 28 Jul 2005 08:30:05 - 1.205 @@ -35,7 +35,7 @@ %define V_class_methodmaker2.07 %define V_class_returnvalue0.53 %define V_class_xpath 1.4 -%define V_class_autouse1.17 +%define V_class_autouse1.18 %define V_class_accessor 0.19 %define V_class_accessor_assert1.30 %define V_class_accessor_chained 0.01 @@ -81,7 +81,7 @@ %define V_memoize 1.01 %define V_path_class 0.12 %define V_anydata 0.10 -%define V_ootools 2.12 +%define V_ootools 2.2 %define V_clone0.18 %define V_clone_pp 1.02 %define V_data_page2.00 @@ -98,7 +98,7 @@ Group:Language License: GPL/Artistic Version: %{V_perl} -Release: 20050720 +Release: 20050728 # list of sources Source0: http://www.cpan.org/modules/by-module/Test/Test-%{V_test}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/opera/ opera.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 12:31:48 Branch: HEAD Handle: 2005072811314800 Modified files: openpkg-src/opera opera.spec Log: split versions (Opera provides different sub-versions for different platforms) and upgrade to latest versions available for each platform Summary: RevisionChanges Path 1.21+17 -13 openpkg-src/opera/opera.spec patch -p0 '@@ .' Index: openpkg-src/opera/opera.spec $ cvs diff -u -r1.20 -r1.21 opera.spec --- openpkg-src/opera/opera.spec 4 Jun 2005 06:49:55 - 1.20 +++ openpkg-src/opera/opera.spec 28 Jul 2005 10:31:48 - 1.21 @@ -23,9 +23,13 @@ ## # package version -%define V_real 8.01 -%define V_comp 801 -%define V_date 20050602.1 +%define V_openpkg 8.0 +%define V_bsd_comp 802 +%define V_bsd_real 8.02-20050727.1 +%define V_lnx_comp 802 +%define V_lnx_real 8.02-20050727.1 +%define V_sol_comp 801 +%define V_sol_real 8.01-20050615.1 # package information Name: opera @@ -37,13 +41,13 @@ Class:EVAL Group:Web License: Commercial -Version: %{V_real} -Release: 20050604 +Version: %{V_openpkg} +Release: 20050728 # list of sources -Source0: ftp://ftp.opera.com/pub/opera/unix/freebsd/%{V_comp}/opera-%{V_real}-%{V_date}-static-qt.i386.freebsd-en.tar.bz2 -Source1: ftp://ftp.opera.com/pub/opera/unix/solaris/%{V_comp}/opera-%{V_real}-%{V_date}-static-qt-sol8-sparc-local-en.tar.bz2 -Source2: ftp://ftp.opera.com/pub/opera/linux/%{V_comp}/final/en/i386/opera-%{V_real}-%{V_date}-static-qt.i386-en.tar.bz2 +Source0: ftp://ftp.opera.com/pub/opera/unix/freebsd/%{V_bsd_comp}/final/en/shared/gcc-2.95/opera-%{V_bsd_real}-static-qt.i386.freebsd-en.tar.bz2 +Source1: ftp://ftp.opera.com/pub/opera/linux/%{V_lnx_comp}/final/en/i386/static/opera-%{V_lnx_real}-static-qt.i386-en.tar.bz2 +Source2: ftp://ftp.opera.com/pub/opera/unix/solaris/%{V_sol_comp}/final/en/static/opera-%{V_sol_real}-static-qt-sol8-sparc-local-en.tar.bz2 # build information Prefix: %{l_prefix} @@ -63,17 +67,17 @@ %track prog opera:freebsd = { -version = %{V_comp} +version = %{V_bsd_comp} url = ftp://ftp.opera.com/pub/opera/unix/freebsd/ regex = (\d\d\d(u\d+)?)[^b] } prog opera:linux = { -version = %{V_comp} +version = %{V_lnx_comp} url = ftp://ftp.opera.com/pub/opera/linux/ regex = (\d\d\d(u\d+)?)[^b] } prog opera:solaris = { -version = %{V_comp} +version = %{V_sol_comp} url = ftp://ftp.opera.com/pub/opera/unix/solaris/ regex = (\d\d\d(u\d+)?)[^b] } @@ -82,8 +86,8 @@ %setup -q -c -T case %{l_platform -t} in i?86-freebsd[45]* ) src=%{SOURCE0} ;; -sun4?-sunos5* ) src=%{SOURCE1} ;; -i?86-linux2* ) src=%{SOURCE2} ;; +i?86-linux2* ) src=%{SOURCE1} ;; +sun4?-sunos5* ) src=%{SOURCE2} ;; * ) echo Platform \%{l_platform -t}\ not supported 12; exit 1 ;; esac %{l_bzip2} -d -c $src | %{l_tar} xf - @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/spamassassin/ spamassass...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 12:56:09 Branch: OPENPKG_2_4_SOLIDHandle: 2005072811560800 Added files: (Branch: OPENPKG_2_4_SOLID) openpkg-src/spamassassin spamassassin.patch Modified files: (Branch: OPENPKG_2_4_SOLID) openpkg-src/spamassassin spamassassin.spec Log: Security Fixes (CAN-2005-1266) Summary: RevisionChanges Path 1.1.8.1 +161 -0 openpkg-src/spamassassin/spamassassin.patch 1.59.2.2+3 -1 openpkg-src/spamassassin/spamassassin.spec patch -p0 '@@ .' Index: openpkg-src/spamassassin/spamassassin.patch $ cvs diff -u -r0 -r1.1.8.1 spamassassin.patch --- /dev/null 2005-07-28 12:55:58 +0200 +++ spamassassin.patch2005-07-28 12:56:09 +0200 @@ -0,0 +1,161 @@ +Security Fixes (CAN-2005-1266) + +Index: lib/Mail/SpamAssassin/Message.pm +--- lib/Mail/SpamAssassin/Message.pm.orig2005-04-26 22:42:18 +0200 lib/Mail/SpamAssassin/Message.pm 2005-06-06 03:31:23 +0200 +@@ -122,7 +122,6 @@ + + # Go through all the headers of the message + my $header = ''; +- my $boundary; + while ( my $last = shift @message ) { + if ( $last =~ /^From\s/ ) { + # mbox formated mailbox +@@ -157,72 +156,63 @@ + } + + # Store the non-modified headers in a scalar +-$self-{'pristine_headers'} .= $last; ++unless ($self-{'missing_head_body_separator'}) { ++ $self-{'pristine_headers'} .= $last; ++} + + # NB: Really need to figure out special folding rules here! + if ( $last =~ /^[ \t]+/ ) {# if its a continuation + if ($header) { + $header .= $last;# fold continuations +- +-# If we're currently dealing with a content-type header, and there's a +-# boundary defined, use it. Since there could be multiple +-# content-type headers in a message, the last one will be the one we +-# should use, so just keep updating as they come in. +-if ($header =~ /^content-type:\s*(\S.*)$/is) { +- my($type,$temp_boundary) = Mail::SpamAssassin::Util::parse_content_type($1); +- $boundary = $temp_boundary if ($type =~ /^multipart/ defined $temp_boundary); +-} +- +-# Go onto the next header line, unless the next line is a +-# multipart mime boundary, where we know we're going to stop +-# below, so drop through for final header processing. +-next unless (defined $boundary @message $message[0] =~ /^--\Q$boundary\E(?:--|\s*$)/); +- } +- else { +-# There was no previous header and this is just out there? +-# Ignore it! +-next; + } + } ++else { ++ # Ok, there's a header here, let's go ahead and add it in. ++ if ($header) { ++# Yes, the /s is needed to match \n too. ++my ($key, $value) = split (/:\s*(?=.)/s, $header, 2); + +-# Ok, there's a header here, let's go ahead and add it in. +-if ($header) { +- # Yes, the /s is needed to match \n too. +- my ($key, $value) = split (/:\s*(?=.)/s, $header, 2); ++# If it's not a valid header (aka: not in the form foo: bar), skip it. ++if (defined $value) { ++ # limit the length of the pairs we store ++ if (length($key) MAX_HEADER_KEY_LENGTH) { ++$key = substr($key, 0, MAX_HEADER_KEY_LENGTH); ++$self-{'truncated_header'} = 1; ++ } ++ if (length($value) MAX_HEADER_VALUE_LENGTH) { ++$value = substr($value, 0, MAX_HEADER_VALUE_LENGTH); ++$self-{'truncated_header'} = 1; ++ } ++ $self-header($key, $value); ++} ++ } + +- # If it's not a valid header (aka: not in the form foo: bar), skip it. +- if (defined $value) { +-# limit the length of the pairs we store +-if (length($key) MAX_HEADER_KEY_LENGTH) { +- $key = substr($key, 0, MAX_HEADER_KEY_LENGTH); +- $self-{'truncated_header'} = 1; +-} +-if (length($value) MAX_HEADER_VALUE_LENGTH) { +- $value = substr($value, 0, MAX_HEADER_VALUE_LENGTH); +- $self-{'truncated_header'} = 1; +-} +-$self-header($key, $value); ++ # not a continuation... ++ $header = $last; ++} + +-# If we're currently dealing with a content-type header, and there's a +-# boundary
[CVS] OpenPKG: openpkg-web/ security.txt security.wml
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 28-Jul-2005 13:11:43 Branch: HEAD Handle: 2005072812114300 Modified files: openpkg-web security.txt security.wml Log: link spamassassin SA into website Summary: RevisionChanges Path 1.108 +1 -0 openpkg-web/security.txt 1.136 +1 -0 openpkg-web/security.wml patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.107 -r1.108 security.txt --- openpkg-web/security.txt 28 Jul 2005 07:54:36 - 1.107 +++ openpkg-web/security.txt 28 Jul 2005 11:11:43 - 1.108 @@ -1,3 +1,4 @@ +28-Jul-2005: Security Advisory: SOpenPKG-SA-2005.015-spamassassin 28-Jul-2005: Security Advisory: SOpenPKG-SA-2005.014-zlib 07-Jul-2005: Security Advisory: SOpenPKG-SA-2005.013-zlib 23-Jun-2005: Security Advisory: SOpenPKG-SA-2005.012-sudo @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.135 -r1.136 security.wml --- openpkg-web/security.wml 28 Jul 2005 07:54:36 - 1.135 +++ openpkg-web/security.wml 28 Jul 2005 11:11:43 - 1.136 @@ -90,6 +90,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2005.015 spamassassin sa 2005.014 zlib sa 2005.013 zlib sa 2005.012 sudo @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/ethereal/ ethereal.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 13:27:38 Branch: HEAD Handle: 2005072812273800 Modified files: openpkg-src/etherealethereal.spec Log: upgrading package: ethereal 0.10.11 - 0.10.12 Summary: RevisionChanges Path 1.57+5 -2 openpkg-src/ethereal/ethereal.spec patch -p0 '@@ .' Index: openpkg-src/ethereal/ethereal.spec $ cvs diff -u -r1.56 -r1.57 ethereal.spec --- openpkg-src/ethereal/ethereal.spec13 Jun 2005 18:17:11 - 1.56 +++ openpkg-src/ethereal/ethereal.spec28 Jul 2005 11:27:38 - 1.57 @@ -32,8 +32,8 @@ Class:EVAL Group:Network License: GPL -Version: 0.10.11 -Release: 20050613 +Version: 0.10.12 +Release: 20050728 # package options %option with_zlibyes @@ -97,6 +97,9 @@ -e 's;-all-static *;;g' \ -e 's;-static *;;g' \ Makefile.in +%{l_shtool} subst \ +-e 's;\([, ]\)encrypt;\1myencrypt;g' \ +epan/radius_dict.c %build CC=%{l_cc} \ @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/ security.txt security.wml openpkg-web/secu...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 28-Jul-2005 14:09:47 Branch: HEAD Handle: 2005072813094600 Added files: openpkg-web/securityOpenPKG-SA-2005.016-fetchmail.txt Modified files: openpkg-web security.txt security.wml Log: SA-2005.016-fetchmail; CAN-2005-2335 Summary: RevisionChanges Path 1.109 +1 -0 openpkg-web/security.txt 1.137 +1 -0 openpkg-web/security.wml 1.1 +72 -0 openpkg-web/security/OpenPKG-SA-2005.016-fetchmail.txt patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.108 -r1.109 security.txt --- openpkg-web/security.txt 28 Jul 2005 11:11:43 - 1.108 +++ openpkg-web/security.txt 28 Jul 2005 12:09:46 - 1.109 @@ -1,3 +1,4 @@ +28-Jul-2005: Security Advisory: SOpenPKG-SA-2005.016-fetchmail 28-Jul-2005: Security Advisory: SOpenPKG-SA-2005.015-spamassassin 28-Jul-2005: Security Advisory: SOpenPKG-SA-2005.014-zlib 07-Jul-2005: Security Advisory: SOpenPKG-SA-2005.013-zlib @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.136 -r1.137 security.wml --- openpkg-web/security.wml 28 Jul 2005 11:11:43 - 1.136 +++ openpkg-web/security.wml 28 Jul 2005 12:09:46 - 1.137 @@ -90,6 +90,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2005.016 fetchmail sa 2005.015 spamassassin sa 2005.014 zlib sa 2005.013 zlib @@ . patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2005.016-fetchmail.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2005.016-fetchmail.txt --- /dev/null 2005-07-28 14:09:46 +0200 +++ OpenPKG-SA-2005.016-fetchmail.txt 2005-07-28 14:09:47 +0200 @@ -0,0 +1,72 @@ + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2005.016 28-Jul-2005 + + +Package: fetchmail +Vulnerability: denial of service +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT = fetchmail-6.2.5-20050311 = fetchmail-6.2.5-20050728 +OpenPKG 2.4 = fetchmail-6.2.5-2.4.0= fetchmail-6.2.5-2.4.1 +OpenPKG 2.3 = fetchmail-6.2.5-2.3.0= fetchmail-6.2.5-2.3.1 + +Dependent Packages: none + +Description: + Ross Boylan reported a bug [0] in fetchmail [1] which turned out + being a remote buffer overflow vulnerability. A malicious POP3 server + could send a carefully crafted message and cause a denial of service + and possibly execute arbitrary code via long UIDL responses. The + Common Vulnerabilities and Exposures (CVE) project assigned the id + CAN-2005-2335 [2] to the problem. + + Please check whether you are affected by running prefix/bin/openpkg + rpm -q fetchmail. If you have the fetchmail package installed and + its version is affected (see above), we recommend that you immediately + upgrade it (see Solution) [3][4]. + +Solution: + Select the updated source RPM appropriate for your OpenPKG release + [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror + location, verify its integrity [9], build a corresponding binary RPM + from it [3] and update your OpenPKG installation by applying the + binary RPM [4]. For the most recent release OpenPKG 2.4, perform the + following operations to permanently fix the security problem (for + other releases adjust accordingly). + + $ ftp ftp.openpkg.org + ftp bin + ftp cd release/2.4/UPD + ftp get fetchmail-6.2.5-2.4.1.src.rpm + ftp bye + $ prefix/bin/openpkg rpm -v --checksig fetchmail-6.2.5-2.4.1.src.rpm + $ prefix/bin/openpkg rpm --rebuild fetchmail-6.2.5-2.4.1.src.rpm + $ su - + # prefix/bin/openpkg rpm -Fvh prefix/RPM/PKG/fetchmail-6.2.5-2.4.1.*.rpm + + +References: + [0] http://bugs.debian.org/cgi-bin
[CVS] OpenPKG: openpkg-src/fetchmail/ fetchmail.patch fetchmail.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 14:10:04 Branch: HEAD Handle: 2005072813100400 Modified files: openpkg-src/fetchmail fetchmail.patch fetchmail.spec Log: SA-2005.016-fetchmail; CAN-2005-2335 Summary: RevisionChanges Path 1.6 +35 -0 openpkg-src/fetchmail/fetchmail.patch 1.65+1 -1 openpkg-src/fetchmail/fetchmail.spec patch -p0 '@@ .' Index: openpkg-src/fetchmail/fetchmail.patch $ cvs diff -u -r1.5 -r1.6 fetchmail.patch --- openpkg-src/fetchmail/fetchmail.patch 29 Jan 2005 12:39:27 - 1.5 +++ openpkg-src/fetchmail/fetchmail.patch 28 Jul 2005 12:10:04 - 1.6 @@ -24,3 +24,38 @@ fetchsizelimit = 1; /* Time to allocate memory to store the sizes */ + +OpenPKG-SA-2005.016-fetchmail; CAN-2005-2335 +Patch from Ludwig Nussel @SUSE +Index: fetchmail-6.2.5/pop3.c +=== +--- pop3.c.625 pop3.c +@@ -613,6 +613,8 @@ static int pop3_gettopid( int sock, int + return 0; + } + ++#define str(s) #s ++#define UIDLFMT(n) %d % str(n) s + static int pop3_getuidl( int sock, int num , char *id) + { + int ok; +@@ -620,7 +622,7 @@ static int pop3_getuidl( int sock, int n + gen_send(sock, UIDL %d, num); + if ((ok = pop3_ok(sock, buf)) != 0) + return(ok); +-if (sscanf(buf, %d %s, num, id) != 2) ++if (sscanf(buf, UIDLFMT(IDLEN), num, id) != 2) + return(PS_PROTOCOL); + return(PS_SUCCESS); + } +@@ -862,7 +864,7 @@ static int pop3_getrange(int sock, + { + if (DOTLINE(buf)) + break; +-else if (sscanf(buf, %d %s, num, id) == 2) ++else if (sscanf(buf, UIDLFMT(IDLEN), num, id) == 2) + { + struct idlist *old, *new; + + @@ . patch -p0 '@@ .' Index: openpkg-src/fetchmail/fetchmail.spec $ cvs diff -u -r1.64 -r1.65 fetchmail.spec --- openpkg-src/fetchmail/fetchmail.spec 24 Mar 2005 11:18:45 - 1.64 +++ openpkg-src/fetchmail/fetchmail.spec 28 Jul 2005 12:10:04 - 1.65 @@ -33,7 +33,7 @@ Group:Mail License: GPL Version: 6.2.5 -Release: 20050311 +Release: 20050728 # list of sources Source0: http://www.catb.org/~esr/fetchmail/fetchmail-%{version}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/fetchmail/ fetchmail.pat...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 14:14:59 Branch: OPENPKG_2_4_SOLIDHandle: 2005072813145900 Modified files: (Branch: OPENPKG_2_4_SOLID) openpkg-src/fetchmail fetchmail.patch fetchmail.spec Log: MFC: SA-2005.016-fetchmail; CAN-2005-2335 Summary: RevisionChanges Path 1.5.4.1 +35 -0 openpkg-src/fetchmail/fetchmail.patch 1.64.2.2+1 -1 openpkg-src/fetchmail/fetchmail.spec patch -p0 '@@ .' Index: openpkg-src/fetchmail/fetchmail.patch $ cvs diff -u -r1.5 -r1.5.4.1 fetchmail.patch --- openpkg-src/fetchmail/fetchmail.patch 29 Jan 2005 12:39:27 - 1.5 +++ openpkg-src/fetchmail/fetchmail.patch 28 Jul 2005 12:14:59 - 1.5.4.1 @@ -24,3 +24,38 @@ fetchsizelimit = 1; /* Time to allocate memory to store the sizes */ + +OpenPKG-SA-2005.016-fetchmail; CAN-2005-2335 +Patch from Ludwig Nussel @SUSE +Index: fetchmail-6.2.5/pop3.c +=== +--- pop3.c.625 pop3.c +@@ -613,6 +613,8 @@ static int pop3_gettopid( int sock, int + return 0; + } + ++#define str(s) #s ++#define UIDLFMT(n) %d % str(n) s + static int pop3_getuidl( int sock, int num , char *id) + { + int ok; +@@ -620,7 +622,7 @@ static int pop3_getuidl( int sock, int n + gen_send(sock, UIDL %d, num); + if ((ok = pop3_ok(sock, buf)) != 0) + return(ok); +-if (sscanf(buf, %d %s, num, id) != 2) ++if (sscanf(buf, UIDLFMT(IDLEN), num, id) != 2) + return(PS_PROTOCOL); + return(PS_SUCCESS); + } +@@ -862,7 +864,7 @@ static int pop3_getrange(int sock, + { + if (DOTLINE(buf)) + break; +-else if (sscanf(buf, %d %s, num, id) == 2) ++else if (sscanf(buf, UIDLFMT(IDLEN), num, id) == 2) + { + struct idlist *old, *new; + + @@ . patch -p0 '@@ .' Index: openpkg-src/fetchmail/fetchmail.spec $ cvs diff -u -r1.64.2.1 -r1.64.2.2 fetchmail.spec --- openpkg-src/fetchmail/fetchmail.spec 15 Jun 2005 18:59:11 - 1.64.2.1 +++ openpkg-src/fetchmail/fetchmail.spec 28 Jul 2005 12:14:59 - 1.64.2.2 @@ -33,7 +33,7 @@ Group:Mail License: GPL Version: 6.2.5 -Release: 2.4.0 +Release: 2.4.1 # list of sources Source0: http://www.catb.org/~esr/fetchmail/fetchmail-%{version}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/fetchmail/ fetchmail.pat...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 14:15:14 Branch: OPENPKG_2_3_SOLIDHandle: 2005072813151400 Modified files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/fetchmail fetchmail.patch fetchmail.spec Log: MFC: SA-2005.016-fetchmail; CAN-2005-2335 Summary: RevisionChanges Path 1.5.2.1 +35 -0 openpkg-src/fetchmail/fetchmail.patch 1.60.2.2+1 -1 openpkg-src/fetchmail/fetchmail.spec patch -p0 '@@ .' Index: openpkg-src/fetchmail/fetchmail.patch $ cvs diff -u -r1.5 -r1.5.2.1 fetchmail.patch --- openpkg-src/fetchmail/fetchmail.patch 29 Jan 2005 12:39:27 - 1.5 +++ openpkg-src/fetchmail/fetchmail.patch 28 Jul 2005 12:15:14 - 1.5.2.1 @@ -24,3 +24,38 @@ fetchsizelimit = 1; /* Time to allocate memory to store the sizes */ + +OpenPKG-SA-2005.016-fetchmail; CAN-2005-2335 +Patch from Ludwig Nussel @SUSE +Index: fetchmail-6.2.5/pop3.c +=== +--- pop3.c.625 pop3.c +@@ -613,6 +613,8 @@ static int pop3_gettopid( int sock, int + return 0; + } + ++#define str(s) #s ++#define UIDLFMT(n) %d % str(n) s + static int pop3_getuidl( int sock, int num , char *id) + { + int ok; +@@ -620,7 +622,7 @@ static int pop3_getuidl( int sock, int n + gen_send(sock, UIDL %d, num); + if ((ok = pop3_ok(sock, buf)) != 0) + return(ok); +-if (sscanf(buf, %d %s, num, id) != 2) ++if (sscanf(buf, UIDLFMT(IDLEN), num, id) != 2) + return(PS_PROTOCOL); + return(PS_SUCCESS); + } +@@ -862,7 +864,7 @@ static int pop3_getrange(int sock, + { + if (DOTLINE(buf)) + break; +-else if (sscanf(buf, %d %s, num, id) == 2) ++else if (sscanf(buf, UIDLFMT(IDLEN), num, id) == 2) + { + struct idlist *old, *new; + + @@ . patch -p0 '@@ .' Index: openpkg-src/fetchmail/fetchmail.spec $ cvs diff -u -r1.60.2.1 -r1.60.2.2 fetchmail.spec --- openpkg-src/fetchmail/fetchmail.spec 21 Feb 2005 17:06:42 - 1.60.2.1 +++ openpkg-src/fetchmail/fetchmail.spec 28 Jul 2005 12:15:14 - 1.60.2.2 @@ -34,7 +34,7 @@ Group:Mail License: GPL Version: 6.2.5 -Release: 2.3.0 +Release: 2.3.1 # list of sources Source0: http://www.catb.org/~esr/fetchmail/fetchmail-%{version}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2005.016-fetchmail.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Project Master Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 28-Jul-2005 14:33:34 Branch: HEAD Handle: 200507281400 Modified files: openpkg-web/securityOpenPKG-SA-2005.016-fetchmail.txt Log: release OpenPKG Security Advisory 2005.016 (fetchmail) Summary: RevisionChanges Path 1.2 +10 -0 openpkg-web/security/OpenPKG-SA-2005.016-fetchmail.txt patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2005.016-fetchmail.txt $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2005.016-fetchmail.txt --- openpkg-web/security/OpenPKG-SA-2005.016-fetchmail.txt28 Jul 2005 12:09:46 - 1.1 +++ openpkg-web/security/OpenPKG-SA-2005.016-fetchmail.txt28 Jul 2005 12:33:34 - 1.2 @@ -1,3 +1,6 @@ +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA1 + OpenPKG Security AdvisoryThe OpenPKG Project @@ -70,3 +73,10 @@ for details on how to verify the integrity of this advisory. +-BEGIN PGP SIGNATURE- +Comment: OpenPKG [EMAIL PROTECTED] + +iD8DBQFC6M/NgHWT4GPEy58RAlopAKCaj7LsPJ6W4sMWY7qMZ1YGl47DhACgxAG8 +oqkFGO++EPKu+BcOzBp2UPg= +=3oJ+ +-END PGP SIGNATURE- @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/apache2/ apache2.patch apache2.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 28-Jul-2005 22:29:24 Branch: HEAD Handle: 2005072821292400 Modified files: openpkg-src/apache2 apache2.patch apache2.spec Log: apply security fix Summary: RevisionChanges Path 1.7 +13 -0 openpkg-src/apache2/apache2.patch 1.64+1 -1 openpkg-src/apache2/apache2.spec patch -p0 '@@ .' Index: openpkg-src/apache2/apache2.patch $ cvs diff -u -r1.6 -r1.7 apache2.patch --- openpkg-src/apache2/apache2.patch 16 Sep 2004 09:38:44 - 1.6 +++ openpkg-src/apache2/apache2.patch 28 Jul 2005 20:29:24 - 1.7 @@ -1,3 +1,4 @@ +Index: server/Makefile.in.dist --- server/Makefile.in.dist 2003-07-03 16:40:35.0 +0200 +++ server/Makefile.in 2003-07-03 16:41:19.0 +0200 @@ -55,7 +55,8 @@ @@ -10,3 +11,15 @@ done; \ sort -u $$tmp $@; \ rm -f $$tmp +Index: modules/ssl/ssl_engine_kernel.c +--- modules/ssl/ssl_engine_kernel.c.orig 2005-03-29 10:44:31 +0200 modules/ssl/ssl_engine_kernel.c 2005-07-28 22:25:38 +0200 +@@ -1398,7 +1398,7 @@ + BIO_printf(bio, , nextUpdate: ); + ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl)); + +-n = BIO_read(bio, buff, sizeof(buff)); ++n = BIO_read(bio, buff, sizeof(buff) - 1); + buff[n] = '\0'; + + BIO_free(bio); @@ . patch -p0 '@@ .' Index: openpkg-src/apache2/apache2.spec $ cvs diff -u -r1.63 -r1.64 apache2.spec --- openpkg-src/apache2/apache2.spec 24 Jul 2005 19:32:58 - 1.63 +++ openpkg-src/apache2/apache2.spec 28 Jul 2005 20:29:24 - 1.64 @@ -39,7 +39,7 @@ Group:Web License: ASF Version: %{V_apache} -Release: 20050724 +Release: 20050728 # package options (suexec related) %option with_suexec yes @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org