[CVS] OpenPKG: openpkg-src/gcc41/ gcc41.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 20:10:27
Branch: HEAD Handle: 2005120319102600
Modified files:
openpkg-src/gcc41 gcc41.spec
Log:
upgrading package: gcc41 4.1s20051125 -> 4.1s20051202
Summary:
RevisionChanges Path
1.38+2 -2 openpkg-src/gcc41/gcc41.spec
patch -p0 <<'@@ .'
Index: openpkg-src/gcc41/gcc41.spec
$ cvs diff -u -r1.37 -r1.38 gcc41.spec
--- openpkg-src/gcc41/gcc41.spec 26 Nov 2005 08:40:03 - 1.37
+++ openpkg-src/gcc41/gcc41.spec 3 Dec 2005 19:10:26 - 1.38
@@ -25,7 +25,7 @@
# package version
%define V_full 4.1
%define V_comp 41
-%define V_snap 20051125
+%define V_snap 20051202
# package information
Name: gcc41
@@ -38,7 +38,7 @@
Group:Compiler
License: GPL
Version: %{V_full}s%{V_snap}
-Release: 20051126
+Release: 20051203
# package options
%option with_cxx yes
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/perl-www/ perl-www.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 20:08:33
Branch: HEAD Handle: 2005120319083200
Modified files:
openpkg-src/perl-wwwperl-www.spec
Log:
modifying package: perl-www-5.8.7 20051116 -> 20051203
Summary:
RevisionChanges Path
1.248 +2 -2 openpkg-src/perl-www/perl-www.spec
patch -p0 <<'@@ .'
Index: openpkg-src/perl-www/perl-www.spec
$ cvs diff -u -r1.247 -r1.248 perl-www.spec
--- openpkg-src/perl-www/perl-www.spec16 Nov 2005 20:02:54 -
1.247
+++ openpkg-src/perl-www/perl-www.spec3 Dec 2005 19:08:32 -
1.248
@@ -54,7 +54,7 @@
%define V_cgi_builder_session 1.26
%define V_cgi_builder_htmltmpl 1.21
%define V_cgi_builder_tt2 0.03
-%define V_cgi_ajax 0.654
+%define V_cgi_ajax 0.662
%define V_fcgi 0.67
%define V_rpc_xml 0.58
%define V_soap_lite 0.60a
@@ -91,7 +91,7 @@
Group:Language
License: GPL/Artistic
Version: %{V_perl}
-Release: 20051116
+Release: 20051203
# list of sources
Source0: http://www.cpan.org/modules/by-module/URI/URI-%{V_uri}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/perl-util/ perl-util.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 20:07:57
Branch: HEAD Handle: 2005120319075600
Modified files:
openpkg-src/perl-util perl-util.spec
Log:
modifying package: perl-util-5.8.7 20051201 -> 20051203
Summary:
RevisionChanges Path
1.227 +2 -2 openpkg-src/perl-util/perl-util.spec
patch -p0 <<'@@ .'
Index: openpkg-src/perl-util/perl-util.spec
$ cvs diff -u -r1.226 -r1.227 perl-util.spec
--- openpkg-src/perl-util/perl-util.spec 1 Dec 2005 07:52:27 -
1.226
+++ openpkg-src/perl-util/perl-util.spec 3 Dec 2005 19:07:56 -
1.227
@@ -76,7 +76,7 @@
%define V_regexp_keep 0.02
%define V_regexp_parser0.20
%define V_regexp_shellish 0.93
-%define V_regexp_assemble 0.21
+%define V_regexp_assemble 0.22
%define V_contize 0.3
%define V_memoize 1.01
%define V_path_class 0.14
@@ -98,7 +98,7 @@
Group:Language
License: GPL/Artistic
Version: %{V_perl}
-Release: 20051201
+Release: 20051203
# list of sources
Source0:
http://www.cpan.org/modules/by-module/Test/Test-%{V_test}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/perl-locale/ perl-locale.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 20:07:14
Branch: HEAD Handle: 2005120319071400
Modified files:
openpkg-src/perl-locale perl-locale.spec
Log:
modifying package: perl-locale-5.8.7 20051201 -> 20051203
Summary:
RevisionChanges Path
1.55+2 -2 openpkg-src/perl-locale/perl-locale.spec
patch -p0 <<'@@ .'
Index: openpkg-src/perl-locale/perl-locale.spec
$ cvs diff -u -r1.54 -r1.55 perl-locale.spec
--- openpkg-src/perl-locale/perl-locale.spec 1 Dec 2005 07:44:34 -
1.54
+++ openpkg-src/perl-locale/perl-locale.spec 3 Dec 2005 19:07:14 -
1.55
@@ -33,7 +33,7 @@
%define V_locale_po0.16
%define V_locale_maketext 1.10
%define V_locale_maketext_fuzzy0.02
-%define V_locale_maketext_lexicon 0.50
+%define V_locale_maketext_lexicon 0.51
%define V_locale_maketext_simple 0.12
%define V_locale_codes 2.07
%define V_locale_subcountry1.36
@@ -50,7 +50,7 @@
Group:Language
License: GPL/Artistic
Version: %{V_perl}
-Release: 20051201
+Release: 20051203
# list of sources
Source0:
http://www.cpan.org/modules/by-module/I18N/I18N-LangTags-%{V_i18n_langtags}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/xpdf/ xpdf.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 20:07:06
Branch: HEAD Handle: 2005120319070500
Modified files:
openpkg-src/xpdfxpdf.spec
Log:
upgrading package: xpdf 3.01pl0 -> 3.01pl1
Summary:
RevisionChanges Path
1.18+4 -2 openpkg-src/xpdf/xpdf.spec
patch -p0 <<'@@ .'
Index: openpkg-src/xpdf/xpdf.spec
$ cvs diff -u -r1.17 -r1.18 xpdf.spec
--- openpkg-src/xpdf/xpdf.spec18 Aug 2005 07:05:29 - 1.17
+++ openpkg-src/xpdf/xpdf.spec3 Dec 2005 19:07:05 - 1.18
@@ -24,7 +24,7 @@
# package version
%define V_base 3.01
-%define V_patchlevel 0
+%define V_patchlevel 1
# package information
Name: xpdf
@@ -37,10 +37,11 @@
Group:Graphics
License: GPL
Version: %{V_base}pl%{V_patchlevel}
-Release: 20050818
+Release: 20051203
# list of sources
Source0: ftp://ftp.foolabs.com/pub/xpdf/xpdf-%{V_base}.tar.gz
+Patch0: ftp://ftp.foolabs.com/pub/xpdf/xpdf-%{V_base}pl1.patch
# build information
Prefix: %{l_prefix}
@@ -70,6 +71,7 @@
%prep
%setup -q -n xpdf-%{V_base}
+%patch -p1
%build
CC="%{l_cc}" \
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/vim/ vim.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 20:07:04
Branch: HEAD Handle: 2005120319070300
Modified files:
openpkg-src/vim vim.spec
Log:
upgrading package: vim 6.4.3 -> 6.4.4
Summary:
RevisionChanges Path
1.398 +3 -2 openpkg-src/vim/vim.spec
patch -p0 <<'@@ .'
Index: openpkg-src/vim/vim.spec
$ cvs diff -u -r1.397 -r1.398 vim.spec
--- openpkg-src/vim/vim.spec 1 Dec 2005 07:27:56 - 1.397
+++ openpkg-src/vim/vim.spec 3 Dec 2005 19:07:03 - 1.398
@@ -25,7 +25,7 @@
# package versions
%define V_vl 6.4
%define V_vs 64
-%define V_pl 3
+%define V_pl 4
# package information
Name: vim
@@ -38,7 +38,7 @@
Group:Editor
License: Charityware
Version: %{V_vl}.%{V_pl}
-Release: 20051201
+Release: 20051203
# package options
%option with_x11no
@@ -59,6 +59,7 @@
Patch1: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}/%{V_vl}.001
Patch2: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}/%{V_vl}.002
Patch3: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}/%{V_vl}.003
+Patch4: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}/%{V_vl}.004
# build information
Prefix: %{l_prefix}
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/whois/ whois.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 20:06:53
Branch: HEAD Handle: 2005120319065200
Modified files:
openpkg-src/whois whois.spec
Log:
upgrading package: whois 4.7.9 -> 4.7.10
Summary:
RevisionChanges Path
1.72+2 -2 openpkg-src/whois/whois.spec
patch -p0 <<'@@ .'
Index: openpkg-src/whois/whois.spec
$ cvs diff -u -r1.71 -r1.72 whois.spec
--- openpkg-src/whois/whois.spec 29 Nov 2005 15:40:03 - 1.71
+++ openpkg-src/whois/whois.spec 3 Dec 2005 19:06:52 - 1.72
@@ -32,8 +32,8 @@
Class:BASE
Group:DNS
License: GPL
-Version: 4.7.9
-Release: 20051129
+Version: 4.7.10
+Release: 20051203
# list of sources
Source0:
http://ftp.debian.org/debian/pool/main/w/whois/whois_%{version}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/perl-dbi/ perl-dbi.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 20:00:50
Branch: HEAD Handle: 2005120319004900
Modified files:
openpkg-src/perl-dbiperl-dbi.spec
Log:
modifying package: perl-dbi-5.8.7 20051201 -> 20051203
Summary:
RevisionChanges Path
1.182 +2 -2 openpkg-src/perl-dbi/perl-dbi.spec
patch -p0 <<'@@ .'
Index: openpkg-src/perl-dbi/perl-dbi.spec
$ cvs diff -u -r1.181 -r1.182 perl-dbi.spec
--- openpkg-src/perl-dbi/perl-dbi.spec1 Dec 2005 07:43:35 -
1.181
+++ openpkg-src/perl-dbi/perl-dbi.spec3 Dec 2005 19:00:49 -
1.182
@@ -34,7 +34,7 @@
%define V_dbd_anydata 0.08
%define V_dbd_csv 0.22
%define V_dbd_sprite 0.56
-%define V_dbd_sqlite 1.09
+%define V_dbd_sqlite 1.11
%define V_dbd_mysql 3.0002
%define V_dbd_pgsql 1.43
%define V_dbd_oracle 1.16
@@ -52,7 +52,7 @@
Group:Language
License: GPL/Artistic
Version: %{V_perl}
-Release: 20051201
+Release: 20051203
# package options
%option with_dbd_sqlite no
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/j2se/ j2se.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 19:57:40
Branch: HEAD Handle: 2005120318574000
Modified files:
openpkg-src/j2sej2se.spec
Log:
upgrading package: j2se 1.5.0.05 -> 1.5.0.06
Summary:
RevisionChanges Path
1.62+4 -4 openpkg-src/j2se/j2se.spec
patch -p0 <<'@@ .'
Index: openpkg-src/j2se/j2se.spec
$ cvs diff -u -r1.61 -r1.62 j2se.spec
--- openpkg-src/j2se/j2se.spec16 Sep 2005 19:17:48 - 1.61
+++ openpkg-src/j2se/j2se.spec3 Dec 2005 18:57:40 - 1.62
@@ -23,9 +23,9 @@
##
# package versions
-%define V_openpkg 1.5.0.05
-%define V_sunjava 1_5_0_05
-%define V_filesys 1.5.0_05
+%define V_openpkg 1.5.0.06
+%define V_sunjava 1_5_0_06
+%define V_filesys 1.5.0_06
%define V_sunsupp 1_5_0
%define V_basever 1.5.0
@@ -40,7 +40,7 @@
Group:Language
License: Commercial
Version: %{V_openpkg}
-Release: 20050916
+Release: 20051203
# package options
%option with_demo no
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/lftp/ lftp.patch lftp.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 19:50:35
Branch: HEAD Handle: 2005120318503500
Modified files:
openpkg-src/lftplftp.patch lftp.spec
Log:
upgrading package: lftp 3.3.4 -> 3.3.5
Summary:
RevisionChanges Path
1.6 +5 -5 openpkg-src/lftp/lftp.patch
1.88+2 -2 openpkg-src/lftp/lftp.spec
patch -p0 <<'@@ .'
Index: openpkg-src/lftp/lftp.patch
$ cvs diff -u -r1.5 -r1.6 lftp.patch
--- openpkg-src/lftp/lftp.patch 13 Jun 2005 12:47:12 - 1.5
+++ openpkg-src/lftp/lftp.patch 3 Dec 2005 18:50:35 - 1.6
@@ -1,6 +1,6 @@
Index: src/lftp_tinfo.cc
src/lftp_tinfo.cc.orig 2002-12-18 09:52:20 +0100
-+++ src/lftp_tinfo.cc2005-06-13 12:05:39 +0200
+--- src/lftp_tinfo.cc.orig 2005-12-02 07:25:05 +0100
src/lftp_tinfo.cc2005-12-03 19:39:27 +0100
@@ -23,20 +23,20 @@
#include
@@ -14,7 +14,7 @@
-# endif
-#elif defined(HAVE_NCURSES_CURSES_H)
+#if defined(HAVE_NCURSES_CURSES_H)
- #include
+ # include
# if defined(HAVE_NCURSES_TERM_H)
# include
# elif defined(HAVE_TERM_H)
@@ -27,6 +27,6 @@
+# elif defined(HAVE_NCURSES_TERM_H)
+# include
+# endif
+ #elif defined(HAVE_TERMCAP_H)
+ # include
#endif
- }
-
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/lftp/lftp.spec
$ cvs diff -u -r1.87 -r1.88 lftp.spec
--- openpkg-src/lftp/lftp.spec18 Nov 2005 06:38:11 - 1.87
+++ openpkg-src/lftp/lftp.spec3 Dec 2005 18:50:35 - 1.88
@@ -32,8 +32,8 @@
Class:BASE
Group:FTP
License: GPL
-Version: 3.3.4
-Release: 20051118
+Version: 3.3.5
+Release: 20051203
# list of sources
Source0:
http://ftp.yars.free.net/pub/source/lftp/lftp-%{version}.tar.bz2
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/dhtml/ dhtml.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 19:38:17
Branch: HEAD Handle: 2005120318381600
Modified files:
openpkg-src/dhtml dhtml.spec
Log:
upgrading package: dhtml 20051201 -> 20051203
Summary:
RevisionChanges Path
1.7 +3 -3 openpkg-src/dhtml/dhtml.spec
patch -p0 <<'@@ .'
Index: openpkg-src/dhtml/dhtml.spec
$ cvs diff -u -r1.6 -r1.7 dhtml.spec
--- openpkg-src/dhtml/dhtml.spec 1 Dec 2005 20:28:05 - 1.6
+++ openpkg-src/dhtml/dhtml.spec 3 Dec 2005 18:38:16 - 1.7
@@ -29,7 +29,7 @@
%define V_mktree20051017
%define V_dol 20050215
%define V_ie7 0_9
-%define V_tinymce 2_0RC4
+%define V_tinymce 2_0_1
%define V_os3grid 0.6
%define V_toolman 0.2
%define V_behaviour 1.1
@@ -44,8 +44,8 @@
Class:EVAL
Group:Web
License: Open Source
-Version: 20051201
-Release: 20051201
+Version: 20051203
+Release: 20051203
# list of sources
Source0: http://prototype.conio.net/dist/prototype-%{V_prototype}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/bittorrent/ bittorrent.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 19:37:05
Branch: HEAD Handle: 2005120318370400
Modified files:
openpkg-src/bittorrent bittorrent.spec
Log:
upgrading package: bittorrent 4.2.0 -> 4.3.0
Summary:
RevisionChanges Path
1.20+2 -2 openpkg-src/bittorrent/bittorrent.spec
patch -p0 <<'@@ .'
Index: openpkg-src/bittorrent/bittorrent.spec
$ cvs diff -u -r1.19 -r1.20 bittorrent.spec
--- openpkg-src/bittorrent/bittorrent.spec22 Nov 2005 08:15:34 -
1.19
+++ openpkg-src/bittorrent/bittorrent.spec3 Dec 2005 18:37:04 -
1.20
@@ -32,8 +32,8 @@
Class:PLUS
Group:Network
License: MIT-style
-Version: 4.2.0
-Release: 20051122
+Version: 4.3.0
+Release: 20051203
# list of sources
Source0: http://www.bittorrent.com/dl/BitTorrent-%{version}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/libidn/ libidn.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 19:35:21
Branch: HEAD Handle: 2005120318352100
Modified files:
openpkg-src/libidn libidn.spec
Log:
upgrading package: libidn 0.5.20 -> 0.6.0
Summary:
RevisionChanges Path
1.24+2 -2 openpkg-src/libidn/libidn.spec
patch -p0 <<'@@ .'
Index: openpkg-src/libidn/libidn.spec
$ cvs diff -u -r1.23 -r1.24 libidn.spec
--- openpkg-src/libidn/libidn.spec24 Oct 2005 13:01:57 - 1.23
+++ openpkg-src/libidn/libidn.spec3 Dec 2005 18:35:21 - 1.24
@@ -32,8 +32,8 @@
Class:BASE
Group:DNS
License: LGPL
-Version: 0.5.20
-Release: 20051024
+Version: 0.6.0
+Release: 20051203
# list of sources
Source0: http://josefsson.org/libidn/releases/libidn-%{version}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/ security.txt security.wml
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 03-Dec-2005 19:22:15 Branch: HEAD Handle: 2005120318221500 Modified files: openpkg-web security.txt security.wml Log: link PHP SA into website Summary: RevisionChanges Path 1.117 +2 -0 openpkg-web/security.txt 1.146 +2 -0 openpkg-web/security.wml patch -p0 <<'@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.116 -r1.117 security.txt --- openpkg-web/security.txt 3 Dec 2005 13:24:39 - 1.116 +++ openpkg-web/security.txt 3 Dec 2005 18:22:15 - 1.117 @@ -1,3 +1,5 @@ +03-Dec-2005: Security Advisory: S +03-Dec-2005: Security Advisory: S 03-Dec-2005: Security Advisory: S 03-Dec-2005: Security Advisory: S 02-Nov-2005: Security Advisory: S @@ . patch -p0 <<'@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.145 -r1.146 security.wml --- openpkg-web/security.wml 3 Dec 2005 13:24:39 - 1.145 +++ openpkg-web/security.wml 3 Dec 2005 18:22:15 - 1.146 @@ -90,6 +90,8 @@ + + @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2005.027-php.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 03-Dec-2005 19:21:40 Branch: HEAD Handle: 2005120318213900 Added files: openpkg-web/securityOpenPKG-SA-2005.027-php.txt Log: release OpenPKG Security Advisory 2005.027 (php) Summary: RevisionChanges Path 1.1 +90 -0 openpkg-web/security/OpenPKG-SA-2005.027-php.txt patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-2005.027-php.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2005.027-php.txt --- /dev/null 2005-12-03 19:21:35 +0100 +++ OpenPKG-SA-2005.027-php.txt 2005-12-03 19:21:39 +0100 @@ -0,0 +1,90 @@ +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA1 + + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2005.027 03-Dec-2005 + + +Package: php +Vulnerability: multiple ones +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT <= php-4.4.0-20051004 >= php-4.4.1-20051031 +OpenPKG 2.5 <= php-4.4.0-2.5.1 >= php-4.4.0-2.5.2 + <= apache-1.3.33-2.5.3 >= apache-1.3.33-2.5.4 +OpenPKG 2.4 <= php-4.3.11-2.4.1 >= php-4.3.11-2.4.2 + <= apache-1.3.33-2.4.3 >= apache-1.3.33-2.4.4 +OpenPKG 2.3 <= php-4.3.10-2.3.3 >= php-4.3.10-2.3.4 + <= apache-1.3.33-2.3.5 >= apache-1.3.33-2.3.6 + +Description: + Multiple vulnerabilities were recently found in the PHP [1] web + scripting language: + + 1. The "exif_read_data" function in the EXIF module in PHP before + 4.4.1 allows remote attackers to cause a Denial of Service (DoS) + through an infinite recursion via a malformed JPEG image. The + Common Vulnerabilities and Exposures (CVE) project assigned the id + CVE-2005-3353 [2] to the problem. + + 2. A Cross-Site Scripting (XSS) vulnerability in the "phpinfo" + function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote + attackers to inject arbitrary web script or HTML via a crafted URL + with a "stacked array assignment". The Common Vulnerabilities and + Exposures (CVE) project assigned the id CVE-2005-3388 [3] to the + problem. + + 3. The "parse_str" function in PHP 4.x up to 4.4.0 and 5.x up to + 5.0.5, when called with only one parameter, allows remote attackers + to enable the "register_globals" directive via inputs that cause a + request to be terminated due to the "memory_limit" setting, which + causes PHP to set an internal flag that enables "register_globals" and + allows attackers to exploit vulnerabilities in PHP applications that + would otherwise be protected. The Common Vulnerabilities and Exposures + (CVE) project assigned the id CVE-2005-3389 [4] to the problem. + + 4. The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up + to 5.0.5, when "register_globals" is enabled, allows remote attackers + to modify the "GLOBALS" array and bypass security protections of PHP + applications via a "multipart/form-data" POST request with a "GLOBALS" + "fileupload" field. The Common Vulnerabilities and Exposures (CVE) + project assigned the id CVE-2005-3390 [5] to the problem. + + 5. Multiple vulnerabilities in PHP before 4.4.1 allow remote + attackers to bypass "safe_mode" and "open_basedir" restrictions + via unknown attack vectors in the "curl" and "gd" extensions. The + Common Vulnerabilities and Exposures (CVE) project assigned the id + CVE-2005-3391 [6] to the problem. + + 6. The additionally discovered issue CVE-2005-3392 doesn't affect PHP + under the OpenPKG platforms. + + +References: + [1] http://www.php.net/ + [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353 + [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388 + [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389 + [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390 + [6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391 +___
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/apache/ apache.patch.php...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 19:16:15
Branch: OPENPKG_2_3_SOLIDHandle: 2005120318161400
Modified files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/apache apache.patch.php apache.spec
Log:
Security Fixes (CVE-2005-3353, CVE-2005-3388, CVE-2005-3389,
CVE-2005-3390, CVE-2005-3391)
Summary:
RevisionChanges Path
1.4.2.1 +228 -0 openpkg-src/apache/apache.patch.php
1.285.2.7 +1 -1 openpkg-src/apache/apache.spec
patch -p0 <<'@@ .'
Index: openpkg-src/apache/apache.patch.php
$ cvs diff -u -r1.4 -r1.4.2.1 apache.patch.php
--- openpkg-src/apache/apache.patch.php 6 Feb 2005 13:50:04 -
1.4
+++ openpkg-src/apache/apache.patch.php 3 Dec 2005 18:16:14 -
1.4.2.1
@@ -81,3 +81,231 @@
#define u_int32_t uint32_t
#endif
+-
+
+Security Fix (CVE-2005-3353)
+
+Index: ext/exif/exif.c
+--- ext/exif/exif.c.orig 2005-03-22 23:07:03 +0100
ext/exif/exif.c 2005-12-03 17:41:40 +0100
+@@ -3014,6 +3014,12 @@
+ }
+ }
+ /*
++ * Ignore IFD2 if it purportedly exists
++ */
++if (section_index == SECTION_THUMBNAIL) {
++return TRUE;
++}
++/*
+ * Hack to make it process IDF1 I hope
+ * There are 2 IDFs, the second one holds the keys (0x0201 and 0x0202)
to the thumbnail
+ */
+
+-
+
+Security Fix (CVE-2005-3388)
+
+Index: ext/standard/info.c
+--- ext/standard/info.c.orig 2005-06-07 15:37:33 +0200
ext/standard/info.c 2005-12-03 17:42:11 +0100
+@@ -133,10 +133,21 @@
+ PUTS(" => ");
+ }
+ if (Z_TYPE_PP(tmp) == IS_ARRAY) {
++zval *tmp3;
++MAKE_STD_ZVAL(tmp3);
+ if (!sapi_module.phpinfo_as_text) {
+ PUTS("");
+ }
++php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
+ zend_print_zval_r(*tmp, 0);
++php_ob_get_buffer(tmp3 TSRMLS_CC);
++php_end_ob_buffer(0, 0 TSRMLS_CC);
++
++elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3)
TSRMLS_CC);
++PUTS(elem_esc);
++efree(elem_esc);
++zval_ptr_dtor(&tmp3);
++
+ if (!sapi_module.phpinfo_as_text) {
+ PUTS("");
+ }
+@@ -196,7 +207,7 @@
+ PHPAPI char *php_info_html_esc(char *string TSRMLS_DC)
+ {
+ int new_len;
+-return php_escape_html_entities(string, strlen(string), &new_len, 0,
ENT_NOQUOTES, NULL TSRMLS_CC);
++return php_escape_html_entities(string, strlen(string), &new_len, 0,
ENT_QUOTES, NULL TSRMLS_CC);
+ }
+ /* }}} */
+
+
+-
+
+Security Fix (CVE-2005-3389)
+
+Index: ext/standard/string.c
+--- ext/standard/string.c.orig 2005-06-02 10:50:52 +0200
ext/standard/string.c2005-12-03 17:43:25 +0100
+@@ -3179,7 +3179,6 @@
+ zval *sarg;
+ char *res = NULL;
+ int argCount;
+-int old_rg;
+
+ argCount = ARG_COUNT(ht);
+ if (argCount < 1 || argCount > 2 || zend_get_parameters_ex(argCount,
&arg, &arrayArg) == FAILURE) {
+@@ -3192,19 +3191,18 @@
+ res = estrndup(Z_STRVAL_P(sarg), Z_STRLEN_P(sarg));
+ }
+
+-old_rg = PG(register_globals);
+ if (argCount == 1) {
+-PG(register_globals) = 1;
+-sapi_module.treat_data(PARSE_STRING, res, NULL TSRMLS_CC);
++zval tmp;
++Z_ARRVAL(tmp) = EG(active_symbol_table);
++
++sapi_module.treat_data(PARSE_STRING, res, &tmp TSRMLS_CC);
+ } else {
+-PG(register_globals) = 0;
+ /* Clear out the array that was passed in. */
+ zval_dtor(*arrayArg);
+ array_init(*arrayArg);
+
+ sapi_module.treat_data(PARSE_STRING, res, *arrayArg TSRMLS_CC);
+ }
+-PG(
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/apache/ apache.patch.php...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 18:52:22
Branch: OPENPKG_2_4_SOLIDHandle: 2005120317522100
Modified files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/apache apache.patch.php apache.spec
Log:
Security Fixes (CVE-2005-3353, CVE-2005-3388, CVE-2005-3389,
CVE-2005-3390, CVE-2005-3391)
Summary:
RevisionChanges Path
1.5.2.1 +266 -0 openpkg-src/apache/apache.patch.php
1.297.2.5 +1 -1 openpkg-src/apache/apache.spec
patch -p0 <<'@@ .'
Index: openpkg-src/apache/apache.patch.php
$ cvs diff -u -r1.5 -r1.5.2.1 apache.patch.php
--- openpkg-src/apache/apache.patch.php 1 Apr 2005 06:20:27 -
1.5
+++ openpkg-src/apache/apache.patch.php 3 Dec 2005 17:52:21 -
1.5.2.1
@@ -60,3 +60,269 @@
} else {
PDF_open_mem(pdf, pdf_flushwrite);
}
+
+-
+
+Security Fix (CAN-2005-3054)
+
+Index: main/fopen_wrappers.c
+--- main/fopen_wrappers.c.orig 2005-02-03 00:44:07 +0100
main/fopen_wrappers.c2005-10-04 21:52:15 +0200
+@@ -120,8 +120,8 @@
+ /* Handler for basedirs that end with a / */
+ resolved_basedir_len = strlen(resolved_basedir);
+ if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) {
+-if (resolved_basedir[resolved_basedir_len - 1] == '/') {
+-resolved_basedir[resolved_basedir_len - 1] =
PHP_DIR_SEPARATOR;
++if (resolved_basedir[resolved_basedir_len - 1] !=
PHP_DIR_SEPARATOR) {
++resolved_basedir[resolved_basedir_len] =
PHP_DIR_SEPARATOR;
+ resolved_basedir[++resolved_basedir_len] = '\0';
+ }
+ }
+
+-
+
+Security Fix (CVE-2005-3353)
+
+Index: ext/exif/exif.c
+--- ext/exif/exif.c.orig 2005-03-22 23:07:03 +0100
ext/exif/exif.c 2005-12-03 17:41:40 +0100
+@@ -3014,6 +3014,12 @@
+ }
+ }
+ /*
++ * Ignore IFD2 if it purportedly exists
++ */
++if (section_index == SECTION_THUMBNAIL) {
++return TRUE;
++}
++/*
+ * Hack to make it process IDF1 I hope
+ * There are 2 IDFs, the second one holds the keys (0x0201 and 0x0202)
to the thumbnail
+ */
+
+-
+
+Security Fix (CVE-2005-3388)
+
+Index: ext/standard/info.c
+--- ext/standard/info.c.orig 2005-06-07 15:37:33 +0200
ext/standard/info.c 2005-12-03 17:42:11 +0100
+@@ -133,10 +133,21 @@
+ PUTS(" => ");
+ }
+ if (Z_TYPE_PP(tmp) == IS_ARRAY) {
++zval *tmp3;
++MAKE_STD_ZVAL(tmp3);
+ if (!sapi_module.phpinfo_as_text) {
+ PUTS("");
+ }
++php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
+ zend_print_zval_r(*tmp, 0);
++php_ob_get_buffer(tmp3 TSRMLS_CC);
++php_end_ob_buffer(0, 0 TSRMLS_CC);
++
++elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3)
TSRMLS_CC);
++PUTS(elem_esc);
++efree(elem_esc);
++zval_ptr_dtor(&tmp3);
++
+ if (!sapi_module.phpinfo_as_text) {
+ PUTS("");
+ }
+@@ -196,7 +207,7 @@
+ PHPAPI char *php_info_html_esc(char *string TSRMLS_DC)
+ {
+ int new_len;
+-return php_escape_html_entities(string, strlen(string), &new_len, 0,
ENT_NOQUOTES, NULL TSRMLS_CC);
++return php_escape_html_entities(string, strlen(string), &new_len, 0,
ENT_QUOTES, NULL TSRMLS_CC);
+ }
+ /* }}} */
+
+
+-
+
+Security Fix (CVE-2005-3389)
+
+Index: ext/standard/string.c
+--- ext/standard/string.c.orig 2005-06-02 10:50:52 +0200
ext/standard/string.c2005-12-03 17:43:25 +0100
+@@
[CVS] OpenPKG: OPENPKG_2_5_SOLID: openpkg-src/apache/ apache.patch.php...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 18:49:08
Branch: OPENPKG_2_5_SOLIDHandle: 2005120317490701
Modified files: (Branch: OPENPKG_2_5_SOLID)
openpkg-src/apache apache.patch.php apache.spec
Log:
Security Fixes (CVE-2005-3353, CVE-2005-3388, CVE-2005-3389,
CVE-2005-3390, CVE-2005-3391)
Summary:
RevisionChanges Path
1.5.4.1 +266 -0 openpkg-src/apache/apache.patch.php
1.308.2.5 +1 -1 openpkg-src/apache/apache.spec
patch -p0 <<'@@ .'
Index: openpkg-src/apache/apache.patch.php
$ cvs diff -u -r1.5 -r1.5.4.1 apache.patch.php
--- openpkg-src/apache/apache.patch.php 1 Apr 2005 06:20:27 -
1.5
+++ openpkg-src/apache/apache.patch.php 3 Dec 2005 17:49:07 -
1.5.4.1
@@ -60,3 +60,269 @@
} else {
PDF_open_mem(pdf, pdf_flushwrite);
}
+
+-
+
+Security Fix (CAN-2005-3054)
+
+Index: main/fopen_wrappers.c
+--- main/fopen_wrappers.c.orig 2005-02-03 00:44:07 +0100
main/fopen_wrappers.c2005-10-04 21:52:15 +0200
+@@ -120,8 +120,8 @@
+ /* Handler for basedirs that end with a / */
+ resolved_basedir_len = strlen(resolved_basedir);
+ if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) {
+-if (resolved_basedir[resolved_basedir_len - 1] == '/') {
+-resolved_basedir[resolved_basedir_len - 1] =
PHP_DIR_SEPARATOR;
++if (resolved_basedir[resolved_basedir_len - 1] !=
PHP_DIR_SEPARATOR) {
++resolved_basedir[resolved_basedir_len] =
PHP_DIR_SEPARATOR;
+ resolved_basedir[++resolved_basedir_len] = '\0';
+ }
+ }
+
+-
+
+Security Fix (CVE-2005-3353)
+
+Index: ext/exif/exif.c
+--- ext/exif/exif.c.orig 2005-03-22 23:07:03 +0100
ext/exif/exif.c 2005-12-03 17:41:40 +0100
+@@ -3014,6 +3014,12 @@
+ }
+ }
+ /*
++ * Ignore IFD2 if it purportedly exists
++ */
++if (section_index == SECTION_THUMBNAIL) {
++return TRUE;
++}
++/*
+ * Hack to make it process IDF1 I hope
+ * There are 2 IDFs, the second one holds the keys (0x0201 and 0x0202)
to the thumbnail
+ */
+
+-
+
+Security Fix (CVE-2005-3388)
+
+Index: ext/standard/info.c
+--- ext/standard/info.c.orig 2005-06-07 15:37:33 +0200
ext/standard/info.c 2005-12-03 17:42:11 +0100
+@@ -133,10 +133,21 @@
+ PUTS(" => ");
+ }
+ if (Z_TYPE_PP(tmp) == IS_ARRAY) {
++zval *tmp3;
++MAKE_STD_ZVAL(tmp3);
+ if (!sapi_module.phpinfo_as_text) {
+ PUTS("");
+ }
++php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
+ zend_print_zval_r(*tmp, 0);
++php_ob_get_buffer(tmp3 TSRMLS_CC);
++php_end_ob_buffer(0, 0 TSRMLS_CC);
++
++elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3)
TSRMLS_CC);
++PUTS(elem_esc);
++efree(elem_esc);
++zval_ptr_dtor(&tmp3);
++
+ if (!sapi_module.phpinfo_as_text) {
+ PUTS("");
+ }
+@@ -196,7 +207,7 @@
+ PHPAPI char *php_info_html_esc(char *string TSRMLS_DC)
+ {
+ int new_len;
+-return php_escape_html_entities(string, strlen(string), &new_len, 0,
ENT_NOQUOTES, NULL TSRMLS_CC);
++return php_escape_html_entities(string, strlen(string), &new_len, 0,
ENT_QUOTES, NULL TSRMLS_CC);
+ }
+ /* }}} */
+
+
+-
+
+Security Fix (CVE-2005-3389)
+
+Index: ext/standard/string.c
+--- ext/standard/string.c.orig 2005-06-02 10:50:52 +0200
ext/standard/string.c2005-12-03 17:43:25 +0100
+@@
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/php/ php.patch php.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 18:16:50
Branch: OPENPKG_2_3_SOLIDHandle: 2005120317165000
Modified files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/php php.patch php.spec
Log:
Security Fixes (CVE-2005-3353, CVE-2005-3388, CVE-2005-3389,
CVE-2005-3390, CVE-2005-3391)
Summary:
RevisionChanges Path
1.9.2.2 +229 -0 openpkg-src/php/php.patch
1.103.2.5 +1 -1 openpkg-src/php/php.spec
patch -p0 <<'@@ .'
Index: openpkg-src/php/php.patch
$ cvs diff -u -r1.9.2.1 -r1.9.2.2 php.patch
--- openpkg-src/php/php.patch 4 Oct 2005 20:00:38 - 1.9.2.1
+++ openpkg-src/php/php.patch 3 Dec 2005 17:16:50 - 1.9.2.2
@@ -128,3 +128,232 @@
resolved_basedir[++resolved_basedir_len] = '\0';
}
}
+
+-
+
+Security Fix (CVE-2005-3353)
+
+Index: ext/exif/exif.c
+--- ext/exif/exif.c.orig 2005-03-22 23:07:03 +0100
ext/exif/exif.c 2005-12-03 17:41:40 +0100
+@@ -3014,6 +3014,12 @@
+ }
+ }
+ /*
++ * Ignore IFD2 if it purportedly exists
++ */
++if (section_index == SECTION_THUMBNAIL) {
++return TRUE;
++}
++/*
+ * Hack to make it process IDF1 I hope
+ * There are 2 IDFs, the second one holds the keys (0x0201 and 0x0202)
to the thumbnail
+ */
+
+-
+
+Security Fix (CVE-2005-3388)
+
+Index: ext/standard/info.c
+--- ext/standard/info.c.orig 2005-06-07 15:37:33 +0200
ext/standard/info.c 2005-12-03 17:42:11 +0100
+@@ -133,10 +133,21 @@
+ PUTS(" => ");
+ }
+ if (Z_TYPE_PP(tmp) == IS_ARRAY) {
++zval *tmp3;
++MAKE_STD_ZVAL(tmp3);
+ if (!sapi_module.phpinfo_as_text) {
+ PUTS("");
+ }
++php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
+ zend_print_zval_r(*tmp, 0);
++php_ob_get_buffer(tmp3 TSRMLS_CC);
++php_end_ob_buffer(0, 0 TSRMLS_CC);
++
++elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3)
TSRMLS_CC);
++PUTS(elem_esc);
++efree(elem_esc);
++zval_ptr_dtor(&tmp3);
++
+ if (!sapi_module.phpinfo_as_text) {
+ PUTS("");
+ }
+@@ -196,7 +207,7 @@
+ PHPAPI char *php_info_html_esc(char *string TSRMLS_DC)
+ {
+ int new_len;
+-return php_escape_html_entities(string, strlen(string), &new_len, 0,
ENT_NOQUOTES, NULL TSRMLS_CC);
++return php_escape_html_entities(string, strlen(string), &new_len, 0,
ENT_QUOTES, NULL TSRMLS_CC);
+ }
+ /* }}} */
+
+
+-
+
+Security Fix (CVE-2005-3389)
+
+Index: ext/standard/string.c
+--- ext/standard/string.c.orig 2005-06-02 10:50:52 +0200
ext/standard/string.c2005-12-03 17:43:25 +0100
+@@ -3179,7 +3179,6 @@
+ zval *sarg;
+ char *res = NULL;
+ int argCount;
+-int old_rg;
+
+ argCount = ARG_COUNT(ht);
+ if (argCount < 1 || argCount > 2 || zend_get_parameters_ex(argCount,
&arg, &arrayArg) == FAILURE) {
+@@ -3192,19 +3191,18 @@
+ res = estrndup(Z_STRVAL_P(sarg), Z_STRLEN_P(sarg));
+ }
+
+-old_rg = PG(register_globals);
+ if (argCount == 1) {
+-PG(register_globals) = 1;
+-sapi_module.treat_data(PARSE_STRING, res, NULL TSRMLS_CC);
++zval tmp;
++Z_ARRVAL(tmp) = EG(active_symbol_table);
++
++sapi_module.treat_data(PARSE_STRING, res, &tmp TSRMLS_CC);
+ } else {
+-PG(register_globals) = 0;
+ /* Clear out the array that was passed in. */
+ zval_dtor(*arrayArg);
+ array_init(*arrayArg);
+
+ sapi_module.treat_data(PARSE_STRING, res, *arrayArg TSRMLS_CC);
+
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/php/ php.patch php.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 18:09:54
Branch: OPENPKG_2_4_SOLIDHandle: 2005120317095300
Modified files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/php php.patch php.spec
Log:
Security Fixes (CVE-2005-3353, CVE-2005-3388, CVE-2005-3389,
CVE-2005-3390, CVE-2005-3391)
Summary:
RevisionChanges Path
1.10.2.2+247 -0 openpkg-src/php/php.patch
1.109.2.3 +1 -1 openpkg-src/php/php.spec
patch -p0 <<'@@ .'
Index: openpkg-src/php/php.patch
$ cvs diff -u -r1.10.2.1 -r1.10.2.2 php.patch
--- openpkg-src/php/php.patch 4 Oct 2005 19:57:35 - 1.10.2.1
+++ openpkg-src/php/php.patch 3 Dec 2005 17:09:53 - 1.10.2.2
@@ -108,3 +108,250 @@
resolved_basedir[++resolved_basedir_len] = '\0';
}
}
+
+-
+
+Security Fix (CVE-2005-3353)
+
+Index: ext/exif/exif.c
+--- ext/exif/exif.c.orig 2005-03-22 23:07:03 +0100
ext/exif/exif.c 2005-12-03 17:41:40 +0100
+@@ -3014,6 +3014,12 @@
+ }
+ }
+ /*
++ * Ignore IFD2 if it purportedly exists
++ */
++if (section_index == SECTION_THUMBNAIL) {
++return TRUE;
++}
++/*
+ * Hack to make it process IDF1 I hope
+ * There are 2 IDFs, the second one holds the keys (0x0201 and 0x0202)
to the thumbnail
+ */
+
+-
+
+Security Fix (CVE-2005-3388)
+
+Index: ext/standard/info.c
+--- ext/standard/info.c.orig 2005-06-07 15:37:33 +0200
ext/standard/info.c 2005-12-03 17:42:11 +0100
+@@ -133,10 +133,21 @@
+ PUTS(" => ");
+ }
+ if (Z_TYPE_PP(tmp) == IS_ARRAY) {
++zval *tmp3;
++MAKE_STD_ZVAL(tmp3);
+ if (!sapi_module.phpinfo_as_text) {
+ PUTS("");
+ }
++php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
+ zend_print_zval_r(*tmp, 0);
++php_ob_get_buffer(tmp3 TSRMLS_CC);
++php_end_ob_buffer(0, 0 TSRMLS_CC);
++
++elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3)
TSRMLS_CC);
++PUTS(elem_esc);
++efree(elem_esc);
++zval_ptr_dtor(&tmp3);
++
+ if (!sapi_module.phpinfo_as_text) {
+ PUTS("");
+ }
+@@ -196,7 +207,7 @@
+ PHPAPI char *php_info_html_esc(char *string TSRMLS_DC)
+ {
+ int new_len;
+-return php_escape_html_entities(string, strlen(string), &new_len, 0,
ENT_NOQUOTES, NULL TSRMLS_CC);
++return php_escape_html_entities(string, strlen(string), &new_len, 0,
ENT_QUOTES, NULL TSRMLS_CC);
+ }
+ /* }}} */
+
+
+-
+
+Security Fix (CVE-2005-3389)
+
+Index: ext/standard/string.c
+--- ext/standard/string.c.orig 2005-06-02 10:50:52 +0200
ext/standard/string.c2005-12-03 17:43:25 +0100
+@@ -3179,7 +3179,6 @@
+ zval *sarg;
+ char *res = NULL;
+ int argCount;
+-int old_rg;
+
+ argCount = ARG_COUNT(ht);
+ if (argCount < 1 || argCount > 2 || zend_get_parameters_ex(argCount,
&arg, &arrayArg) == FAILURE) {
+@@ -3192,19 +3191,18 @@
+ res = estrndup(Z_STRVAL_P(sarg), Z_STRLEN_P(sarg));
+ }
+
+-old_rg = PG(register_globals);
+ if (argCount == 1) {
+-PG(register_globals) = 1;
+-sapi_module.treat_data(PARSE_STRING, res, NULL TSRMLS_CC);
++zval tmp;
++Z_ARRVAL(tmp) = EG(active_symbol_table);
++
++sapi_module.treat_data(PARSE_STRING, res, &tmp TSRMLS_CC);
+ } else {
+-PG(register_globals) = 0;
+ /* Clear out the array that was passed in. */
+ zval_dtor(*arrayArg);
+ array_init(*arrayArg);
+
+ sapi_module.treat_data(PARSE_STRING, res, *arrayArg TSRMLS_CC);
[CVS] OpenPKG: OPENPKG_2_5_SOLID: openpkg-src/php/ php.patch php.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 18:04:18
Branch: OPENPKG_2_5_SOLIDHandle: 2005120317041601
Modified files: (Branch: OPENPKG_2_5_SOLID)
openpkg-src/php php.patch php.spec
Log:
Security Fixes (CVE-2005-3353, CVE-2005-3388, CVE-2005-3389,
CVE-2005-3390, CVE-2005-3391)
Summary:
RevisionChanges Path
1.11.2.1+247 -0 openpkg-src/php/php.patch
1.112.2.3 +1 -1 openpkg-src/php/php.spec
patch -p0 <<'@@ .'
Index: openpkg-src/php/php.patch
$ cvs diff -u -r1.11 -r1.11.2.1 php.patch
--- openpkg-src/php/php.patch 4 Oct 2005 19:54:54 - 1.11
+++ openpkg-src/php/php.patch 3 Dec 2005 17:04:16 - 1.11.2.1
@@ -108,3 +108,250 @@
resolved_basedir[++resolved_basedir_len] = '\0';
}
}
+
+-
+
+Security Fix (CVE-2005-3353)
+
+Index: ext/exif/exif.c
+--- ext/exif/exif.c.orig 2005-03-22 23:07:03 +0100
ext/exif/exif.c 2005-12-03 17:41:40 +0100
+@@ -3014,6 +3014,12 @@
+ }
+ }
+ /*
++ * Ignore IFD2 if it purportedly exists
++ */
++if (section_index == SECTION_THUMBNAIL) {
++return TRUE;
++}
++/*
+ * Hack to make it process IDF1 I hope
+ * There are 2 IDFs, the second one holds the keys (0x0201 and 0x0202)
to the thumbnail
+ */
+
+-
+
+Security Fix (CVE-2005-3388)
+
+Index: ext/standard/info.c
+--- ext/standard/info.c.orig 2005-06-07 15:37:33 +0200
ext/standard/info.c 2005-12-03 17:42:11 +0100
+@@ -133,10 +133,21 @@
+ PUTS(" => ");
+ }
+ if (Z_TYPE_PP(tmp) == IS_ARRAY) {
++zval *tmp3;
++MAKE_STD_ZVAL(tmp3);
+ if (!sapi_module.phpinfo_as_text) {
+ PUTS("");
+ }
++php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
+ zend_print_zval_r(*tmp, 0);
++php_ob_get_buffer(tmp3 TSRMLS_CC);
++php_end_ob_buffer(0, 0 TSRMLS_CC);
++
++elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3)
TSRMLS_CC);
++PUTS(elem_esc);
++efree(elem_esc);
++zval_ptr_dtor(&tmp3);
++
+ if (!sapi_module.phpinfo_as_text) {
+ PUTS("");
+ }
+@@ -196,7 +207,7 @@
+ PHPAPI char *php_info_html_esc(char *string TSRMLS_DC)
+ {
+ int new_len;
+-return php_escape_html_entities(string, strlen(string), &new_len, 0,
ENT_NOQUOTES, NULL TSRMLS_CC);
++return php_escape_html_entities(string, strlen(string), &new_len, 0,
ENT_QUOTES, NULL TSRMLS_CC);
+ }
+ /* }}} */
+
+
+-
+
+Security Fix (CVE-2005-3389)
+
+Index: ext/standard/string.c
+--- ext/standard/string.c.orig 2005-06-02 10:50:52 +0200
ext/standard/string.c2005-12-03 17:43:25 +0100
+@@ -3179,7 +3179,6 @@
+ zval *sarg;
+ char *res = NULL;
+ int argCount;
+-int old_rg;
+
+ argCount = ARG_COUNT(ht);
+ if (argCount < 1 || argCount > 2 || zend_get_parameters_ex(argCount,
&arg, &arrayArg) == FAILURE) {
+@@ -3192,19 +3191,18 @@
+ res = estrndup(Z_STRVAL_P(sarg), Z_STRLEN_P(sarg));
+ }
+
+-old_rg = PG(register_globals);
+ if (argCount == 1) {
+-PG(register_globals) = 1;
+-sapi_module.treat_data(PARSE_STRING, res, NULL TSRMLS_CC);
++zval tmp;
++Z_ARRVAL(tmp) = EG(active_symbol_table);
++
++sapi_module.treat_data(PARSE_STRING, res, &tmp TSRMLS_CC);
+ } else {
+-PG(register_globals) = 0;
+ /* Clear out the array that was passed in. */
+ zval_dtor(*arrayArg);
+ array_init(*arrayArg);
+
+ sapi_module.treat_data(PARSE_STRING, res, *arrayArg TSRMLS_CC);
+ }
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2005.026-lynx.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 03-Dec-2005 15:22:58 Branch: HEAD Handle: 2005120314225800 Added files: openpkg-web/securityOpenPKG-SA-2005.026-lynx.txt Log: release OpenPKG Security Advisory 2005.026 (lynx) Summary: RevisionChanges Path 1.1 +61 -0 openpkg-web/security/OpenPKG-SA-2005.026-lynx.txt patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-2005.026-lynx.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2005.026-lynx.txt --- /dev/null 2005-12-03 15:22:53 +0100 +++ OpenPKG-SA-2005.026-lynx.txt 2005-12-03 15:22:58 +0100 @@ -0,0 +1,61 @@ +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA1 + + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2005.026 03-Dec-2005 + + +Package: lynx +Vulnerability: command injection +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT <= lynx-2.8.5-20051030 >= lynx-2.8.5.5-20051203 +OpenPKG 2.5 <= lynx-2.8.5-2.5.0 >= lynx-2.8.5-2.5.1 +OpenPKG 2.4 <= lynx-2.8.5-2.4.0 >= lynx-2.8.5-2.4.1 +OpenPKG 2.3 <= lynx-2.8.5-2.3.0 >= lynx-2.8.5-2.3.1 + +Description: + According to a iDEFENSE security advisory [0], a command injection + vulnerability exists in the Lynx [2] WWW textual client. The + vulnerability could allow attackers to execute arbitrary commands + with the privileges of the underlying user. The problem specifically + exists within the feature to execute local "cgi-bin" programs via the + "lynxcgi:" URI handler. The Common Vulnerabilities and Exposures (CVE) + project assigned the id CVE-2005-2929 [3] to the problem. + + Additionally, according to a security advisory from Ulf Harnhammar + [1], a stack-based buffer overflow in the "HTrjis" function in Lynx + allows remote NNTP servers to execute arbitrary code via certain + article headers containing Asian characters that cause Lynx to + add extra escape (ESC) characters. The Common Vulnerabilities and + Exposures (CVE) project assigned the id CVE-2005-3120 [4] to the + problem. + + +References: + [0] http://www.idefense.com/application/poi/display?id=338 + [1] http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html + [2] http://lynx.isc.org/ + [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2929 + [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120 + + +For security reasons, this advisory was digitally signed with the +OpenPGP public key "OpenPKG <[EMAIL PROTECTED]>" (ID 63C4CB9F) of the +OpenPKG project which you can retrieve from http://pgp.openpkg.org and +hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/ +for details on how to verify the integrity of this advisory. + + +-BEGIN PGP SIGNATURE- +Comment: OpenPKG <[EMAIL PROTECTED]> + +iD8DBQFDkaokgHWT4GPEy58RAnurAJ9k6+9V7BtgDG6PmJ4FXgV8+urLYQCgueUG +XQSysqWKUgxnq/NW+k/BQ3A= +=x+XU +-END PGP SIGNATURE- @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/lynx/ lynx.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 15:12:48
Branch: OPENPKG_2_3_SOLIDHandle: 2005120314124700
Modified files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/lynxlynx.spec
Log:
Security Fixes (CVE-2005-2929 CAN-2005-3120)
Summary:
RevisionChanges Path
1.32.2.2+6 -1 openpkg-src/lynx/lynx.spec
patch -p0 <<'@@ .'
Index: openpkg-src/lynx/lynx.spec
$ cvs diff -u -r1.32.2.1 -r1.32.2.2 lynx.spec
--- openpkg-src/lynx/lynx.spec21 Feb 2005 17:07:31 - 1.32.2.1
+++ openpkg-src/lynx/lynx.spec3 Dec 2005 14:12:47 - 1.32.2.2
@@ -38,11 +38,15 @@
Group:Web
License: BSD
Version: %{V_real}
-Release: 2.3.0
+Release: 2.3.1
# list of sources
Source0: http://lynx.isc.org/release/lynx%{V_real}.tar.bz2
Patch0: lynx.patch
+Patch1: http://lynx.isc.org/release/patches/%{V_real}rel.2.patch.gz
+Patch2: http://lynx.isc.org/release/patches/%{V_real}rel.3.patch.gz
+Patch3: http://lynx.isc.org/release/patches/%{V_real}rel.4.patch.gz
+Patch4: http://lynx.isc.org/release/patches/%{V_real}rel.5.patch.gz
# build information
Prefix: %{l_prefix}
@@ -67,6 +71,7 @@
%prep
%setup -q -n lynx%{V_file}
%patch -p0
+%patch -p1 -P 1 2 3 4
%build
CC="%{l_cc}" \
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/lynx/ lynx.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 15:11:42
Branch: OPENPKG_2_4_SOLIDHandle: 2005120314114100
Modified files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/lynxlynx.spec
Log:
Security Fixes (CVE-2005-2929 CAN-2005-3120)
Summary:
RevisionChanges Path
1.34.2.2+6 -1 openpkg-src/lynx/lynx.spec
patch -p0 <<'@@ .'
Index: openpkg-src/lynx/lynx.spec
$ cvs diff -u -r1.34.2.1 -r1.34.2.2 lynx.spec
--- openpkg-src/lynx/lynx.spec15 Jun 2005 19:00:27 - 1.34.2.1
+++ openpkg-src/lynx/lynx.spec3 Dec 2005 14:11:41 - 1.34.2.2
@@ -37,11 +37,15 @@
Group:Web
License: BSD
Version: %{V_real}
-Release: 2.4.0
+Release: 2.4.1
# list of sources
Source0: http://lynx.isc.org/release/lynx%{V_real}.tar.bz2
Patch0: lynx.patch
+Patch1: http://lynx.isc.org/release/patches/%{V_real}rel.2.patch.gz
+Patch2: http://lynx.isc.org/release/patches/%{V_real}rel.3.patch.gz
+Patch3: http://lynx.isc.org/release/patches/%{V_real}rel.4.patch.gz
+Patch4: http://lynx.isc.org/release/patches/%{V_real}rel.5.patch.gz
# build information
Prefix: %{l_prefix}
@@ -66,6 +70,7 @@
%prep
%setup -q -n lynx%{V_file}
%patch -p0
+%patch -p1 -P 1 2 3 4
%build
CC="%{l_cc}" \
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_5_SOLID: openpkg-src/lynx/ lynx.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 15:10:34
Branch: OPENPKG_2_5_SOLIDHandle: 2005120314103300
Modified files: (Branch: OPENPKG_2_5_SOLID)
openpkg-src/lynxlynx.spec
Log:
Security Fixes (CVE-2005-2929 CAN-2005-3120)
Summary:
RevisionChanges Path
1.34.4.2+6 -1 openpkg-src/lynx/lynx.spec
patch -p0 <<'@@ .'
Index: openpkg-src/lynx/lynx.spec
$ cvs diff -u -r1.34.4.1 -r1.34.4.2 lynx.spec
--- openpkg-src/lynx/lynx.spec11 Oct 2005 12:50:44 - 1.34.4.1
+++ openpkg-src/lynx/lynx.spec3 Dec 2005 14:10:33 - 1.34.4.2
@@ -37,11 +37,15 @@
Group:Web
License: BSD
Version: %{V_real}
-Release: 2.5.0
+Release: 2.5.1
# list of sources
Source0: http://lynx.isc.org/release/lynx%{V_real}.tar.bz2
Patch0: lynx.patch
+Patch1: http://lynx.isc.org/release/patches/%{V_real}rel.2.patch.gz
+Patch2: http://lynx.isc.org/release/patches/%{V_real}rel.3.patch.gz
+Patch3: http://lynx.isc.org/release/patches/%{V_real}rel.4.patch.gz
+Patch4: http://lynx.isc.org/release/patches/%{V_real}rel.5.patch.gz
# build information
Prefix: %{l_prefix}
@@ -66,6 +70,7 @@
%prep
%setup -q -n lynx%{V_file}
%patch -p0
+%patch -p1 -P 1 2 3 4
%build
CC="%{l_cc}" \
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/lynx/ lynx.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 15:08:33
Branch: HEAD Handle: 2005120314083200
Modified files:
openpkg-src/lynxlynx.spec
Log:
Security Fixes (CVE-2005-2929 CAN-2005-3120)
Summary:
RevisionChanges Path
1.36+13 -2 openpkg-src/lynx/lynx.spec
patch -p0 <<'@@ .'
Index: openpkg-src/lynx/lynx.spec
$ cvs diff -u -r1.35 -r1.36 lynx.spec
--- openpkg-src/lynx/lynx.spec30 Oct 2005 09:01:23 - 1.35
+++ openpkg-src/lynx/lynx.spec3 Dec 2005 14:08:32 - 1.36
@@ -25,6 +25,7 @@
# package version
%define V_file 2-8-5
%define V_real 2.8.5
+%define V_pl 5
# package information
Name: lynx
@@ -36,12 +37,16 @@
Class:BASE
Group:Web
License: BSD
-Version: %{V_real}
-Release: 20051030
+Version: %{V_real}.%{V_pl}
+Release: 20051203
# list of sources
Source0: http://lynx.isc.org/release/lynx%{V_real}.tar.bz2
Patch0: lynx.patch
+Patch1: http://lynx.isc.org/release/patches/%{V_real}rel.2.patch.gz
+Patch2: http://lynx.isc.org/release/patches/%{V_real}rel.3.patch.gz
+Patch3: http://lynx.isc.org/release/patches/%{V_real}rel.4.patch.gz
+Patch4: http://lynx.isc.org/release/patches/%{V_real}rel.5.patch.gz
# build information
Prefix: %{l_prefix}
@@ -62,10 +67,16 @@
url = http://lynx.isc.org/release/
regex = lynx(__VER__)\.tar\.bz2
}
+prog lynx:patch = {
+version = %{V_pl}
+url = http://lynx.isc.org/release/patches/
+regex = __VER__rel\.(\d+)\.patch\.gz
+}
%prep
%setup -q -n lynx%{V_file}
%patch -p0
+%patch -p1 -P 1 2 3 4
%build
CC="%{l_cc}" \
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/ security.txt security.wml
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 03-Dec-2005 14:24:40 Branch: HEAD Handle: 2005120313243900 Modified files: openpkg-web security.txt security.wml Log: add Perl SA to website Summary: RevisionChanges Path 1.116 +2 -1 openpkg-web/security.txt 1.145 +1 -0 openpkg-web/security.wml patch -p0 <<'@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.115 -r1.116 security.txt --- openpkg-web/security.txt 3 Dec 2005 12:38:22 - 1.115 +++ openpkg-web/security.txt 3 Dec 2005 13:24:39 - 1.116 @@ -1,4 +1,5 @@ -03-Dec-2005: Security Advisory: S +03-Dec-2005: Security Advisory: S +03-Dec-2005: Security Advisory: S 02-Nov-2005: Security Advisory: S 17-Oct-2005: Security Advisory: S 10-Sep-2005: Security Advisory: S @@ . patch -p0 <<'@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.144 -r1.145 security.wml --- openpkg-web/security.wml 3 Dec 2005 12:38:22 - 1.144 +++ openpkg-web/security.wml 3 Dec 2005 13:24:39 - 1.145 @@ -90,6 +90,7 @@ + @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2005.025-perl.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 03-Dec-2005 14:24:09 Branch: HEAD Handle: 2005120313240900 Added files: openpkg-web/securityOpenPKG-SA-2005.025-perl.txt Log: release OpenPKG Security Advisory 2005.025 (perl) Summary: RevisionChanges Path 1.1 +51 -0 openpkg-web/security/OpenPKG-SA-2005.025-perl.txt patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-2005.025-perl.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2005.025-perl.txt --- /dev/null 2005-12-03 14:24:07 +0100 +++ OpenPKG-SA-2005.025-perl.txt 2005-12-03 14:24:09 +0100 @@ -0,0 +1,51 @@ +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA1 + + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2005.025 03-Dec-2005 + + +Package: perl +Vulnerability: integer overflow, arbitrary code execution +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT <= perl-5.8.7-20050921 >= perl-5.8.7-20051203 +OpenPKG 2.5 <= perl-5.8.7-2.5.0 >= perl-5.8.7-2.5.1 +OpenPKG 2.4 <= perl-5.8.7-2.4.0 >= perl-5.8.7-2.4.1 +OpenPKG 2.3 <= perl-5.8.6-2.3.0 >= perl-5.8.6-2.3.1 + +Description: + According to a security advisory from Dyad Security [0], an integer + overflow bug exists in the Perl [1] programming language. The integer + overflow is in the format string functionality (Perl_sv_vcatpvfn) of + Perl and allows attackers to overwrite arbitrary memory and possibly + execute arbitrary code via format string specifiers with large values. + The Common Vulnerabilities and Exposures (CVE) project assigned the id + CVE-2005-3962 [2] to the problem. + + +References: + [0] http://www.dyadsecurity.com/perl-0002.html + [1] http://www.perl.org/ + [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962 + + +For security reasons, this advisory was digitally signed with the +OpenPGP public key "OpenPKG <[EMAIL PROTECTED]>" (ID 63C4CB9F) of the +OpenPKG project which you can retrieve from http://pgp.openpkg.org and +hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/ +for details on how to verify the integrity of this advisory. + + +-BEGIN PGP SIGNATURE- +Comment: OpenPKG <[EMAIL PROTECTED]> + +iD8DBQFDkZxrgHWT4GPEy58RAikXAKCUQaaaYqxG3+QTRQtNVL5YLXvaMgCdGZqn +MTL3qjtRNoCw7vT6iRUDRs8= +=jRTP +-END PGP SIGNATURE- @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/perl/ perl.patch perl.sp...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 14:10:26
Branch: OPENPKG_2_3_SOLIDHandle: 2005120313102501
Modified files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/perlperl.patch perl.spec
Log:
Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl)
Summary:
RevisionChanges Path
1.15.2.1+20 -0 openpkg-src/perl/perl.patch
1.99.2.2+1 -1 openpkg-src/perl/perl.spec
patch -p0 <<'@@ .'
Index: openpkg-src/perl/perl.patch
$ cvs diff -u -r1.15 -r1.15.2.1 perl.patch
--- openpkg-src/perl/perl.patch 5 Feb 2005 14:12:27 - 1.15
+++ openpkg-src/perl/perl.patch 3 Dec 2005 13:10:25 - 1.15.2.1
@@ -365,3 +365,23 @@
vsprintf(buffer+len, fmt, ap);
PerlLIO_write(dbg, buffer, strlen(buffer));
+-
+
+Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl)
+
+Index: sv.c
+--- sv.c.orig2005-05-27 12:38:11 +0200
sv.c 2005-12-03 13:49:26 +0100
+@@ -8519,7 +8519,10 @@
+ if (EXPECT_NUMBER(q, width)) {
+ if (*q == '$') {
+ ++q;
+-efix = width;
++if (width > PERL_INT_MAX)
++efix = PERL_INT_MAX;
++else
++efix = width;
+ } else {
+ goto gotwidth;
+ }
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/perl/perl.spec
$ cvs diff -u -r1.99.2.1 -r1.99.2.2 perl.spec
--- openpkg-src/perl/perl.spec21 Feb 2005 17:07:58 - 1.99.2.1
+++ openpkg-src/perl/perl.spec3 Dec 2005 13:10:26 - 1.99.2.2
@@ -34,7 +34,7 @@
Group:Language
License: GPL/Artistic
Version: 5.8.6
-Release: 2.3.0
+Release: 2.3.1
# list of sources
Source0: ftp://ftp.cpan.org/pub/CPAN/src/perl-%{version}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/perl/ perl.patch perl.sp...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 14:05:24
Branch: OPENPKG_2_4_SOLIDHandle: 2005120313052300
Modified files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/perlperl.patch perl.spec
Log:
Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl)
Summary:
RevisionChanges Path
1.16.2.1+21 -0 openpkg-src/perl/perl.patch
1.102.2.2 +1 -1 openpkg-src/perl/perl.spec
patch -p0 <<'@@ .'
Index: openpkg-src/perl/perl.patch
$ cvs diff -u -r1.16 -r1.16.2.1 perl.patch
--- openpkg-src/perl/perl.patch 3 Jun 2005 07:03:35 - 1.16
+++ openpkg-src/perl/perl.patch 3 Dec 2005 13:05:23 - 1.16.2.1
@@ -265,3 +265,24 @@
# object oriented
my $sh = Shell->new;
+
+-
+
+Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl)
+
+Index: sv.c
+--- sv.c.orig2005-05-27 12:38:11 +0200
sv.c 2005-12-03 13:49:26 +0100
+@@ -8519,7 +8519,10 @@
+ if (EXPECT_NUMBER(q, width)) {
+ if (*q == '$') {
+ ++q;
+-efix = width;
++if (width > PERL_INT_MAX)
++efix = PERL_INT_MAX;
++else
++efix = width;
+ } else {
+ goto gotwidth;
+ }
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/perl/perl.spec
$ cvs diff -u -r1.102.2.1 -r1.102.2.2 perl.spec
--- openpkg-src/perl/perl.spec15 Jun 2005 19:02:13 -
1.102.2.1
+++ openpkg-src/perl/perl.spec3 Dec 2005 13:05:23 -
1.102.2.2
@@ -33,7 +33,7 @@
Group:Language
License: GPL/Artistic
Version: 5.8.7
-Release: 2.4.0
+Release: 2.4.1
# list of sources
Source0: ftp://ftp.cpan.org/pub/CPAN/src/perl-%{version}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_5_SOLID: openpkg-src/perl/ perl.patch perl.sp...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 14:03:26
Branch: OPENPKG_2_5_SOLIDHandle: 2005120313032500
Modified files: (Branch: OPENPKG_2_5_SOLID)
openpkg-src/perlperl.patch perl.spec
Log:
Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl)
Summary:
RevisionChanges Path
1.17.2.1+21 -0 openpkg-src/perl/perl.patch
1.104.2.2 +1 -1 openpkg-src/perl/perl.spec
patch -p0 <<'@@ .'
Index: openpkg-src/perl/perl.patch
$ cvs diff -u -r1.17 -r1.17.2.1 perl.patch
--- openpkg-src/perl/perl.patch 21 Sep 2005 15:20:42 - 1.17
+++ openpkg-src/perl/perl.patch 3 Dec 2005 13:03:25 - 1.17.2.1
@@ -305,3 +305,24 @@
#
# Using gcc.
#
+
+-
+
+Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl)
+
+Index: sv.c
+--- sv.c.orig2005-05-27 12:38:11 +0200
sv.c 2005-12-03 13:49:26 +0100
+@@ -8519,7 +8519,10 @@
+ if (EXPECT_NUMBER(q, width)) {
+ if (*q == '$') {
+ ++q;
+-efix = width;
++if (width > PERL_INT_MAX)
++efix = PERL_INT_MAX;
++else
++efix = width;
+ } else {
+ goto gotwidth;
+ }
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/perl/perl.spec
$ cvs diff -u -r1.104.2.1 -r1.104.2.2 perl.spec
--- openpkg-src/perl/perl.spec11 Oct 2005 12:51:13 -
1.104.2.1
+++ openpkg-src/perl/perl.spec3 Dec 2005 13:03:25 -
1.104.2.2
@@ -33,7 +33,7 @@
Group:Language
License: GPL/Artistic
Version: 5.8.7
-Release: 2.5.0
+Release: 2.5.1
# list of sources
Source0: ftp://ftp.cpan.org/pub/CPAN/src/perl-%{version}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/perl/ perl.patch perl.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 14:01:57
Branch: HEAD Handle: 2005120313015600
Modified files:
openpkg-src/perlperl.patch perl.spec
Log:
Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl)
Summary:
RevisionChanges Path
1.18+21 -0 openpkg-src/perl/perl.patch
1.105 +1 -1 openpkg-src/perl/perl.spec
patch -p0 <<'@@ .'
Index: openpkg-src/perl/perl.patch
$ cvs diff -u -r1.17 -r1.18 perl.patch
--- openpkg-src/perl/perl.patch 21 Sep 2005 15:20:42 - 1.17
+++ openpkg-src/perl/perl.patch 3 Dec 2005 13:01:56 - 1.18
@@ -305,3 +305,24 @@
#
# Using gcc.
#
+
+-
+
+Security Fix (CVE-2005-3962, OpenPKG-SA-2005.025-perl)
+
+Index: sv.c
+--- sv.c.orig2005-05-27 12:38:11 +0200
sv.c 2005-12-03 13:49:26 +0100
+@@ -8519,7 +8519,10 @@
+ if (EXPECT_NUMBER(q, width)) {
+ if (*q == '$') {
+ ++q;
+-efix = width;
++if (width > PERL_INT_MAX)
++efix = PERL_INT_MAX;
++else
++efix = width;
+ } else {
+ goto gotwidth;
+ }
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/perl/perl.spec
$ cvs diff -u -r1.104 -r1.105 perl.spec
--- openpkg-src/perl/perl.spec21 Sep 2005 15:20:42 - 1.104
+++ openpkg-src/perl/perl.spec3 Dec 2005 13:01:56 - 1.105
@@ -33,7 +33,7 @@
Group:Language
License: GPL/Artistic
Version: 5.8.7
-Release: 20050921
+Release: 20051203
# list of sources
Source0: ftp://ftp.cpan.org/pub/CPAN/src/perl-%{version}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2005.024-mysql.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 03-Dec-2005 13:39:10 Branch: HEAD Handle: 2005120312391000 Modified files: openpkg-web/securityOpenPKG-SA-2005.024-mysql.txt Log: release OpenPKG Security Advisory 2005.024 (mysql) Summary: RevisionChanges Path 1.2 +10 -0 openpkg-web/security/OpenPKG-SA-2005.024-mysql.txt patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-2005.024-mysql.txt $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2005.024-mysql.txt --- openpkg-web/security/OpenPKG-SA-2005.024-mysql.txt3 Dec 2005 12:38:22 - 1.1 +++ openpkg-web/security/OpenPKG-SA-2005.024-mysql.txt3 Dec 2005 12:39:10 - 1.2 @@ -1,3 +1,6 @@ +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA1 + OpenPKG Security AdvisoryThe OpenPKG Project @@ -38,3 +41,10 @@ for details on how to verify the integrity of this advisory. +-BEGIN PGP SIGNATURE- +Comment: OpenPKG <[EMAIL PROTECTED]> + +iD8DBQFDkZHYgHWT4GPEy58RAqseAKDSQf/+kOxsxm1qsLLm+ltjQx4xUQCfWpnw +f3BRG7NLaRSz9W6POAZjC5o= +=UotL +-END PGP SIGNATURE- @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/ security.txt security.wml openpkg-web/secu...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 03-Dec-2005 13:38:22 Branch: HEAD Handle: 2005120312382200 Added files: openpkg-web/securityOpenPKG-SA-2005.024-mysql.txt Modified files: openpkg-web security.txt security.wml Log: add MySQL SA into website Summary: RevisionChanges Path 1.115 +2 -0 openpkg-web/security.txt 1.144 +2 -0 openpkg-web/security.wml 1.1 +40 -0 openpkg-web/security/OpenPKG-SA-2005.024-mysql.txt patch -p0 <<'@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.114 -r1.115 security.txt --- openpkg-web/security.txt 17 Oct 2005 16:11:22 - 1.114 +++ openpkg-web/security.txt 3 Dec 2005 12:38:22 - 1.115 @@ -1,3 +1,5 @@ +03-Dec-2005: Security Advisory: S +02-Nov-2005: Security Advisory: S 17-Oct-2005: Security Advisory: S 10-Sep-2005: Security Advisory: S 06-Sep-2005: Security Advisory: S @@ . patch -p0 <<'@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.143 -r1.144 security.wml --- openpkg-web/security.wml 19 Oct 2005 09:20:04 - 1.143 +++ openpkg-web/security.wml 3 Dec 2005 12:38:22 - 1.144 @@ -90,6 +90,8 @@ + + @@ . patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-2005.024-mysql.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2005.024-mysql.txt --- /dev/null 2005-12-03 13:38:13 +0100 +++ OpenPKG-SA-2005.024-mysql.txt 2005-12-03 13:38:22 +0100 @@ -0,0 +1,40 @@ + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2005.024 03-Dec-2005 + + +Package: mysql +Vulnerability: buffer overflow, arbitrary code execution +OpenPKG Specific:no + +Affected Releases: Affected Packages:Corrected Packages: +OpenPKG CURRENT <= mysql-4.1.12-20050617 >= mysql-4.1.13-20050721 +OpenPKG 2.5 N.A. N.A. +OpenPKG 2.4 <= mysql-4.1.12-2.4.0 >= mysql-4.1.12-2.4.1 + +Description: + According to a security advisory from Reid Borsuk of Application + Security Inc [0], a stack-based buffer overflow exists in the MySQL + RDBMS [1]. The buffer overflow allows remote authenticated users + who can create user-defined database functions to execute arbitrary + code via a long "function_name" field. The Common Vulnerabilities + and Exposures (CVE) project assigned the id CVE-2005-2558 [2] to the + problem. + + +References: + [0] http://www.appsecinc.com/resources/alerts/mysql/2005-002.html + [1] http://www.mysql.com/ + [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2558 + + +For security reasons, this advisory was digitally signed with the +OpenPGP public key "OpenPKG <[EMAIL PROTECTED]>" (ID 63C4CB9F) of the +OpenPKG project which you can retrieve from http://pgp.openpkg.org and +hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/ +for details on how to verify the integrity of this advisory. + + @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-0000.000-template.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 03-Dec-2005 13:35:41 Branch: HEAD Handle: 2005120312354100 Modified files: openpkg-web/securityOpenPKG-SA-.000-template.txt Log: allow us to still fix some packages for 2.3, too Summary: RevisionChanges Path 1.29+2 -0 openpkg-web/security/OpenPKG-SA-.000-template.txt patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-.000-template.txt $ cvs diff -u -r1.28 -r1.29 OpenPKG-SA-.000-template.txt --- openpkg-web/security/OpenPKG-SA-.000-template.txt 3 Dec 2005 11:50:03 - 1.28 +++ openpkg-web/security/OpenPKG-SA-.000-template.txt 3 Dec 2005 12:35:41 - 1.29 @@ -17,11 +17,13 @@ OpenPKG CURRENT <= foo-1.2.4-20050123 >= foo-1.2.4-20059124 OpenPKG 2.5 <= foo-1.2.3-2.5.0 >= foo-1.2.3-2.5.1 OpenPKG 2.4 <= foo-1.2.2-2.4.0 >= foo-1.2.2-2.4.1 +OpenPKG 2.3 <= foo-1.2.1-2.3.0 >= foo-1.2.1-2.3.1 Affected Releases: Dependent Packages: OpenPKG CURRENT bar quux OpenPKG 2.5 bar quux OpenPKG 2.4 bar +OpenPKG 2.3 bar Description: According to a ... security advisory based on hints from ... @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/mysql/ mysql.patch mysql...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 03-Dec-2005 13:33:44
Branch: OPENPKG_2_4_SOLIDHandle: 2005120312334400
Modified files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/mysql mysql.patch mysql.spec
Log:
Security Fix (CVE-2005-2558, OpenPKG-SA-2005.024)
Summary:
RevisionChanges Path
1.15.4.1+47 -0 openpkg-src/mysql/mysql.patch
1.123.2.2 +1 -1 openpkg-src/mysql/mysql.spec
patch -p0 <<'@@ .'
Index: openpkg-src/mysql/mysql.patch
$ cvs diff -u -r1.15 -r1.15.4.1 mysql.patch
--- openpkg-src/mysql/mysql.patch 16 Feb 2005 20:25:18 - 1.15
+++ openpkg-src/mysql/mysql.patch 3 Dec 2005 12:33:44 - 1.15.4.1
@@ -81,3 +81,50 @@
else
i_u="$i_u
INSERT INTO user VALUES
('localhost','','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,0,0);"
+
+-
+
+Security Fix (CVE-2005-2558, OpenPKG-SA-2005.024)
+
+Index: libmysqld/sql_udf.cc
+--- libmysqld/sql_udf.cc.orig2005-05-13 13:32:15 +0200
libmysqld/sql_udf.cc 2005-12-03 10:46:25 +0100
+@@ -222,7 +222,7 @@
+ }
+ tmp->dlhandle = dl;
+ {
+- char buf[MAX_FIELD_NAME+16], *missing;
++ char buf[NAME_LEN+16], *missing;
+ if ((missing= init_syms(tmp, buf)))
+ {
+ sql_print_error(ER(ER_CANT_FIND_DL_ENTRY), missing);
+@@ -439,7 +439,7 @@
+ }
+ udf->dlhandle=dl;
+ {
+-char buf[MAX_FIELD_NAME+16], *missing;
++char buf[NAME_LEN+16], *missing;
+ if ((missing= init_syms(udf, buf)))
+ {
+ net_printf(thd, ER_CANT_FIND_DL_ENTRY, missing);
+Index: sql/sql_udf.cc
+--- sql/sql_udf.cc.orig 2005-05-13 13:32:15 +0200
sql/sql_udf.cc 2005-12-03 10:46:25 +0100
+@@ -222,7 +222,7 @@
+ }
+ tmp->dlhandle = dl;
+ {
+- char buf[MAX_FIELD_NAME+16], *missing;
++ char buf[NAME_LEN+16], *missing;
+ if ((missing= init_syms(tmp, buf)))
+ {
+ sql_print_error(ER(ER_CANT_FIND_DL_ENTRY), missing);
+@@ -439,7 +439,7 @@
+ }
+ udf->dlhandle=dl;
+ {
+-char buf[MAX_FIELD_NAME+16], *missing;
++char buf[NAME_LEN+16], *missing;
+ if ((missing= init_syms(udf, buf)))
+ {
+ net_printf(thd, ER_CANT_FIND_DL_ENTRY, missing);
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/mysql/mysql.spec
$ cvs diff -u -r1.123.2.1 -r1.123.2.2 mysql.spec
--- openpkg-src/mysql/mysql.spec 15 Jun 2005 19:00:57 -
1.123.2.1
+++ openpkg-src/mysql/mysql.spec 3 Dec 2005 12:33:44 -
1.123.2.2
@@ -39,7 +39,7 @@
Group:Database
License: GPL
Version: %{V_opkg}
-Release: 2.4.0
+Release: 2.4.1
# package options
%option with_serveryes
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-web/security/ resign.pl
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 03-Dec-2005 13:20:47
Branch: HEAD Handle: 2005120312204600
Added files:
openpkg-web/securityresign.pl
Log:
add a small script for resigning the SAs
Summary:
RevisionChanges Path
1.1 +32 -0 openpkg-web/security/resign.pl
patch -p0 <<'@@ .'
Index: openpkg-web/security/resign.pl
$ cvs diff -u -r0 -r1.1 resign.pl
--- /dev/null 2005-12-03 13:20:28 +0100
+++ resign.pl 2005-12-03 13:20:47 +0100
@@ -0,0 +1,32 @@
+#!/v/openpkg/sw/bin/perl
+
+die "usage: resign.pl " if (@ARGV != 1);
+
+my $pw = $ARGV[0];
+
+use IO::File;
+
+my @file = glob("*.txt");
+foreach my $file (@file) {
+next if ($file =~ m|\.000|s);
+print "$file\n";
+
+my $io = new IO::File "<$file" or die;
+my $txt; { local $/; $txt = <$io>; };
+$io->close;
+
+$txt =~ s|^-BEGIN PGP SIGNED MESSAGE-.+?(\n__)|$1|s;
+$txt =~ s|-BEGIN PGP SIGNATURE-.+$||s;
+$txt =~ s|^\n+||sg;
+$txt =~ s|\n+$||sg;
+$txt =~ s|$|\n\n|sg;
+
+$io = new IO::File ">$file" or die;
+$io->print($txt);
+$io->close;
+
+system("echo '$pw' | gpg --passphrase-fd 0 --clearsign $file >/dev/null
2>&1");
+system("mv $file.asc $file");
+system("gpg --verify $file >/dev/null 2>&1");
+}
+
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
