[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2005.028-curl.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 10-Dec-2005 22:08:44 Branch: HEAD Handle: 2005121021084300 Added files: openpkg-web/securityOpenPKG-SA-2005.028-curl.txt Log: release OpenPKG Security Advisory 2005.028 (curl) Summary: RevisionChanges Path 1.1 +66 -0 openpkg-web/security/OpenPKG-SA-2005.028-curl.txt patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-2005.028-curl.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2005.028-curl.txt --- /dev/null 2005-12-10 22:08:43 +0100 +++ OpenPKG-SA-2005.028-curl.txt 2005-12-10 22:08:44 +0100 @@ -0,0 +1,66 @@ +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA1 + + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2005.028 10-Dec-2005 + + +Package: curl +Vulnerability: denial of service +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT <= curl-7.15.0-20051206 >= curl-7.15.1-20051207 + <= openpkg-20051206-20051206 >= openpkg-20051207-20051207 +OpenPKG 2.5 <= curl-7.15.0-2.5.0 >= curl-7.15.0-2.5.1 + <= openpkg-2.5.0-2.5.0 >= openpkg-2.5.1-2.5.1 +OpenPKG 2.4 <= curl-7.14.0-2.4.1 >= curl-7.14.0-2.4.2 + <= openpkg-2.4.2-2.4.2 >= openpkg-2.4.3-2.4.3 +OpenPKG 2.3 <= curl-7.13.0-2.3.1 >= curl-7.13.0-2.3.2 + <= openpkg-2.3.5-2.3.5 >= openpkg-2.3.6-2.3.6 + +Dependent Packages: aegis, apache [with_mod_php_curl=yes], + clamav, heartbeat, perl-net [with_curl=yes], + php [with_curl=yes], php5 [with_curl=yes], + vorbis-tools, xine-ui + +Description: + According to a vendor security advisory [0], a Denial of Service (DoS) + vulnerability exist in "libcurl", the underlying library of the cURL + [1] networking tool. + + Two off-by-one errors in libcurl's URL parser allow a buffer overflow + and cause a DoS via certain URLs that (1) are malformed in a way + that prevents a terminating NUL byte from being added to either + a hostname or path buffer, or (2) contain a "?" separator in the + hostname portion, which causes a "/" to be prepended to the resulting + string. + + The Common Vulnerabilities and Exposures (CVE) project assigned the id + CVE-2005-4077 [2] to the problem. + + +References: + [0] http://curl.haxx.se/docs/adv_20051207.html + [1] http://curl.haxx.se/ + [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077 + + +For security reasons, this advisory was digitally signed with the +OpenPGP public key "OpenPKG <[EMAIL PROTECTED]>" (ID 63C4CB9F) of the +OpenPKG project which you can retrieve from http://pgp.openpkg.org and +hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/ +for details on how to verify the integrity of this advisory. + + +-BEGIN PGP SIGNATURE- +Comment: OpenPKG <[EMAIL PROTECTED]> + +iD8DBQFDm0N3gHWT4GPEy58RAnPTAJ97DU/DXsm1lFjasyWt1/WEOtQoDgCgiCIX +P2G7Ly7rjQvpV4/m8f3mhjo= +=BnuL +-END PGP SIGNATURE- @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/openpkg/ curl.patch open...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Dec-2005 21:54:29
Branch: OPENPKG_2_3_SOLIDHandle: 2005121020542800
Added files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/openpkg curl.patch
Modified files: (Branch: OPENPKG_2_3_SOLID)
openpkg-src/openpkg openpkg.spec
Log:
Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)
Summary:
RevisionChanges Path
1.4.2.3 +27 -0 openpkg-src/openpkg/curl.patch
1.397.2.10 +5 -1 openpkg-src/openpkg/openpkg.spec
patch -p0 <<'@@ .'
Index: openpkg-src/openpkg/curl.patch
$ cvs diff -u -r0 -r1.4.2.3 curl.patch
--- /dev/null 2005-12-10 21:54:25 +0100
+++ curl.patch2005-12-10 21:54:28 +0100
@@ -0,0 +1,27 @@
+Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)
+http://curl.haxx.se/docs/adv_20051207.html
+
+Index: lib/url.c
+--- lib/url.c.orig 2005-09-30 22:04:10 +0200
lib/url.c2005-12-10 20:24:40 +0100
+@@ -2372,12 +2372,18 @@
+ if(urllen < LEAST_PATH_ALLOC)
+ urllen=LEAST_PATH_ALLOC;
+
+- conn->pathbuffer=(char *)malloc(urllen);
++ /*
++ * We malloc() the buffers below urllen+2 to make room for to
possibilities:
++ * 1 - an extra terminating zero
++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used)
++ */
++
++ conn->pathbuffer=(char *)malloc(urllen+2);
+ if(NULL == conn->pathbuffer)
+ return CURLE_OUT_OF_MEMORY; /* really bad error */
+ conn->path = conn->pathbuffer;
+
+- conn->host.rawalloc=(char *)malloc(urllen);
++ conn->host.rawalloc=(char *)malloc(urllen+2);
+ if(NULL == conn->host.rawalloc)
+ return CURLE_OUT_OF_MEMORY;
+ conn->host.name = conn->host.rawalloc;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openpkg/openpkg.spec
$ cvs diff -u -r1.397.2.9 -r1.397.2.10 openpkg.spec
--- openpkg-src/openpkg/openpkg.spec 28 Jul 2005 06:31:33 -
1.397.2.9
+++ openpkg-src/openpkg/openpkg.spec 10 Dec 2005 20:54:28 -
1.397.2.10
@@ -39,7 +39,7 @@
# o any cc(1)
# the package version/release
-%define V_openpkg 2.3.5
+%define V_openpkg 2.3.6
# the used software versions
%define V_rpm 4.2.1
@@ -134,6 +134,7 @@
Source62: uuid.sh
Source63: gzip.c
Source64: zlib.patch
+Source65: curl.patch
# build information
Prefix: %{l_prefix}
@@ -558,6 +559,9 @@
( cd bzip2-%{V_bzip2}
${l_patch} -p0 <`SOURCE bzip2.patch`
) || exit $?
+( cd curl-%{V_curl}
+ ${l_patch} -p0 <`SOURCE curl.patch`
+) || exit $?
# display verbosity header
set +x; VERBOSE "PREPARATION: Build GNU make (Build Tool)"; set -x
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/openpkg/ curl.patch open...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Dec-2005 21:45:23
Branch: OPENPKG_2_4_SOLIDHandle: 2005121020452100
Added files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/openpkg curl.patch
Modified files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/openpkg openpkg.spec
Log:
Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)
Summary:
RevisionChanges Path
1.6.2.1 +27 -0 openpkg-src/openpkg/curl.patch
1.429.2.4 +5 -1 openpkg-src/openpkg/openpkg.spec
patch -p0 <<'@@ .'
Index: openpkg-src/openpkg/curl.patch
$ cvs diff -u -r0 -r1.6.2.1 curl.patch
--- /dev/null 2005-12-10 21:45:23 +0100
+++ curl.patch2005-12-10 21:45:23 +0100
@@ -0,0 +1,27 @@
+Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)
+http://curl.haxx.se/docs/adv_20051207.html
+
+Index: lib/url.c
+--- lib/url.c.orig 2005-09-30 22:04:10 +0200
lib/url.c2005-12-10 20:24:40 +0100
+@@ -2372,12 +2372,18 @@
+ if(urllen < LEAST_PATH_ALLOC)
+ urllen=LEAST_PATH_ALLOC;
+
+- conn->pathbuffer=(char *)malloc(urllen);
++ /*
++ * We malloc() the buffers below urllen+2 to make room for to
possibilities:
++ * 1 - an extra terminating zero
++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used)
++ */
++
++ conn->pathbuffer=(char *)malloc(urllen+2);
+ if(NULL == conn->pathbuffer)
+ return CURLE_OUT_OF_MEMORY; /* really bad error */
+ conn->path = conn->pathbuffer;
+
+- conn->host.rawalloc=(char *)malloc(urllen);
++ conn->host.rawalloc=(char *)malloc(urllen+2);
+ if(NULL == conn->host.rawalloc)
+ return CURLE_OUT_OF_MEMORY;
+ conn->host.name = conn->host.rawalloc;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openpkg/openpkg.spec
$ cvs diff -u -r1.429.2.3 -r1.429.2.4 openpkg.spec
--- openpkg-src/openpkg/openpkg.spec 26 Jul 2005 16:49:17 -
1.429.2.3
+++ openpkg-src/openpkg/openpkg.spec 10 Dec 2005 20:45:21 -
1.429.2.4
@@ -38,7 +38,7 @@
# o any cc(1)
# the package version/release
-%define V_openpkg 2.4.2
+%define V_openpkg 2.4.3
# the used software versions
%define V_rpm 4.2.1
@@ -131,6 +131,7 @@
Source60: uuid.8
Source61: uuid.pod
Source62: uuid.sh
+Source63: curl.patch
# build information
Prefix: %{l_prefix}
@@ -554,6 +555,9 @@
-e '/LINENO: error: C[+]* preprocessor/{N;N;N;N;s/.*/:/;}' \
configure
) || exit $?
+( cd curl-%{V_curl}
+ ${l_patch} -p0 <`SOURCE curl.patch`
+) || exit $?
# display verbosity header
set +x; VERBOSE "PREPARATION: Build GNU make (Build Tool)"; set -x
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_5_SOLID: openpkg-src/openpkg/ curl.patch open...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Dec-2005 20:54:13
Branch: OPENPKG_2_5_SOLIDHandle: 2005121019541200
Added files: (Branch: OPENPKG_2_5_SOLID)
openpkg-src/openpkg curl.patch
Modified files: (Branch: OPENPKG_2_5_SOLID)
openpkg-src/openpkg openpkg.spec
Log:
Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)
Summary:
RevisionChanges Path
1.6.4.1 +27 -0 openpkg-src/openpkg/curl.patch
1.454.2.4 +5 -1 openpkg-src/openpkg/openpkg.spec
patch -p0 <<'@@ .'
Index: openpkg-src/openpkg/curl.patch
$ cvs diff -u -r0 -r1.6.4.1 curl.patch
--- /dev/null 2005-12-10 20:54:11 +0100
+++ curl.patch2005-12-10 20:54:13 +0100
@@ -0,0 +1,27 @@
+Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)
+http://curl.haxx.se/docs/adv_20051207.html
+
+Index: lib/url.c
+--- lib/url.c.orig 2005-09-30 22:04:10 +0200
lib/url.c2005-12-10 20:24:40 +0100
+@@ -2372,12 +2372,18 @@
+ if(urllen < LEAST_PATH_ALLOC)
+ urllen=LEAST_PATH_ALLOC;
+
+- conn->pathbuffer=(char *)malloc(urllen);
++ /*
++ * We malloc() the buffers below urllen+2 to make room for to
possibilities:
++ * 1 - an extra terminating zero
++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used)
++ */
++
++ conn->pathbuffer=(char *)malloc(urllen+2);
+ if(NULL == conn->pathbuffer)
+ return CURLE_OUT_OF_MEMORY; /* really bad error */
+ conn->path = conn->pathbuffer;
+
+- conn->host.rawalloc=(char *)malloc(urllen);
++ conn->host.rawalloc=(char *)malloc(urllen+2);
+ if(NULL == conn->host.rawalloc)
+ return CURLE_OUT_OF_MEMORY;
+ conn->host.name = conn->host.rawalloc;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openpkg/openpkg.spec
$ cvs diff -u -r1.454.2.3 -r1.454.2.4 openpkg.spec
--- openpkg-src/openpkg/openpkg.spec 16 Oct 2005 09:15:24 -
1.454.2.3
+++ openpkg-src/openpkg/openpkg.spec 10 Dec 2005 19:54:12 -
1.454.2.4
@@ -38,7 +38,7 @@
# o any cc(1)
# the package version/release
-%define V_openpkg 2.5.0
+%define V_openpkg 2.5.1
# the used software versions
%define V_rpm 4.2.1
@@ -131,6 +131,7 @@
Source60: uuid.8
Source61: uuid.pod
Source62: uuid.sh
+Source63: curl.patch
# build information
Prefix: %{l_prefix}
@@ -586,6 +587,9 @@
-e '/LINENO: error: C[+]* preprocessor/{N;N;N;N;s/.*/:/;}' \
configure
) || exit $?
+( cd curl-%{V_curl}
+ ${l_patch} -p0 <`SOURCE curl.patch`
+) || exit $?
# display verbosity header
set +x; VERBOSE "PREPARATION: Build GNU make (Build Tool)"; set -x
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/curl/ curl.patch curl.sp...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 20:38:02 Branch: OPENPKG_2_3_SOLIDHandle: 2005121019380200 Modified files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/curlcurl.patch curl.spec Log: Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) Summary: RevisionChanges Path 1.8.2.4 +29 -0 openpkg-src/curl/curl.patch 1.65.2.4+1 -1 openpkg-src/curl/curl.spec patch -p0 <<'@@ .' Index: openpkg-src/curl/curl.patch $ cvs diff -u -r1.8.2.3 -r1.8.2.4 curl.patch --- openpkg-src/curl/curl.patch 18 Oct 2005 08:30:23 - 1.8.2.3 +++ openpkg-src/curl/curl.patch 10 Dec 2005 19:38:02 - 1.8.2.4 @@ -266,3 +266,32 @@ memcpy(&ntlmbuf[size], domain, domlen); size += domlen; +-- + +Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) +http://curl.haxx.se/docs/adv_20051207.html + +Index: lib/url.c +--- lib/url.c.orig 2005-09-30 22:04:10 +0200 lib/url.c2005-12-10 20:24:40 +0100 +@@ -2372,12 +2372,18 @@ + if(urllen < LEAST_PATH_ALLOC) + urllen=LEAST_PATH_ALLOC; + +- conn->pathbuffer=(char *)malloc(urllen); ++ /* ++ * We malloc() the buffers below urllen+2 to make room for to possibilities: ++ * 1 - an extra terminating zero ++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used) ++ */ ++ ++ conn->pathbuffer=(char *)malloc(urllen+2); + if(NULL == conn->pathbuffer) + return CURLE_OUT_OF_MEMORY; /* really bad error */ + conn->path = conn->pathbuffer; + +- conn->host.rawalloc=(char *)malloc(urllen); ++ conn->host.rawalloc=(char *)malloc(urllen+2); + if(NULL == conn->host.rawalloc) + return CURLE_OUT_OF_MEMORY; + conn->host.name = conn->host.rawalloc; @@ . patch -p0 <<'@@ .' Index: openpkg-src/curl/curl.spec $ cvs diff -u -r1.65.2.3 -r1.65.2.4 curl.spec --- openpkg-src/curl/curl.spec18 Oct 2005 08:30:23 - 1.65.2.3 +++ openpkg-src/curl/curl.spec10 Dec 2005 19:38:02 - 1.65.2.4 @@ -34,7 +34,7 @@ Group:Web License: GPL Version: 7.13.0 -Release: 2.3.1 +Release: 2.3.2 # package options %option with_ssl yes @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/curl/ curl.patch curl.sp...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 20:35:43 Branch: OPENPKG_2_4_SOLIDHandle: 2005121019354300 Modified files: (Branch: OPENPKG_2_4_SOLID) openpkg-src/curlcurl.patch curl.spec Log: Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) Summary: RevisionChanges Path 1.10.2.2+29 -0 openpkg-src/curl/curl.patch 1.70.2.3+1 -1 openpkg-src/curl/curl.spec patch -p0 <<'@@ .' Index: openpkg-src/curl/curl.patch $ cvs diff -u -r1.10.2.1 -r1.10.2.2 curl.patch --- openpkg-src/curl/curl.patch 18 Oct 2005 08:27:40 - 1.10.2.1 +++ openpkg-src/curl/curl.patch 10 Dec 2005 19:35:43 - 1.10.2.2 @@ -19,3 +19,32 @@ memcpy(&ntlmbuf[size], domain, domlen); size += domlen; +- + +Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) +http://curl.haxx.se/docs/adv_20051207.html + +Index: lib/url.c +--- lib/url.c.orig 2005-09-30 22:04:10 +0200 lib/url.c2005-12-10 20:24:40 +0100 +@@ -2372,12 +2372,18 @@ + if(urllen < LEAST_PATH_ALLOC) + urllen=LEAST_PATH_ALLOC; + +- conn->pathbuffer=(char *)malloc(urllen); ++ /* ++ * We malloc() the buffers below urllen+2 to make room for to possibilities: ++ * 1 - an extra terminating zero ++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used) ++ */ ++ ++ conn->pathbuffer=(char *)malloc(urllen+2); + if(NULL == conn->pathbuffer) + return CURLE_OUT_OF_MEMORY; /* really bad error */ + conn->path = conn->pathbuffer; + +- conn->host.rawalloc=(char *)malloc(urllen); ++ conn->host.rawalloc=(char *)malloc(urllen+2); + if(NULL == conn->host.rawalloc) + return CURLE_OUT_OF_MEMORY; + conn->host.name = conn->host.rawalloc; @@ . patch -p0 <<'@@ .' Index: openpkg-src/curl/curl.spec $ cvs diff -u -r1.70.2.2 -r1.70.2.3 curl.spec --- openpkg-src/curl/curl.spec18 Oct 2005 08:27:40 - 1.70.2.2 +++ openpkg-src/curl/curl.spec10 Dec 2005 19:35:43 - 1.70.2.3 @@ -33,7 +33,7 @@ Group:Web License: GPL Version: 7.14.0 -Release: 2.4.1 +Release: 2.4.2 # package options %option with_ssl yes @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/gtk2/ gtk2.patch gtk2.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Dec-2005 20:35:18
Branch: HEAD Handle: 2005121019351700
Modified files:
openpkg-src/gtk2gtk2.spec
Removed files:
openpkg-src/gtk2gtk2.patch
Log:
upgrading package: gtk2 2.8.6 -> 2.8.9
Summary:
RevisionChanges Path
1.2 +0 -12 openpkg-src/gtk2/gtk2.patch
1.61+2 -5 openpkg-src/gtk2/gtk2.spec
rm -f openpkg-src/gtk2/gtk2.patch <<'@@ .'
Index: openpkg-src/gtk2/gtk2.patch
[NO CHANGE SUMMARY BECAUSE FILE AS A WHOLE IS JUST REMOVED]
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/gtk2/gtk2.spec
$ cvs diff -u -r1.60 -r1.61 gtk2.spec
--- openpkg-src/gtk2/gtk2.spec21 Nov 2005 08:45:24 - 1.60
+++ openpkg-src/gtk2/gtk2.spec10 Dec 2005 19:35:17 - 1.61
@@ -23,7 +23,7 @@
##
# package version
-%define V_gtk 2.8.6
+%define V_gtk 2.8.9
%define V_gtk_major 2.8
%define V_glib_major 2.8
%define V_pango_major 1.10
@@ -40,11 +40,10 @@
Group:XWindow
License: GPL
Version: %{V_gtk}
-Release: 20051121
+Release: 20051210
# list of sources
Source0: ftp://ftp.gtk.org/pub/gtk/v%{V_gtk_major}/gtk+-%{V_gtk}.tar.gz
-Patch0: gtk2.patch
# build information
Prefix: %{l_prefix}
@@ -66,7 +65,6 @@
%track
prog gtk2 = {
-comment = "thl/2.8.7: gtkcalendar.c:676: error: redeclaration of
week_start with no linkage"
version = %{version}
url = ftp://ftp.gtk.org/pub/gtk/
regex = (v2\.[2468])
@@ -76,7 +74,6 @@
%prep
%setup -q -n gtk+-%{version}
-%patch -p0
# avoid including static libraries into convenience libraries
%{l_shtool} subst \
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_5_SOLID: openpkg-src/curl/ curl.patch curl.sp...
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Dec-2005 20:33:10
Branch: OPENPKG_2_5_SOLIDHandle: 2005121019331000
Added files: (Branch: OPENPKG_2_5_SOLID)
openpkg-src/curlcurl.patch
Modified files: (Branch: OPENPKG_2_5_SOLID)
openpkg-src/curlcurl.spec
Log:
Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)
Summary:
RevisionChanges Path
1.10.4.1+27 -0 openpkg-src/curl/curl.patch
1.72.2.3+3 -1 openpkg-src/curl/curl.spec
patch -p0 <<'@@ .'
Index: openpkg-src/curl/curl.patch
$ cvs diff -u -r0 -r1.10.4.1 curl.patch
--- /dev/null 2005-12-10 20:33:00 +0100
+++ curl.patch2005-12-10 20:33:10 +0100
@@ -0,0 +1,27 @@
+Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl)
+http://curl.haxx.se/docs/adv_20051207.html
+
+Index: lib/url.c
+--- lib/url.c.orig 2005-09-30 22:04:10 +0200
lib/url.c2005-12-10 20:24:40 +0100
+@@ -2372,12 +2372,18 @@
+ if(urllen < LEAST_PATH_ALLOC)
+ urllen=LEAST_PATH_ALLOC;
+
+- conn->pathbuffer=(char *)malloc(urllen);
++ /*
++ * We malloc() the buffers below urllen+2 to make room for to
possibilities:
++ * 1 - an extra terminating zero
++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used)
++ */
++
++ conn->pathbuffer=(char *)malloc(urllen+2);
+ if(NULL == conn->pathbuffer)
+ return CURLE_OUT_OF_MEMORY; /* really bad error */
+ conn->path = conn->pathbuffer;
+
+- conn->host.rawalloc=(char *)malloc(urllen);
++ conn->host.rawalloc=(char *)malloc(urllen+2);
+ if(NULL == conn->host.rawalloc)
+ return CURLE_OUT_OF_MEMORY;
+ conn->host.name = conn->host.rawalloc;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/curl/curl.spec
$ cvs diff -u -r1.72.2.2 -r1.72.2.3 curl.spec
--- openpkg-src/curl/curl.spec13 Oct 2005 18:14:45 - 1.72.2.2
+++ openpkg-src/curl/curl.spec10 Dec 2005 19:33:10 - 1.72.2.3
@@ -33,7 +33,7 @@
Group:Web
License: GPL
Version: 7.15.0
-Release: 2.5.0
+Release: 2.5.1
# package options
%option with_ssl yes
@@ -42,6 +42,7 @@
# list of sources
Source0: http://curl.haxx.se/download/curl-%{version}.tar.bz2
+Patch0: curl.patch
# build information
Prefix: %{l_prefix}
@@ -79,6 +80,7 @@
%prep
%setup -q
+%patch -p0
%build
%{l_shtool} subst \
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/bittorrent/ bittorrent.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Dec-2005 20:06:22
Branch: HEAD Handle: 2005121019062200
Modified files:
openpkg-src/bittorrent bittorrent.spec
Log:
upgrading package: bittorrent 4.3.1 -> 4.3.2
Summary:
RevisionChanges Path
1.22+2 -2 openpkg-src/bittorrent/bittorrent.spec
patch -p0 <<'@@ .'
Index: openpkg-src/bittorrent/bittorrent.spec
$ cvs diff -u -r1.21 -r1.22 bittorrent.spec
--- openpkg-src/bittorrent/bittorrent.spec7 Dec 2005 08:39:33 -
1.21
+++ openpkg-src/bittorrent/bittorrent.spec10 Dec 2005 19:06:22 -
1.22
@@ -32,8 +32,8 @@
Class:PLUS
Group:Network
License: MIT-style
-Version: 4.3.1
-Release: 20051207
+Version: 4.3.2
+Release: 20051210
# list of sources
Source0: http://www.bittorrent.com/dl/BitTorrent-%{version}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/perl-www/ perl-www.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Dec-2005 20:03:15
Branch: HEAD Handle: 2005121019031400
Modified files:
openpkg-src/perl-wwwperl-www.spec
Log:
modifying package: perl-www-5.8.7 20051208 -> 20051210
Summary:
RevisionChanges Path
1.253 +2 -2 openpkg-src/perl-www/perl-www.spec
patch -p0 <<'@@ .'
Index: openpkg-src/perl-www/perl-www.spec
$ cvs diff -u -r1.252 -r1.253 perl-www.spec
--- openpkg-src/perl-www/perl-www.spec8 Dec 2005 19:04:44 -
1.252
+++ openpkg-src/perl-www/perl-www.spec10 Dec 2005 19:03:14 -
1.253
@@ -24,7 +24,7 @@
# versions of individual parts
%define V_perl 5.8.7
-%define V_libwww_perl 5.804
+%define V_libwww_perl 5.805
%define V_uri 1.35
%define V_cgi 3.15
%define V_cgi_untaint 1.26
@@ -91,7 +91,7 @@
Group:Language
License: GPL/Artistic
Version: %{V_perl}
-Release: 20051208
+Release: 20051210
# list of sources
Source0: http://www.cpan.org/modules/by-module/URI/URI-%{V_uri}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/perl-crypto/ perl-crypto.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Dec-2005 20:02:42
Branch: HEAD Handle: 2005121019024100
Modified files:
openpkg-src/perl-crypto perl-crypto.spec
Log:
modifying package: perl-crypto-5.8.7 20051204 -> 20051210
Summary:
RevisionChanges Path
1.113 +2 -2 openpkg-src/perl-crypto/perl-crypto.spec
patch -p0 <<'@@ .'
Index: openpkg-src/perl-crypto/perl-crypto.spec
$ cvs diff -u -r1.112 -r1.113 perl-crypto.spec
--- openpkg-src/perl-crypto/perl-crypto.spec 4 Dec 2005 09:19:47 -
1.112
+++ openpkg-src/perl-crypto/perl-crypto.spec 10 Dec 2005 19:02:41 -
1.113
@@ -37,7 +37,7 @@
%define V_crypt_enigma 1.3
%define V_crypt_unixcrypt 1.0
%define V_crypt_passwdmd5 1.3
-%define V_crypt_des 2.03
+%define V_crypt_des 2.05
%define V_crypt_des_ede30.01
%define V_crypt_rc4 2.02
%define V_crypt_rc5 2.00
@@ -72,7 +72,7 @@
Group:Language
License: GPL/Artistic
Version: %{V_perl}
-Release: 20051204
+Release: 20051210
# list of sources
Source0:
http://www.cpan.org/modules/by-module/Digest/Digest-%{V_digest}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/perl-mail/ perl-mail.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Dec-2005 20:02:17
Branch: HEAD Handle: 2005121019021700
Modified files:
openpkg-src/perl-mail perl-mail.spec
Log:
modifying package: perl-mail-5.8.7 20051201 -> 20051210
Summary:
RevisionChanges Path
1.179 +2 -2 openpkg-src/perl-mail/perl-mail.spec
patch -p0 <<'@@ .'
Index: openpkg-src/perl-mail/perl-mail.spec
$ cvs diff -u -r1.178 -r1.179 perl-mail.spec
--- openpkg-src/perl-mail/perl-mail.spec 1 Dec 2005 19:58:23 -
1.178
+++ openpkg-src/perl-mail/perl-mail.spec 10 Dec 2005 19:02:17 -
1.179
@@ -27,7 +27,7 @@
%define V_mail_box2.063
%define V_mail_imapclient 2.2.9
%define V_mail_mbox_messageparser 1.4001
-%define V_mail_mboxparser 0.54
+%define V_mail_mboxparser 0.55
%define V_mail_sender 0.8.10
%define V_mail_sendmail 0.79
%define V_mailtools 1.67
@@ -51,7 +51,7 @@
Group:Language
License: GPL/Artistic
Version: %{V_perl}
-Release: 20051201
+Release: 20051210
# list of sources
Source0:
http://www.cpan.org/modules/by-module/Mail/MailTools-%{V_mailtools}.tar.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/p7zip/ p7zip.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Dec-2005 20:01:54
Branch: HEAD Handle: 2005121019015300
Modified files:
openpkg-src/p7zip p7zip.spec
Log:
fix tracking
Summary:
RevisionChanges Path
1.13+2 -2 openpkg-src/p7zip/p7zip.spec
patch -p0 <<'@@ .'
Index: openpkg-src/p7zip/p7zip.spec
$ cvs diff -u -r1.12 -r1.13 p7zip.spec
--- openpkg-src/p7zip/p7zip.spec 29 Nov 2005 17:49:31 - 1.12
+++ openpkg-src/p7zip/p7zip.spec 10 Dec 2005 19:01:53 - 1.13
@@ -33,7 +33,7 @@
Group:Archiver
License: LGPL
Version: 4.30
-Release: 20051129
+Release: 20051210
# list of sources
Source0:
http://osdn.dl.sourceforge.net/p7zip/p7zip_%{version}_src_all.tar.bz2
@@ -56,7 +56,7 @@
prog p7zip = {
version = %{version}
url = http://prdownloads.sourceforge.net/p7zip/
-regex = p7zip_(__VER__)_src\.tar\.bz2
+regex = p7zip_(__VER__)_src_all\.tar\.bz2
}
%prep
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/mono/ mono.patch mono.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Dec-2005 09:27:28
Branch: HEAD Handle: 2005121008272800
Modified files:
openpkg-src/monomono.patch mono.spec
Log:
upgrading package: mono 1.1.9.2 -> 1.1.10.1
Summary:
RevisionChanges Path
1.7 +69 -0 openpkg-src/mono/mono.patch
1.19+2 -3 openpkg-src/mono/mono.spec
patch -p0 <<'@@ .'
Index: openpkg-src/mono/mono.patch
$ cvs diff -u -r1.6 -r1.7 mono.patch
--- openpkg-src/mono/mono.patch 7 Oct 2005 07:28:07 - 1.6
+++ openpkg-src/mono/mono.patch 10 Dec 2005 08:27:28 - 1.7
@@ -72,3 +72,72 @@
/*
* mono_arch_get_argument_info:
* @csig: a method signature
+Index: support/stdio.c
+--- support/stdio.c.orig 2005-10-14 13:58:02 +0200
support/stdio.c 2005-11-10 08:05:13 +0100
+@@ -141,14 +141,14 @@
+ Mono_Posix_Stdlib_setvbuf (void* stream, void *buf, int mode, mph_size_t
size)
+ {
+ mph_return_if_size_t_overflow (size);
+-return setvbuf (stream, (char *) buf, mode, (size_t) size);
++return setvbuf ((FILE *)stream, (char *) buf, mode, (size_t) size);
+ }
+
+ int
+ Mono_Posix_Stdlib_setbuf (void* stream, void* buf)
+ {
+ errno = 0;
+-setbuf (stream, buf);
++setbuf ((FILE *)stream, buf);
+ return errno == 0 ? 0 : -1;
+ }
+
+@@ -157,13 +157,13 @@
+ {
+ mph_return_if_long_overflow (offset);
+
+-return fseek (stream, offset, origin);
++return fseek ((FILE *)stream, offset, origin);
+ }
+
+ gint64
+ Mono_Posix_Stdlib_ftell (void* stream)
+ {
+-return ftell (stream);
++return ftell ((FILE *)stream);
+ }
+
+ void*
+@@ -176,20 +176,20 @@
+ gint32
+ Mono_Posix_Stdlib_fgetpos (void* stream, void *pos)
+ {
+-return fgetpos (stream, (fpos_t*) pos);
++return fgetpos ((FILE *)stream, (fpos_t*) pos);
+ }
+
+ gint32
+ Mono_Posix_Stdlib_fsetpos (void* stream, void *pos)
+ {
+-return fsetpos (stream, (fpos_t*) pos);
++return fsetpos ((FILE *)stream, (fpos_t*) pos);
+ }
+
+ int
+ Mono_Posix_Stdlib_rewind (void* stream)
+ {
+ errno = 0;
+-rewind (stream);
++rewind ((FILE *)stream);
+ return errno == 0 ? 0 : -1;
+ }
+
+@@ -197,7 +197,7 @@
+ Mono_Posix_Stdlib_clearerr (void* stream)
+ {
+ errno = 0;
+-clearerr (stream);
++clearerr ((FILE *)stream);
+ return errno == 0 ? 0 : -1;
+ }
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/mono/mono.spec
$ cvs diff -u -r1.18 -r1.19 mono.spec
--- openpkg-src/mono/mono.spec21 Nov 2005 10:03:17 - 1.18
+++ openpkg-src/mono/mono.spec10 Dec 2005 08:27:28 - 1.19
@@ -24,7 +24,7 @@
# package version
%define V_major 1.1
-%define V_minor 9.2
+%define V_minor 10.1
# package information
Name: mono
@@ -37,7 +37,7 @@
Group:Language
License: GPL
Version: %{V_major}.%{V_minor}
-Release: 20051121
+Release: 20051210
# list of sources
Source0:
http://go-mono.com/sources/mono-%{V_major}/mono-%{version}.tar.gz
@@ -64,7 +64,6 @@
%track
prog mono = {
-comment = "thl/1.1.10: stdio.c:200: error: request for member
_flags in something not a structure or union"
version = %{version}
url = http://go-mono.com/sources/
regex = mono-(\d+\.\d+(\.\d+)*)\.tar\.gz
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/gcc41/ gcc41.spec
OpenPKG CVS Repository
http://cvs.openpkg.org/
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Dec-2005 09:13:47
Branch: HEAD Handle: 2005121008134600
Modified files:
openpkg-src/gcc41 gcc41.spec
Log:
upgrading package: gcc41 4.1s20051202 -> 4.1s20051209
Summary:
RevisionChanges Path
1.39+2 -2 openpkg-src/gcc41/gcc41.spec
patch -p0 <<'@@ .'
Index: openpkg-src/gcc41/gcc41.spec
$ cvs diff -u -r1.38 -r1.39 gcc41.spec
--- openpkg-src/gcc41/gcc41.spec 3 Dec 2005 19:10:26 - 1.38
+++ openpkg-src/gcc41/gcc41.spec 10 Dec 2005 08:13:46 - 1.39
@@ -25,7 +25,7 @@
# package version
%define V_full 4.1
%define V_comp 41
-%define V_snap 20051202
+%define V_snap 20051209
# package information
Name: gcc41
@@ -38,7 +38,7 @@
Group:Compiler
License: GPL
Version: %{V_full}s%{V_snap}
-Release: 20051203
+Release: 20051210
# package options
%option with_cxx yes
@@ .
__
The OpenPKG Projectwww.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
