[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2005.028-curl.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 10-Dec-2005 22:08:44 Branch: HEAD Handle: 2005121021084300 Added files: openpkg-web/securityOpenPKG-SA-2005.028-curl.txt Log: release OpenPKG Security Advisory 2005.028 (curl) Summary: RevisionChanges Path 1.1 +66 -0 openpkg-web/security/OpenPKG-SA-2005.028-curl.txt patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-2005.028-curl.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2005.028-curl.txt --- /dev/null 2005-12-10 22:08:43 +0100 +++ OpenPKG-SA-2005.028-curl.txt 2005-12-10 22:08:44 +0100 @@ -0,0 +1,66 @@ +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA1 + + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2005.028 10-Dec-2005 + + +Package: curl +Vulnerability: denial of service +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT <= curl-7.15.0-20051206 >= curl-7.15.1-20051207 + <= openpkg-20051206-20051206 >= openpkg-20051207-20051207 +OpenPKG 2.5 <= curl-7.15.0-2.5.0 >= curl-7.15.0-2.5.1 + <= openpkg-2.5.0-2.5.0 >= openpkg-2.5.1-2.5.1 +OpenPKG 2.4 <= curl-7.14.0-2.4.1 >= curl-7.14.0-2.4.2 + <= openpkg-2.4.2-2.4.2 >= openpkg-2.4.3-2.4.3 +OpenPKG 2.3 <= curl-7.13.0-2.3.1 >= curl-7.13.0-2.3.2 + <= openpkg-2.3.5-2.3.5 >= openpkg-2.3.6-2.3.6 + +Dependent Packages: aegis, apache [with_mod_php_curl=yes], + clamav, heartbeat, perl-net [with_curl=yes], + php [with_curl=yes], php5 [with_curl=yes], + vorbis-tools, xine-ui + +Description: + According to a vendor security advisory [0], a Denial of Service (DoS) + vulnerability exist in "libcurl", the underlying library of the cURL + [1] networking tool. + + Two off-by-one errors in libcurl's URL parser allow a buffer overflow + and cause a DoS via certain URLs that (1) are malformed in a way + that prevents a terminating NUL byte from being added to either + a hostname or path buffer, or (2) contain a "?" separator in the + hostname portion, which causes a "/" to be prepended to the resulting + string. + + The Common Vulnerabilities and Exposures (CVE) project assigned the id + CVE-2005-4077 [2] to the problem. + + +References: + [0] http://curl.haxx.se/docs/adv_20051207.html + [1] http://curl.haxx.se/ + [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077 + + +For security reasons, this advisory was digitally signed with the +OpenPGP public key "OpenPKG <[EMAIL PROTECTED]>" (ID 63C4CB9F) of the +OpenPKG project which you can retrieve from http://pgp.openpkg.org and +hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/ +for details on how to verify the integrity of this advisory. + + +-BEGIN PGP SIGNATURE- +Comment: OpenPKG <[EMAIL PROTECTED]> + +iD8DBQFDm0N3gHWT4GPEy58RAnPTAJ97DU/DXsm1lFjasyWt1/WEOtQoDgCgiCIX +P2G7Ly7rjQvpV4/m8f3mhjo= +=BnuL +-END PGP SIGNATURE- @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/openpkg/ curl.patch open...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 21:54:29 Branch: OPENPKG_2_3_SOLIDHandle: 2005121020542800 Added files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/openpkg curl.patch Modified files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/openpkg openpkg.spec Log: Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) Summary: RevisionChanges Path 1.4.2.3 +27 -0 openpkg-src/openpkg/curl.patch 1.397.2.10 +5 -1 openpkg-src/openpkg/openpkg.spec patch -p0 <<'@@ .' Index: openpkg-src/openpkg/curl.patch $ cvs diff -u -r0 -r1.4.2.3 curl.patch --- /dev/null 2005-12-10 21:54:25 +0100 +++ curl.patch2005-12-10 21:54:28 +0100 @@ -0,0 +1,27 @@ +Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) +http://curl.haxx.se/docs/adv_20051207.html + +Index: lib/url.c +--- lib/url.c.orig 2005-09-30 22:04:10 +0200 lib/url.c2005-12-10 20:24:40 +0100 +@@ -2372,12 +2372,18 @@ + if(urllen < LEAST_PATH_ALLOC) + urllen=LEAST_PATH_ALLOC; + +- conn->pathbuffer=(char *)malloc(urllen); ++ /* ++ * We malloc() the buffers below urllen+2 to make room for to possibilities: ++ * 1 - an extra terminating zero ++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used) ++ */ ++ ++ conn->pathbuffer=(char *)malloc(urllen+2); + if(NULL == conn->pathbuffer) + return CURLE_OUT_OF_MEMORY; /* really bad error */ + conn->path = conn->pathbuffer; + +- conn->host.rawalloc=(char *)malloc(urllen); ++ conn->host.rawalloc=(char *)malloc(urllen+2); + if(NULL == conn->host.rawalloc) + return CURLE_OUT_OF_MEMORY; + conn->host.name = conn->host.rawalloc; @@ . patch -p0 <<'@@ .' Index: openpkg-src/openpkg/openpkg.spec $ cvs diff -u -r1.397.2.9 -r1.397.2.10 openpkg.spec --- openpkg-src/openpkg/openpkg.spec 28 Jul 2005 06:31:33 - 1.397.2.9 +++ openpkg-src/openpkg/openpkg.spec 10 Dec 2005 20:54:28 - 1.397.2.10 @@ -39,7 +39,7 @@ # o any cc(1) # the package version/release -%define V_openpkg 2.3.5 +%define V_openpkg 2.3.6 # the used software versions %define V_rpm 4.2.1 @@ -134,6 +134,7 @@ Source62: uuid.sh Source63: gzip.c Source64: zlib.patch +Source65: curl.patch # build information Prefix: %{l_prefix} @@ -558,6 +559,9 @@ ( cd bzip2-%{V_bzip2} ${l_patch} -p0 <`SOURCE bzip2.patch` ) || exit $? +( cd curl-%{V_curl} + ${l_patch} -p0 <`SOURCE curl.patch` +) || exit $? # display verbosity header set +x; VERBOSE "PREPARATION: Build GNU make (Build Tool)"; set -x @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/openpkg/ curl.patch open...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 21:45:23 Branch: OPENPKG_2_4_SOLIDHandle: 2005121020452100 Added files: (Branch: OPENPKG_2_4_SOLID) openpkg-src/openpkg curl.patch Modified files: (Branch: OPENPKG_2_4_SOLID) openpkg-src/openpkg openpkg.spec Log: Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) Summary: RevisionChanges Path 1.6.2.1 +27 -0 openpkg-src/openpkg/curl.patch 1.429.2.4 +5 -1 openpkg-src/openpkg/openpkg.spec patch -p0 <<'@@ .' Index: openpkg-src/openpkg/curl.patch $ cvs diff -u -r0 -r1.6.2.1 curl.patch --- /dev/null 2005-12-10 21:45:23 +0100 +++ curl.patch2005-12-10 21:45:23 +0100 @@ -0,0 +1,27 @@ +Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) +http://curl.haxx.se/docs/adv_20051207.html + +Index: lib/url.c +--- lib/url.c.orig 2005-09-30 22:04:10 +0200 lib/url.c2005-12-10 20:24:40 +0100 +@@ -2372,12 +2372,18 @@ + if(urllen < LEAST_PATH_ALLOC) + urllen=LEAST_PATH_ALLOC; + +- conn->pathbuffer=(char *)malloc(urllen); ++ /* ++ * We malloc() the buffers below urllen+2 to make room for to possibilities: ++ * 1 - an extra terminating zero ++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used) ++ */ ++ ++ conn->pathbuffer=(char *)malloc(urllen+2); + if(NULL == conn->pathbuffer) + return CURLE_OUT_OF_MEMORY; /* really bad error */ + conn->path = conn->pathbuffer; + +- conn->host.rawalloc=(char *)malloc(urllen); ++ conn->host.rawalloc=(char *)malloc(urllen+2); + if(NULL == conn->host.rawalloc) + return CURLE_OUT_OF_MEMORY; + conn->host.name = conn->host.rawalloc; @@ . patch -p0 <<'@@ .' Index: openpkg-src/openpkg/openpkg.spec $ cvs diff -u -r1.429.2.3 -r1.429.2.4 openpkg.spec --- openpkg-src/openpkg/openpkg.spec 26 Jul 2005 16:49:17 - 1.429.2.3 +++ openpkg-src/openpkg/openpkg.spec 10 Dec 2005 20:45:21 - 1.429.2.4 @@ -38,7 +38,7 @@ # o any cc(1) # the package version/release -%define V_openpkg 2.4.2 +%define V_openpkg 2.4.3 # the used software versions %define V_rpm 4.2.1 @@ -131,6 +131,7 @@ Source60: uuid.8 Source61: uuid.pod Source62: uuid.sh +Source63: curl.patch # build information Prefix: %{l_prefix} @@ -554,6 +555,9 @@ -e '/LINENO: error: C[+]* preprocessor/{N;N;N;N;s/.*/:/;}' \ configure ) || exit $? +( cd curl-%{V_curl} + ${l_patch} -p0 <`SOURCE curl.patch` +) || exit $? # display verbosity header set +x; VERBOSE "PREPARATION: Build GNU make (Build Tool)"; set -x @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_5_SOLID: openpkg-src/openpkg/ curl.patch open...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 20:54:13 Branch: OPENPKG_2_5_SOLIDHandle: 2005121019541200 Added files: (Branch: OPENPKG_2_5_SOLID) openpkg-src/openpkg curl.patch Modified files: (Branch: OPENPKG_2_5_SOLID) openpkg-src/openpkg openpkg.spec Log: Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) Summary: RevisionChanges Path 1.6.4.1 +27 -0 openpkg-src/openpkg/curl.patch 1.454.2.4 +5 -1 openpkg-src/openpkg/openpkg.spec patch -p0 <<'@@ .' Index: openpkg-src/openpkg/curl.patch $ cvs diff -u -r0 -r1.6.4.1 curl.patch --- /dev/null 2005-12-10 20:54:11 +0100 +++ curl.patch2005-12-10 20:54:13 +0100 @@ -0,0 +1,27 @@ +Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) +http://curl.haxx.se/docs/adv_20051207.html + +Index: lib/url.c +--- lib/url.c.orig 2005-09-30 22:04:10 +0200 lib/url.c2005-12-10 20:24:40 +0100 +@@ -2372,12 +2372,18 @@ + if(urllen < LEAST_PATH_ALLOC) + urllen=LEAST_PATH_ALLOC; + +- conn->pathbuffer=(char *)malloc(urllen); ++ /* ++ * We malloc() the buffers below urllen+2 to make room for to possibilities: ++ * 1 - an extra terminating zero ++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used) ++ */ ++ ++ conn->pathbuffer=(char *)malloc(urllen+2); + if(NULL == conn->pathbuffer) + return CURLE_OUT_OF_MEMORY; /* really bad error */ + conn->path = conn->pathbuffer; + +- conn->host.rawalloc=(char *)malloc(urllen); ++ conn->host.rawalloc=(char *)malloc(urllen+2); + if(NULL == conn->host.rawalloc) + return CURLE_OUT_OF_MEMORY; + conn->host.name = conn->host.rawalloc; @@ . patch -p0 <<'@@ .' Index: openpkg-src/openpkg/openpkg.spec $ cvs diff -u -r1.454.2.3 -r1.454.2.4 openpkg.spec --- openpkg-src/openpkg/openpkg.spec 16 Oct 2005 09:15:24 - 1.454.2.3 +++ openpkg-src/openpkg/openpkg.spec 10 Dec 2005 19:54:12 - 1.454.2.4 @@ -38,7 +38,7 @@ # o any cc(1) # the package version/release -%define V_openpkg 2.5.0 +%define V_openpkg 2.5.1 # the used software versions %define V_rpm 4.2.1 @@ -131,6 +131,7 @@ Source60: uuid.8 Source61: uuid.pod Source62: uuid.sh +Source63: curl.patch # build information Prefix: %{l_prefix} @@ -586,6 +587,9 @@ -e '/LINENO: error: C[+]* preprocessor/{N;N;N;N;s/.*/:/;}' \ configure ) || exit $? +( cd curl-%{V_curl} + ${l_patch} -p0 <`SOURCE curl.patch` +) || exit $? # display verbosity header set +x; VERBOSE "PREPARATION: Build GNU make (Build Tool)"; set -x @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/curl/ curl.patch curl.sp...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 20:38:02 Branch: OPENPKG_2_3_SOLIDHandle: 2005121019380200 Modified files: (Branch: OPENPKG_2_3_SOLID) openpkg-src/curlcurl.patch curl.spec Log: Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) Summary: RevisionChanges Path 1.8.2.4 +29 -0 openpkg-src/curl/curl.patch 1.65.2.4+1 -1 openpkg-src/curl/curl.spec patch -p0 <<'@@ .' Index: openpkg-src/curl/curl.patch $ cvs diff -u -r1.8.2.3 -r1.8.2.4 curl.patch --- openpkg-src/curl/curl.patch 18 Oct 2005 08:30:23 - 1.8.2.3 +++ openpkg-src/curl/curl.patch 10 Dec 2005 19:38:02 - 1.8.2.4 @@ -266,3 +266,32 @@ memcpy(&ntlmbuf[size], domain, domlen); size += domlen; +-- + +Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) +http://curl.haxx.se/docs/adv_20051207.html + +Index: lib/url.c +--- lib/url.c.orig 2005-09-30 22:04:10 +0200 lib/url.c2005-12-10 20:24:40 +0100 +@@ -2372,12 +2372,18 @@ + if(urllen < LEAST_PATH_ALLOC) + urllen=LEAST_PATH_ALLOC; + +- conn->pathbuffer=(char *)malloc(urllen); ++ /* ++ * We malloc() the buffers below urllen+2 to make room for to possibilities: ++ * 1 - an extra terminating zero ++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used) ++ */ ++ ++ conn->pathbuffer=(char *)malloc(urllen+2); + if(NULL == conn->pathbuffer) + return CURLE_OUT_OF_MEMORY; /* really bad error */ + conn->path = conn->pathbuffer; + +- conn->host.rawalloc=(char *)malloc(urllen); ++ conn->host.rawalloc=(char *)malloc(urllen+2); + if(NULL == conn->host.rawalloc) + return CURLE_OUT_OF_MEMORY; + conn->host.name = conn->host.rawalloc; @@ . patch -p0 <<'@@ .' Index: openpkg-src/curl/curl.spec $ cvs diff -u -r1.65.2.3 -r1.65.2.4 curl.spec --- openpkg-src/curl/curl.spec18 Oct 2005 08:30:23 - 1.65.2.3 +++ openpkg-src/curl/curl.spec10 Dec 2005 19:38:02 - 1.65.2.4 @@ -34,7 +34,7 @@ Group:Web License: GPL Version: 7.13.0 -Release: 2.3.1 +Release: 2.3.2 # package options %option with_ssl yes @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/curl/ curl.patch curl.sp...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 20:35:43 Branch: OPENPKG_2_4_SOLIDHandle: 2005121019354300 Modified files: (Branch: OPENPKG_2_4_SOLID) openpkg-src/curlcurl.patch curl.spec Log: Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) Summary: RevisionChanges Path 1.10.2.2+29 -0 openpkg-src/curl/curl.patch 1.70.2.3+1 -1 openpkg-src/curl/curl.spec patch -p0 <<'@@ .' Index: openpkg-src/curl/curl.patch $ cvs diff -u -r1.10.2.1 -r1.10.2.2 curl.patch --- openpkg-src/curl/curl.patch 18 Oct 2005 08:27:40 - 1.10.2.1 +++ openpkg-src/curl/curl.patch 10 Dec 2005 19:35:43 - 1.10.2.2 @@ -19,3 +19,32 @@ memcpy(&ntlmbuf[size], domain, domlen); size += domlen; +- + +Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) +http://curl.haxx.se/docs/adv_20051207.html + +Index: lib/url.c +--- lib/url.c.orig 2005-09-30 22:04:10 +0200 lib/url.c2005-12-10 20:24:40 +0100 +@@ -2372,12 +2372,18 @@ + if(urllen < LEAST_PATH_ALLOC) + urllen=LEAST_PATH_ALLOC; + +- conn->pathbuffer=(char *)malloc(urllen); ++ /* ++ * We malloc() the buffers below urllen+2 to make room for to possibilities: ++ * 1 - an extra terminating zero ++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used) ++ */ ++ ++ conn->pathbuffer=(char *)malloc(urllen+2); + if(NULL == conn->pathbuffer) + return CURLE_OUT_OF_MEMORY; /* really bad error */ + conn->path = conn->pathbuffer; + +- conn->host.rawalloc=(char *)malloc(urllen); ++ conn->host.rawalloc=(char *)malloc(urllen+2); + if(NULL == conn->host.rawalloc) + return CURLE_OUT_OF_MEMORY; + conn->host.name = conn->host.rawalloc; @@ . patch -p0 <<'@@ .' Index: openpkg-src/curl/curl.spec $ cvs diff -u -r1.70.2.2 -r1.70.2.3 curl.spec --- openpkg-src/curl/curl.spec18 Oct 2005 08:27:40 - 1.70.2.2 +++ openpkg-src/curl/curl.spec10 Dec 2005 19:35:43 - 1.70.2.3 @@ -33,7 +33,7 @@ Group:Web License: GPL Version: 7.14.0 -Release: 2.4.1 +Release: 2.4.2 # package options %option with_ssl yes @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/gtk2/ gtk2.patch gtk2.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 20:35:18 Branch: HEAD Handle: 2005121019351700 Modified files: openpkg-src/gtk2gtk2.spec Removed files: openpkg-src/gtk2gtk2.patch Log: upgrading package: gtk2 2.8.6 -> 2.8.9 Summary: RevisionChanges Path 1.2 +0 -12 openpkg-src/gtk2/gtk2.patch 1.61+2 -5 openpkg-src/gtk2/gtk2.spec rm -f openpkg-src/gtk2/gtk2.patch <<'@@ .' Index: openpkg-src/gtk2/gtk2.patch [NO CHANGE SUMMARY BECAUSE FILE AS A WHOLE IS JUST REMOVED] @@ . patch -p0 <<'@@ .' Index: openpkg-src/gtk2/gtk2.spec $ cvs diff -u -r1.60 -r1.61 gtk2.spec --- openpkg-src/gtk2/gtk2.spec21 Nov 2005 08:45:24 - 1.60 +++ openpkg-src/gtk2/gtk2.spec10 Dec 2005 19:35:17 - 1.61 @@ -23,7 +23,7 @@ ## # package version -%define V_gtk 2.8.6 +%define V_gtk 2.8.9 %define V_gtk_major 2.8 %define V_glib_major 2.8 %define V_pango_major 1.10 @@ -40,11 +40,10 @@ Group:XWindow License: GPL Version: %{V_gtk} -Release: 20051121 +Release: 20051210 # list of sources Source0: ftp://ftp.gtk.org/pub/gtk/v%{V_gtk_major}/gtk+-%{V_gtk}.tar.gz -Patch0: gtk2.patch # build information Prefix: %{l_prefix} @@ -66,7 +65,6 @@ %track prog gtk2 = { -comment = "thl/2.8.7: gtkcalendar.c:676: error: redeclaration of week_start with no linkage" version = %{version} url = ftp://ftp.gtk.org/pub/gtk/ regex = (v2\.[2468]) @@ -76,7 +74,6 @@ %prep %setup -q -n gtk+-%{version} -%patch -p0 # avoid including static libraries into convenience libraries %{l_shtool} subst \ @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: OPENPKG_2_5_SOLID: openpkg-src/curl/ curl.patch curl.sp...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 20:33:10 Branch: OPENPKG_2_5_SOLIDHandle: 2005121019331000 Added files: (Branch: OPENPKG_2_5_SOLID) openpkg-src/curlcurl.patch Modified files: (Branch: OPENPKG_2_5_SOLID) openpkg-src/curlcurl.spec Log: Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) Summary: RevisionChanges Path 1.10.4.1+27 -0 openpkg-src/curl/curl.patch 1.72.2.3+3 -1 openpkg-src/curl/curl.spec patch -p0 <<'@@ .' Index: openpkg-src/curl/curl.patch $ cvs diff -u -r0 -r1.10.4.1 curl.patch --- /dev/null 2005-12-10 20:33:00 +0100 +++ curl.patch2005-12-10 20:33:10 +0100 @@ -0,0 +1,27 @@ +Security Fix (CVE-2005-4077, OpenPKG-SA-2005.028-curl) +http://curl.haxx.se/docs/adv_20051207.html + +Index: lib/url.c +--- lib/url.c.orig 2005-09-30 22:04:10 +0200 lib/url.c2005-12-10 20:24:40 +0100 +@@ -2372,12 +2372,18 @@ + if(urllen < LEAST_PATH_ALLOC) + urllen=LEAST_PATH_ALLOC; + +- conn->pathbuffer=(char *)malloc(urllen); ++ /* ++ * We malloc() the buffers below urllen+2 to make room for to possibilities: ++ * 1 - an extra terminating zero ++ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used) ++ */ ++ ++ conn->pathbuffer=(char *)malloc(urllen+2); + if(NULL == conn->pathbuffer) + return CURLE_OUT_OF_MEMORY; /* really bad error */ + conn->path = conn->pathbuffer; + +- conn->host.rawalloc=(char *)malloc(urllen); ++ conn->host.rawalloc=(char *)malloc(urllen+2); + if(NULL == conn->host.rawalloc) + return CURLE_OUT_OF_MEMORY; + conn->host.name = conn->host.rawalloc; @@ . patch -p0 <<'@@ .' Index: openpkg-src/curl/curl.spec $ cvs diff -u -r1.72.2.2 -r1.72.2.3 curl.spec --- openpkg-src/curl/curl.spec13 Oct 2005 18:14:45 - 1.72.2.2 +++ openpkg-src/curl/curl.spec10 Dec 2005 19:33:10 - 1.72.2.3 @@ -33,7 +33,7 @@ Group:Web License: GPL Version: 7.15.0 -Release: 2.5.0 +Release: 2.5.1 # package options %option with_ssl yes @@ -42,6 +42,7 @@ # list of sources Source0: http://curl.haxx.se/download/curl-%{version}.tar.bz2 +Patch0: curl.patch # build information Prefix: %{l_prefix} @@ -79,6 +80,7 @@ %prep %setup -q +%patch -p0 %build %{l_shtool} subst \ @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/bittorrent/ bittorrent.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 20:06:22 Branch: HEAD Handle: 2005121019062200 Modified files: openpkg-src/bittorrent bittorrent.spec Log: upgrading package: bittorrent 4.3.1 -> 4.3.2 Summary: RevisionChanges Path 1.22+2 -2 openpkg-src/bittorrent/bittorrent.spec patch -p0 <<'@@ .' Index: openpkg-src/bittorrent/bittorrent.spec $ cvs diff -u -r1.21 -r1.22 bittorrent.spec --- openpkg-src/bittorrent/bittorrent.spec7 Dec 2005 08:39:33 - 1.21 +++ openpkg-src/bittorrent/bittorrent.spec10 Dec 2005 19:06:22 - 1.22 @@ -32,8 +32,8 @@ Class:PLUS Group:Network License: MIT-style -Version: 4.3.1 -Release: 20051207 +Version: 4.3.2 +Release: 20051210 # list of sources Source0: http://www.bittorrent.com/dl/BitTorrent-%{version}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/perl-www/ perl-www.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 20:03:15 Branch: HEAD Handle: 2005121019031400 Modified files: openpkg-src/perl-wwwperl-www.spec Log: modifying package: perl-www-5.8.7 20051208 -> 20051210 Summary: RevisionChanges Path 1.253 +2 -2 openpkg-src/perl-www/perl-www.spec patch -p0 <<'@@ .' Index: openpkg-src/perl-www/perl-www.spec $ cvs diff -u -r1.252 -r1.253 perl-www.spec --- openpkg-src/perl-www/perl-www.spec8 Dec 2005 19:04:44 - 1.252 +++ openpkg-src/perl-www/perl-www.spec10 Dec 2005 19:03:14 - 1.253 @@ -24,7 +24,7 @@ # versions of individual parts %define V_perl 5.8.7 -%define V_libwww_perl 5.804 +%define V_libwww_perl 5.805 %define V_uri 1.35 %define V_cgi 3.15 %define V_cgi_untaint 1.26 @@ -91,7 +91,7 @@ Group:Language License: GPL/Artistic Version: %{V_perl} -Release: 20051208 +Release: 20051210 # list of sources Source0: http://www.cpan.org/modules/by-module/URI/URI-%{V_uri}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/perl-crypto/ perl-crypto.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 20:02:42 Branch: HEAD Handle: 2005121019024100 Modified files: openpkg-src/perl-crypto perl-crypto.spec Log: modifying package: perl-crypto-5.8.7 20051204 -> 20051210 Summary: RevisionChanges Path 1.113 +2 -2 openpkg-src/perl-crypto/perl-crypto.spec patch -p0 <<'@@ .' Index: openpkg-src/perl-crypto/perl-crypto.spec $ cvs diff -u -r1.112 -r1.113 perl-crypto.spec --- openpkg-src/perl-crypto/perl-crypto.spec 4 Dec 2005 09:19:47 - 1.112 +++ openpkg-src/perl-crypto/perl-crypto.spec 10 Dec 2005 19:02:41 - 1.113 @@ -37,7 +37,7 @@ %define V_crypt_enigma 1.3 %define V_crypt_unixcrypt 1.0 %define V_crypt_passwdmd5 1.3 -%define V_crypt_des 2.03 +%define V_crypt_des 2.05 %define V_crypt_des_ede30.01 %define V_crypt_rc4 2.02 %define V_crypt_rc5 2.00 @@ -72,7 +72,7 @@ Group:Language License: GPL/Artistic Version: %{V_perl} -Release: 20051204 +Release: 20051210 # list of sources Source0: http://www.cpan.org/modules/by-module/Digest/Digest-%{V_digest}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/perl-mail/ perl-mail.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 20:02:17 Branch: HEAD Handle: 2005121019021700 Modified files: openpkg-src/perl-mail perl-mail.spec Log: modifying package: perl-mail-5.8.7 20051201 -> 20051210 Summary: RevisionChanges Path 1.179 +2 -2 openpkg-src/perl-mail/perl-mail.spec patch -p0 <<'@@ .' Index: openpkg-src/perl-mail/perl-mail.spec $ cvs diff -u -r1.178 -r1.179 perl-mail.spec --- openpkg-src/perl-mail/perl-mail.spec 1 Dec 2005 19:58:23 - 1.178 +++ openpkg-src/perl-mail/perl-mail.spec 10 Dec 2005 19:02:17 - 1.179 @@ -27,7 +27,7 @@ %define V_mail_box2.063 %define V_mail_imapclient 2.2.9 %define V_mail_mbox_messageparser 1.4001 -%define V_mail_mboxparser 0.54 +%define V_mail_mboxparser 0.55 %define V_mail_sender 0.8.10 %define V_mail_sendmail 0.79 %define V_mailtools 1.67 @@ -51,7 +51,7 @@ Group:Language License: GPL/Artistic Version: %{V_perl} -Release: 20051201 +Release: 20051210 # list of sources Source0: http://www.cpan.org/modules/by-module/Mail/MailTools-%{V_mailtools}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/p7zip/ p7zip.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 20:01:54 Branch: HEAD Handle: 2005121019015300 Modified files: openpkg-src/p7zip p7zip.spec Log: fix tracking Summary: RevisionChanges Path 1.13+2 -2 openpkg-src/p7zip/p7zip.spec patch -p0 <<'@@ .' Index: openpkg-src/p7zip/p7zip.spec $ cvs diff -u -r1.12 -r1.13 p7zip.spec --- openpkg-src/p7zip/p7zip.spec 29 Nov 2005 17:49:31 - 1.12 +++ openpkg-src/p7zip/p7zip.spec 10 Dec 2005 19:01:53 - 1.13 @@ -33,7 +33,7 @@ Group:Archiver License: LGPL Version: 4.30 -Release: 20051129 +Release: 20051210 # list of sources Source0: http://osdn.dl.sourceforge.net/p7zip/p7zip_%{version}_src_all.tar.bz2 @@ -56,7 +56,7 @@ prog p7zip = { version = %{version} url = http://prdownloads.sourceforge.net/p7zip/ -regex = p7zip_(__VER__)_src\.tar\.bz2 +regex = p7zip_(__VER__)_src_all\.tar\.bz2 } %prep @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/mono/ mono.patch mono.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 09:27:28 Branch: HEAD Handle: 2005121008272800 Modified files: openpkg-src/monomono.patch mono.spec Log: upgrading package: mono 1.1.9.2 -> 1.1.10.1 Summary: RevisionChanges Path 1.7 +69 -0 openpkg-src/mono/mono.patch 1.19+2 -3 openpkg-src/mono/mono.spec patch -p0 <<'@@ .' Index: openpkg-src/mono/mono.patch $ cvs diff -u -r1.6 -r1.7 mono.patch --- openpkg-src/mono/mono.patch 7 Oct 2005 07:28:07 - 1.6 +++ openpkg-src/mono/mono.patch 10 Dec 2005 08:27:28 - 1.7 @@ -72,3 +72,72 @@ /* * mono_arch_get_argument_info: * @csig: a method signature +Index: support/stdio.c +--- support/stdio.c.orig 2005-10-14 13:58:02 +0200 support/stdio.c 2005-11-10 08:05:13 +0100 +@@ -141,14 +141,14 @@ + Mono_Posix_Stdlib_setvbuf (void* stream, void *buf, int mode, mph_size_t size) + { + mph_return_if_size_t_overflow (size); +-return setvbuf (stream, (char *) buf, mode, (size_t) size); ++return setvbuf ((FILE *)stream, (char *) buf, mode, (size_t) size); + } + + int + Mono_Posix_Stdlib_setbuf (void* stream, void* buf) + { + errno = 0; +-setbuf (stream, buf); ++setbuf ((FILE *)stream, buf); + return errno == 0 ? 0 : -1; + } + +@@ -157,13 +157,13 @@ + { + mph_return_if_long_overflow (offset); + +-return fseek (stream, offset, origin); ++return fseek ((FILE *)stream, offset, origin); + } + + gint64 + Mono_Posix_Stdlib_ftell (void* stream) + { +-return ftell (stream); ++return ftell ((FILE *)stream); + } + + void* +@@ -176,20 +176,20 @@ + gint32 + Mono_Posix_Stdlib_fgetpos (void* stream, void *pos) + { +-return fgetpos (stream, (fpos_t*) pos); ++return fgetpos ((FILE *)stream, (fpos_t*) pos); + } + + gint32 + Mono_Posix_Stdlib_fsetpos (void* stream, void *pos) + { +-return fsetpos (stream, (fpos_t*) pos); ++return fsetpos ((FILE *)stream, (fpos_t*) pos); + } + + int + Mono_Posix_Stdlib_rewind (void* stream) + { + errno = 0; +-rewind (stream); ++rewind ((FILE *)stream); + return errno == 0 ? 0 : -1; + } + +@@ -197,7 +197,7 @@ + Mono_Posix_Stdlib_clearerr (void* stream) + { + errno = 0; +-clearerr (stream); ++clearerr ((FILE *)stream); + return errno == 0 ? 0 : -1; + } + @@ . patch -p0 <<'@@ .' Index: openpkg-src/mono/mono.spec $ cvs diff -u -r1.18 -r1.19 mono.spec --- openpkg-src/mono/mono.spec21 Nov 2005 10:03:17 - 1.18 +++ openpkg-src/mono/mono.spec10 Dec 2005 08:27:28 - 1.19 @@ -24,7 +24,7 @@ # package version %define V_major 1.1 -%define V_minor 9.2 +%define V_minor 10.1 # package information Name: mono @@ -37,7 +37,7 @@ Group:Language License: GPL Version: %{V_major}.%{V_minor} -Release: 20051121 +Release: 20051210 # list of sources Source0: http://go-mono.com/sources/mono-%{V_major}/mono-%{version}.tar.gz @@ -64,7 +64,6 @@ %track prog mono = { -comment = "thl/1.1.10: stdio.c:200: error: request for member _flags in something not a structure or union" version = %{version} url = http://go-mono.com/sources/ regex = mono-(\d+\.\d+(\.\d+)*)\.tar\.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org
[CVS] OpenPKG: openpkg-src/gcc41/ gcc41.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Dec-2005 09:13:47 Branch: HEAD Handle: 2005121008134600 Modified files: openpkg-src/gcc41 gcc41.spec Log: upgrading package: gcc41 4.1s20051202 -> 4.1s20051209 Summary: RevisionChanges Path 1.39+2 -2 openpkg-src/gcc41/gcc41.spec patch -p0 <<'@@ .' Index: openpkg-src/gcc41/gcc41.spec $ cvs diff -u -r1.38 -r1.39 gcc41.spec --- openpkg-src/gcc41/gcc41.spec 3 Dec 2005 19:10:26 - 1.38 +++ openpkg-src/gcc41/gcc41.spec 10 Dec 2005 08:13:46 - 1.39 @@ -25,7 +25,7 @@ # package version %define V_full 4.1 %define V_comp 41 -%define V_snap 20051202 +%define V_snap 20051209 # package information Name: gcc41 @@ -38,7 +38,7 @@ Group:Compiler License: GPL Version: %{V_full}s%{V_snap} -Release: 20051203 +Release: 20051210 # package options %option with_cxx yes @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org