[CVS] OpenPKG: OPENPKG_1_2_SOLID: openpkg-src/pb4sd/ pb4sd pb4sd.spec ...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 01-Oct-2003 15:33:21 Branch: OPENPKG_1_2_SOLID HEAD Handle: 2003100114331901 Modified files: openpkg-web news.txt Modified files: (Branch: OPENPKG_1_2_SOLID) openpkg-src/pb4sd pb4sd pb4sd.spec Log: fsl %N needs to be caught, too Summary: RevisionChanges Path 1.4.4.1 +2 -2 openpkg-src/pb4sd/pb4sd 1.15.2.1.2.2+1 -1 openpkg-src/pb4sd/pb4sd.spec 1.6807 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/pb4sd/pb4sd $ cvs diff -u -r1.4 -r1.4.4.1 pb4sd --- openpkg-src/pb4sd/pb4sd 20 Nov 2002 15:45:27 - 1.4 +++ openpkg-src/pb4sd/pb4sd 1 Oct 2003 13:33:20 - 1.4.4.1 @@ -18,9 +18,9 @@ # logfile parsing patters my $pattern = { -# QPopper 4.0.x (OpenPKG) +# QPopper 4.0.x with logging via OSSP fsl (OpenPKG) 'qpopper' = -'^(... .. ..:..:..) (?:\S+|\S+) (?:/\S+?)?q?popper\S*\[\d+\]: ' . +'^(... .. ..:..:..) \S+ (?:\S+|\S+) (?:/\S+?)?q?popper\S*\[\d+\]: ' . '\([^)]*\) POP login by user [^]+ at \([^)]+\) (\d+.\d+.\d+.\d+)$', # Qpopper 3.x 'popper3' = @@ . patch -p0 '@@ .' Index: openpkg-src/pb4sd/pb4sd.spec $ cvs diff -u -r1.15.2.1.2.1 -r1.15.2.1.2.2 pb4sd.spec --- openpkg-src/pb4sd/pb4sd.spec 18 Jan 2003 17:21:28 - 1.15.2.1.2.1 +++ openpkg-src/pb4sd/pb4sd.spec 1 Oct 2003 13:33:20 - 1.15.2.1.2.2 @@ -33,7 +33,7 @@ Group:Mail License: PD Version: 1.2 -Release: 1.2.0 +Release: 1.2.1 # list of sources Source0: pb4sd @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6806 -r1.6807 news.txt --- openpkg-web/news.txt 1 Oct 2003 13:31:57 - 1.6806 +++ openpkg-web/news.txt 1 Oct 2003 13:33:19 - 1.6807 @@ -1,3 +1,4 @@ +01-Oct-2003: Upgraded package: Ppb4sd-1.2-1.2.1 01-Oct-2003: Upgraded package: Ppb4sd-1.2-1.3.1 01-Oct-2003: Upgraded package: Ppb4sd-1.2-20031001 01-Oct-2003: Upgraded package: Pmplayer-1.0pre1-20031001 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-src/qpopper/ fsl.qpopper qpopper.patch qpopper....
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 01-Oct-2003 18:04:12 Branch: HEAD Handle: 2003100117041002 Modified files: openpkg-src/qpopper fsl.qpopper qpopper.patch qpopper.spec rc.qpopper openpkg-web news.txt Log: permissions Summary: RevisionChanges Path 1.8 +1 -1 openpkg-src/qpopper/fsl.qpopper 1.4 +22 -0 openpkg-src/qpopper/qpopper.patch 1.64+8 -1 openpkg-src/qpopper/qpopper.spec 1.24+1 -1 openpkg-src/qpopper/rc.qpopper 1.6811 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/qpopper/fsl.qpopper $ cvs diff -u -r1.7 -r1.8 fsl.qpopper --- openpkg-src/qpopper/fsl.qpopper 14 Jul 2003 18:32:44 - 1.7 +++ openpkg-src/qpopper/fsl.qpopper 1 Oct 2003 16:04:12 - 1.8 @@ -9,7 +9,7 @@ - { debug: file( path=@l_prefix@/var/qpopper/qpopper.log, -perm=0644 +perm=0664 ) } }; @@ . patch -p0 '@@ .' Index: openpkg-src/qpopper/qpopper.patch $ cvs diff -u -r1.3 -r1.4 qpopper.patch --- openpkg-src/qpopper/qpopper.patch 18 Sep 2003 20:42:39 - 1.3 +++ openpkg-src/qpopper/qpopper.patch 1 Oct 2003 16:04:12 - 1.4 @@ -135,3 +135,25 @@ } TRACE ( trace_file, POP_DEBUG, HERE, +Index: pop_dropcopy.c +--- popper/pop_dropcopy.c.orig 2003-01-02 03:39:02.0 +0100 popper/pop_dropcopy.c2003-10-01 17:33:31.0 +0200 +@@ -1231,6 +1231,10 @@ + return pop_msg ( p, POP_FAILURE, HERE, + [SYS/TEMP] Unable to get temp drop name ); + ++/* ++ * OpenPKG: enforce usage of spool-dir configuration option ++ */ ++#if 0 + if ( stat ( p-temp_drop, mybuf ) == -1 || mybuf.st_size = 0 ) { + if ( genpath ( p, +p-temp_drop, +@@ -1239,6 +1243,7 @@ + return pop_msg ( p, POP_FAILURE, HERE, + [SYS/TEMP] Unable to get temp drop name ); + } ++#endif + } + else { + /* @@ . patch -p0 '@@ .' Index: openpkg-src/qpopper/qpopper.spec $ cvs diff -u -r1.63 -r1.64 qpopper.spec --- openpkg-src/qpopper/qpopper.spec 18 Sep 2003 19:26:48 - 1.63 +++ openpkg-src/qpopper/qpopper.spec 1 Oct 2003 16:04:12 - 1.64 @@ -33,7 +33,7 @@ Group:Mail License: GPL Version: 4.0.5 -Release: 20030918 +Release: 20031001 # package options %option with_fsl yes @@ -86,6 +86,8 @@ ./configure \ --prefix=%{l_prefix} \ --sbindir=%{l_prefix}/sbin \ +--enable-cache-dir=%{l_prefix}/var/qpopper/cache \ +--enable-spool-dir=%{l_prefix}/var/qpopper/spool \ --disable-bulldb \ --enable-servermode \ --enable-standalone \ @@ -115,10 +117,15 @@ $RPM_BUILD_ROOT%{l_prefix}/man/man8 \ $RPM_BUILD_ROOT%{l_prefix}/var/qpopper \ $RPM_BUILD_ROOT%{l_prefix}/etc/qpopper +%{l_shtool} mkdir -f -p -m 775 \ +$RPM_BUILD_ROOT%{l_prefix}/var/qpopper/cache \ +$RPM_BUILD_ROOT%{l_prefix}/var/qpopper/spool # install qpopper %{l_shtool} install -c -m 644 \ -e 's;^# \(set home-dir-mail[^=]*=\).*;\1 .mail/inbox;' \ +-e 's;^# \(set cache-dir[^=]*=\).*;\1 %{l_prefix}/var/qpopper/cache;' \ +-e 's;^# \(set spool-dir[^=]*=\).*;\1 %{l_prefix}/var/qpopper/spool;' \ samples/qpopper.config $RPM_BUILD_ROOT%{l_prefix}/etc/qpopper/ %{l_shtool} install -c -s -m 755 \ popper/popper $RPM_BUILD_ROOT%{l_prefix}/sbin/qpopper @@ . patch -p0 '@@ .' Index: openpkg-src/qpopper/rc.qpopper $ cvs diff -u -r1.23 -r1.24 rc.qpopper --- openpkg-src/qpopper/rc.qpopper23 Jul 2003 14:26:27 - 1.23 +++ openpkg-src/qpopper/rc.qpopper1 Oct 2003 16:04:12 - 1.24 @@ -52,7 +52,7 @@ # rotate logfile shtool rotate -f \ -n ${qpopper_log_numfiles} -s ${qpopper_log_minsize} -d \ --z ${qpopper_log_complevel} -m 644 -o @l_susr@ -g
[CVS] OpenPKG: openpkg-src/openssl/ openssl.patch openssl.spec openpkg...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 30-Sep-2003 14:44:31 Branch: HEAD Handle: 2003093013442902 Modified files: openpkg-src/openssl openssl.patch openssl.spec openpkg-web news.txt Log: SA-2003.044-openssl; CAN-2003-0543, CAN-2003-0544, CAN-2003-0545 Summary: RevisionChanges Path 1.12+66 -0 openpkg-src/openssl/openssl.patch 1.47+1 -1 openpkg-src/openssl/openssl.spec 1.6790 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/openssl/openssl.patch $ cvs diff -u -r1.11 -r1.12 openssl.patch --- openpkg-src/openssl/openssl.patch 6 Aug 2003 08:52:45 - 1.11 +++ openpkg-src/openssl/openssl.patch 30 Sep 2003 12:44:31 - 1.12 @@ -9,3 +9,69 @@ { next loop if (($p%$primes[$i]) == 0); } + +- + +Security Bugfixes +OpenPKG-SA-2003.044-openssl +http://www.openssl.org/news/secadv_20030930.txt +CAN-2003-0543, CAN-2003-0544, CAN-2003-0545 + +--- crypto/asn1/asn1_lib.c Sun Sep 28 14:20:55 2003 crypto/asn1/asn1_lib.c Fri Sep 26 13:51:38 2003 +@@ -104,10 +104,12 @@ + l=7L; + l|= *(p++)0x7f; + if (--max == 0) goto err; ++if (l (INT_MAX 7L)) goto err; + } + l=7L; + l|= *(p++)0x7f; + tag=(int)l; ++if (--max == 0) goto err; + } + else + { +--- crypto/asn1/tasn_dec.c Sun Sep 28 14:20:55 2003 crypto/asn1/tasn_dec.c Fri Sep 26 13:51:38 2003 +@@ -691,6 +691,7 @@ + + int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) + { ++ASN1_VALUE **opval = NULL; + ASN1_STRING *stmp; + ASN1_TYPE *typ = NULL; + int ret = 0; +@@ -705,6 +706,7 @@ + *pval = (ASN1_VALUE *)typ; + } else typ = (ASN1_TYPE *)*pval; + if(utype != typ-type) ASN1_TYPE_set(typ, utype, NULL); ++opval = pval; + pval = (ASN1_VALUE **)typ-value.ptr; + } + switch(utype) { +@@ -796,7 +798,12 @@ + + ret = 1; + err: +-if(!ret) ASN1_TYPE_free(typ); ++if(!ret) ++{ ++ASN1_TYPE_free(typ); ++if (opval) ++*opval = NULL; ++} + return ret; + } + +--- crypto/x509/x509_vfy.c Sun Sep 28 14:20:55 2003 crypto/x509/x509_vfy.c Fri Sep 26 13:51:38 2003 +@@ -674,7 +674,7 @@ + ok=(*cb)(0,ctx); + if (!ok) goto end; + } +-if (X509_verify(xs,pkey) = 0) ++else if (X509_verify(xs,pkey) = 0) + /* XXX For the final trusted self-signed cert, + * this is a waste of time. That check should + * optional so that e.g. 'openssl x509' can be @@ . patch -p0 '@@ .' Index: openpkg-src/openssl/openssl.spec $ cvs diff -u -r1.46 -r1.47 openssl.spec --- openpkg-src/openssl/openssl.spec 6 Aug 2003 08:52:45 - 1.46 +++ openpkg-src/openssl/openssl.spec 30 Sep 2003 12:44:31 - 1.47 @@ -33,7 +33,7 @@ Group:Cryptography License: BSD-style Version: 0.9.7b -Release: 20030806 +Release: 20030930 # package options %option with_zlib no @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6789 -r1.6790 news.txt --- openpkg-web/news.txt 29 Sep 2003 19:09:19 - 1.6789 +++ openpkg-web/news.txt 30 Sep 2003 12:44:29 - 1.6790 @@ -1,3 +1,4 @@ +30-Sep-2003: Upgraded package: Popenssl-0.9.7b-20030930 29-Sep-2003: New package: Pvile-9.4-20030929 29-Sep-2003: Upgraded package: Paegis-4.12-20030929 29-Sep-2003: Upgraded package: Pperl-xml-20030929-20030929 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List
[CVS] OpenPKG: OPENPKG_1_3_SOLID: openpkg-src/openssl/ openssl.patch o...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 30-Sep-2003 14:45:42 Branch: OPENPKG_1_3_SOLID HEAD Handle: 2003093013454002 Modified files: openpkg-web news.txt Modified files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/openssl openssl.patch openssl.spec Log: SA-2003.044-openssl; CAN-2003-0543, CAN-2003-0544, CAN-2003-0545 Summary: RevisionChanges Path 1.7.2.3.2.2 +66 -0 openpkg-src/openssl/openssl.patch 1.37.2.5.2.3+1 -1 openpkg-src/openssl/openssl.spec 1.6791 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/openssl/openssl.patch $ cvs diff -u -r1.7.2.3.2.1 -r1.7.2.3.2.2 openssl.patch --- openpkg-src/openssl/openssl.patch 25 Sep 2003 12:41:58 - 1.7.2.3.2.1 +++ openpkg-src/openssl/openssl.patch 30 Sep 2003 12:45:42 - 1.7.2.3.2.2 @@ -9,3 +9,69 @@ { next loop if (($p%$primes[$i]) == 0); } + +- + +Security Bugfixes +OpenPKG-SA-2003.044-openssl +http://www.openssl.org/news/secadv_20030930.txt +CAN-2003-0543, CAN-2003-0544, CAN-2003-0545 + +--- crypto/asn1/asn1_lib.c Sun Sep 28 14:20:55 2003 crypto/asn1/asn1_lib.c Fri Sep 26 13:51:38 2003 +@@ -104,10 +104,12 @@ + l=7L; + l|= *(p++)0x7f; + if (--max == 0) goto err; ++if (l (INT_MAX 7L)) goto err; + } + l=7L; + l|= *(p++)0x7f; + tag=(int)l; ++if (--max == 0) goto err; + } + else + { +--- crypto/asn1/tasn_dec.c Sun Sep 28 14:20:55 2003 crypto/asn1/tasn_dec.c Fri Sep 26 13:51:38 2003 +@@ -691,6 +691,7 @@ + + int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) + { ++ASN1_VALUE **opval = NULL; + ASN1_STRING *stmp; + ASN1_TYPE *typ = NULL; + int ret = 0; +@@ -705,6 +706,7 @@ + *pval = (ASN1_VALUE *)typ; + } else typ = (ASN1_TYPE *)*pval; + if(utype != typ-type) ASN1_TYPE_set(typ, utype, NULL); ++opval = pval; + pval = (ASN1_VALUE **)typ-value.ptr; + } + switch(utype) { +@@ -796,7 +798,12 @@ + + ret = 1; + err: +-if(!ret) ASN1_TYPE_free(typ); ++if(!ret) ++{ ++ASN1_TYPE_free(typ); ++if (opval) ++*opval = NULL; ++} + return ret; + } + +--- crypto/x509/x509_vfy.c Sun Sep 28 14:20:55 2003 crypto/x509/x509_vfy.c Fri Sep 26 13:51:38 2003 +@@ -674,7 +674,7 @@ + ok=(*cb)(0,ctx); + if (!ok) goto end; + } +-if (X509_verify(xs,pkey) = 0) ++else if (X509_verify(xs,pkey) = 0) + /* XXX For the final trusted self-signed cert, + * this is a waste of time. That check should + * optional so that e.g. 'openssl x509' can be @@ . patch -p0 '@@ .' Index: openpkg-src/openssl/openssl.spec $ cvs diff -u -r1.37.2.5.2.2 -r1.37.2.5.2.3 openssl.spec --- openpkg-src/openssl/openssl.spec 25 Sep 2003 12:41:58 - 1.37.2.5.2.2 +++ openpkg-src/openssl/openssl.spec 30 Sep 2003 12:45:42 - 1.37.2.5.2.3 @@ -33,7 +33,7 @@ Group:Cryptography License: BSD-style Version: 0.9.7b -Release: 1.3.1 +Release: 1.3.2 # package options %option with_zlib no @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6790 -r1.6791 news.txt --- openpkg-web/news.txt 30 Sep 2003 12:44:29 - 1.6790 +++ openpkg-web/news.txt 30 Sep 2003 12:45:40 - 1.6791 @@ -1,3 +1,4 @@ +30-Sep-2003: Upgraded package: Popenssl-0.9.7b-1.3.2 30-Sep-2003: Upgraded package: Popenssl-0.9.7b-20030930 29-Sep-2003: New package: Pvile-9.4-20030929 29-Sep-2003: Upgraded package: Paegis-4.12-20030929
[CVS] OpenPKG: OPENPKG_1_2_SOLID: openpkg-src/openssl/ openssl.patch o...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 30-Sep-2003 14:46:23 Branch: OPENPKG_1_2_SOLID HEAD Handle: 2003093013462102 Modified files: openpkg-web news.txt Modified files: (Branch: OPENPKG_1_2_SOLID) openpkg-src/openssl openssl.patch openssl.spec Log: SA-2003.044-openssl; CAN-2003-0543, CAN-2003-0544, CAN-2003-0545 Summary: RevisionChanges Path 1.7.4.4 +66 -0 openpkg-src/openssl/openssl.patch 1.37.2.1.2.6+1 -1 openpkg-src/openssl/openssl.spec 1.6792 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/openssl/openssl.patch $ cvs diff -u -r1.7.4.3 -r1.7.4.4 openssl.patch --- openpkg-src/openssl/openssl.patch 20 Mar 2003 20:09:39 - 1.7.4.3 +++ openpkg-src/openssl/openssl.patch 30 Sep 2003 12:46:23 - 1.7.4.4 @@ -229,3 +229,69 @@ } s-session-master_key_length= + +- + +Security Bugfixes +OpenPKG-SA-2003.044-openssl +http://www.openssl.org/news/secadv_20030930.txt +CAN-2003-0543, CAN-2003-0544, CAN-2003-0545 + +--- crypto/asn1/asn1_lib.c Sun Sep 28 14:20:55 2003 crypto/asn1/asn1_lib.c Fri Sep 26 13:51:38 2003 +@@ -104,10 +104,12 @@ + l=7L; + l|= *(p++)0x7f; + if (--max == 0) goto err; ++if (l (INT_MAX 7L)) goto err; + } + l=7L; + l|= *(p++)0x7f; + tag=(int)l; ++if (--max == 0) goto err; + } + else + { +--- crypto/asn1/tasn_dec.c Sun Sep 28 14:20:55 2003 crypto/asn1/tasn_dec.c Fri Sep 26 13:51:38 2003 +@@ -691,6 +691,7 @@ + + int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) + { ++ASN1_VALUE **opval = NULL; + ASN1_STRING *stmp; + ASN1_TYPE *typ = NULL; + int ret = 0; +@@ -705,6 +706,7 @@ + *pval = (ASN1_VALUE *)typ; + } else typ = (ASN1_TYPE *)*pval; + if(utype != typ-type) ASN1_TYPE_set(typ, utype, NULL); ++opval = pval; + pval = (ASN1_VALUE **)typ-value.ptr; + } + switch(utype) { +@@ -796,7 +798,12 @@ + + ret = 1; + err: +-if(!ret) ASN1_TYPE_free(typ); ++if(!ret) ++{ ++ASN1_TYPE_free(typ); ++if (opval) ++*opval = NULL; ++} + return ret; + } + +--- crypto/x509/x509_vfy.c Sun Sep 28 14:20:55 2003 crypto/x509/x509_vfy.c Fri Sep 26 13:51:38 2003 +@@ -674,7 +674,7 @@ + ok=(*cb)(0,ctx); + if (!ok) goto end; + } +-if (X509_verify(xs,pkey) = 0) ++else if (X509_verify(xs,pkey) = 0) + /* XXX For the final trusted self-signed cert, + * this is a waste of time. That check should + * optional so that e.g. 'openssl x509' can be @@ . patch -p0 '@@ .' Index: openpkg-src/openssl/openssl.spec $ cvs diff -u -r1.37.2.1.2.5 -r1.37.2.1.2.6 openssl.spec --- openpkg-src/openssl/openssl.spec 20 Mar 2003 20:09:39 - 1.37.2.1.2.5 +++ openpkg-src/openssl/openssl.spec 30 Sep 2003 12:46:23 - 1.37.2.1.2.6 @@ -33,7 +33,7 @@ Group:Cryptography License: BSD-style Version: 0.9.7 -Release: 1.2.3 +Release: 1.2.4 # list of sources Source0: ftp://ftp.openssl.org/source/openssl-%{version}.tar.gz @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6791 -r1.6792 news.txt --- openpkg-web/news.txt 30 Sep 2003 12:45:40 - 1.6791 +++ openpkg-web/news.txt 30 Sep 2003 12:46:21 - 1.6792 @@ -1,3 +1,4 @@ +30-Sep-2003: Upgraded package: Popenssl-0.9.7-1.2.4 30-Sep-2003: Upgraded package: Popenssl-0.9.7b-1.3.2 30-Sep-2003: Upgraded package: Popenssl-0.9.7b-20030930 29-Sep-2003: New package: Pvile-9.4-20030929
[CVS] OpenPKG: openpkg-web/ security.txt security.wml openpkg-web/secu...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 30-Sep-2003 14:47:11 Branch: HEAD Handle: 2003093013471100 Added files: openpkg-web/securityOpenPKG-SA-2003.044-openssl.txt Modified files: openpkg-web security.txt security.wml Log: SA-2003.044-openssl; CAN-2003-0543, CAN-2003-0544, CAN-2003-0545 Summary: RevisionChanges Path 1.51+1 -0 openpkg-web/security.txt 1.69+1 -0 openpkg-web/security.wml 1.1 +158 -0 openpkg-web/security/OpenPKG-SA-2003.044-openssl.txt patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.50 -r1.51 security.txt --- openpkg-web/security.txt 24 Sep 2003 08:09:34 - 1.50 +++ openpkg-web/security.txt 30 Sep 2003 12:47:11 - 1.51 @@ -1,3 +1,4 @@ +30-Sep-2003: Security Advisory: SOpenPKG-SA-2003.044-openssl 24-Sep-2003: Security Advisory: SOpenPKG-SA-2003.043-proftpd 24-Sep-2003: Security Advisory: SOpenPKG-SA-2003.042-openssh 19-Sep-2003: Security Advisory: SOpenPKG-SA-2003.041-sendmail @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.68 -r1.69 security.wml --- openpkg-web/security.wml 24 Sep 2003 08:09:34 - 1.68 +++ openpkg-web/security.wml 30 Sep 2003 12:47:11 - 1.69 @@ -76,6 +76,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2003.044 openssl sa 2003.043 proftpd sa 2003.042 openssh sa 2003.041 sendmail @@ . patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2003.044-openssl.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2003.044-openssl.txt --- /dev/null 2003-09-30 14:47:11.0 +0200 +++ OpenPKG-SA-2003.044-openssl.txt 2003-09-30 14:47:11.0 +0200 @@ -0,0 +1,158 @@ + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2003.044 30-Sep-2003 + + +Package: openssl +Vulnerability: denial of service, possibly arbitrary code execution +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT = openssl-0.9.7b-20030806 = openssl-0.9.7b-20030930 +OpenPKG 1.3 = openssl-0.9.7b-1.3.1= openssl-0.9.7b-1.3.2 +OpenPKG 1.2 = openssl-0.9.7-1.2.3 = openssl-0.9.7-1.2.4 + +Affected Releases: Dependent Packages: + +OpenPKG CURRENT apache* bind blender cadaver cfengine cpu cups curl + distcache dsniff easysoap ethereal* exim fetchmail + imap imapd imaputils inn jabberd kde-base kde-libs + linc links lynx mailsync meta-core mico* mixmaster + monit* mozilla mutt mutt15 nail neon nessus-libs + nmap openldap openssh openvpn perl-ssl pgadmin php* + pine* postfix* postgresql pound proftpd* qpopper + rdesktop samba samba3 sasl scanssh sendmail* siege + sio* sitecopy snmp socat squid* stunnel subversion + suck sysmon tcpdump tinyca w3m wget xmlsec + +OpenPKG 1.3 apache* bind cfengine cpu curl ethereal* fetchmail + imap imapd inn links lynx mico* mutt nail neon + openldap openssh perl-ssl php* postfix* postgresql + proftpd* qpopper rdesktop samba sasl scanssh + sendmail* siege sio* sitecopy snmp socat squid* + stunnel suck sysmon tcpdump tinyca w3m wget xmlsec + +OpenPKG 1.2 apache* bind cpu curl ethereal* fetchmail imap inn + links lynx mico* mutt nail neon openldap openssh + perl-ssl postfix* postgresql qpopper rdesktop samba + sasl scanssh sendmail* siege sitecopy snmp socat + stunnel sysmon tcpdump tinyca w3m wget + + (*) marked packages are only
[CVS] OpenPKG: openpkg-src/fsl/ fsl.spec openpkg-web/ news.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 25-Sep-2003 17:38:15 Branch: HEAD Handle: 2003092516381301 Modified files: openpkg-src/fsl fsl.spec openpkg-web news.txt Log: upgrading package: fsl 1.2.1 - 1.2b2 Summary: RevisionChanges Path 1.52+2 -2 openpkg-src/fsl/fsl.spec 1.6732 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/fsl/fsl.spec $ cvs diff -u -r1.51 -r1.52 fsl.spec --- openpkg-src/fsl/fsl.spec 15 Sep 2003 08:30:53 - 1.51 +++ openpkg-src/fsl/fsl.spec 25 Sep 2003 15:38:14 - 1.52 @@ -32,8 +32,8 @@ Distribution: OpenPKG [CORE] Group:System License: MIT-style -Version: 1.2.1 -Release: 20030915 +Version: 1.2b2 +Release: 20030925 # package options %option with_fsl_debuglogcode no @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6731 -r1.6732 news.txt --- openpkg-web/news.txt 25 Sep 2003 12:41:57 - 1.6731 +++ openpkg-web/news.txt 25 Sep 2003 15:38:13 - 1.6732 @@ -1,3 +1,4 @@ +25-Sep-2003: Upgraded package: Pfsl-1.2b2-20030925 25-Sep-2003: Upgraded package: Popenssl-0.9.7b-1.3.1 25-Sep-2003: Upgraded package: Ppostfix-2.0.13-1.3.1 25-Sep-2003: Upgraded package: Px11-1.3.1-1.3.1 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.fsl openpkg-src/fsl/ fsl.spec ope...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 25-Sep-2003 19:18:23 Branch: HEAD Handle: 2003092518182003 Modified files: openpkg-re/vcheck vc.fsl openpkg-src/fsl fsl.spec openpkg-web news.txt Log: correct previously broken version numbering Summary: RevisionChanges Path 1.24+1 -1 openpkg-re/vcheck/vc.fsl 1.53+1 -1 openpkg-src/fsl/fsl.spec 1.6733 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.fsl $ cvs diff -u -r1.23 -r1.24 vc.fsl --- openpkg-re/vcheck/vc.fsl 15 Sep 2003 08:30:51 - 1.23 +++ openpkg-re/vcheck/vc.fsl 25 Sep 2003 17:18:20 - 1.24 @@ -2,7 +2,7 @@ } prog fsl = { - version = 1.2.1 + version = 1.3b1 url = ftp://ftp.ossp.org/pkg/lib/fsl/ regex = fsl-(__VER__)\.tar\.gz } @@ . patch -p0 '@@ .' Index: openpkg-src/fsl/fsl.spec $ cvs diff -u -r1.52 -r1.53 fsl.spec --- openpkg-src/fsl/fsl.spec 25 Sep 2003 15:38:14 - 1.52 +++ openpkg-src/fsl/fsl.spec 25 Sep 2003 17:18:23 - 1.53 @@ -32,7 +32,7 @@ Distribution: OpenPKG [CORE] Group:System License: MIT-style -Version: 1.2b2 +Version: 1.3b1 Release: 20030925 # package options @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6732 -r1.6733 news.txt --- openpkg-web/news.txt 25 Sep 2003 15:38:13 - 1.6732 +++ openpkg-web/news.txt 25 Sep 2003 17:18:21 - 1.6733 @@ -1,3 +1,4 @@ +25-Sep-2003: Upgraded package: Pfsl-1.3b1-20030925 25-Sep-2003: Upgraded package: Pfsl-1.2b2-20030925 25-Sep-2003: Upgraded package: Popenssl-0.9.7b-1.3.1 25-Sep-2003: Upgraded package: Ppostfix-2.0.13-1.3.1 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/ security.txt security.wml openpkg-web/secu...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 24-Sep-2003 10:08:11 Branch: HEAD Handle: 2003092409081001 Added files: openpkg-web/securityOpenPKG-SA-2003.042-openssh.txt Modified files: openpkg-web security.txt security.wml Log: SA-2003.042-openssh; CAN-2003-0786, CAN-2003-0787 Summary: RevisionChanges Path 1.49+1 -0 openpkg-web/security.txt 1.67+1 -0 openpkg-web/security.wml 1.1 +78 -0 openpkg-web/security/OpenPKG-SA-2003.042-openssh.txt patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.48 -r1.49 security.txt --- openpkg-web/security.txt 19 Sep 2003 08:14:36 - 1.48 +++ openpkg-web/security.txt 24 Sep 2003 08:08:10 - 1.49 @@ -1,3 +1,4 @@ +24-Sep-2003: Security Advisory: SOpenPKG-SA-2003.042-openssh 19-Sep-2003: Security Advisory: SOpenPKG-SA-2003.041-sendmail 17-Sep-2003: Security Advisory: SOpenPKG-SA-2003.040-openssh 15-Sep-2003: Security Advisory: SOpenPKG-SA-2003.039-perl @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.66 -r1.67 security.wml --- openpkg-web/security.wml 19 Sep 2003 08:14:36 - 1.66 +++ openpkg-web/security.wml 24 Sep 2003 08:08:10 - 1.67 @@ -76,6 +76,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2003.042 openssh sa 2003.041 sendmail sa 2003.040 openssh sa 2003.039 perl @@ . patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2003.042-openssh.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2003.042-openssh.txt --- /dev/null 2003-09-24 10:08:11.0 +0200 +++ OpenPKG-SA-2003.042-openssh.txt 2003-09-24 10:08:11.0 +0200 @@ -0,0 +1,78 @@ + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2003.042 24-Sep-2003 + + +Package: openssh +Vulnerability: remote root exploit +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT = openssh-3.7.1p1-20030917 = openssh-3.7.1p2-20030923 +OpenPKG 1.3 N.A. +OpenPKG 1.2 N.A. + +Dependent Packages: none + +Description: + According to a Portable OpenSSH Security Advisory [0] versions 3.7p1 + and 3.7.1p1 of portable OpenSSH [1] contain multiple vulnerabilities + in the new PAM code. At least one of these bugs is remotely + exploitable with privsep disabled. Older versions of portable OpenSSH + are not vulnerable. OpenPKG installations are only affected if the + package was build with option with_pam set to yes -- which is not + the default. + + The Common Vulnerabilities and Exposures (CVE) project assigned the + id CAN-2003-0786 [2] to the problem where SSH1 PAM challenge response + auth ignored the result of the authentication with privsep off. + + The Common Vulnerabilities and Exposures (CVE) project assigned the id + CAN-2003-0787 [3] to the problem where the PAM conversation function + trashed the stack. + + Please check whether you are affected by running prefix/bin/rpm -q + openssh. If you have the openssh package installed and its version + is affected (see above), we recommend that you immediately upgrade it + (see Solution). [4][5] + +Solution: + Select the updated source RPM appropriate for OpenPKG CURRENT [6] + fetch it from the OpenPKG FTP service [7] or a mirror location, + build a corresponding binary RPM from it [4] and update your OpenPKG + installation by applying the binary RPM [5]. Perform the following + operations to permanently fix the security problem (for other releases + adjust accordingly). + + $ ftp ftp.openpkg.org + ftp bin + ftp cd current/SRC + ftp get openssh-3.7.1p2-20030923.src.rpm + ftp bye + $ prefix/bin/rpm --rebuild openssh-3.7.1p2-20030923.src.rpm + $ su - + # prefix/bin/rpm -Fvh
[CVS] OpenPKG: openpkg-web/ security.txt security.wml openpkg-web/secu...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 24-Sep-2003 10:09:35 Branch: HEAD Handle: 2003092409093401 Added files: openpkg-web/securityOpenPKG-SA-2003.043-proftpd.txt Modified files: openpkg-web security.txt security.wml Log: SA-2003.043-proftpd; CAN unknown Summary: RevisionChanges Path 1.50+1 -0 openpkg-web/security.txt 1.68+1 -0 openpkg-web/security.wml 1.1 +86 -0 openpkg-web/security/OpenPKG-SA-2003.043-proftpd.txt patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.49 -r1.50 security.txt --- openpkg-web/security.txt 24 Sep 2003 08:08:10 - 1.49 +++ openpkg-web/security.txt 24 Sep 2003 08:09:34 - 1.50 @@ -1,3 +1,4 @@ +24-Sep-2003: Security Advisory: SOpenPKG-SA-2003.043-proftpd 24-Sep-2003: Security Advisory: SOpenPKG-SA-2003.042-openssh 19-Sep-2003: Security Advisory: SOpenPKG-SA-2003.041-sendmail 17-Sep-2003: Security Advisory: SOpenPKG-SA-2003.040-openssh @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.67 -r1.68 security.wml --- openpkg-web/security.wml 24 Sep 2003 08:08:10 - 1.67 +++ openpkg-web/security.wml 24 Sep 2003 08:09:34 - 1.68 @@ -76,6 +76,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2003.043 proftpd sa 2003.042 openssh sa 2003.041 sendmail sa 2003.040 openssh @@ . patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2003.043-proftpd.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2003.043-proftpd.txt --- /dev/null 2003-09-24 10:09:35.0 +0200 +++ OpenPKG-SA-2003.043-proftpd.txt 2003-09-24 10:09:35.0 +0200 @@ -0,0 +1,86 @@ + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2003.043 24-Sep-2003 + + +Package: proftpd +Vulnerability: arbitrary code execution +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT = proftpd-1.2.9rc2-20030911 = proftpd-1.2.9rc2-20030923 +OpenPKG 1.3 = proftpd-1.2.8-1.3.0 = proftpd-1.2.8-1.3.1 +OpenPKG 1.2 = proftpd-1.2.7-1.2.0 = proftpd-1.2.7-1.2.1 + +Dependent Packages: none + +Description: + According to a ISS X-Force security advisory [0] a vulnerability + exists in the ProFTPD server [1]. It can be triggered by remote + attackers when transferring files from the FTP server in ASCII mode. + The attacker must have the ability to upload a file to the server, and + then attempt to download the same file to trigger the vulnerability. + During ASCII transfer, file data is examined in 1024 byte chunks + to check for newline characters. The translation of these newline + characters is not handled correctly, and a buffer overflow can + manifest if ProFTPD parses a specially crafted file. + + Note that the OpenPKG 20030923 version of the proftpd package contains + the vendor version 1.2.9rc2p, also the trailing 'p' was omitted from + the package filename. + + The Common Vulnerabilities and Exposures (CVE) project assigned the id + CAN-FIXME [2] to the problem. + + Please check whether you are affected by running prefix/bin/rpm + -q proftpd. If you have the proftpd package installed and its version + is affected (see above), we recommend that you immediately upgrade + it (see Solution) and it's dependent packages (see above), if any, + too. [3][4] + +Solution: + Select the updated source RPM appropriate for your OpenPKG release + [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror + location, verify its integrity [9], build a corresponding binary RPM + from it [3] and update your OpenPKG installation by applying the binary + RPM [4]. For the current release OpenPKG 1.3, perform the following + operations to permanently
[CVS] OpenPKG: openpkg-src/qpopper/ qpopper.patch qpopper.spec openpkg...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 18-Sep-2003 21:26:48 Branch: HEAD Handle: 2003091820264602 Modified files: openpkg-src/qpopper qpopper.patch qpopper.spec openpkg-web news.txt Log: remove useless error printing in case of EADDRINUSE Summary: RevisionChanges Path 1.2 +25 -3 openpkg-src/qpopper/qpopper.patch 1.63+1 -1 openpkg-src/qpopper/qpopper.spec 1.6634 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/qpopper/qpopper.patch $ cvs diff -u -r1.1 -r1.2 qpopper.patch --- openpkg-src/qpopper/qpopper.patch 28 Dec 2001 11:30:48 - 1.1 +++ openpkg-src/qpopper/qpopper.patch 18 Sep 2003 19:26:48 - 1.2 @@ -1,6 +1,7 @@ popper/main.c.orig Wed Apr 4 02:23:26 2001 -+++ popper/main.cFri Dec 28 11:18:39 2001 -@@ -472,6 +472,22 @@ +Index: popper/main.c +--- popper/main.c.orig 2003-01-02 03:39:02.0 +0100 popper/main.c2003-09-18 21:13:57.0 +0200 +@@ -477,6 +477,22 @@ #endif /* not _DEBUG */ @@ -23,3 +24,24 @@ /* * Set up the socket on which we listen */ +@@ -510,17 +526,9 @@ + rslt = bind ( sockfd, (struct sockaddr *) serv_addr, sizeof(serv_addr) ); + if ( rslt 0 ) + { +-if ( errno == EADDRINUSE ) +-{ +-fprintf ( stderr, %s:%d in use\n, +- inet_ntoa ( serv_addr.sin_addr ), +- ntohs ( serv_addr.sin_port ) ); +-return 1; +-} +-else +-err_dump ( HERE, Can't bind local address %s:%d, +- inet_ntoa ( serv_addr.sin_addr ), +- ntohs ( serv_addr.sin_port ) ); ++err_dump ( HERE, Can't bind local address %s:%d, ++ inet_ntoa ( serv_addr.sin_addr ), ++ ntohs ( serv_addr.sin_port ) ); + } + + TRACE ( trace_file, POP_DEBUG, HERE, @@ . patch -p0 '@@ .' Index: openpkg-src/qpopper/qpopper.spec $ cvs diff -u -r1.62 -r1.63 qpopper.spec --- openpkg-src/qpopper/qpopper.spec 26 Jul 2003 20:38:36 - 1.62 +++ openpkg-src/qpopper/qpopper.spec 18 Sep 2003 19:26:48 - 1.63 @@ -33,7 +33,7 @@ Group:Mail License: GPL Version: 4.0.5 -Release: 20030726 +Release: 20030918 # package options %option with_fsl yes @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6633 -r1.6634 news.txt --- openpkg-web/news.txt 18 Sep 2003 18:47:54 - 1.6633 +++ openpkg-web/news.txt 18 Sep 2003 19:26:46 - 1.6634 @@ -1,3 +1,4 @@ +18-Sep-2003: Upgraded package: Pqpopper-4.0.5-20030918 18-Sep-2003: Upgraded package: Pkde-arts-1.1.4-20030918 18-Sep-2003: Upgraded package: Ppdflib-5.0.2-20030918 18-Sep-2003: Upgraded package: Ppgadmin-0.9.3.20030918-20030918 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.mesa openpkg-src/mesa/ mesa.patch...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 17-Sep-2003 08:27:59 Branch: HEAD Handle: 2003091707275702 Added files: openpkg-src/mesamesa.patch Modified files: openpkg-re/vcheck vc.mesa openpkg-src/mesamesa.spec openpkg-web news.txt Log: upgrading package: mesa 5.0.1 - 5.0.2 Summary: RevisionChanges Path 1.2 +2 -2 openpkg-re/vcheck/vc.mesa 1.1 +1013 -0openpkg-src/mesa/mesa.patch 1.2 +7 -3 openpkg-src/mesa/mesa.spec 1.6589 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.mesa $ cvs diff -u -r1.1 -r1.2 vc.mesa --- openpkg-re/vcheck/vc.mesa 16 Aug 2003 16:14:31 - 1.1 +++ openpkg-re/vcheck/vc.mesa 17 Sep 2003 06:27:57 - 1.2 @@ -2,12 +2,12 @@ } prog mesa:MesaDemos = { - version = 5.0.1 + version = 5.0.2 url = http://prdownloads.sourceforge.net/mesa3d/ regex = MesaDemos-(__VER__)\.tar\.bz2 } prog mesa:MesaLib = { - version = 5.0.1 + version = 5.0.2 url = http://prdownloads.sourceforge.net/mesa3d/ regex = MesaLib-(__VER__)\.tar\.bz2 } @@ . patch -p0 '@@ .' Index: openpkg-src/mesa/mesa.patch $ cvs diff -u -r0 -r1.1 mesa.patch --- /dev/null 2003-09-17 08:27:59.0 +0200 +++ mesa.patch2003-09-17 08:27:59.0 +0200 @@ -0,0 +1,1013 @@ +Index: ltmain.sh +--- ltmain.sh.orig 2003-04-01 17:20:20.0 +0200 ltmain.sh2003-09-16 16:55:08.0 +0200 +@@ -49,14 +49,14 @@ + fi + + # The name of this program. +-progname=`$echo $0 | ${SED} 's%^.*/%%'` ++progname=`$echo $0 | sed 's%^.*/%%'` + modename=$progname + + # Constants. + PROGRAM=ltmain.sh + PACKAGE=libtool +-VERSION=1.4.3 +-TIMESTAMP= (1.922.2.110 2002/10/23 01:39:54) ++VERSION=1.4 ++TIMESTAMP= (1.920 2001/04/24 23:26:18) + + default_mode= + help=Try \`$progname --help' for more information. +@@ -67,19 +67,10 @@ + + # Sed substitution that helps us do robust quoting. It backslashifies + # metacharacters that are still active within double-quoted strings. +-Xsed=${SED}' -e 1s/^X//' ++Xsed='sed -e 1s/^X//' + sed_quote_subst='s/\([\\`\\$]\)/\\\1/g' +-# test EBCDIC or ASCII +-case `echo A|od -x` in +- *[Cc]1*) # EBCDIC based system +- SP2NL=tr '\100' '\n' +- NL2SP=tr '\r\n' '\100\100' +- ;; +- *) # Assume ASCII based system +- SP2NL=tr '\040' '\012' +- NL2SP=tr '\015\012' '\040\040' +- ;; +-esac ++SP2NL='tr \040 \012' ++NL2SP='tr \015\012 \040\040' + + # NLS nuisances. + # Only set LANG and LC_ALL to C if already set. +@@ -93,9 +84,6 @@ + save_LANG=$LANG; LANG=C; export LANG + fi + +-# Make sure IFS has a sensible default +-: ${IFS= } +- + if test $build_libtool_libs != yes test $build_old_libs != yes; then + echo $modename: not configured to build any kind of library 12 + echo Fatal configuration error. See the $PACKAGE docs for more information. 12 +@@ -153,7 +141,7 @@ + ;; + + --config) +-${SED} -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $0 ++sed -e '1,/^# ### BEGIN LIBTOOL CONFIG/d' -e '/^# ### END LIBTOOL CONFIG/,$d' $0 + exit 0 + ;; + +@@ -186,8 +174,6 @@ + --mode) prevopt=--mode prev=mode ;; + --mode=*) mode=$optarg ;; + +- --preserve-dup-deps) duplicate_deps=yes ;; +- + --quiet | --silent) + show=: + ;; +@@ -216,17 +202,12 @@ + exit 1 + fi + +-# If this variable is set in any of the actions, the command in it +-# will be execed at the end. This prevents here-documents from being +-# left over by shells. +-exec_cmd
Re: [CVS] OpenPKG: openpkg-src/pgadmin/ pgadmin.patch pgadmin.spec
On Tue, Sep 16, 2003, Michael Schloh wrote: [...] Recreate patch file to repair misalignement with new vendor sources [...] @@ -1,5 +1,6 @@ /ltmp/thl/openpkg/pgadmin3-0.9.3/src/utils/misc.cpp.orig 2003-09-16 10:11:47.0 +0200 -+++ /ltmp/thl/openpkg/pgadmin3-0.9.3/src/utils/misc.cpp2003-09-16 10:12:28.0 +0200 +diff -Naur pgadmin3-0.9.3.orig/src/utils/misc.cpp pgadmin3-0.9.3/src/utils/misc.cpp +--- pgadmin3-0.9.3.orig/src/utils/misc.cpp Mon Sep 15 00:25:44 2003 pgadmin3-0.9.3/src/utils/misc.cpp Tue Sep 16 19:16:26 2003 [...] Good catch. Well, it worked for me ;-) -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/ security.txt security.wml openpkg-web/secu...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 17-Sep-2003 08:59:38 Branch: HEAD Handle: 2003091707593701 Added files: openpkg-web/securityOpenPKG-SA-2003.040-openssh.txt Modified files: openpkg-web security.txt security.wml Log: SA-2003.040-openssh; CAN-2003-0693 Summary: RevisionChanges Path 1.46+1 -0 openpkg-web/security.txt 1.65+1 -0 openpkg-web/security.wml 1.1 +73 -0 openpkg-web/security/OpenPKG-SA-2003.040-openssh.txt patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.45 -r1.46 security.txt --- openpkg-web/security.txt 15 Sep 2003 13:27:23 - 1.45 +++ openpkg-web/security.txt 17 Sep 2003 06:59:37 - 1.46 @@ -1,3 +1,4 @@ +16-Sep-2003: Security Advisory: SOpenPKG-SA-2003.040-openssh 15-Sep-2003: Security Advisory: SOpenPKG-SA-2003.039-perl 15-Sep-2003: Security Advisory: SOpenPKG-SA-2003.038-mysql 28-Aug-2003: Security Advisory: SOpenPKG-SA-2003.037-sendmail @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.64 -r1.65 security.wml --- openpkg-web/security.wml 16 Sep 2003 10:21:12 - 1.64 +++ openpkg-web/security.wml 17 Sep 2003 06:59:37 - 1.65 @@ -76,6 +76,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2003.040 openssh sa 2003.039 perl sa 2003.038 mysql sa 2003.037 sendmail @@ . patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2003.040-openssh.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2003.040-openssh.txt --- /dev/null 2003-09-17 08:59:38.0 +0200 +++ OpenPKG-SA-2003.040-openssh.txt 2003-09-17 08:59:38.0 +0200 @@ -0,0 +1,73 @@ + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2003.040 17-Sep-2003 + + +Package: openssh +Vulnerability: arbitrary code execution +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT = openssh-3.6.1p2-20030729 = openssh-3.7p1-20030916 +OpenPKG 1.3 = openssh-3.6.1p2-1.3.0= openssh-3.6.1p2-1.3.1 +OpenPKG 1.2 = openssh-3.5p1-1.2.2 = openssh-3.5p1-1.2.3 + +Dependent Packages: none + +Description: + According to a OpenSSH Security Advisory [0] all versions of OpenSSH's + sshd prior to 3.7.1 contain buffer management errors [1]. Those + may allow remote attackers to execute arbitrary code by causing an + incorrect amount of memory to be freed and corrupting the heap + + The Common Vulnerabilities and Exposures (CVE) project assigned the id + CAN-2003-0693 [2] to the problem. + + Please check whether you are affected by running prefix/bin/rpm -q + openssh. If you have the openssh package installed and its version + is affected (see above), we recommend that you immediately upgrade it + (see Solution). [3][4] + +Solution: + Select the updated source RPM appropriate for your OpenPKG release + [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror + location, verify its integrity [9], build a corresponding binary RPM + from it [3] and update your OpenPKG installation by applying the + binary RPM [4]. For the current release OpenPKG 1.3, perform the + following operations to permanently fix the security problem (for + other releases adjust accordingly). + + $ ftp ftp.openpkg.org + ftp bin + ftp cd release/1.3/UPD + ftp get openssh-3.6.1p2-1.3.1.src.rpm + ftp bye + $ prefix/bin/rpm -v --checksig openssh-3.6.1p2-1.3.1.src.rpm + $ prefix/bin/rpm --rebuild openssh-3.6.1p2-1.3.1.src.rpm + $ su - + # prefix/bin/rpm -Fvh prefix/RPM/PKG/openssh-3.6.1p2-1.3.1.*.rpm + + +References: + [0] http://www.openssh.com/txt/buffer.adv + [1] http://www.openssh.com/ + [2
[CVS] OpenPKG: openpkg-re/vcheck/ vc.cadaver openpkg-src/cadaver/ cada...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 17-Sep-2003 14:37:26 Branch: HEAD Handle: 2003091713372302 Modified files: openpkg-re/vcheck vc.cadaver openpkg-src/cadaver cadaver.spec openpkg-web news.txt Log: upgrading package: cadaver 0.21.0 - 0.22.0 Summary: RevisionChanges Path 1.8 +1 -1 openpkg-re/vcheck/vc.cadaver 1.18+2 -2 openpkg-src/cadaver/cadaver.spec 1.6597 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.cadaver $ cvs diff -u -r1.7 -r1.8 vc.cadaver --- openpkg-re/vcheck/vc.cadaver 14 Feb 2003 09:20:13 - 1.7 +++ openpkg-re/vcheck/vc.cadaver 17 Sep 2003 12:37:23 - 1.8 @@ -2,7 +2,7 @@ } prog cadaver = { - version = 0.21.0 + version = 0.22.0 url = http://www.webdav.org/cadaver/ regex = cadaver-(__VER__)\.tar\.gz } @@ . patch -p0 '@@ .' Index: openpkg-src/cadaver/cadaver.spec $ cvs diff -u -r1.17 -r1.18 cadaver.spec --- openpkg-src/cadaver/cadaver.spec 8 Jul 2003 14:38:53 - 1.17 +++ openpkg-src/cadaver/cadaver.spec 17 Sep 2003 12:37:25 - 1.18 @@ -32,8 +32,8 @@ Distribution: OpenPKG [EVAL] Group:Web License: GPL -Version: 0.21.0 -Release: 20030701 +Version: 0.22.0 +Release: 20030917 # list of sources Source0: http://www.webdav.org/cadaver/cadaver-%{version}.tar.gz @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6596 -r1.6597 news.txt --- openpkg-web/news.txt 17 Sep 2003 12:07:03 - 1.6596 +++ openpkg-web/news.txt 17 Sep 2003 12:37:24 - 1.6597 @@ -1,3 +1,4 @@ +17-Sep-2003: Upgraded package: Pcadaver-0.22.0-20030917 17-Sep-2003: Upgraded package: Psdl-1.2.6-20030917 17-Sep-2003: Upgraded package: Pscribus-1.1.0-20030917 17-Sep-2003: Upgraded package: Pnetcat-1.10-20030917 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.dsh openpkg-src/dsh/ dsh.spec ope...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 17-Sep-2003 14:38:58 Branch: HEAD Handle: 2003091713385602 Modified files: openpkg-re/vcheck vc.dsh openpkg-src/dsh dsh.spec openpkg-web news.txt Log: upgrading package: dsh 0.24.2 - 0.25.0 Summary: RevisionChanges Path 1.11+1 -1 openpkg-re/vcheck/vc.dsh 1.22+2 -2 openpkg-src/dsh/dsh.spec 1.6598 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.dsh $ cvs diff -u -r1.10 -r1.11 vc.dsh --- openpkg-re/vcheck/vc.dsh 26 Aug 2003 09:48:26 - 1.10 +++ openpkg-re/vcheck/vc.dsh 17 Sep 2003 12:38:56 - 1.11 @@ -2,7 +2,7 @@ } prog dsh = { - version = 0.24.2 + version = 0.25.0 url = http://www.netfort.gr.jp/~dancer/software/downloads/ regex = dsh-(__VER__)\.tar\.gz } @@ . patch -p0 '@@ .' Index: openpkg-src/dsh/dsh.spec $ cvs diff -u -r1.21 -r1.22 dsh.spec --- openpkg-src/dsh/dsh.spec 26 Aug 2003 09:48:28 - 1.21 +++ openpkg-src/dsh/dsh.spec 17 Sep 2003 12:38:58 - 1.22 @@ -24,7 +24,7 @@ ## # package versions -%define V_dsh 0.24.2 +%define V_dsh 0.25.0 %define V_dshconfig 0.20.8 # package information @@ -37,7 +37,7 @@ Group:Shell License: GPL Version: %{V_dsh} -Release: 20030826 +Release: 20030917 # list of sources Source0: http://www.netfort.gr.jp/~dancer/software/downloads/dsh-%{V_dsh}.tar.gz @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6597 -r1.6598 news.txt --- openpkg-web/news.txt 17 Sep 2003 12:37:24 - 1.6597 +++ openpkg-web/news.txt 17 Sep 2003 12:38:57 - 1.6598 @@ -1,3 +1,4 @@ +17-Sep-2003: Upgraded package: Pdsh-0.25.0-20030917 17-Sep-2003: Upgraded package: Pcadaver-0.22.0-20030917 17-Sep-2003: Upgraded package: Psdl-1.2.6-20030917 17-Sep-2003: Upgraded package: Pscribus-1.1.0-20030917 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.nmap openpkg-src/nmap/ nmap.spec ...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 17-Sep-2003 14:46:01 Branch: HEAD Handle: 2003091713455902 Modified files: openpkg-re/vcheck vc.nmap openpkg-src/nmapnmap.spec openpkg-web news.txt Log: upgrading package: nmap 3.30 - 3.45 Summary: RevisionChanges Path 1.18+1 -1 openpkg-re/vcheck/vc.nmap 1.43+2 -2 openpkg-src/nmap/nmap.spec 1.6600 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.nmap $ cvs diff -u -r1.17 -r1.18 vc.nmap --- openpkg-re/vcheck/vc.nmap 29 Jun 2003 07:06:08 - 1.17 +++ openpkg-re/vcheck/vc.nmap 17 Sep 2003 12:45:59 - 1.18 @@ -2,7 +2,7 @@ } prog nmap = { - version = 3.30 + version = 3.45 url = http://www.insecure.org/nmap/dist/ regex = nmap-(\d+\.\d+)\.tgz } @@ . patch -p0 '@@ .' Index: openpkg-src/nmap/nmap.spec $ cvs diff -u -r1.42 -r1.43 nmap.spec --- openpkg-src/nmap/nmap.spec28 Jul 2003 11:18:02 - 1.42 +++ openpkg-src/nmap/nmap.spec17 Sep 2003 12:46:01 - 1.43 @@ -32,8 +32,8 @@ Distribution: OpenPKG [BASE] Group:Network License: GPL -Version: 3.30 -Release: 20030728 +Version: 3.45 +Release: 20030917 # list of sources Source0: http://www.insecure.org/nmap/dist/nmap-%{version}.tgz @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6599 -r1.6600 news.txt --- openpkg-web/news.txt 17 Sep 2003 12:39:17 - 1.6599 +++ openpkg-web/news.txt 17 Sep 2003 12:46:00 - 1.6600 @@ -1,3 +1,4 @@ +17-Sep-2003: Upgraded package: Pnmap-3.45-20030917 17-Sep-2003: Upgraded package: Pgraphviz-1.10-20030917 17-Sep-2003: Upgraded package: Pdsh-0.25.0-20030917 17-Sep-2003: Upgraded package: Pcadaver-0.22.0-20030917 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.rdiff-backup openpkg-src/rdiff-ba...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 17-Sep-2003 14:55:52 Branch: HEAD Handle: 2003091713555002 Modified files: openpkg-re/vcheck vc.rdiff-backup openpkg-src/rdiff-backup rdiff-backup.spec openpkg-web news.txt Log: upgrading package: rdiff-backup 0.13.1 - 0.13.2 Summary: RevisionChanges Path 1.28+1 -1 openpkg-re/vcheck/vc.rdiff-backup 1.38+2 -2 openpkg-src/rdiff-backup/rdiff-backup.spec 1.6601 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.rdiff-backup $ cvs diff -u -r1.27 -r1.28 vc.rdiff-backup --- openpkg-re/vcheck/vc.rdiff-backup 9 Aug 2003 07:30:28 - 1.27 +++ openpkg-re/vcheck/vc.rdiff-backup 17 Sep 2003 12:55:50 - 1.28 @@ -2,7 +2,7 @@ } prog rdiff-backup = { - version = 0.13.1 + version = 0.13.2 url = http://rdiff-backup.stanford.edu/ regex = rdiff-backup-(__VER__)\.tar\.gz } @@ . patch -p0 '@@ .' Index: openpkg-src/rdiff-backup/rdiff-backup.spec $ cvs diff -u -r1.37 -r1.38 rdiff-backup.spec --- openpkg-src/rdiff-backup/rdiff-backup.spec9 Aug 2003 07:30:30 - 1.37 +++ openpkg-src/rdiff-backup/rdiff-backup.spec17 Sep 2003 12:55:52 - 1.38 @@ -32,8 +32,8 @@ Distribution: OpenPKG [PLUS] Group:Network License: GPL -Version: 0.13.1 -Release: 20030809 +Version: 0.13.2 +Release: 20030917 # list of sources Source0: http://rdiff-backup.stanford.edu/rdiff-backup-%{version}.tar.gz @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6600 -r1.6601 news.txt --- openpkg-web/news.txt 17 Sep 2003 12:46:00 - 1.6600 +++ openpkg-web/news.txt 17 Sep 2003 12:55:50 - 1.6601 @@ -1,3 +1,4 @@ +17-Sep-2003: Upgraded package: Prdiff-backup-0.13.2-20030917 17-Sep-2003: Upgraded package: Pnmap-3.45-20030917 17-Sep-2003: Upgraded package: Pgraphviz-1.10-20030917 17-Sep-2003: Upgraded package: Pdsh-0.25.0-20030917 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.pgadmin openpkg-src/pgadmin/ pgad...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 17-Sep-2003 14:56:10 Branch: HEAD Handle: 2003091713560802 Modified files: openpkg-re/vcheck vc.pgadmin openpkg-src/pgadmin pgadmin.spec openpkg-web news.txt Log: upgrading package: pgadmin 0.9.3.20030916 - 0.9.3.20030917 Summary: RevisionChanges Path 1.24+1 -1 openpkg-re/vcheck/vc.pgadmin 1.25+2 -2 openpkg-src/pgadmin/pgadmin.spec 1.6602 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.pgadmin $ cvs diff -u -r1.23 -r1.24 vc.pgadmin --- openpkg-re/vcheck/vc.pgadmin 16 Sep 2003 08:50:50 - 1.23 +++ openpkg-re/vcheck/vc.pgadmin 17 Sep 2003 12:56:08 - 1.24 @@ -2,7 +2,7 @@ } prog pgadmin = { - version = 20030916 + version = 20030917 url = http://www.pgadmin.org/snapshots/src/ regex = pgadmin3-src-(__VER__)\.tar\.gz } @@ . patch -p0 '@@ .' Index: openpkg-src/pgadmin/pgadmin.spec $ cvs diff -u -r1.24 -r1.25 pgadmin.spec --- openpkg-src/pgadmin/pgadmin.spec 16 Sep 2003 17:39:45 - 1.24 +++ openpkg-src/pgadmin/pgadmin.spec 17 Sep 2003 12:56:10 - 1.25 @@ -25,7 +25,7 @@ # package version %define V_base 0.9.3 -%define V_snap 20030916 +%define V_snap 20030917 # package information Name: pgadmin @@ -37,7 +37,7 @@ Group:Database License: Artistic Version: %{V_base}.%{V_snap} -Release: 20030916 +Release: 20030917 # list of sources Source0: http://www.pgadmin.org/snapshots/src/pgadmin3-src-%{V_snap}.tar.gz @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6601 -r1.6602 news.txt --- openpkg-web/news.txt 17 Sep 2003 12:55:50 - 1.6601 +++ openpkg-web/news.txt 17 Sep 2003 12:56:09 - 1.6602 @@ -1,3 +1,4 @@ +17-Sep-2003: Upgraded package: Ppgadmin-0.9.3.20030917-20030917 17-Sep-2003: Upgraded package: Prdiff-backup-0.13.2-20030917 17-Sep-2003: Upgraded package: Pnmap-3.45-20030917 17-Sep-2003: Upgraded package: Pgraphviz-1.10-20030917 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[OpenPKG #261] rpmlint incorrectly detects dirs as empty files
Request 261 was acted upon. _ URL: https://rt.openpkg.org/id/261 Ticket: [OpenPKG #261] Subject: rpmlint incorrectly detects dirs as empty files Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: Nobody Status: new Transaction: Ticket created by thl Time: Wed Sep 17 16:26:01 2003 _ checking first character of long listing for '-' or 'd' should be sufficent to fix this problem. -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[OpenPKG #262] salint (feature request)
Request 262 was acted upon. _ URL: https://rt.openpkg.org/id/262 Ticket: [OpenPKG #262] Subject: salint (feature request) Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: Nobody Status: new Transaction: Ticket created by thl Time: Wed Sep 17 16:27:14 2003 _ A lint for security advisories would help us avoiding formal/ syntactical problems. -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[OpenPKG #263] patchlint (feature request)
Request 263 was acted upon. _ URL: https://rt.openpkg.org/id/263 Ticket: [OpenPKG #263] Subject: patchlint (feature request) Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: Nobody Status: new Transaction: Ticket created by thl Time: Wed Sep 17 16:28:52 2003 _ Defeat absolute pathes as happened in http://cvs.openpkg.org/chngview?cn=12257 -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[OpenPKG #264] bind-9.2.2-1.3.0 restart does not work
Request 264 was acted upon. _ URL: https://rt.openpkg.org/id/264 Ticket: [OpenPKG #264] Subject: bind-9.2.2-1.3.0 restart does not work Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: Nobody Status: new Transaction: Ticket created by thl Time: Wed Sep 17 16:32:01 2003 _ Using bind-9.2.2-1.3.0 with openpkg-1.3.0-1.3.0, a %{l_prefix}/etc/rc bind restart or ... stop start keeps the previous bind instance running. Manually killing the daemon then executing ... start helps to load a new configuration. -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[OpenPKG #265] pam-20030715-1.3.0 is wrong package name
Request 265 was acted upon. _ URL: https://rt.openpkg.org/id/265 Ticket: [OpenPKG #265] Subject: pam-20030715-1.3.0 is wrong package name Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: Nobody Status: new Transaction: Ticket created by thl Time: Wed Sep 17 16:35:52 2003 _ The pam-20030715-1.3.0 package should have been named pam-1.3.0-1.3.0 Problem came from the fact that Version: and Release: should be equal for OpenPKG package collections but are maintained manually. Got out of synch here. We have to check why we did not use a macro and maintain the version/release on one place. Will macros break existing scripts like openpkg-dev, openpkg-tool ... !? -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.vim openpkg-src/vim/ vim.spec ope...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 17-Sep-2003 16:38:33 Branch: HEAD Handle: 2003091715383102 Modified files: openpkg-re/vcheck vc.vim openpkg-src/vim vim.spec openpkg-web news.txt Log: upgrading package: vim 6.2.97 - 6.2.98 Summary: RevisionChanges Path 1.174 +1 -1 openpkg-re/vcheck/vc.vim 1.238 +3 -2 openpkg-src/vim/vim.spec 1.6603 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.vim $ cvs diff -u -r1.173 -r1.174 vc.vim --- openpkg-re/vcheck/vc.vim 14 Sep 2003 08:01:22 - 1.173 +++ openpkg-re/vcheck/vc.vim 17 Sep 2003 14:38:31 - 1.174 @@ -2,7 +2,7 @@ } prog vim:patchlevel = { - version = 6.2.097 + version = 6.2.098 url = ftp://ftp.vim.org/pub/vim/patches/ regex = (\d+\.\d+\.\d+) } @@ . patch -p0 '@@ .' Index: openpkg-src/vim/vim.spec $ cvs diff -u -r1.237 -r1.238 vim.spec --- openpkg-src/vim/vim.spec 14 Sep 2003 08:01:25 - 1.237 +++ openpkg-src/vim/vim.spec 17 Sep 2003 14:38:33 - 1.238 @@ -26,7 +26,7 @@ # package versions %define V_vl 6.2 %define V_vs 62 -%define V_pl 97 +%define V_pl 98 # package information Name: vim @@ -38,7 +38,7 @@ Group:Editor License: Charityware Version: %{V_vl}.%{V_pl} -Release: 20030914 +Release: 20030917 # package options %option with_x11no @@ -150,6 +150,7 @@ Patch95: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.095 Patch96: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.096 Patch97: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.097 +Patch98: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.098 # build information Prefix: %{l_prefix} @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6602 -r1.6603 news.txt --- openpkg-web/news.txt 17 Sep 2003 12:56:09 - 1.6602 +++ openpkg-web/news.txt 17 Sep 2003 14:38:31 - 1.6603 @@ -1,3 +1,4 @@ +17-Sep-2003: Upgraded package: Pvim-6.2.98-20030917 17-Sep-2003: Upgraded package: Ppgadmin-0.9.3.20030917-20030917 17-Sep-2003: Upgraded package: Prdiff-backup-0.13.2-20030917 17-Sep-2003: Upgraded package: Pnmap-3.45-20030917 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.lesstif openpkg-src/lesstif/ less...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 16-Sep-2003 09:40:36 Branch: HEAD Handle: 2003091608403302 Modified files: openpkg-re/vcheck vc.lesstif openpkg-src/lesstif lesstif.spec openpkg-web news.txt Log: upgrading package: lesstif 0.93.49 - 0.93.91 Summary: RevisionChanges Path 1.7 +1 -1 openpkg-re/vcheck/vc.lesstif 1.17+2 -2 openpkg-src/lesstif/lesstif.spec 1.6574 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.lesstif $ cvs diff -u -r1.6 -r1.7 vc.lesstif --- openpkg-re/vcheck/vc.lesstif 4 Aug 2003 10:13:30 - 1.6 +++ openpkg-re/vcheck/vc.lesstif 16 Sep 2003 07:40:33 - 1.7 @@ -2,7 +2,7 @@ } prog lesstif = { - version = 0.93.49 + version = 0.93.91 url = http://prdownloads.sourceforge.net/lesstif/ regex = lesstif-(__VER__)\.tar\.gz } @@ . patch -p0 '@@ .' Index: openpkg-src/lesstif/lesstif.spec $ cvs diff -u -r1.16 -r1.17 lesstif.spec --- openpkg-src/lesstif/lesstif.spec 4 Aug 2003 10:01:47 - 1.16 +++ openpkg-src/lesstif/lesstif.spec 16 Sep 2003 07:40:35 - 1.17 @@ -32,8 +32,8 @@ Distribution: OpenPKG [EVAL] Group:XWindow License: LGPL -Version: 0.93.49 -Release: 20030804 +Version: 0.93.91 +Release: 20030916 # list of sources Source0: http://osdn.dl.sourceforge.net/lesstif/lesstif-%{version}.tar.gz @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6573 -r1.6574 news.txt --- openpkg-web/news.txt 15 Sep 2003 19:24:19 - 1.6573 +++ openpkg-web/news.txt 16 Sep 2003 07:40:34 - 1.6574 @@ -1,3 +1,4 @@ +16-Sep-2003: Upgraded package: Plesstif-0.93.91-20030916 15-Sep-2003: Upgraded package: Popenpkg-20030915-20030915 15-Sep-2003: Upgraded package: Pdb-4.1.25.1-20030915 15-Sep-2003: Upgraded package: Pmysql3-3.23.58-20030915 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.perl-xml openpkg-src/perl-xml/ pe...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 16-Sep-2003 09:48:31 Branch: HEAD Handle: 2003091608482902 Modified files: openpkg-re/vcheck vc.perl-xml openpkg-src/perl-xmlperl-xml.spec openpkg-web news.txt Log: upgrading package: perl-xml 20030912 - 20030916 Summary: RevisionChanges Path 1.68+1 -1 openpkg-re/vcheck/vc.perl-xml 1.91+3 -3 openpkg-src/perl-xml/perl-xml.spec 1.6575 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.perl-xml $ cvs diff -u -r1.67 -r1.68 vc.perl-xml --- openpkg-re/vcheck/vc.perl-xml 10 Sep 2003 18:14:44 - 1.67 +++ openpkg-re/vcheck/vc.perl-xml 16 Sep 2003 07:48:29 - 1.68 @@ -22,7 +22,7 @@ regex = HTML-Tagset-(__VER__)\.tar\.gz } prog perl-xml:HTML-Tree = { - version = 3.17 + version = 3.18 url = http://www.cpan.org/modules/by-module/HTML/ regex = HTML-Tree-(__VER__)\.tar\.gz } @@ . patch -p0 '@@ .' Index: openpkg-src/perl-xml/perl-xml.spec $ cvs diff -u -r1.90 -r1.91 perl-xml.spec --- openpkg-src/perl-xml/perl-xml.spec12 Sep 2003 17:37:29 - 1.90 +++ openpkg-src/perl-xml/perl-xml.spec16 Sep 2003 07:48:31 - 1.91 @@ -46,7 +46,7 @@ %define V_xml_xupdate_libxml 0.4.0 %define V_html_tagset 3.03 %define V_html_parser 3.31 -%define V_html_tree3.17 +%define V_html_tree3.18 %define V_html_table 1.19 %define V_html_tagreader 1.05 %define V_xml_xsh 1.8.2 @@ -62,8 +62,8 @@ Distribution: OpenPKG [BASE] Group:Language License: GPL/Artistic -Version: 20030912 -Release: 20030912 +Version: 20030916 +Release: 20030916 # package options %option with_libxmlno @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6574 -r1.6575 news.txt --- openpkg-web/news.txt 16 Sep 2003 07:40:34 - 1.6574 +++ openpkg-web/news.txt 16 Sep 2003 07:48:30 - 1.6575 @@ -1,3 +1,4 @@ +16-Sep-2003: Upgraded package: Pperl-xml-20030916-20030916 16-Sep-2003: Upgraded package: Plesstif-0.93.91-20030916 15-Sep-2003: Upgraded package: Popenpkg-20030915-20030915 15-Sep-2003: Upgraded package: Pdb-4.1.25.1-20030915 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.pgadmin openpkg-src/pgadmin/ pgad...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 16-Sep-2003 10:50:52 Branch: HEAD Handle: 2003091609505002 Modified files: openpkg-re/vcheck vc.pgadmin openpkg-src/pgadmin pgadmin.patch pgadmin.spec openpkg-web news.txt Log: upgrading package: pgadmin 0.9.3.20030912 - 0.9.3.20030916 Summary: RevisionChanges Path 1.23+1 -1 openpkg-re/vcheck/vc.pgadmin 1.2 +4 -13 openpkg-src/pgadmin/pgadmin.patch 1.23+2 -2 openpkg-src/pgadmin/pgadmin.spec 1.6576 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.pgadmin $ cvs diff -u -r1.22 -r1.23 vc.pgadmin --- openpkg-re/vcheck/vc.pgadmin 12 Sep 2003 08:31:44 - 1.22 +++ openpkg-re/vcheck/vc.pgadmin 16 Sep 2003 08:50:50 - 1.23 @@ -2,7 +2,7 @@ } prog pgadmin = { - version = 20030912 + version = 20030916 url = http://www.pgadmin.org/snapshots/src/ regex = pgadmin3-src-(__VER__)\.tar\.gz } @@ . patch -p0 '@@ .' Index: openpkg-src/pgadmin/pgadmin.patch $ cvs diff -u -r1.1 -r1.2 pgadmin.patch --- openpkg-src/pgadmin/pgadmin.patch 26 Jul 2003 09:46:49 - 1.1 +++ openpkg-src/pgadmin/pgadmin.patch 16 Sep 2003 08:50:52 - 1.2 @@ -1,15 +1,6 @@ src/utils/misc.cpp.orig Wed Jul 23 12:27:49 2003 -+++ src/utils/misc.cpp Sat Jul 26 10:09:57 2003 -@@ -128,7 +128,7 @@ - wxString NumToStr(OID value) - { - wxString result; --result.Printf(wxT(%u), (long)value); -+result.Printf(wxT(%lu), (unsigned long)value); - return result; - } - -@@ -379,9 +379,9 @@ +--- /ltmp/thl/openpkg/pgadmin3-0.9.3/src/utils/misc.cpp.orig 2003-09-16 10:11:47.0 +0200 /ltmp/thl/openpkg/pgadmin3-0.9.3/src/utils/misc.cpp 2003-09-16 10:12:28.0 +0200 +@@ -417,9 +417,9 @@ { str=wxString(' ', nLen); if (format) @@ -18,6 +9,6 @@ else -wxConvLibc.MB2WC((wxChar*)str.c_str(), buf, nLen); +wxConvLibc.MB2WC((wchar_t*)(str.c_str()), buf, nLen); - str.Replace(wxT(\r), wxT()); } + #else @@ . patch -p0 '@@ .' Index: openpkg-src/pgadmin/pgadmin.spec $ cvs diff -u -r1.22 -r1.23 pgadmin.spec --- openpkg-src/pgadmin/pgadmin.spec 12 Sep 2003 08:31:46 - 1.22 +++ openpkg-src/pgadmin/pgadmin.spec 16 Sep 2003 08:50:52 - 1.23 @@ -25,7 +25,7 @@ # package version %define V_base 0.9.3 -%define V_snap 20030912 +%define V_snap 20030916 # package information Name: pgadmin @@ -37,7 +37,7 @@ Group:Database License: Artistic Version: %{V_base}.%{V_snap} -Release: 20030912 +Release: 20030916 # list of sources Source0: http://www.pgadmin.org/snapshots/src/pgadmin3-src-%{V_snap}.tar.gz @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6575 -r1.6576 news.txt --- openpkg-web/news.txt 16 Sep 2003 07:48:30 - 1.6575 +++ openpkg-web/news.txt 16 Sep 2003 08:50:50 - 1.6576 @@ -1,3 +1,4 @@ +16-Sep-2003: Upgraded package: Ppgadmin-0.9.3.20030916-20030916 16-Sep-2003: Upgraded package: Pperl-xml-20030916-20030916 16-Sep-2003: Upgraded package: Plesstif-0.93.91-20030916 15-Sep-2003: Upgraded package: Popenpkg-20030915-20030915 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.scribus openpkg-src/scribus/ scri...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 16-Sep-2003 11:19:07 Branch: HEAD Handle: 2003091610190402 Modified files: openpkg-re/vcheck vc.scribus openpkg-src/scribus scribus.patch scribus.spec openpkg-web news.txt Log: upgrading package: scribus 1.0.1 - 1.1.0 Summary: RevisionChanges Path 1.11+1 -1 openpkg-re/vcheck/vc.scribus 1.9 +1 -61 openpkg-src/scribus/scribus.patch 1.21+2 -2 openpkg-src/scribus/scribus.spec 1.6578 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.scribus $ cvs diff -u -r1.10 -r1.11 vc.scribus --- openpkg-re/vcheck/vc.scribus 20 Aug 2003 07:01:38 - 1.10 +++ openpkg-re/vcheck/vc.scribus 16 Sep 2003 09:19:04 - 1.11 @@ -2,7 +2,7 @@ } prog scribus = { - version = 1.0.1 + version = 1.1.0 url = http://web2.altmuehlnet.de/fschmid/download.html regex = scribus-(\d+\.\d+\.\d+).tar.gz } @@ . patch -p0 '@@ .' Index: openpkg-src/scribus/scribus.patch $ cvs diff -u -r1.8 -r1.9 scribus.patch --- openpkg-src/scribus/scribus.patch 20 Aug 2003 16:55:51 - 1.8 +++ openpkg-src/scribus/scribus.patch 16 Sep 2003 09:19:06 - 1.9 @@ -1,16 +1,7 @@ diff -Naur scribus-1.0.1.orig/scribus/scribus.cpp scribus-1.0.1/scribus/scribus.cpp --- scribus-1.0.1.orig/scribus/scribus.cpp Wed Aug 6 12:51:44 2003 +++ scribus-1.0.1/scribus/scribus.cppWed Aug 20 13:29:39 2003 -@@ -3052,7 +3052,7 @@ - void ScribusApp::slotHelpAbout() - { - void *mo; --char *error; -+const char *error; - typedef About* (*sdem)(QWidget *d); - sdem demo; - QString pfad = PREL; -@@ -4696,7 +4696,7 @@ +@@ -4700,7 +4700,7 @@ void ScribusApp::slotPrefsOrg() { void *mo; @@ -19,15 +10,6 @@ bool zChange = false; typedef Preferences* (*sdem)(QWidget *d, preV *Vor); sdem demo; -@@ -5158,7 +5158,7 @@ - - PSLib* ScribusApp::getPSDriver(bool psart, SCFonts AllFonts, QMapQString,QFont DocFonts, CListe DocColors, bool pdf) - { --char *error; -+const char *error; - typedef PSLib* (*sdem)(bool psart, SCFonts AllFonts, QMapQString,QFont DocFonts, CListe DocColors, bool pdf); - sdem demo; - QString pfad = PREL; @@ -5193,7 +5193,7 @@ bool ScribusApp::getPDFDriver(QString fn, QString nam, int Components, int frPa, int toPa, QMapint,QPixmap thumbs) { @@ -37,45 +19,3 @@ void *PDFDriver; typedef bool (*sdem)(ScribusApp *plug, QString fn, QString nam, int Components, int frPa, int toPa, QMapint,QPixmap thumbs); sdem demo; -@@ -5740,7 +5740,7 @@ - - void ScribusApp::FinalizePlugs() - { --char *error; -+const char *error; - QMapQString, PlugData::Iterator it; - struct PlugData pda; - typedef void (*sdem2)(); -@@ -5810,7 +5810,7 @@ - void ScribusApp::CallDLL(QString name) - { - void *mo; --char *error; -+const char *error; - struct PlugData pda; - pda = PluginMap[name]; - typedef void (*sdem)(QWidget *d, ScribusApp *plug); -@@ -5844,7 +5844,7 @@ - bool ScribusApp::DLLName(QString name, QString *PName, int *typ, void **Zeig) - { - void *mo; --char *error; -+const char *error; - typedef QString (*sdem0)(); - typedef int (*sdem1)(); - typedef void (*sdem2)(QWidget *d, ScribusApp *plug); -diff -Naur scribus-1.0.1.orig/scribus/scfonts_ttftypes.h scribus-1.0.1/scribus/scfonts_ttftypes.h scribus-1.0.1.orig/scribus/scfonts_ttftypes.hMon May 19 20:26:31 2003 -+++ scribus-1.0.1/scribus/scfonts_ttftypes.h Wed Aug 20 13:39:40 2003 -@@ -7,6 +7,11 @@ - typedef unsigned int u_int32_t; - #endif - -+#include config.h -+#ifdef HAVE_INTTYPES_H -+#include inttypes.h -+#endif -+ - #include sys/types.h - - #ifndef MAKE_ID @@ . patch -p0 '@@ .' Index: openpkg-src/scribus/scribus.spec $ cvs diff -u -r1.20 -r1.21 scribus.spec --- openpkg-src/scribus/scribus.spec 20 Aug 2003 17:20:13 - 1.20 +++ openpkg-src/scribus/scribus.spec 16 Sep 2003 09:19:06 - 1.21 @@ -32,8 +32,8 @@ Distribution: OpenPKG [EVAL] Group:Editor License: GPL
[CVS] OpenPKG: openpkg-re/vcheck/ vc.squid openpkg-src/squid/ squid.sp...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 16-Sep-2003 11:33:49 Branch: HEAD Handle: 2003091610334702 Modified files: openpkg-re/vcheck vc.squid openpkg-src/squid squid.spec openpkg-web news.txt Log: upgrading package: squid 2.5.3 - 2.5.4 Summary: RevisionChanges Path 1.7 +1 -1 openpkg-re/vcheck/vc.squid 1.53+2 -2 openpkg-src/squid/squid.spec 1.6580 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.squid $ cvs diff -u -r1.6 -r1.7 vc.squid --- openpkg-re/vcheck/vc.squid25 May 2003 17:49:19 - 1.6 +++ openpkg-re/vcheck/vc.squid16 Sep 2003 09:33:47 - 1.7 @@ -2,7 +2,7 @@ } prog squid = { - version = 2.5.STABLE3 + version = 2.5.STABLE4 url = http://www.squid-cache.org/Versions/v2/2.5/ regex = squid-(2\.\d+\.STABLE\d+)\.tar\.gz } @@ . patch -p0 '@@ .' Index: openpkg-src/squid/squid.spec $ cvs diff -u -r1.52 -r1.53 squid.spec --- openpkg-src/squid/squid.spec 13 Aug 2003 11:53:59 - 1.52 +++ openpkg-src/squid/squid.spec 16 Sep 2003 09:33:49 - 1.53 @@ -26,7 +26,7 @@ # package version %define V_maj 2 %define V_min 5 -%define V_rev 3 +%define V_rev 4 # package information Name: squid @@ -38,7 +38,7 @@ Group:Web License: GPL Version: %{V_maj}.%{V_min}.%{V_rev} -Release: 20030813 +Release: 20030916 # package options %option with_fsl yes @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6579 -r1.6580 news.txt --- openpkg-web/news.txt 16 Sep 2003 09:32:15 - 1.6579 +++ openpkg-web/news.txt 16 Sep 2003 09:33:47 - 1.6580 @@ -1,3 +1,4 @@ +16-Sep-2003: Upgraded package: Psquid-2.5.4-20030916 16-Sep-2003: Upgraded package: Ppine-4.58L-20030916 16-Sep-2003: Upgraded package: Pscribus-1.1.0-20030916 16-Sep-2003: Upgraded package: Papt-0.5.5cnc6-20030916 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
Re: Problem with current 00INDEX.rdf
On Tue, Sep 16, 2003, Ralf S. Engelschall wrote: On Tue, Sep 16, 2003, Michael van Elst wrote: [...] Database corruption usually occurs when the indexer is killed, Berkeley-DB then gets quickly inconsistent and corrupted. We had yesterday some other brokeness in the index of CURRENT related to apache. I've removed the index.current.cache on master.openpkg.org and it was regenerated. I've now removed it again in the hope the index is now regenerated again more correctly. Problem persisted but is now fixed manually on openpkg.org for one time. The index is not only broken if the indexer is killed but also when two or more instances of the indexer are running simultaneously. We schedule index rebuilds quarterly. This works most of the time. With the current size of the ftp area a broken index cannot be repaired by just deleting the cache. The next quarterly run will then start from scratch which takes longer than 15min and the next quarterly run will launch a second instance which destroys the cache again. We have to find out what the best practice is to repair such damage in the future. -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.xmame openpkg-src/xmame/ xmame.sp...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 16-Sep-2003 13:17:50 Branch: HEAD Handle: 2003091612174802 Modified files: openpkg-re/vcheck vc.xmame openpkg-src/xmame xmame.spec openpkg-web news.txt Log: upgrading package: xmame 0.72.1 - 0.74.1 Summary: RevisionChanges Path 1.14+1 -1 openpkg-re/vcheck/vc.xmame 1.44+2 -2 openpkg-src/xmame/xmame.spec 1.6582 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.xmame $ cvs diff -u -r1.13 -r1.14 vc.xmame --- openpkg-re/vcheck/vc.xmame16 Aug 2003 19:34:20 - 1.13 +++ openpkg-re/vcheck/vc.xmame16 Sep 2003 11:17:48 - 1.14 @@ -2,7 +2,7 @@ } prog xmame = { - version = 0.72.1 + version = 0.74.1 url = http://x.mame.net/xmame-doc-7.html regex = xmame-(__VER__)\.tar\.bz2 } @@ . patch -p0 '@@ .' Index: openpkg-src/xmame/xmame.spec $ cvs diff -u -r1.43 -r1.44 xmame.spec --- openpkg-src/xmame/xmame.spec 16 Aug 2003 19:34:22 - 1.43 +++ openpkg-src/xmame/xmame.spec 16 Sep 2003 11:17:50 - 1.44 @@ -32,8 +32,8 @@ Distribution: OpenPKG [EVAL] Group:Games License: GPL -Version: 0.72.1 -Release: 20030816 +Version: 0.74.1 +Release: 20030916 # list of sources Source0: http://x.mame.net/download/xmame-%{version}.tar.bz2 @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6581 -r1.6582 news.txt --- openpkg-web/news.txt 16 Sep 2003 09:35:25 - 1.6581 +++ openpkg-web/news.txt 16 Sep 2003 11:17:49 - 1.6582 @@ -1,3 +1,4 @@ +16-Sep-2003: Upgraded package: Pxmame-0.74.1-20030916 16-Sep-2003: Upgraded package: Papache-1.3.28-20030916 16-Sep-2003: Upgraded package: Psquid-2.5.4-20030916 16-Sep-2003: Upgraded package: Ppine-4.58L-20030916 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: OPENPKG_1_3_SOLID: openpkg-src/fsl/ fsl.patch fsl.spec ...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 15-Sep-2003 09:54:45 Branch: OPENPKG_1_3_SOLID HEAD Handle: 2003091508544302 Added files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/fsl fsl.patch Modified files: openpkg-web news.txt Modified files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/fsl fsl.spec Log: MFC: l2 patch to make sure prefix channel does atomar downstream writes (makes l2 v0.9.2 equiv to v0.9.3) Summary: RevisionChanges Path 1.1.2.1 +24 -0 openpkg-src/fsl/fsl.patch 1.31.2.6.2.2+3 -1 openpkg-src/fsl/fsl.spec 1.6554 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/fsl/fsl.patch $ cvs diff -u -r0 -r1.1.2.1 fsl.patch --- /dev/null 2003-09-15 09:54:45.0 +0200 +++ fsl.patch 2003-09-15 09:54:45.0 +0200 @@ -0,0 +1,24 @@ +This patch makes sure that OSSP l2's prefix channel performs a single +downstream write operation to make sure the leaf file channel has a +chance to atomically write the message to the logfile. This patch is +from OSSP CVS and will be included in the next OSSP l2 and OSSP fsl +versions, too. + +Index: lib_l2/l2_ch_prefix.c +=== +diff -u -d -u -d -r1.23 l2_ch_prefix.c +--- lib_l2/l2_ch_prefix.c6 Jan 2003 11:41:51 - 1.23 lib_l2/l2_ch_prefix.c10 Sep 2003 12:37:43 - +@@ -172,10 +172,12 @@ + return L2_ERR_ARG; + if ((n = strftime(buf2, sizeof(buf2), buf1, tm)) == 0) + return L2_ERR_SYS; ++n += l2_util_sprintf(buf2+n, sizeof(buf2)-n, %s, buf); + downstream = NULL; + while ((rv = l2_channel_downstream(ch, downstream)) == L2_OK) + if ((rv = l2_channel_write(downstream, level, buf2, n)) != L2_OK) + return rv; ++return L2_OK; + } + + return L2_OK_PASS; @@ . patch -p0 '@@ .' Index: openpkg-src/fsl/fsl.spec $ cvs diff -u -r1.31.2.6.2.1 -r1.31.2.6.2.2 fsl.spec --- openpkg-src/fsl/fsl.spec 29 Jul 2003 14:58:55 - 1.31.2.6.2.1 +++ openpkg-src/fsl/fsl.spec 15 Sep 2003 07:54:45 - 1.31.2.6.2.2 @@ -33,7 +33,7 @@ Group:System License: MIT-style Version: 1.2.0 -Release: 1.3.0 +Release: 1.3.1 # package options %option with_fsl_debuglogcode no @@ -42,6 +42,7 @@ Source0: ftp://ftp.ossp.org/pkg/lib/fsl/fsl-%{version}.tar.gz Source1: rc.fsl Source2: fsl.fsl +Patch0: fsl.patch # build information Prefix: %{l_prefix} @@ -63,6 +64,7 @@ %prep %setup -q +%patch -p0 %{l_shtool} subst \ -e 's;pcre;fsl_pcre;g' \ -e '/#include/s;fsl_pcre;pcre;g' \ @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6553 -r1.6554 news.txt --- openpkg-web/news.txt 15 Sep 2003 07:52:01 - 1.6553 +++ openpkg-web/news.txt 15 Sep 2003 07:54:43 - 1.6554 @@ -1,3 +1,4 @@ +15-Sep-2003: Upgraded package: Pfsl-1.2.0-1.3.1 15-Sep-2003: Upgraded package: Pwhich-2.16-20030915 14-Sep-2003: Upgraded package: Pneon-0.24.2-20030914 14-Sep-2003: Upgraded package: Ppostfix-2.0.16-20030914 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.l2 openpkg-src/l2/ l2.spec openpk...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 15-Sep-2003 10:19:02 Branch: HEAD Handle: 2003091509190001 Modified files: openpkg-re/vcheck vc.l2 openpkg-src/l2 l2.spec openpkg-web news.txt Log: upgrading package: l2 0.9.2 - 0.9.3 Summary: RevisionChanges Path 1.4 +1 -1 openpkg-re/vcheck/vc.l2 1.13+2 -2 openpkg-src/l2/l2.spec 1.6556 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.l2 $ cvs diff -u -r1.3 -r1.4 vc.l2 --- openpkg-re/vcheck/vc.l2 30 Jun 2003 14:11:57 - 1.3 +++ openpkg-re/vcheck/vc.l2 15 Sep 2003 08:19:00 - 1.4 @@ -2,7 +2,7 @@ } prog l2 = { - version = 0.9.2 + version = 0.9.3 url = ftp://ftp.ossp.org/pkg/lib/l2/ regex = l2-(__VER__)\.tar\.gz } @@ . patch -p0 '@@ .' Index: openpkg-src/l2/l2.spec $ cvs diff -u -r1.12 -r1.13 l2.spec --- openpkg-src/l2/l2.spec8 Jul 2003 14:40:21 - 1.12 +++ openpkg-src/l2/l2.spec15 Sep 2003 08:19:01 - 1.13 @@ -32,8 +32,8 @@ Distribution: OpenPKG [PLUS] Group:System License: MIT-style -Version: 0.9.2 -Release: 20030630 +Version: 0.9.3 +Release: 20030915 # list of sources Source0: ftp://ftp.ossp.org/pkg/lib/l2/l2-%{version}.tar.gz @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6555 -r1.6556 news.txt --- openpkg-web/news.txt 15 Sep 2003 08:14:53 - 1.6555 +++ openpkg-web/news.txt 15 Sep 2003 08:19:00 - 1.6556 @@ -1,3 +1,4 @@ +15-Sep-2003: Upgraded package: Pl2-0.9.3-20030915 15-Sep-2003: Upgraded package: Pwhois-4.6.7-20030915 15-Sep-2003: Upgraded package: Pfsl-1.2.0-1.3.1 15-Sep-2003: Upgraded package: Pwhich-2.16-20030915 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: OPENPKG_1_3_SOLID: openpkg-src/mysql/ mysql.patch mysql...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 15-Sep-2003 12:59:37 Branch: OPENPKG_1_3_SOLID HEAD Handle: 2003091511593502 Modified files: openpkg-web news.txt Modified files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/mysql mysql.patch mysql.spec Log: SA-2003.038-mysql; CAN-2003-0780 Summary: RevisionChanges Path 1.3.2.4.2.1 +18 -0 openpkg-src/mysql/mysql.patch 1.49.2.5.2.4+1 -1 openpkg-src/mysql/mysql.spec 1.6562 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/mysql/mysql.patch $ cvs diff -u -r1.3.2.4 -r1.3.2.4.2.1 mysql.patch --- openpkg-src/mysql/mysql.patch 24 Jul 2003 20:44:33 - 1.3.2.4 +++ openpkg-src/mysql/mysql.patch 15 Sep 2003 10:59:37 - 1.3.2.4.2.1 @@ -63,3 +63,21 @@ #endif #ifdef DATADIR DATADIR, + +http://marc.theaimsgroup.com/?l=bugtraqm=106323221912927w=4 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0780 +Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL +4.0.14 and earlier, and 3.23.x, allows attackers to execute +arbitrary code via a long Password field + +--- sql/sql_acl.cc.orig Fri Jul 18 16:57:47 2003 sql/sql_acl.cc Mon Sep 15 11:58:13 2003 +@@ -233,7 +233,7 @@ + Found old style password for user '%s'. Ignoring user. (You may want to restart mysqld using --old-protocol), + user.user ? user.user : ); /* purecov: tested */ + } +-else if (length % 8)// This holds true for passwords ++else if (length % 8 || length 16) // This holds true for passwords + { + sql_print_error( + Found invalid password for user: '[EMAIL PROTECTED]'; Ignoring user, @@ . patch -p0 '@@ .' Index: openpkg-src/mysql/mysql.spec $ cvs diff -u -r1.49.2.5.2.3 -r1.49.2.5.2.4 mysql.spec --- openpkg-src/mysql/mysql.spec 5 Aug 2003 13:43:16 - 1.49.2.5.2.3 +++ openpkg-src/mysql/mysql.spec 15 Sep 2003 10:59:37 - 1.49.2.5.2.4 @@ -39,7 +39,7 @@ Group:Database License: GPL Version: %{V_opkg} -Release: 1.3.1 +Release: 1.3.2 # package options %option with_berkeleydb yes @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6561 -r1.6562 news.txt --- openpkg-web/news.txt 15 Sep 2003 10:55:54 - 1.6561 +++ openpkg-web/news.txt 15 Sep 2003 10:59:35 - 1.6562 @@ -1,3 +1,4 @@ +15-Sep-2003: Upgraded package: Pmysql-4.0.14-1.3.2 15-Sep-2003: New package: Pjam-2.5-20030915 15-Sep-2003: Upgraded package: Pqt-3.2.1-20030915 15-Sep-2003: Upgraded package: Papt-0.5.5cnc6-20030915 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: OPENPKG_1_2_SOLID: openpkg-src/mysql/ mysql.patch mysql...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 15-Sep-2003 13:17:14 Branch: OPENPKG_1_2_SOLID HEAD Handle: 2003091512171202 Modified files: openpkg-web news.txt Modified files: (Branch: OPENPKG_1_2_SOLID) openpkg-src/mysql mysql.patch mysql.spec Log: SA-2003.038-mysql; CAN-2003-0780 Summary: RevisionChanges Path 1.3.4.4 +18 -0 openpkg-src/mysql/mysql.patch 1.49.2.1.2.5+1 -1 openpkg-src/mysql/mysql.spec 1.6563 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/mysql/mysql.patch $ cvs diff -u -r1.3.4.3 -r1.3.4.4 mysql.patch --- openpkg-src/mysql/mysql.patch 19 Mar 2003 07:59:05 - 1.3.4.3 +++ openpkg-src/mysql/mysql.patch 15 Sep 2003 11:17:14 - 1.3.4.4 @@ -252,3 +252,21 @@ #define MY_CHECK_ERROR 1 /* Params to my_end; Check open-close */ #define MY_GIVE_INFO2 /* Give time info about process*/ + +http://marc.theaimsgroup.com/?l=bugtraqm=106323221912927w=4 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0780 +Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL +4.0.14 and earlier, and 3.23.x, allows attackers to execute +arbitrary code via a long Password field + +--- sql/sql_acl.cc.orig 2002-12-05 10:37:06.0 +0100 sql/sql_acl.cc 2003-09-15 13:01:19.0 +0200 +@@ -206,7 +206,7 @@ + Found old style password for user '%s'. Ignoring user. (You may want to restart using --old-protocol), + user.user ? user.user : ); /* purecov: tested */ + } +-else if (length % 8)// This holds true for passwords ++else if (length % 8 || length 16) // This holds true for passwords + { + sql_print_error( + Found invalid password for user: '[EMAIL PROTECTED]'; Ignoring user, @@ . patch -p0 '@@ .' Index: openpkg-src/mysql/mysql.spec $ cvs diff -u -r1.49.2.1.2.4 -r1.49.2.1.2.5 mysql.spec --- openpkg-src/mysql/mysql.spec 19 Mar 2003 09:06:15 - 1.49.2.1.2.4 +++ openpkg-src/mysql/mysql.spec 15 Sep 2003 11:17:14 - 1.49.2.1.2.5 @@ -37,7 +37,7 @@ Group:Database License: GPL Version: %{V_major}.%{V_minor} -Release: 1.2.3 +Release: 1.2.4 # package options %option with_berkeleydb yes @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6562 -r1.6563 news.txt --- openpkg-web/news.txt 15 Sep 2003 10:59:35 - 1.6562 +++ openpkg-web/news.txt 15 Sep 2003 11:17:12 - 1.6563 @@ -1,3 +1,4 @@ +15-Sep-2003: Upgraded package: Pmysql-3.23.54a-1.2.4 15-Sep-2003: Upgraded package: Pmysql-4.0.14-1.3.2 15-Sep-2003: New package: Pjam-2.5-20030915 15-Sep-2003: Upgraded package: Pqt-3.2.1-20030915 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/ security.txt security.wml openpkg-web/secu...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 15-Sep-2003 13:33:39 Branch: HEAD Handle: 2003091512333900 Added files: openpkg-web/securityOpenPKG-SA-2003.038-mysql.txt Modified files: openpkg-web security.txt security.wml Log: SA-2003.038-mysql; CAN-2003-0780 Summary: RevisionChanges Path 1.44+1 -0 openpkg-web/security.txt 1.62+1 -0 openpkg-web/security.wml 1.1 +77 -0 openpkg-web/security/OpenPKG-SA-2003.038-mysql.txt patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.43 -r1.44 security.txt --- openpkg-web/security.txt 28 Aug 2003 08:37:00 - 1.43 +++ openpkg-web/security.txt 15 Sep 2003 11:33:39 - 1.44 @@ -1,3 +1,4 @@ +15-Sep-2003: Security Advisory: SOpenPKG-SA-2003.038-mysql 28-Aug-2003: Security Advisory: SOpenPKG-SA-2003.037-sendmail 06-Aug-2003: Security Advisory: SOpenPKG-SA-2003.036-perl-www 06-Aug-2003: Security Advisory: SOpenPKG-SA-2003.035-openssh @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.61 -r1.62 security.wml --- openpkg-web/security.wml 28 Aug 2003 08:37:00 - 1.61 +++ openpkg-web/security.wml 15 Sep 2003 11:33:39 - 1.62 @@ -76,6 +76,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2003.038 mysql sa 2003.037 sendmail sa 2003.036 perl-www sa 2003.035 openssh @@ . patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2003.038-mysql.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2003.038-mysql.txt --- /dev/null 2003-09-15 13:33:39.0 +0200 +++ OpenPKG-SA-2003.038-mysql.txt 2003-09-15 13:33:39.0 +0200 @@ -0,0 +1,77 @@ + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2003.mysql15-Sep-2003 + + +Package: mysql +Vulnerability: arbitrary code execution +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT = mysql-4.0.14-20030904= mysql-4.0.15-20030910 +OpenPKG 1.3 = mysql-4.0.14-1.3.1 = mysql-4.0.14-1.3.2 +OpenPKG 1.2 = mysql-3.23.54a-1.2.3 = mysql-3.23.54a-1.2.4 + +Dependent Packages: none + +Description: + Frank Denis [EMAIL PROTECTED] reported a vulnerability [0] in MySQL + [1] affecting MySQL3 versions 3.0.57 and earlier and MySQL4 versions + 4.0.14 and earlier. Passwords of MySQL users are stored in the User + table, part of the mysql database, specifically in the Password + field. The passwords are hashed and stored as a 16 characters + long hexadecimal value, specifically in the Password field. + Unfortunately, a function involved in password checking misses correct + bounds checking. By filling a Password field a value wider than 16 + characters, a buffer overflow will occur. The Common Vulnerabilities + and Exposures (CVE) project assigned the id CAN-2003-0780 [2] to the + problem. + + Please check whether you are affected by running prefix/bin/rpm -q + mysql. If you have the mysql package installed and its version is + affected (see above), we recommend that you immediately upgrade it + (see Solution). [3][4] + +Solution: + Select the updated source RPM appropriate for your OpenPKG release + [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror + location, verify its integrity [9], build a corresponding binary RPM + from it [3] and update your OpenPKG installation by applying the binary + RPM [4]. For the current release OpenPKG 1.3, perform the following + operations to permanently fix the security problem (for other releases + adjust accordingly). + + $ ftp ftp.openpkg.org + ftp bin + ftp cd release/1.3/UPD + ftp get mysql-4.0.14-1.3.2.src.rpm + ftp bye + $ prefix/bin/rpm -v --checksig mysql-4.0.14-1.3.2.src.rpm + $ prefix/bin
[CVS] OpenPKG: openpkg-web/ security.txt security.wml openpkg-web/secu...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 15-Sep-2003 15:27:24 Branch: HEAD Handle: 2003091514272300 Added files: openpkg-web/securityOpenPKG-SA-2003.039-perl.txt Modified files: openpkg-web security.txt security.wml Log: SA-2003.039-perl; CAN-2003-0615 Summary: RevisionChanges Path 1.45+1 -0 openpkg-web/security.txt 1.63+1 -0 openpkg-web/security.wml 1.1 +90 -0 openpkg-web/security/OpenPKG-SA-2003.039-perl.txt patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.44 -r1.45 security.txt --- openpkg-web/security.txt 15 Sep 2003 11:33:39 - 1.44 +++ openpkg-web/security.txt 15 Sep 2003 13:27:23 - 1.45 @@ -1,3 +1,4 @@ +15-Sep-2003: Security Advisory: SOpenPKG-SA-2003.039-perl 15-Sep-2003: Security Advisory: SOpenPKG-SA-2003.038-mysql 28-Aug-2003: Security Advisory: SOpenPKG-SA-2003.037-sendmail 06-Aug-2003: Security Advisory: SOpenPKG-SA-2003.036-perl-www @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.62 -r1.63 security.wml --- openpkg-web/security.wml 15 Sep 2003 11:33:39 - 1.62 +++ openpkg-web/security.wml 15 Sep 2003 13:27:23 - 1.63 @@ -76,6 +76,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2003.038 perl sa 2003.038 mysql sa 2003.037 sendmail sa 2003.036 perl-www @@ . patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2003.039-perl.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2003.039-perl.txt --- /dev/null 2003-09-15 15:27:24.0 +0200 +++ OpenPKG-SA-2003.039-perl.txt 2003-09-15 15:27:24.0 +0200 @@ -0,0 +1,90 @@ + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2003.039 15-Sep-2003 + + +Package: perl (CGI.pm) +Vulnerability: cross site scripting +OpenPKG Specific:no + +Affected Releases: Affected Packages:Corrected Packages: +OpenPKG CURRENT = perl-5.8.0-20030903= perl-5.8.0-20030915 +OpenPKG 1.3 = perl-5.8.0-1.3.0 = perl-5.8.0-1.3.1 +OpenPKG 1.2 = perl-5.8.0-1.2.0 = perl-5.8.0-1.2.1 + +Dependent Packages: none + +Description: + This message is a continuation of OpenPKG-SA-2003.036-perl-www [0]. + The Common Vulnerabilities and Exposures (CVE) project assigned the + id CAN-2003-0615 [1] to the problem described. This document also + outlines a important problematic regarding the native load order of + perl modules. + + The CGI.pm module not only comes with the perl-www package but a + ancient version 2.81 is also embedded into perl. The corrected + packages mentioned above have the official fix backported to the + embedded version. + + Be aware that all releases of OpenPKG up to and including 1.3 use + Perl's native load order of modules. Embedded modules are preferred + over additional modules. This means that CGI.pm embedded into the + perl package is loaded before the sibling from the additional + perl-www package is found. This inhibits the use and correction of + additional modules with same name as embedded ones. + + It should be noted that beginning with perl-5.8.0-20030903 the load + order is patched to prefer additional modules [2]. There are no plans + modifiying the module load order of the perl package in existing + releases. Although more intuitive it would change existing behaviour + and is likely to break existing installations. During the support + lifecycle security advisories and corrected packages will be issued + for both, embedded and additional packages. + + Please check whether you are affected by running prefix/bin/rpm -q + perl. If you have the perl package installed and its version is + affected (see above), we recommend that you immediately upgrade it + (see Solution
[CVS] OpenPKG: openpkg-src/perl/ perl.patch perl.spec openpkg-web/ new...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 15-Sep-2003 15:28:53 Branch: HEAD Handle: 2003091514285101 Modified files: openpkg-src/perlperl.patch perl.spec openpkg-web news.txt Log: SA-2003.039-perl; CAN-2003-0615 Summary: RevisionChanges Path 1.8 +32 -0 openpkg-src/perl/perl.patch 1.80+1 -1 openpkg-src/perl/perl.spec 1.6566 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/perl/perl.patch $ cvs diff -u -r1.7 -r1.8 perl.patch --- openpkg-src/perl/perl.patch 3 Sep 2003 12:37:46 - 1.7 +++ openpkg-src/perl/perl.patch 15 Sep 2003 13:28:52 - 1.8 @@ -144,3 +144,35 @@ if (chdir lib) { $do_installarchlib = ! samepath($installarchlib, '.'); + +- + +http://stein.cshl.org/WWW/software/CGI/ +under Revision History find Fixed cross-site scripting bug +reported by obscure note attached to Version 2.94. A quick fix was +introduced in 2.94. It was replaced by a more careful patch in 2.99. + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615 +Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm +allows remote attackers to insert web script via a URL that is fed +into the form's action parameter + +This is a backport of the 2.99 patch for 2.81 which is the version +embedded with perl 5.8.0 + +--- lib/CGI.pm.orig 2003-09-15 14:09:34.0 +0200 lib/CGI.pm 2003-09-15 14:16:26.0 +0200 +@@ -1533,8 +1533,11 @@ + $enctype = $enctype || URL_ENCODED; + unless (defined $action) { +$action = $self-url(-absolute=1,-path=1); +- $action .= ?$ENV{QUERY_STRING} if $ENV{QUERY_STRING}; ++ if (length($ENV{QUERY_STRING})0) { ++ $action .= ?.$self-escapeHTML($ENV{QUERY_STRING},1); ++ } + } ++$action = escape($action); + $action = qq(action=$action); + my($other) = @other ? @other : ''; + $self-{'.parametersToAdd'}={}; + @@ . patch -p0 '@@ .' Index: openpkg-src/perl/perl.spec $ cvs diff -u -r1.79 -r1.80 perl.spec --- openpkg-src/perl/perl.spec3 Sep 2003 12:37:46 - 1.79 +++ openpkg-src/perl/perl.spec15 Sep 2003 13:28:52 - 1.80 @@ -33,7 +33,7 @@ Group:Language License: GPL/Artistic Version: 5.8.0 -Release: 20030903 +Release: 20030915 # list of sources Source0: ftp://ftp.cpan.org/pub/CPAN/src/perl-%{version}.tar.gz @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6565 -r1.6566 news.txt --- openpkg-web/news.txt 15 Sep 2003 13:20:10 - 1.6565 +++ openpkg-web/news.txt 15 Sep 2003 13:28:51 - 1.6566 @@ -1,3 +1,4 @@ +15-Sep-2003: Upgraded package: Pperl-5.8.0-20030915 15-Sep-2003: Upgraded package: Ppine-4.58L-20030915 15-Sep-2003: New package: Ppine-4.58L-20030915 15-Sep-2003: Upgraded package: Pmysql-3.23.54a-1.2.4 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: OPENPKG_1_3_SOLID: openpkg-src/perl/ perl.patch perl.sp...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 15-Sep-2003 15:41:20 Branch: OPENPKG_1_3_SOLID HEAD Handle: 2003091514411901 Modified files: openpkg-web news.txt Modified files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/perlperl.patch perl.spec Log: MFC: SA-2003.039-perl; CAN-2003-0615 Summary: RevisionChanges Path 1.6.6.1 +29 -0 openpkg-src/perl/perl.patch 1.72.2.2.2.2+1 -1 openpkg-src/perl/perl.spec 1.6567 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/perl/perl.patch $ cvs diff -u -r1.6 -r1.6.6.1 perl.patch --- openpkg-src/perl/perl.patch 16 Dec 2002 11:25:39 - 1.6 +++ openpkg-src/perl/perl.patch 15 Sep 2003 13:41:20 - 1.6.6.1 @@ -24,3 +24,32 @@ return Opcode::_safe_call_sv($root, $obj-{Mask}, $evalsub); } +http://stein.cshl.org/WWW/software/CGI/ +under Revision History find Fixed cross-site scripting bug +reported by obscure note attached to Version 2.94. A quick fix was +introduced in 2.94. It was replaced by a more careful patch in 2.99. + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615 +Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm +allows remote attackers to insert web script via a URL that is fed +into the form's action parameter + +This is a backport of the 2.99 patch for 2.81 which is the version +embedded with perl 5.8.0 + +--- lib/CGI.pm.orig 2003-09-15 14:09:34.0 +0200 lib/CGI.pm 2003-09-15 14:16:26.0 +0200 +@@ -1533,8 +1533,11 @@ + $enctype = $enctype || URL_ENCODED; + unless (defined $action) { +$action = $self-url(-absolute=1,-path=1); +- $action .= ?$ENV{QUERY_STRING} if $ENV{QUERY_STRING}; ++ if (length($ENV{QUERY_STRING})0) { ++ $action .= ?.$self-escapeHTML($ENV{QUERY_STRING},1); ++ } + } ++$action = escape($action); + $action = qq(action=$action); + my($other) = @other ? @other : ''; + $self-{'.parametersToAdd'}={}; + @@ . patch -p0 '@@ .' Index: openpkg-src/perl/perl.spec $ cvs diff -u -r1.72.2.2.2.1 -r1.72.2.2.2.2 perl.spec --- openpkg-src/perl/perl.spec29 Jul 2003 15:00:32 - 1.72.2.2.2.1 +++ openpkg-src/perl/perl.spec15 Sep 2003 13:41:20 - 1.72.2.2.2.2 @@ -33,7 +33,7 @@ Group:Language License: GPL/Artistic Version: 5.8.0 -Release: 1.3.0 +Release: 1.3.1 # list of sources Source0: ftp://ftp.cpan.org/pub/CPAN/src/perl-%{version}.tar.gz @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6566 -r1.6567 news.txt --- openpkg-web/news.txt 15 Sep 2003 13:28:51 - 1.6566 +++ openpkg-web/news.txt 15 Sep 2003 13:41:19 - 1.6567 @@ -1,3 +1,4 @@ +15-Sep-2003: Upgraded package: Pperl-5.8.0-1.3.1 15-Sep-2003: Upgraded package: Pperl-5.8.0-20030915 15-Sep-2003: Upgraded package: Ppine-4.58L-20030915 15-Sep-2003: New package: Ppine-4.58L-20030915 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: OPENPKG_1_2_SOLID: openpkg-src/perl/ perl.patch perl.sp...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 15-Sep-2003 15:43:01 Branch: OPENPKG_1_2_SOLID HEAD Handle: 2003091514430001 Modified files: openpkg-web news.txt Modified files: (Branch: OPENPKG_1_2_SOLID) openpkg-src/perlperl.patch perl.spec Log: MFC: SA-2003.039-perl; CAN-2003-0615 Summary: RevisionChanges Path 1.6.4.1 +29 -0 openpkg-src/perl/perl.patch 1.72.2.1.2.2+1 -1 openpkg-src/perl/perl.spec 1.6568 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/perl/perl.patch $ cvs diff -u -r1.6 -r1.6.4.1 perl.patch --- openpkg-src/perl/perl.patch 16 Dec 2002 11:25:39 - 1.6 +++ openpkg-src/perl/perl.patch 15 Sep 2003 13:43:01 - 1.6.4.1 @@ -24,3 +24,32 @@ return Opcode::_safe_call_sv($root, $obj-{Mask}, $evalsub); } +http://stein.cshl.org/WWW/software/CGI/ +under Revision History find Fixed cross-site scripting bug +reported by obscure note attached to Version 2.94. A quick fix was +introduced in 2.94. It was replaced by a more careful patch in 2.99. + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615 +Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm +allows remote attackers to insert web script via a URL that is fed +into the form's action parameter + +This is a backport of the 2.99 patch for 2.81 which is the version +embedded with perl 5.8.0 + +--- lib/CGI.pm.orig 2003-09-15 14:09:34.0 +0200 lib/CGI.pm 2003-09-15 14:16:26.0 +0200 +@@ -1533,8 +1533,11 @@ + $enctype = $enctype || URL_ENCODED; + unless (defined $action) { +$action = $self-url(-absolute=1,-path=1); +- $action .= ?$ENV{QUERY_STRING} if $ENV{QUERY_STRING}; ++ if (length($ENV{QUERY_STRING})0) { ++ $action .= ?.$self-escapeHTML($ENV{QUERY_STRING},1); ++ } + } ++$action = escape($action); + $action = qq(action=$action); + my($other) = @other ? @other : ''; + $self-{'.parametersToAdd'}={}; + @@ . patch -p0 '@@ .' Index: openpkg-src/perl/perl.spec $ cvs diff -u -r1.72.2.1.2.1 -r1.72.2.1.2.2 perl.spec --- openpkg-src/perl/perl.spec18 Jan 2003 17:21:31 - 1.72.2.1.2.1 +++ openpkg-src/perl/perl.spec15 Sep 2003 13:43:01 - 1.72.2.1.2.2 @@ -33,7 +33,7 @@ Group:Language License: GPL/Artistic Version: 5.8.0 -Release: 1.2.0 +Release: 1.2.1 # list of sources Source0: ftp://ftp.cpan.org/pub/CPAN/src/perl-%{version}.tar.gz @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6567 -r1.6568 news.txt --- openpkg-web/news.txt 15 Sep 2003 13:41:19 - 1.6567 +++ openpkg-web/news.txt 15 Sep 2003 13:43:00 - 1.6568 @@ -1,3 +1,4 @@ +15-Sep-2003: Upgraded package: Pperl-5.8.0-1.2.1 15-Sep-2003: Upgraded package: Pperl-5.8.0-1.3.1 15-Sep-2003: Upgraded package: Pperl-5.8.0-20030915 15-Sep-2003: Upgraded package: Ppine-4.58L-20030915 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-0000.000-template.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 15-Sep-2003 15:47:35 Branch: HEAD Handle: 2003091514473500 Modified files: openpkg-web/securityOpenPKG-SA-.000-template.txt Log: make sure number of digits are correct; distinguish numbers and names Summary: RevisionChanges Path 1.15+1 -1 openpkg-web/security/OpenPKG-SA-.000-template.txt patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-.000-template.txt $ cvs diff -u -r1.14 -r1.15 OpenPKG-SA-.000-template.txt --- openpkg-web/security/OpenPKG-SA-.000-template.txt 6 Aug 2003 15:40:29 - 1.14 +++ openpkg-web/security/OpenPKG-SA-.000-template.txt 15 Sep 2003 13:47:35 - 1.15 @@ -3,7 +3,7 @@ OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] -OpenPKG-SA-2003.fooDfooD-Mfoomm-2003 +OpenPKG-SA-2003.foo_3digit foo_as_2digitnum_dash_3charname-2003 Package: foo @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[OpenPKG #229] OpenPKG v1.3 00INDEX.rdf.bz2 broken
Request 229 was acted upon. This is an automatically generated message. URL: https://rt.openpkg.org/id/229 Ticket: [OpenPKG #229] Subject: OpenPKG v1.3 00INDEX.rdf.bz2 broken Requestors: Queue: openpkg Owner: thl Status: resolved Transaction: Status changed from open to resolved by thl Time: Wed Sep 10 09:01:04 2003 _ According to our records, your request has been resolved. If you have any further questions or concerns, please just respond to this message. __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[OpenPKG #251] openpkg-dev feature request/bug creating new package
Request 251 was acted upon. _ URL: https://rt.openpkg.org/id/251 Ticket: [OpenPKG #251] Subject: openpkg-dev feature request/bug creating new package Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: Nobody Status: new Transaction: Ticket created by thl Time: Wed Sep 10 09:04:35 2003 _ - use of mkdir is not intended but makedir does not work - directory and (empty) specfile needs to be added to CVS - (empty) vcheck file needs to be added to CVS - currenly, without CVS, cd . is required to fill $B -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
Re: [CVS] OpenPKG: openpkg-re/ openpkg-dev
On Tue, Sep 09, 2003, Ralf S. Engelschall wrote: On Tue, Sep 09, 2003, Thomas Lotterer wrote: [...] too much prosa here [...] -makedir ${workdir} +mkdir ${workdir} [...] Can you be more specific? makedir is a function defined in openpkg-dev to provide the mkdir -p functionality. If you replace it a plain mkdir this is lost. Perhaps it is not needed in this context, but throughout openpkg-dev we always use makedir... just wondering... I have to investigate, makedir simply did nothing (tried twice). https://rt.openpkg.org/Ticket/Display.html?id=251 -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.snmpdx openpkg-src/snmpdx/ snmpdx...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 09-Sep-2003 14:52:01 Branch: HEAD Handle: 2003090913515902 Added files: openpkg-re/vcheck vc.snmpdx openpkg-src/snmpdx snmpdx.spec Modified files: openpkg-web news.txt Log: new package: snmpdx 0.2.1 (SNMP Daemon Extension) Summary: RevisionChanges Path 1.1 +9 -0 openpkg-re/vcheck/vc.snmpdx 1.1 +74 -0 openpkg-src/snmpdx/snmpdx.spec 1.6473 +5 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.snmpdx $ cvs diff -u -r0 -r1.1 vc.snmpdx --- /dev/null 2003-09-09 14:51:59.0 +0200 +++ vc.snmpdx 2003-09-09 14:51:59.0 +0200 @@ -0,0 +1,9 @@ +config = { +} + +prog snmpdx = { + version = 0.2.1 + url = ftp://ftp.ossp.org/pkg/tool/snmpdx/ + regex = snmpdx-(__VER__)\.tar\.gz +} + @@ . patch -p0 '@@ .' Index: openpkg-src/snmpdx/snmpdx.spec $ cvs diff -u -r0 -r1.1 snmpdx.spec --- /dev/null 2003-09-09 14:52:01.0 +0200 +++ snmpdx.spec 2003-09-09 14:52:01.0 +0200 @@ -0,0 +1,74 @@ +## +## shiela.spec -- OpenPKG RPM Specification +## Copyright (c) 2000-2003 The OpenPKG Project http://www.openpkg.org/ +## Copyright (c) 2000-2003 Ralf S. Engelschall [EMAIL PROTECTED] +## Copyright (c) 2000-2003 Cable Wireless http://www.cw.com/ +## +## Permission to use, copy, modify, and distribute this software for +## any purpose with or without fee is hereby granted, provided that +## the above copyright notice and this permission notice appear in all +## copies. +## +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR +## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +## SUCH DAMAGE. +## + +# package information +Name: snmpdx +Summary: SNMP Daemon Extension +URL: http://www.ossp.org/pkg/tool/snmpdx/ +Vendor: Ralf S. Engelschall +Packager: The OpenPKG Project +Distribution: OpenPKG [JUNK] +Group:Network +License: GPL +Version: 0.2.1 +Release: 20030909 + +# list of sources +Source0: ftp://ftp.ossp.org/pkg/tool/snmpdx/snmpdx-%{version}.tar.gz + +# build information +Prefix: %{l_prefix} +BuildRoot:%{l_buildroot} +BuildPreReq: OpenPKG, openpkg = 20020206, perl +PreReq: OpenPKG, openpkg = 20020206, perl, snmp +AutoReq: no +AutoReqProv: no + +%description +OSSP snmpdx is a framework for easily hooking into net-snmp's +snmpd(8) and providing an own SNMP MIB and the OID implementing +probes. It is a Perl program which either can be configured as a +pass (not recommended) or pass_persist (recommended) program into +snmpd.conf. + +%prep +%setup -q + +%build +./configure \ +--prefix=%{l_prefix} \ +--with-perl=%{l_prefix}/bin/perl +%{l_make} %{l_mflags -O} + +%install +rm -rf $RPM_BUILD_ROOT +%{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT +%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT %{l_files_std} + +%files -f files + +%clean +rm -rf $RPM_BUILD_ROOT + @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6472 -r1.6473 news.txt --- openpkg-web/news.txt 9 Sep 2003 10:09:13 - 1.6472 +++ openpkg-web/news.txt 9 Sep 2003 12:52:00 - 1.6473 @@ -1,3 +1,7 @@ +09-Sep-2003: New package: Psnmpdx-0.2.1-20030909 + news.txt +09-Sep-2003: New package: Psnmpdx-0.2.0-20030909 +=== 09-Sep-2003: Upgraded package: Pdb-4.1.25.1-20030909 09-Sep-2003
[CVS] OpenPKG: openpkg-web/ news.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 09-Sep-2003 15:03:08 Branch: HEAD Handle: 2003090914030600 Modified files: openpkg-web news.txt Log: manual repair of fully broken news.txt file Summary: RevisionChanges Path 1.6474 +0 -13 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6473 -r1.6474 news.txt --- openpkg-web/news.txt 9 Sep 2003 12:52:00 - 1.6473 +++ openpkg-web/news.txt 9 Sep 2003 13:03:06 - 1.6474 @@ -1,7 +1,4 @@ 09-Sep-2003: New package: Psnmpdx-0.2.1-20030909 - news.txt -09-Sep-2003: New package: Psnmpdx-0.2.0-20030909 -=== 09-Sep-2003: Upgraded package: Pdb-4.1.25.1-20030909 09-Sep-2003: Upgraded package: Pcvsps-2.0rc1-20030909 09-Sep-2003: Upgraded package: Pgcc2-2.95.3-20030909 @@ -13,7 +10,6 @@ 09-Sep-2003: Upgraded package: Pbinutils-2.14-20030909 09-Sep-2003: Upgraded package: Pbind-9.2.2-20030909 09-Sep-2003: Upgraded package: Pautogen-5.5.6-20030909 - 1.6472 09-Sep-2003: Upgraded package: Papg-2.2.2-20030909 09-Sep-2003: Upgraded package: Panalog-5.32-20030909 09-Sep-2003: Upgraded package: Pamd-6.0.9-20030909 @@ -830,7 +826,6 @@ 23-Jul-2003: Upgraded package: Ptetex-2.0.2-20030723 23-Jul-2003: Upgraded package: Psmtpfeed-1.18-20030723 23-Jul-2003: Upgraded package: Pslang-1.4.9-20030723 - news.txt 23-Jul-2003: New package: Pzyacc-1.03-20030723 23-Jul-2003: Upgraded package: Psav-3.56-20030723 23-Jul-2003: Upgraded package: Psamhain-1.7.9-20030723 @@ -839,7 +834,6 @@ 23-Jul-2003: Upgraded package: Pragel-1.5.4-20030723 23-Jul-2003: Upgraded package: Pqt-3.1.2-20030723 23-Jul-2003: Upgraded package: Pprocmail-3.22-20030723 - news.txt 23-Jul-2003: Upgraded package: Pprecc-2.51e-20030723 23-Jul-2003: Upgraded package: Ppostfix-2.0.13-20030723 23-Jul-2003: Upgraded package: Ppetidomo-4.0b1-20030723 @@ -859,7 +853,6 @@ 23-Jul-2003: Upgraded package: Pperforce-2003.1-20030723 23-Jul-2003: Upgraded package: Popenssl-0.9.7b-20030723 23-Jul-2003: Upgraded package: Popenpkg-20030723-20030723 - news.txt 23-Jul-2003: Upgraded package: Popenjade-1.3.2-20030723 23-Jul-2003: Upgraded package: Pntp-4.1.2-20030723 23-Jul-2003: Upgraded package: Pnoweb-2.10c-20030723 @@ -910,9 +903,6 @@ 23-Jul-2003: Upgraded package: Papache-1.3.28-20030723 23-Jul-2003: Upgraded package: Pacroread-5.07-20030723 23-Jul-2003: Upgraded package: Paccent-0.8-20030723 -=== -=== -=== 23-Jul-2003: New package: Pzyacc-1.03-20030723 23-Jul-2003: Upgraded package: Psav-3.56-20030723 23-Jul-2003: Upgraded package: Psamhain-1.7.9-20030723 @@ -990,11 +980,8 @@ 23-Jul-2003: Upgraded package: Papache-1.3.28-20030723 23-Jul-2003: Upgraded package: Pacroread-5.07-20030723 23-Jul-2003: Upgraded package: Paccent-0.8-20030723 - 1.5751 23-Jul-2003: Upgraded package: Ptftp-0.34-20030723 - 1.5749 23-Jul-2003: Upgraded package: Pqpopper-4.0.5-20030723 - 1.5748 23-Jul-2003: Upgraded package: Pspamassassin-2.55-20030723 23-Jul-2003: Upgraded package: Pportfwd-0.26rc6-20030723 23-Jul-2003: Upgraded package: Plmtp2nntp-1.2.0-20030723 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/vcheck/ vc.snmpdx openpkg-src/snmpdx/ snmpdx...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web openpkg$ Date: 09-Sep-2003 16:20:40 Branch: HEAD Handle: 2003090915203802 Modified files: openpkg-re/vcheck vc.snmpdx openpkg-src/snmpdx snmpdx.spec openpkg-web news.txt Log: upgrading package: snmpdx 0.2.1 - 0.2.4 Summary: RevisionChanges Path 1.2 +1 -1 openpkg-re/vcheck/vc.snmpdx 1.2 +1 -1 openpkg-src/snmpdx/snmpdx.spec 1.6475 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-re/vcheck/vc.snmpdx $ cvs diff -u -r1.1 -r1.2 vc.snmpdx --- openpkg-re/vcheck/vc.snmpdx 9 Sep 2003 12:51:59 - 1.1 +++ openpkg-re/vcheck/vc.snmpdx 9 Sep 2003 14:20:38 - 1.2 @@ -2,7 +2,7 @@ } prog snmpdx = { - version = 0.2.1 + version = 0.2.4 url = ftp://ftp.ossp.org/pkg/tool/snmpdx/ regex = snmpdx-(__VER__)\.tar\.gz } @@ . patch -p0 '@@ .' Index: openpkg-src/snmpdx/snmpdx.spec $ cvs diff -u -r1.1 -r1.2 snmpdx.spec --- openpkg-src/snmpdx/snmpdx.spec9 Sep 2003 12:52:01 - 1.1 +++ openpkg-src/snmpdx/snmpdx.spec9 Sep 2003 14:20:40 - 1.2 @@ -32,7 +32,7 @@ Distribution: OpenPKG [JUNK] Group:Network License: GPL -Version: 0.2.1 +Version: 0.2.4 Release: 20030909 # list of sources @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6474 -r1.6475 news.txt --- openpkg-web/news.txt 9 Sep 2003 13:03:06 - 1.6474 +++ openpkg-web/news.txt 9 Sep 2003 14:20:38 - 1.6475 @@ -1,3 +1,4 @@ +09-Sep-2003: Upgraded package: Psnmpdx-0.2.4-20030909 09-Sep-2003: New package: Psnmpdx-0.2.1-20030909 09-Sep-2003: Upgraded package: Pdb-4.1.25.1-20030909 09-Sep-2003: Upgraded package: Pcvsps-2.0rc1-20030909 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-src/bind/ bind.spec db.root.sh openpkg-web/ new...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 07-Sep-2003 16:32:49 Branch: HEAD Handle: 2003090715324702 Modified files: openpkg-src/bindbind.spec db.root.sh openpkg-web news.txt Log: avoid ending up with an empty db.root Summary: RevisionChanges Path 1.76+1 -1 openpkg-src/bind/bind.spec 1.4 +8 -4 openpkg-src/bind/db.root.sh 1.6434 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/bind/bind.spec $ cvs diff -u -r1.75 -r1.76 bind.spec --- openpkg-src/bind/bind.spec19 Aug 2003 07:29:40 - 1.75 +++ openpkg-src/bind/bind.spec7 Sep 2003 14:32:49 - 1.76 @@ -37,7 +37,7 @@ Group:DNS License: ISC Version: %{V_bind} -Release: 20030819 +Release: 20030907 # package options %option with_dlz_mysql no @@ . patch -p0 '@@ .' Index: openpkg-src/bind/db.root.sh $ cvs diff -u -r1.3 -r1.4 db.root.sh --- openpkg-src/bind/db.root.sh 18 Aug 2003 07:44:15 - 1.3 +++ openpkg-src/bind/db.root.sh 7 Sep 2003 14:32:49 - 1.4 @@ -10,11 +10,15 @@ ;; EOT -dig @A.ROOT-SERVERS.NET . NS |\ -awk ' - /^[^;].*IN\tNS/ { printf(%-20s IN NS %s\n, $1, $NF); } - /^[^;].*IN\tA/ { printf(%-20s IN A %s\n, $1, $NF); } +for i in A B C D E F G H I J K L M; do +dig @$i.ROOT-SERVERS.NET . NS $ROOTFILE.raw break +done +[ -f $ROOTFILE.raw ] || exit 1 +awk $ROOTFILE.raw ' + /IN NS/ { printf(%-20s IN NS %s\n, $1, $NF); } + /IN A/ { printf(%-20s IN A %s\n, $1, $NF); } ' |\ sort $ROOTFILE echo $ROOTFILE +rm $ROOTFILE.raw @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6433 -r1.6434 news.txt --- openpkg-web/news.txt 7 Sep 2003 08:25:54 - 1.6433 +++ openpkg-web/news.txt 7 Sep 2003 14:32:47 - 1.6434 @@ -1,3 +1,4 @@ +07-Sep-2003: Upgraded package: Pbind-9.2.2-20030907 07-Sep-2003: Upgraded package: Popenpkg-20030907-20030907 06-Sep-2003: Upgraded package: Pmplayer-1.0pre1-20030906 06-Sep-2003: Upgraded package: Pqt-3.2.1-20030906 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/ rclint.pl
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-re Date: 07-Aug-2003 10:51:10 Branch: HEAD Handle: 2003080709510900 Modified files: openpkg-re rclint.pl Log: use rcService for checking enable, usable and active only; see PR#232 Summary: RevisionChanges Path 1.16+10 -0 openpkg-re/rclint.pl patch -p0 '@@ .' Index: openpkg-re/rclint.pl $ cvs diff -u -r1.15 -r1.16 rclint.pl --- openpkg-re/rclint.pl 21 Jul 2003 08:47:22 - 1.15 +++ openpkg-re/rclint.pl 7 Aug 2003 08:51:09 - 1.16 @@ -426,6 +426,16 @@ return; } +# check rcService only used for enable|usable|active PR#232 +$done = $outer_done; $this = ''; $todo = $outer_this; +while ( $todo =~ m/rcService\s+\w+\s+(\w+)/s ) { +$done .= $`; $this = $; $todo = $'; +if ( $1 !~ m/^(enable|usable|active)$/ ) { +lint_warning($file, $done, $this, section $section: rcService must check for (enable|usable|active) only, found check for \$1\); +} +$done .= $this; +} + # check rcService short circuit $done = $outer_done; $this = ''; $todo = $outer_this; if ( $todo !~ m/^[^\n]+\nrcService \w+ enable yes \|\| exit 0\n/s ) { @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: OPENPKG_1_2_SOLID: openpkg-src/openssh/ openssh.patch o...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 06-Aug-2003 15:07:45 Branch: OPENPKG_1_2_SOLID HEAD Handle: 2003080614074301 Added files: (Branch: OPENPKG_1_2_SOLID) openpkg-src/openssh openssh.patch Modified files: openpkg-web news.txt Modified files: (Branch: OPENPKG_1_2_SOLID) openpkg-src/openssh openssh.spec Log: OpenPKG-SA-2003.035-openssh; CAN-2003-0190 Summary: RevisionChanges Path 1.1.6.1 +131 -0 openpkg-src/openssh/openssh.patch 1.70.2.1.2.4+3 -1 openpkg-src/openssh/openssh.spec 1.6054 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/openssh/openssh.patch $ cvs diff -u -r0 -r1.1.6.1 openssh.patch --- /dev/null 2003-08-06 15:07:45.0 +0200 +++ openssh.patch 2003-08-06 15:07:45.0 +0200 @@ -0,0 +1,131 @@ +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0190 +OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support +enabled immediately sends an error message when a user does not +exist, which allows remote attackers to determine valid usernames +via a timing attack. + +Based on RedHat openssh-3.5p1-6.9.src.rpm which is +mostly based on a patch for 3.6 by Solar Designer. + +diff -ur openssh-3.5p1/auth2-none.c openssh-3.5p1-pam/auth2-none.c +--- auth2-none.c.orig2002-07-03 20:06:16.0 -0400 auth2-none.c 2003-05-01 19:21:30.0 -0400 +@@ -100,7 +100,7 @@ + if (check_nt_auth(1, authctxt-pw) == 0) + return(0); + #endif +-return (authctxt-valid ? PRIVSEP(auth_password(authctxt, )) : 0); ++return PRIVSEP(auth_password(authctxt, )) authctxt-valid; + } + + Authmethod method_none = { +diff -ur openssh-3.5p1/auth2-passwd.c openssh-3.5p1-pam/auth2-passwd.c +--- auth2-passwd.c.orig 2002-06-06 16:27:56.0 -0400 auth2-passwd.c 2003-05-01 19:22:52.0 -0400 +@@ -47,11 +47,12 @@ + log(password change not supported); + password = packet_get_string(len); + packet_check_eom(); +-if (authctxt-valid ++if ((PRIVSEP(auth_password(authctxt, password)) == 1) ++ authctxt-valid + #ifdef HAVE_CYGWIN +-check_nt_auth(1, authctxt-pw) ++ check_nt_auth(1, authctxt-pw) + #endif +-PRIVSEP(auth_password(authctxt, password)) == 1) ++) + authenticated = 1; + memset(password, 0, len); + xfree(password); +diff -ur openssh-3.5p1/auth-pam.c openssh-3.5p1-pam/auth-pam.c +--- auth-pam.c.orig 2002-07-28 16:24:08.0 -0400 auth-pam.c 2003-05-01 19:16:27.0 -0400 +@@ -201,35 +201,35 @@ + } + } + +-/* Attempt password authentation using PAM */ ++/* Attempt password authentication using PAM */ + int auth_pam_password(Authctxt *authctxt, const char *password) + { + extern ServerOptions options; +-int pam_retval; ++int pam_retval, ok = authctxt-valid; + struct passwd *pw = authctxt-pw; + + do_pam_set_conv(conv); + + /* deny if no user. */ + if (pw == NULL) +-return 0; ++ok = 0; +-if (pw-pw_uid == 0 options.permit_root_login == PERMIT_NO_PASSWD) +-return 0; ++if (pw pw-pw_uid == 0 options.permit_root_login == PERMIT_NO_PASSWD) ++ok = 0; +-if (*password == '\0' options.permit_empty_passwd == 0) ++if (password != NULL *password == '\0' options.permit_empty_passwd == 0) +-return 0; ++ok = 0; + + __pampasswd = password; + + pamstate = INITIAL_LOGIN; + pam_retval = do_pam_authenticate( + options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); +-if (pam_retval == PAM_SUCCESS) { ++if ((pam_retval == PAM_SUCCESS) pw ok) { + debug(PAM Password authentication accepted for + user \%.100s\, pw-pw_name); + return 1; + } else { + debug(PAM Password authentication for \%.100s\ +-failed[%d]: %s, pw-pw_name, pam_retval, ++failed[%d]: %s, pw ? pw-pw_name : invalid user, pam_retval, + PAM_STRERROR(__pamh, pam_retval)); + return 0; + } +diff -ur openssh-3.5p1/auth-passwd.c openssh-3.5p1-pam/auth-passwd.c +--- auth-passwd.c.orig 2002-09-25 19:14:16.0 -0400 auth
[OpenPKG #216] Test as guest from web interface
Request 216 was acted upon. This is an automatically generated message. URL: https://rt.openpkg.org/id/216 Ticket: [OpenPKG #216] Subject: Test as guest from web interface Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: thl Status: resolved Transaction: Status changed from open to resolved by thl Time: Tue Aug 05 09:39:04 2003 _ According to our records, your request has been resolved. If you have any further questions or concerns, please just respond to this message.
[CVS] OpenPKG: openpkg-web/ security.wml
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 05-Aug-2003 10:47:06 Branch: HEAD Handle: 2003080509470600 Modified files: openpkg-web security.wml Log: simplify and update security support statement; mention SOLID; reference more recent gnupg Summary: RevisionChanges Path 1.58+4 -6 openpkg-web/security.wml patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.57 -r1.58 security.wml --- openpkg-web/security.wml 4 Aug 2003 09:12:56 - 1.57 +++ openpkg-web/security.wml 5 Aug 2003 08:47:06 - 1.58 @@ -36,24 +36,22 @@ ul liThe most recent official release of OpenPKG. - liOpenPKG-STABLE, if at least 2 releases are based on it. - liThe previous OpenPKG-STABLE when a new stable does not yet - have 2 releases based on it. + liThe predecessor of the most recent release. /ul Following this policy, at this time, security advisories are being released for CORE and BASE class packages of: ul + liOpenPKG 1.3 liOpenPKG 1.2 - liOpenPKG 1.1 /ul Older releases are not maintained and users are strongly encouraged to upgrade to one of the supported releases mentioned above. Like all development efforts, security fixes are first brought into the OpenPKG-CURRENT branch. After a couple of days and some testing, the fix is retrofitted into the -supported OpenPKG-STABLE branch(es). +supported OpenPKG-STABLE and OpenPKG-SOLID branch(es). p Security Advisories are sent out by the OpenPKG project to a @@ -149,7 +147,7 @@ p This is the preferred tool for working with OpenPGP. We recommend you to install it by using the OpenPKG a -href=ftp://ftp.openpkg.org/release/1.1/SRC/gnupg-1.0.7-1.1.0.src.rpm; +href=ftp://ftp.openpkg.org/release/1.3/SRC/gnupg-1.2.2-1.3.0.src.rpm; gnupg/a package. Alternatively you can fetch it from its official homepage a href=http://www.gnupg.org/;http://www.gnupg.org//a and build/install @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[OpenPKG #232] use rcService for checking enable, usable and active only
Request 232 was acted upon. This is an automatically generated message. URL: https://rt.openpkg.org/id/232 Ticket: [OpenPKG #232] Subject: use rcService for checking enable, usable and active only Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: thl Status: resolved Transaction: Status changed from open to resolved by thl Time: Thu Aug 07 10:56:46 2003 _ According to our records, your request has been resolved. If you have any further questions or concerns, please just respond to this message. __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[OpenPKG #229] OpenPKG v1.3 00INDEX.rdf.bz2 broken [comment]
Request 229 was acted upon. This is a comment. It is not sent to the Requestor(s). _ URL: https://rt.openpkg.org/id/229 Ticket: [OpenPKG #229] Subject: OpenPKG v1.3 00INDEX.rdf.bz2 broken Requestors: Queue: openpkg Owner: thl Status: resolved Transaction: Comments added by thl Time: Wed Aug 06 09:40:45 2003 _ Yes, the ftp://ftp.openpkg.org/release/1.3/SRC/00INDEX.rdf.bz2 and ftp://ftp.openpkg.org/release/1.3/SRC/PLUS/00INDEX.rdf.bz2 were broken in the original release. As a consequence, the ftp://ftp.openpkg.org/release/1.3/ISO/OpenPKG-1.3-RELEASE-SRC.iso with md5 46e178c8311dc6b57512ce8928cc3252 was broken, too. The binary indexes and ISO images were correct. The source indexes and ISO image were corrected, ISO now has md5 90dd20af30d9acde02e2b27b1df42f13 Thanks for reporting. -- Thomas Lotterer OpenPKG Developer [EMAIL PROTECTED]
[OpenPKG #216] Test as guest from web interface
Request 216 was acted upon. _ URL: https://rt.openpkg.org/id/216 Ticket: [OpenPKG #216] Subject: Test as guest from web interface Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: thl Status: open Transaction: Correspondence added by thl Time: Tue Aug 05 09:39:05 2003 Removed New Ticket option from RT guest menu. Updated http://www.openpkg.org/support.html -- Thomas Lotterer OpenPKG Developer [EMAIL PROTECTED]
[OpenPKG #231] Correct rc.files with globbed log file in %daily section
Request 231 was acted upon. _ URL: https://rt.openpkg.org/id/231 Ticket: [OpenPKG #231] Subject: Correct rc.files with globbed log file in %daily section Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: ms Status: open Transaction: Correspondence added by thl Time: Thu Aug 07 09:37:45 2003 [ms - Wed Aug 06 17:35:11 2003]: Some rc files have %daily sections which rotate more than one log file. Some packages offer fine grained rotation by using separate minimum, maximum, compression, and other variables for each log file. Other packages just glob all log files in the directory and rotate them all according to a common set of variables. Probably the first approach is correct, but also more error prone and time consuming. In any case, there should only be one approach across OpenPKG daemon packages. Ah, i need to enhance the rc template then, the recent commit to imapd seems to be a good reference for me. -- Thomas Lotterer OpenPKG Developer [EMAIL PROTECTED] __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/ facts.wml
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 07-Aug-2003 16:17:18 Branch: HEAD Handle: 2003080715171800 Modified files: openpkg-web facts.wml Log: update, correct and spell check facts Summary: RevisionChanges Path 1.9 +24 -22 openpkg-web/facts.wml patch -p0 '@@ .' Index: openpkg-web/facts.wml $ cvs diff -u -r1.8 -r1.9 facts.wml --- openpkg-web/facts.wml 2 Apr 2003 10:04:35 - 1.8 +++ openpkg-web/facts.wml 7 Aug 2003 14:17:18 - 1.9 @@ -41,9 +41,9 @@ p libCross platform/b br -OpenPKG supports FreeBSD, Linux and Solaris, it runs on Intel and Sparc -CPUs. On any system the behaviour of OpenPKG is the same so engineers -using it will see a unified environment accross these platforms. This +OpenPKG supports FreeBSD, Linux and Solaris, it runs on Intel, Sparc and Alpha +CPUs. On any system the behavior of OpenPKG is the same so engineers +using it will see a unified environment across these platforms. This significantly reduces the complexities normally resulting from dissimilar systems. Have your engineers do application configuration rather than wasting time finding the differences between systems. @@ -67,13 +67,13 @@ Officially released OpenPKG packages are digitally signed. Verification of that sign makes any tampering on packages evident. Successful verification assures that any package you grabbed came from a trusted source and -includes the content you expect without any damage or suprises inside. +includes the content you expect without any damage or surprises inside. p libPackage integrity verification/b br Files from already installed packages can be compared against the original package's content. Check system integrity any time you like. Ensure your -last filesystem check did not damage your executeables. +last filesystem check did not damage any executable. p libSelf contained Packages/b br @@ -95,33 +95,35 @@ prefix this was our internal design decision. OpenPKG does not enforce this prefix. It can be configured when bootstrapping. If you choose a different path you must build your binaries yourself which is just a -matter of CPU horsepower provided you have the source RPMs. +matter of CPU horsepower and source RPM download speed. p libMultiple instances/b br Isolating multiple installations and creating virtual servers is a snap. Just bootstrap OpenPKG to more than one location. We already got all the -tweaks and quirks out of many packages. Assume network daemons will +tweaks and quirks out of the packages. Assume network daemons will properly listen to configured not wildcard addresses and applications log to their own not to the common system ivar/i area. p libMinimal OS intrusion/b br -OpenPKG tries to not touch the operating system at all. Only very few -adjustments are being done related to system startup and shutdown (rc) and -periodic execution of commands (cron) +OpenPKG tries to not touch the operating system at all. Only very +few adjustments are being done related to user/group accounts, +system startup and shutdown (rc) and periodic execution of commands +(cron). p libUseful preconfiguration/b br -Package installations yield useful preconfigurations which allow immediate -exploration or usage of an application. +Package installations yield useful preconfigurations which allow +immediate exploration or usage of an application while avoiding +unnecessary security threats. p libUninstallable packages/b br A OpenPKG package can be removed entirely from the system. Every static -content is removed automtically while variable data like confiuration and -logs survive deinstallation. They can be the base of an upgrade or can be -removed. Locating them is easy due to the clean filesystem structure that +content is removed automatically while variable user data like configuration and +databases survive deinstallation. +Locating user data is easy due to the clean filesystem structure that OpenPKG enforces. p libPowerful queries/b @@ -129,14 +131,14 @@ RPM already provides powerful query mechanisms allowing insight view
[CVS] OpenPKG: openpkg-src/ntp/ rc.ntp
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 11-Aug-2003 23:40:00 Branch: HEAD Handle: 200308112240 Modified files: openpkg-src/ntp rc.ntp Log: move sleep into ntp_once function; right side of comparison does not need quotes; low priority for ntpdate via cron Summary: RevisionChanges Path 1.25+12 -11 openpkg-src/ntp/rc.ntp patch -p0 '@@ .' Index: openpkg-src/ntp/rc.ntp $ cvs diff -u -r1.24 -r1.25 rc.ntp --- openpkg-src/ntp/rc.ntp11 Aug 2003 18:27:47 - 1.24 +++ openpkg-src/ntp/rc.ntp11 Aug 2003 21:40:00 - 1.25 @@ -18,6 +18,7 @@ [ -f $ntp_pidfile ] kill -$1 `cat $ntp_pidfile` } ntp_once () { +[ .$1 != . ] sleep $1 @l_prefix@/bin/ntpdate \ `grep ^server @l_prefix@/etc/ntp/ntp.conf |\ awk '{ printf( %s, $2); }'` || true @@ -51,7 +52,7 @@ esac # run the NTP daemon for continued synchronization -if [ .$ntp_mode = .daemon ]; then +if [ .$ntp_mode = .daemon ]; then @l_prefix@/bin/ntpd \ -p @l_prefix@/var/ntp/ntpd.pid \ -f @l_prefix@/var/ntp/ntpd.drift \ @@ -69,17 +70,17 @@ rcService ntp active no exit 0 rc ntp stop start -%quarterly -u @l_susr@ +%quarterly -p 800 -u @l_susr@ rcService ntp enable yes || exit 0 -[ .$ntp_mode = .quarterly ] sleep 30 ntp_once +[ .$ntp_mode = .quarterly ] ntp_once 30 -%hourly -u @l_susr@ +%hourly -p 800 -u @l_susr@ rcService ntp enable yes || exit 0 -[ .$ntp_mode = .hourly ] sleep 30 ntp_once +[ .$ntp_mode = .hourly ] ntp_once 30 -%daily -u @l_susr@ +%daily -p 800 -u @l_susr@ rcService ntp enable yes || exit 0 -[ .$ntp_mode = .daily ] sleep 30 ntp_once +[ .$ntp_mode = .daily ] ntp_once 30 # rotate logfile shtool rotate -f \ @@ -89,11 +90,11 @@ -E ${ntp_log_epilog} rc ntp restart \ @l_prefix@/var/ntp/ntp.log -%weekly -u @l_susr@ +%weekly -p 800 -u @l_susr@ rcService ntp enable yes || exit 0 -[ .$ntp_mode = .weekly ] sleep 30 ntp_once +[ .$ntp_mode = .weekly ] ntp_once 30 -%monthly -u @l_susr@ +%monthly -p 800 -u @l_susr@ rcService ntp enable yes || exit 0 -[ .$ntp_mode = .monthly ] sleep 30 ntp_once +[ .$ntp_mode = .monthly ] ntp_once 30 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[OpenPKG #226] OpenPKG 1.3 environment bug in rc script
Request 226 was acted upon. _ URL: https://rt.openpkg.org/id/226 Ticket: [OpenPKG #226] Subject: OpenPKG 1.3 environment bug in rc script Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: Nobody Status: new Transaction: Ticket created by thl Time: Tue Aug 05 09:01:48 2003 _ - Forwarded message from Bill Campbell [EMAIL PROTECTED] - Date: Mon, 4 Aug 2003 23:48:27 -0700 From: Bill Campbell [EMAIL PROTECTED] Subject: OpenPKG 1.3 environment bug in rc script To: [EMAIL PROTECTED] I found what seems to be a bug in the %{l_prefix}/etc/rc script in openpkg-1.3.0-1.3.0 that silently ignores any environment variables set in packages %env sections that contain anything but upper case [A-Z] (e.g. minor things like LD_LIBRARY_PATH :-). The attached patch to the rc file accepts anything starting with [A-Z] followed by anything. Bill - End forwarded message - Thanks a lot, Bill, good catch. We wanted to filter variables with upper case characters only and get rid of (usually temporary) variables with lower case characters but we forgot the underscore. The official fix is http://cvs.openpkg.org/chngview?cn=11479 and we consider merging this into an updated openpkg-1.3.1 later. -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless
[CVS] OpenPKG: openpkg-src/rsync/ rc.rsync rsync.spec openpkg-web/ new...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 07-Aug-2003 10:51:06 Branch: HEAD Handle: 2003080709510401 Modified files: openpkg-src/rsync rc.rsync rsync.spec openpkg-web news.txt Log: use rcService for checking enable, usable and active only; fix PR#232 Summary: RevisionChanges Path 1.20+4 -4 openpkg-src/rsync/rc.rsync 1.52+1 -1 openpkg-src/rsync/rsync.spec 1.6068 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/rsync/rc.rsync $ cvs diff -u -r1.19 -r1.20 rc.rsync --- openpkg-src/rsync/rc.rsync29 Jul 2003 14:21:02 - 1.19 +++ openpkg-src/rsync/rc.rsync7 Aug 2003 08:51:05 - 1.20 @@ -36,7 +36,7 @@ %start -u @l_susr@ rcService rsync enable yes || exit 0 rcService rsync active yes exit 0 -rcService rsync daemon yes || exit 0 +rcVarIsYes rsync_daemon || exit 0 flags=$rsync_flags echo $flags | grep -- --address /dev/null if [ $? -ne 0 -a .$rsync_bind != . ]; then @@ -53,19 +53,19 @@ %stop -u @l_susr@ rcService rsync enable yes || exit 0 rcService rsync active no exit 0 -rcService rsync daemon yes || exit 0 +rcVarIsYes rsync_daemon || exit 0 rsync_signal TERM sleep 2 %restart -u @l_susr@ rcService rsync enable yes || exit 0 rcService rsync active no exit 0 -rcService rsync daemon yes || exit 0 +rcVarIsYes rsync_daemon || exit 0 rc rsync stop start %daily -u @l_susr@ rcService rsync enable yes || exit 0 -rcService rsync daemon yes || exit 0 +rcVarIsYes rsync_daemon || exit 0 # rotate logfile shtool rotate -f \ @@ . patch -p0 '@@ .' Index: openpkg-src/rsync/rsync.spec $ cvs diff -u -r1.51 -r1.52 rsync.spec --- openpkg-src/rsync/rsync.spec 29 Jul 2003 14:21:02 - 1.51 +++ openpkg-src/rsync/rsync.spec 7 Aug 2003 08:51:05 - 1.52 @@ -33,7 +33,7 @@ Group:Filesystem License: GPL Version: 2.5.6 -Release: 20030729 +Release: 20030807 # list of sources Source0: http://rsync.samba.org/ftp/rsync/rsync-%{version}.tar.gz @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6067 -r1.6068 news.txt --- openpkg-web/news.txt 7 Aug 2003 08:50:52 - 1.6067 +++ openpkg-web/news.txt 7 Aug 2003 08:51:04 - 1.6068 @@ -1,3 +1,4 @@ +07-Aug-2003: Upgraded package: Prsync-2.5.6-20030807 07-Aug-2003: Upgraded package: Pntp-4.1.2-20030807 07-Aug-2003: Upgraded package: Puvscan-4.1.6.4283-20030807 07-Aug-2003: Upgraded package: Pgrepmail-5.10-20030807 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/ security.txt security.wml openpkg-web/secu...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 06-Aug-2003 15:07:51 Branch: HEAD Handle: 2003080614075000 Added files: openpkg-web/securityOpenPKG-SA-2003.035-openssh.txt Modified files: openpkg-web security.txt security.wml Log: OpenPKG-SA-2003.035-openssh; CAN-2003-0190 Summary: RevisionChanges Path 1.41+1 -0 openpkg-web/security.txt 1.59+1 -0 openpkg-web/security.wml 1.1 +80 -0 openpkg-web/security/OpenPKG-SA-2003.035-openssh.txt patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.40 -r1.41 security.txt --- openpkg-web/security.txt 10 Jul 2003 14:22:48 - 1.40 +++ openpkg-web/security.txt 6 Aug 2003 13:07:50 - 1.41 @@ -1,3 +1,4 @@ +06-Aug-2003: Security Advisory: SOpenPKG-SA-2003.035-openssh 10-Jul-2003: Security Advisory: SOpenPKG-SA-2003.034-imagemagick 10-Jul-2003: Security Advisory: SOpenPKG-SA-2003.033-infozip 07-Jul-2003: Security Advisory: SOpenPKG-SA-2003.032-php @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.58 -r1.59 security.wml --- openpkg-web/security.wml 5 Aug 2003 08:47:06 - 1.58 +++ openpkg-web/security.wml 6 Aug 2003 13:07:50 - 1.59 @@ -76,6 +76,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2003.035 openssh sa 2003.034 imagemagick sa 2003.033 infozip sa 2003.032 php @@ . patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2003.035-openssh.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2003.035-openssh.txt --- /dev/null 2003-08-06 15:07:51.0 +0200 +++ OpenPKG-SA-2003.035-openssh.txt 2003-08-06 15:07:51.0 +0200 @@ -0,0 +1,80 @@ + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2003.035 06-Aug-2003 + + +Package: openssh +Vulnerability: information leakage +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT = openssh-3.6.1p1-20030423 = openssh-3.6.1p2-20030429 +OpenPKG 1.3 N/A +OpenPKG 1.2 = openssh-3.5p1-1.2.1 = openssh-3.5p1-1.2.2 + +Description: + According to a Mediaservice.net security advisory [0], a information + leakage exists in OpenSSH [1] 3.6.1p1 and earlier with PAM support + enabled. When a user does not exist, an error message is send + immediately which allows remote attackers to determine valid usernames + via a timing attack. OpenPKG installations are only affected when the + package was build '--with_pam yes', which is not the default. We could + only reproduce the problem on Linux. It seems FreeBSD and Solaris are + not vulnerable, the patch does not affect their behaviour. However, + the problem is related to the PAM configuration, not the operating + system. Using a non-default configuration might leak information on + other operating systems, too. On Linux systems, a valid workaround is + to add a nodelay option to the pam_unix.so auth. + + The Common Vulnerabilities and Exposures (CVE) project assigned the id + CAN-2003-0190 [2] to the problem. + + Please check whether you are affected by running prefix/bin/rpm -q + openssh. If you have the openssh package installed and its version + is affected (see above), we recommend that you immediately upgrade it + (see Solution). + +Solution: + Select the updated source RPM appropriate for your OpenPKG release + [5], fetch it from the OpenPKG FTP service [6] or a mirror location, + verify its integrity [7], build a corresponding binary RPM from it [3] + and update your OpenPKG installation by applying the binary RPM [4]. + For the current release OpenPKG 1.2, perform the following operations + to permanently fix the security problem (for other releases adjust + accordingly). + + $ ftp
[CVS] OpenPKG: OPENPKG_1_2_SOLID: openpkg-src/perl-www/ perl-www.patch...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 06-Aug-2003 17:10:11 Branch: OPENPKG_1_2_SOLID HEAD Handle: 2003080616100901 Added files: (Branch: OPENPKG_1_2_SOLID) openpkg-src/perl-wwwperl-www.patch Modified files: openpkg-web news.txt Modified files: (Branch: OPENPKG_1_2_SOLID) openpkg-src/perl-wwwperl-www.spec Log: OpenPKG-SA-2003.036-perl-www; CAN-2003-0615 Summary: RevisionChanges Path 1.1.4.1 +24 -0 openpkg-src/perl-www/perl-www.patch 1.45.2.1.2.3+4 -2 openpkg-src/perl-www/perl-www.spec 1.6058 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/perl-www/perl-www.patch $ cvs diff -u -r0 -r1.1.4.1 perl-www.patch --- /dev/null 2003-08-06 17:10:10.0 +0200 +++ perl-www.patch2003-08-06 17:10:11.0 +0200 @@ -0,0 +1,24 @@ +http://stein.cshl.org/WWW/software/CGI/ +under Revision History find Fixed cross-site scripting bug +reported by obscure note attached to Version 2.94. A quick fix was +introduced in 2.94. It was replaced by a more careful patch in 2.99. + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615 +Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm +allows remote attackers to insert web script via a URL that is fed +into the form's action parameter + +--- CGI.pm-2.89/CGI.pm.orig Wed Oct 16 19:48:37 2002 CGI.pm-2.89/CGI.pm Wed Aug 6 16:22:26 2003 +@@ -1553,9 +1553,10 @@ + unless (defined $action) { +$action = $self-url(-absolute=1,-path=1); +if (length($ENV{QUERY_STRING})0) { +- $action .= ?$ENV{QUERY_STRING}; ++ $action .= ?.$self-escapeHTML($ENV{QUERY_STRING},1); +} + } ++$action = escape($action); + $action = qq(action=$action); + my($other) = @other ? @other : ''; + $self-{'.parametersToAdd'}={}; @@ . patch -p0 '@@ .' Index: openpkg-src/perl-www/perl-www.spec $ cvs diff -u -r1.45.2.1.2.2 -r1.45.2.1.2.3 perl-www.spec --- openpkg-src/perl-www/perl-www.spec18 Jan 2003 18:38:30 - 1.45.2.1.2.2 +++ openpkg-src/perl-www/perl-www.spec6 Aug 2003 15:10:10 - 1.45.2.1.2.3 @@ -44,8 +44,8 @@ Distribution: OpenPKG [BASE] Group:Language License: GPL/Artistic -Version: 1.2.0 -Release: 1.2.0 +Version: 1.2.1 +Release: 1.2.1 # list of sources Source0: http://www.cpan.org/modules/by-module/URI/URI-%{V_uri}.tar.gz @@ -58,6 +58,7 @@ Source7: http://www.cpan.org/modules/by-module/CGI/CGI-Safe-%{V_cgi_safe}.tar.gz Source8: http://www.cpan.org/modules/by-module/CGI/CGI-Session-%{V_cgi_session}.tar.gz Source9: http://www.cpan.org/modules/by-module/FCGI/FCGI-%{V_fcgi}.tar.gz +Patch0: perl-www.patch # build information Prefix: %{l_prefix} @@ -91,6 +92,7 @@ %setup7 -q -T -D -a 7 %setup8 -q -T -D -a 8 %setup9 -q -T -D -a 9 +%patch0 -p0 %build @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6057 -r1.6058 news.txt --- openpkg-web/news.txt 6 Aug 2003 15:07:12 - 1.6057 +++ openpkg-web/news.txt 6 Aug 2003 15:10:09 - 1.6058 @@ -1,3 +1,4 @@ +06-Aug-2003: Upgraded package: Pperl-www-1.2.1-1.2.1 06-Aug-2003: Upgraded package: Pperl-www-1.3.1-1.3.1 06-Aug-2003: Upgraded package: Pproftpd-1.2.9rc1-20030806 06-Aug-2003: Upgraded package: Pxaw3d-1.5-20030806 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[OpenPKG #232] use rcService for checking enable, usable and active only
RT-Message-Type: correspondence RT-Attach-Message: yes Request 232 was acted upon. _ URL: https://rt.openpkg.org/id/232 Ticket: [OpenPKG #232] Subject: use rcService for checking enable, usable and active only Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: thl Status: open Transaction: Correspondence added by thl Time: Thu Aug 07 10:56:45 2003 Quarried out from PR#230. Usage of rcService for comparing variables other than the three enabled, active and usable from %scope. Although it works, this is not the intended use of rcService according to the rc man page. Package affected: ntp, rsync fixed, see http://cvs.openpkg.org/chngview?cn=11547 Candidate for rclint.pl done, see http://cvs.openpkg.org/chngview?cn=11548 -- Thomas Lotterer OpenPKG Developer [EMAIL PROTECTED] __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[OpenPKG #232]
Request 232 was acted upon. _ URL: https://rt.openpkg.org/id/232 Ticket: [OpenPKG #232] Subject: Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: thl Status: open Transaction: Ticket created by thl Time: Thu Aug 07 09:45:27 2003 _ Quarried out from PR#230. Usage of rcService for comparing variables other than the three enabled, active and usable from %scope. Although it works, this is not the intended use of rcService accrding to the rc man page. Package affected: ntp, rsync Candidate for rclint.pl -- Thomas Lotterer OpenPKG Developer [EMAIL PROTECTED] __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/ security.txt security.wml openpkg-web/secu...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 06-Aug-2003 17:26:43 Branch: HEAD Handle: 2003080616264201 Added files: openpkg-web/securityOpenPKG-SA-2003.036-perl-www.txt Modified files: openpkg-web security.txt security.wml openpkg-web/securitypage.pl Log: OpenPKG-SA-2003.036-perl-www; CAN-2003-0615 Summary: RevisionChanges Path 1.42+1 -0 openpkg-web/security.txt 1.60+1 -0 openpkg-web/security.wml 1.1 +75 -0 openpkg-web/security/OpenPKG-SA-2003.036-perl-www.txt 1.21+1 -1 openpkg-web/security/page.pl patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.41 -r1.42 security.txt --- openpkg-web/security.txt 6 Aug 2003 13:07:50 - 1.41 +++ openpkg-web/security.txt 6 Aug 2003 15:26:42 - 1.42 @@ -1,3 +1,4 @@ +06-Aug-2003: Security Advisory: SOpenPKG-SA-2003.036-perl-www 06-Aug-2003: Security Advisory: SOpenPKG-SA-2003.035-openssh 10-Jul-2003: Security Advisory: SOpenPKG-SA-2003.034-imagemagick 10-Jul-2003: Security Advisory: SOpenPKG-SA-2003.033-infozip @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.59 -r1.60 security.wml --- openpkg-web/security.wml 6 Aug 2003 13:07:50 - 1.59 +++ openpkg-web/security.wml 6 Aug 2003 15:26:42 - 1.60 @@ -76,6 +76,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2003.036 perl-www sa 2003.035 openssh sa 2003.034 imagemagick sa 2003.033 infozip @@ . patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2003.036-perl-www.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2003.036-perl-www.txt --- /dev/null 2003-08-06 17:26:43.0 +0200 +++ OpenPKG-SA-2003.036-perl-www.txt 2003-08-06 17:26:43.0 +0200 @@ -0,0 +1,75 @@ + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2003.perl-www 06-Aug-2003 + + +Package: perl-www +Vulnerability: CGI.pm cross site scripting +OpenPKG Specific:no + +Affected Releases: Affected Packages:Corrected Packages: +OpenPKG CURRENT = perl-www-20030726-20030726 = perl-www-20030802-20030802 +OpenPKG 1.3 = perl-www-1.3.0-1.3.0 = perl-www-1.3.1-1.3.1 +OpenPKG 1.2 = perl-www-1.2.0-1.2.0 = perl-www-1.2.1-1.2.1 + +Dependent Packages: none + +Description: + According to a security advisory [0] from [EMAIL PROTECTED] a + cross site scripting vulnerability exists in the start_form() function + in CGI.pm [1]. The Common Vulnerabilities and Exposures (CVE) project + assigned the id CAN-2003-0615 [2] to the problem. + + Note that beginning with perl-www-20030609-20030609 and + perl-www-1.3.0-1.3.0 a preliminary patch was already included which + fixes the specific issue discussed in the original SA. The corrected + packages include a more generalized patch. + + Please check whether you are affected by running prefix/bin/rpm + -q perl-www. If you have the perl-www package installed and its + version is affected (see above), we recommend that you immediately + upgrade it (see Solution). + +Solution: + Select the updated source RPM appropriate for your OpenPKG release + [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror + location, verify its integrity [9], build a corresponding binary RPM + from it [3] and update your OpenPKG installation by applying the + binary RPM [4]. For the current release OpenPKG 1.2, perform the + following operations to permanently fix the security problem (for + other releases adjust accordingly). + + $ ftp ftp.openpkg.org + ftp bin + ftp cd release/1.3/UPD + ftp get perl-www-1.3.1-1.3.1.src.rpm + ftp bye + $ prefix/bin/rpm -v --checksig perl-www-1.3.1-1.3.1.src.rpm + $ prefix/bin/rpm --rebuild perl-www-1.3.1-1.3.1.src.rpm
[OpenPKG #229] OpenPKG v1.3 00INDEX.rdf.bz2 broken (Was: Re: OpenPKG 1.3 -- where is openpkg-tool?)
Request 229 was acted upon. _ URL: https://rt.openpkg.org/id/229 Ticket: [OpenPKG #229] Subject: OpenPKG v1.3 00INDEX.rdf.bz2 broken (Was: Re: OpenPKG 1.3 -- where is openpkg-tool?) Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: Nobody Status: new Transaction: Ticket created by thl Time: Wed Aug 06 09:30:10 2003 _ - Forwarded message from Christoph Schug [EMAIL PROTECTED] - Date: Wed, 6 Aug 2003 08:45:49 +0200 From: Christoph Schug [EMAIL PROTECTED] Subject: Re: OpenPKG 1.3 -- where is openpkg-tool? To: [EMAIL PROTECTED] On Wed, Aug 06, 2003, Ralf S. Engelschall wrote: [...] at least ftp://ftp.openpkg.org/release/1.3/SRC/00INDEX.rdf.bz2 is currently broken. Following packages are missing any descriptions ... $ curl -s ftp://ftp.openpkg.org/release/1.3/SRC/00INDEX.rdf.bz2 |\ bzip2 -dc | fgrep 'about=--' rdf:Description about=-- href=par-1.52-1.3.0.src.rpm rdf:Description about=-- href=pcre-4.3-1.3.0.src.rpm rdf:Description about=-- href=perl-comp-1.3.0-1.3.0.src.rpm rdf:Description about=-- href=perl-curses-1.3.0-1.3.0.src.rpm rdf:Description about=-- href=perl-dbi-1.3.0-1.3.0.src.rpm rdf:Description about=-- href=perl-dbix-1.3.0-1.3.0.src.rpm rdf:Description about=-- href=perl-gd-1.3.0-1.3.0.src.rpm rdf:Description about=-- href=perl-mail-1.3.0-1.3.0.src.rpm rdf:Description about=-- href=perl-sys-1.3.0-1.3.0.src.rpm rdf:Description about=-- href=perl-text-1.3.0-1.3.0.src.rpm rdf:Description about=-- href=perl-xml-1.3.0-1.3.0.src.rpm - End forwarded message - -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless
[OpenPKG #216] Test as guest from web interface
Request 216 was acted upon. This is an automatically generated message. URL: https://rt.openpkg.org/id/216 Ticket: [OpenPKG #216] Subject: Test as guest from web interface Requestors: Queue: openpkg Owner: thl Status: resolved Transaction: Status changed from open to resolved by thl Time: Tue Aug 05 09:41:03 2003 _ According to our records, your request has been resolved. If you have any further questions or concerns, please just respond to this message.
[CVS] OpenPKG: OPENPKG_1_2_SOLID: openpkg-src/openssh/ openssh.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 06-Aug-2003 14:59:53 Branch: OPENPKG_1_2_SOLIDHandle: 2003080613595300 Modified files: (Branch: OPENPKG_1_2_SOLID) openpkg-src/openssh openssh.spec Log: MFC: CI#9550, CI#10855=PR#160, CI#10855 Summary: RevisionChanges Path 1.70.2.1.2.3+14 -3 openpkg-src/openssh/openssh.spec patch -p0 '@@ .' Index: openpkg-src/openssh/openssh.spec $ cvs diff -u -r1.70.2.1.2.2 -r1.70.2.1.2.3 openssh.spec --- openpkg-src/openssh/openssh.spec 19 Feb 2003 16:20:50 - 1.70.2.1.2.2 +++ openpkg-src/openssh/openssh.spec 6 Aug 2003 12:59:53 - 1.70.2.1.2.3 @@ -101,6 +101,13 @@ %{l_patch} -p1 %{SOURCE osshChroot-%{V_chroot}.diff} %endif +# enforce openssh and the PAM identification string +%if %{with_pam} == yes +%{l_shtool} subst \ +-e 's;\(define *SSHD_PAM_SERVICE\).*;\1 openssh;' \ +auth-pam.h +%endif + # prevent in advance make install from running sshd %{l_shtool} subst \ -e 's;^\(install:.*\)check-config\(.*\)$;\1 \2;' \ @@ -115,7 +122,7 @@ lib=$lib -L`%{l_prefix}/etc/rc --query pam_libdir` %endif CC=%{l_cc} \ -CFLAGS=%{l_cflags -O} `%{l_prefix}/bin/fsl-config --all --cflags` $inc \ +CFLAGS=%{l_cflags -O} $inc \ LDFLAGS=%{l_ldflags} `%{l_prefix}/bin/fsl-config --all --ldflags` $lib \ LIBS=`%{l_prefix}/bin/fsl-config --all --libs` \ ./configure \ @@ -250,12 +257,16 @@ # add PAM configuration entry %if %{with_pam} == yes -$RPM_INSTALL_PREFIX/sbin/pamtool --add --smart --name=openssh +if [ $1 -eq 1 ]; then +$RPM_INSTALL_PREFIX/sbin/pamtool --add --smart --name=openssh +fi %endif %preun # remove PAM configuration entry %if %{with_pam} == yes -$RPM_INSTALL_PREFIX/sbin/pamtool --remove --smart --name=openssh +if [ $1 -eq 0 ]; then +$RPM_INSTALL_PREFIX/sbin/pamtool --remove --smart --name=openssh +fi %endif @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[OpenPKG #230] Script rc.ntp is likely flawed in section %hourly [comment]
Request 230 was acted upon. This is a comment. It is not sent to the Requestor(s). _ URL: https://rt.openpkg.org/id/230 Ticket: [OpenPKG #230] Subject: Script rc.ntp is likely flawed in section %hourly Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: thl Status: open Transaction: Comments added by thl Time: Thu Aug 07 13:42:54 2003 _ On Thu, Aug 07, 2003, Thomas Lotterer wrote: once = run ntpdate once at startup daemon= launch ntpd monthly = cron weekly= cron daily = cron hourly= cron quarterly = cron All modes will run ntpdate once at startup (before the daemon is launched). The less frequent cron options will satisfy dialup users. done, see http://cvs.openpkg.org/chngview?cn=11552 Note: setting once allows explicit sync through every call to %start snippet, although %stop and %restart are useless and %status will never report active=yes in such case. It's kinda kick-it once ... __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[CVS] OpenPKG: OPENPKG_1_3_SOLID: openpkg-src/perl-www/ perl-www.patch...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 06-Aug-2003 17:07:14 Branch: OPENPKG_1_3_SOLID HEAD Handle: 2003080616071202 Modified files: openpkg-web news.txt Modified files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/perl-wwwperl-www.patch perl-www.spec Log: OpenPKG-SA-2003.036-perl-www; CAN-2003-0615 Summary: RevisionChanges Path 1.1.2.1.2.1 +26 -0 openpkg-src/perl-www/perl-www.patch 1.45.2.5.2.2+2 -2 openpkg-src/perl-www/perl-www.spec 1.6057 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/perl-www/perl-www.patch $ cvs diff -u -r1.1.2.1 -r1.1.2.1.2.1 perl-www.patch --- openpkg-src/perl-www/perl-www.patch 24 Jul 2003 20:44:56 - 1.1.2.1 +++ openpkg-src/perl-www/perl-www.patch 6 Aug 2003 15:07:14 - 1.1.2.1.2.1 @@ -1,3 +1,29 @@ +http://stein.cshl.org/WWW/software/CGI/ +under Revision History find Fixed cross-site scripting bug +reported by obscure note attached to Version 2.94. A quick fix was +introduced in 2.94. It was replaced by a more careful patch in 2.99. + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615 +Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm +allows remote attackers to insert web script via a URL that is fed +into the form's action parameter + +--- CGI.pm-2.98/CGI.pm.orig Wed Jun 18 21:57:21 2003 CGI.pm-2.98/CGI.pm Fri Aug 1 16:39:52 2003 +@@ -1641,10 +1641,10 @@ + unless (defined $action) { +$action = $self-url(-absolute=1,-path=1); +if (length($ENV{QUERY_STRING})0) { +- $action .= ?$ENV{QUERY_STRING}; ++ $action .= ?.$self-escapeHTML($ENV{QUERY_STRING},1); +} + } +-$action =~ s/\/%22/g; # fix cross-site scripting bug reported by obscure ++$action = escape($action); + $action = qq(action=$action); + my($other) = @other ? @other : ''; + $self-{'.parametersToAdd'}={}; + --- libwww-perl-5.69/lib/LWP/Protocol/ftp.pm.origFri Oct 26 22:13:20 2001 +++ libwww-perl-5.69/lib/LWP/Protocol/ftp.pm Mon May 26 11:09:01 2003 @@ -323,7 +323,13 @@ @@ . patch -p0 '@@ .' Index: openpkg-src/perl-www/perl-www.spec $ cvs diff -u -r1.45.2.5.2.1 -r1.45.2.5.2.2 perl-www.spec --- openpkg-src/perl-www/perl-www.spec29 Jul 2003 15:00:50 - 1.45.2.5.2.1 +++ openpkg-src/perl-www/perl-www.spec6 Aug 2003 15:07:14 - 1.45.2.5.2.2 @@ -48,8 +48,8 @@ Distribution: OpenPKG [BASE] Group:Language License: GPL/Artistic -Version: 1.3.0 -Release: 1.3.0 +Version: 1.3.1 +Release: 1.3.1 # list of sources Source0: http://www.cpan.org/modules/by-module/URI/URI-%{V_uri}.tar.gz @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6056 -r1.6057 news.txt --- openpkg-web/news.txt 6 Aug 2003 14:57:08 - 1.6056 +++ openpkg-web/news.txt 6 Aug 2003 15:07:12 - 1.6057 @@ -1,3 +1,4 @@ +06-Aug-2003: Upgraded package: Pperl-www-1.3.1-1.3.1 06-Aug-2003: Upgraded package: Pproftpd-1.2.9rc1-20030806 06-Aug-2003: Upgraded package: Pxaw3d-1.5-20030806 06-Aug-2003: Upgraded package: Popenssh-3.5p1-1.2.2 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/ rclint.pl
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-re Date: 07-Aug-2003 13:21:34 Branch: HEAD Handle: 2003080712213400 Modified files: openpkg-re rclint.pl Log: we have monthly, too Summary: RevisionChanges Path 1.17+1 -0 openpkg-re/rclint.pl patch -p0 '@@ .' Index: openpkg-re/rclint.pl $ cvs diff -u -r1.16 -r1.17 rclint.pl --- openpkg-re/rclint.pl 7 Aug 2003 08:51:09 - 1.16 +++ openpkg-re/rclint.pl 7 Aug 2003 11:21:34 - 1.17 @@ -324,6 +324,7 @@ (%hourly,)? (%daily,)? (%weekly,)? +(%monthly,)? (%env,)? }; @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-src/ntp/ rc.ntp
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 07-Aug-2003 13:35:48 Branch: HEAD Handle: 2003080712354800 Modified files: openpkg-src/ntp rc.ntp Log: fix PR#230 ntpd vs. cron semantics Summary: RevisionChanges Path 1.21+29 -21 openpkg-src/ntp/rc.ntp patch -p0 '@@ .' Index: openpkg-src/ntp/rc.ntp $ cvs diff -u -r1.20 -r1.21 rc.ntp --- openpkg-src/ntp/rc.ntp7 Aug 2003 08:50:53 - 1.20 +++ openpkg-src/ntp/rc.ntp7 Aug 2003 11:35:48 - 1.21 @@ -5,9 +5,7 @@ %config ntp_enable=$openpkg_rc_def -ntp_ostart=yes -ntp_daemon=yes -ntp_hourly=no +ntp_mode=daemon ntp_log_prolog=true ntp_log_epilog=true ntp_log_numfiles=10 @@ -19,12 +17,17 @@ ntp_signal () { [ -f $ntp_pidfile ] kill -$1 `cat $ntp_pidfile` } +ntp_once () { +@l_prefix@/bin/ntpdate \ +`grep ^server @l_prefix@/etc/ntp/ntp.conf |\ + awk '{ printf( %s, $2); }'` || true +} %status -u @l_susr@ -o ntp_usable=unknown ntp_active=no rcService ntp enable yes \ -rcVarIsYes ntp_daemon \ +[ .$ntp_mode = .daemon ] \ ntp_signal 0 ntp_active=yes echo ntp_enable=\$ntp_enable\ echo ntp_usable=\$ntp_usable\ @@ -36,15 +39,16 @@ # on startup, force synchronize local machine # because ntpd does not skip large time offsets -# the active short circuit above does not hurt -if rcVarIsYes ntp_ostart; then -@l_prefix@/bin/ntpdate \ -`grep ^server @l_prefix@/etc/ntp/ntp.conf |\ - awk '{ printf( %s, $2); }'` -fi +case $ntp_mode in +once | \ +daemon | \ +quarterly | hourly | daily | weekly | monthly ) +ntp_once +;; +esac # run the NTP daemon for continued synchronization -if rcVarIsYes ntp_daemon; then +if [ .$ntp_mode = .daemon ]; then \ @l_prefix@/bin/ntpd \ -p @l_prefix@/var/ntp/ntpd.pid \ -f @l_prefix@/var/ntp/ntpd.drift \ @@ -54,29 +58,25 @@ %stop -u @l_susr@ rcService ntp enable yes || exit 0 rcService ntp active no exit 0 -rcVarIsYes ntp_daemon || exit 0 ntp_signal TERM rm -f $ntp_pidfile 2/dev/null || true %restart -p 200 -u @l_susr@ rcService ntp enable yes || exit 0 rcService ntp active no exit 0 -rcVarIsYes ntp_daemon || exit 0 rc ntp stop start -%hourly -u @l_susr@ +%quarterly -u @l_susr@ rcService ntp enable yes || exit 0 -rcVarIsYes ntp_hourly || exit 0 +if [ .$ntp_mode = .quarterly ] ntp_once -# synchronize local machine every hour -# because ntpd does not skip large time offsets -# and to allow operation without daemon -@l_prefix@/bin/ntpdate \ -`grep ^server @l_prefix@/etc/ntp/ntp.conf |\ -awk '{ printf( %s, $2); }'` /dev/null +%hourly -u @l_susr@ +rcService ntp enable yes || exit 0 +if [ .$ntp_mode = .hourly ] ntp_once %daily -u @l_susr@ rcService ntp enable yes || exit 0 +if [ .$ntp_mode = .daily ] ntp_once # rotate logfile shtool rotate -f \ @@ -85,4 +85,12 @@ -P ${ntp_log_prolog} \ -E ${ntp_log_epilog} rc ntp restart \ @l_prefix@/var/ntp/ntp.log + +%weekly -u @l_susr@ +rcService ntp enable yes || exit 0 +if [ .$ntp_mode = .weekly ] ntp_once + +%monthly -u @l_susr@ +rcService ntp enable yes || exit 0 +if [ .$ntp_mode = .monthly ] ntp_once @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/ about.wml contrib.wml download.wml faq.wml...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 07-Aug-2003 16:46:10 Branch: HEAD Handle: 2003080715460900 Modified files: openpkg-web about.wml contrib.wml download.wml faq.wml index.wml news.wml releng.wml stat.wml support.wml tutorial.wml Log: spell checking and correcting Summary: RevisionChanges Path 1.21+1 -1 openpkg-web/about.wml 1.7 +2 -2 openpkg-web/contrib.wml 1.4 +1 -1 openpkg-web/download.wml 1.40+3 -3 openpkg-web/faq.wml 1.45+1 -1 openpkg-web/index.wml 1.7 +1 -1 openpkg-web/news.wml 1.10+1 -1 openpkg-web/releng.wml 1.2 +1 -1 openpkg-web/stat.wml 1.10+1 -1 openpkg-web/support.wml 1.21+3 -3 openpkg-web/tutorial.wml patch -p0 '@@ .' Index: openpkg-web/about.wml $ cvs diff -u -r1.20 -r1.21 about.wml --- openpkg-web/about.wml 17 Jul 2003 21:22:03 - 1.20 +++ openpkg-web/about.wml 7 Aug 2003 14:46:09 - 1.21 @@ -10,7 +10,7 @@ OpenPKG is a project of the a href=http://dev.de.cw.net/;Development Team/a from a href=http://www.cw.com/de/;Cable amp; Wireless/a's Internet Services division. The goal is -the creation and maintainance of portable and easy to install +the creation and maintenance of portable and easy to install software packages for use on the major Unix server platforms. Currently a href=http://www.sun.com/solaris/;Solaris/a, a href=http://www.linux.com/;Linux/a and a @@ . patch -p0 '@@ .' Index: openpkg-web/contrib.wml $ cvs diff -u -r1.6 -r1.7 contrib.wml --- openpkg-web/contrib.wml 8 Mar 2003 21:10:06 - 1.6 +++ openpkg-web/contrib.wml 7 Aug 2003 14:46:09 - 1.7 @@ -67,7 +67,7 @@ ttopenpkg-ui/tt, ttopenpkg-web/tt, ttrpm-doc/tt, and ttrpm-src/tt. Use this service for checking out many files from the OpenPKG CVS repository at once, especially if you want to make and -maintain local modifiations. +maintain local modifications. pre $ cvs -d :pserver:[EMAIL PROTECTED]:/e/openpkg/cvs login @@ -82,7 +82,7 @@ href=http://www.mozilla.org/;Mozilla/a or a href=http://w3m.sf.net/;W3M/a) under the address a href=http://cvs.openpkg.org/;http://cvs.openpkg.org//a. Use this -service for convinient interactive browsing the OpenPKG CVS repository, +service for convenient interactive browsing the OpenPKG CVS repository, for monitoring the OpenPKG CVS repository evolution in a chronological way, and for hyperlinking to sources and source changes in the CVS repository. @@ . patch -p0 '@@ .' Index: openpkg-web/download.wml $ cvs diff -u -r1.3 -r1.4 download.wml --- openpkg-web/download.wml 22 Jan 2003 13:12:54 - 1.3 +++ openpkg-web/download.wml 7 Aug 2003 14:46:09 - 1.4 @@ -58,7 +58,7 @@ p lia href=ftp://ftp.openpkg.org/release/1.2/ISO/;OpenPKG 1.2 ISO-9660 Images/abr These are ISO-9660 images of the OpenPKG 1.2 Updates, Source and Binary -distribution parts. They are provided for convinience reasons only. +distribution parts. They are provided for convenience reasons only. Use them if you need to carry OpenPKG 1.2 with you on CDROM. The whole release data is split into four CDROMs: a href=ftp://ftp.openpkg.org/release/1.2/ISO/OpenPKG-1.2-RELEASE-SRC.iso;Source/a, @@ . patch -p0 '@@ .' Index: openpkg-web/faq.wml $ cvs diff -u -r1.39 -r1.40 faq.wml --- openpkg-web/faq.wml 29 Jul 2003 18:52:12 - 1.39 +++ openpkg-web/faq.wml 7 Aug 2003 14:46:09 - 1.40 @@ -169,7 +169,7 @@ This has to be first skipped and later emulated with code%attr/code in code%files/code. p -liOpenPKG packages habe to be independent of the filesystem root +liOpenPKG packages have to be independent of the filesystem root directory of the OpenPKG instance. This means that all packages have to be configured, build and rolled for tt%{l_prefix}/tt. This mainly means that you are not allowed
[CVS] OpenPKG: openpkg-src/ntp/ ntp.spec rc.ntp openpkg-web/ news.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src openpkg-web Date: 07-Aug-2003 10:50:54 Branch: HEAD Handle: 2003080709505201 Modified files: openpkg-src/ntp ntp.spec rc.ntp openpkg-web news.txt Log: use rcService for checking enable, usable and active only; fix PR#232 Summary: RevisionChanges Path 1.51+1 -1 openpkg-src/ntp/ntp.spec 1.20+5 -5 openpkg-src/ntp/rc.ntp 1.6067 +1 -0 openpkg-web/news.txt patch -p0 '@@ .' Index: openpkg-src/ntp/ntp.spec $ cvs diff -u -r1.50 -r1.51 ntp.spec --- openpkg-src/ntp/ntp.spec 23 Jul 2003 13:32:07 - 1.50 +++ openpkg-src/ntp/ntp.spec 7 Aug 2003 08:50:53 - 1.51 @@ -33,7 +33,7 @@ Group:Network License: BSD-style Version: 4.1.2 -Release: 20030723 +Release: 20030807 # package options %option with_fsl yes @@ . patch -p0 '@@ .' Index: openpkg-src/ntp/rc.ntp $ cvs diff -u -r1.19 -r1.20 rc.ntp --- openpkg-src/ntp/rc.ntp22 Jul 2003 09:21:22 - 1.19 +++ openpkg-src/ntp/rc.ntp7 Aug 2003 08:50:53 - 1.20 @@ -37,14 +37,14 @@ # on startup, force synchronize local machine # because ntpd does not skip large time offsets # the active short circuit above does not hurt -if rcService ntp ostart yes; then +if rcVarIsYes ntp_ostart; then @l_prefix@/bin/ntpdate \ `grep ^server @l_prefix@/etc/ntp/ntp.conf |\ awk '{ printf( %s, $2); }'` fi # run the NTP daemon for continued synchronization -if rcService ntp daemon yes; then +if rcVarIsYes ntp_daemon; then @l_prefix@/bin/ntpd \ -p @l_prefix@/var/ntp/ntpd.pid \ -f @l_prefix@/var/ntp/ntpd.drift \ @@ -54,19 +54,19 @@ %stop -u @l_susr@ rcService ntp enable yes || exit 0 rcService ntp active no exit 0 -rcService ntp daemon yes || exit 0 +rcVarIsYes ntp_daemon || exit 0 ntp_signal TERM rm -f $ntp_pidfile 2/dev/null || true %restart -p 200 -u @l_susr@ rcService ntp enable yes || exit 0 rcService ntp active no exit 0 -rcService ntp daemon yes || exit 0 +rcVarIsYes ntp_daemon || exit 0 rc ntp stop start %hourly -u @l_susr@ rcService ntp enable yes || exit 0 -rcService ntp hourly yes || exit 0 +rcVarIsYes ntp_hourly || exit 0 # synchronize local machine every hour # because ntpd does not skip large time offsets @@ . patch -p0 '@@ .' Index: openpkg-web/news.txt $ cvs diff -u -r1.6066 -r1.6067 news.txt --- openpkg-web/news.txt 7 Aug 2003 08:42:42 - 1.6066 +++ openpkg-web/news.txt 7 Aug 2003 08:50:52 - 1.6067 @@ -1,3 +1,4 @@ +07-Aug-2003: Upgraded package: Pntp-4.1.2-20030807 07-Aug-2003: Upgraded package: Puvscan-4.1.6.4283-20030807 07-Aug-2003: Upgraded package: Pgrepmail-5.10-20030807 06-Aug-2003: Upgraded package: Pgcc34-3.4s20030806-20030806 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/ tutorial.wml
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 04-Aug-2003 09:32:37 Branch: HEAD Handle: 2003080408323600 Modified files: openpkg-web tutorial.wml Log: more infos about both tables; improve download URL Summary: RevisionChanges Path 1.20+26 -3 openpkg-web/tutorial.wml patch -p0 '@@ .' Index: openpkg-web/tutorial.wml $ cvs diff -u -r1.19 -r1.20 tutorial.wml --- openpkg-web/tutorial.wml 1 Aug 2003 20:08:18 - 1.19 +++ openpkg-web/tutorial.wml 4 Aug 2003 07:32:36 - 1.20 @@ -21,8 +21,14 @@ h3Platform/h3 The less you know about OpenPKG the more important is that you are using -a supported primary or at least secondary [*] platform which is any -of: +a supported primary or at least secondary [*] platform. +The following table uses a row for each supported platform and gives +three names for it in different columns. You will find that OpenPKG +software uses iarch-os/i to create filenames and the same ones are +used on the ftp download site. Humans and documentation use what is +shown below iplatform/i. To ensure that we really talk about the +same thing, enter the buname/b command in a shell and find the +output of the rightmost column. p box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table @@ -82,6 +88,23 @@ $ bexport TMPDIR/b /pre +h3Systemnbsp;tools/h3 +We assume a Unix system with minimal toolset for binaries. Sources +require development tools like ttmake/tt and tt[g]cc/tt as well. +There is no ultimate standard that tells what a minimal toolset is, so +we have to traverse some fog here. For regular installations with an +existing OpenPKG bootstrap, indicated by an executable +ttiprefix/i/bin/rpm/tt, there are nearly zero additional system +requirements. However, the bootstrap process needs a little help and +requires ttsh/tt, tttar/tt, ttftp/tt and ttuudecode/tt +(Attention: United Linux seems to have moved this into a optional +sharutils system package) in the ttPATH/tt. Also if you want to +install a compiler package from source, you need a vendor compiler +first. To tell OpenPKG about your favourite a +href=http://www.openpkg.org/faq.html#overriding-cflags;CFLAGS/a and +a href=http://www.openpkg.org/faq.html#overriding-cc;CC/a, see the +a href=http://www.openpkg.org/faq.html;FAQ/a. + h2Sourcenbsp;ornbsp;Binary/h2 While we strongly recommend you to use source packages whenever possible, the absence of development tools is the number one reason which enforces the @@ -216,7 +239,7 @@ ftpgt; bbin/b 200 Type set to I. ftpgt; bcd release/release/BIN/b -ftpgt; bget iplatform/i/openpkg-release.0-release.0.iarch/i-ios/i-cw.sh/b +ftpgt; bget iarch-os/i/openpkg-release.0-release.0.iarch/i-ios/i-cw.sh/b ftpgt; bbye/b 221 Goodbye. $ bsu/b @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/ security.wml
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 04-Aug-2003 11:12:56 Branch: HEAD Handle: 2003080410125600 Modified files: openpkg-web security.wml Log: complete --eval example; use new pgp.openpkg.org Summary: RevisionChanges Path 1.57+2 -2 openpkg-web/security.wml patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.56 -r1.57 security.wml --- openpkg-web/security.wml 10 Jul 2003 14:22:48 - 1.56 +++ openpkg-web/security.wml 4 Aug 2003 09:12:56 - 1.57 @@ -155,7 +155,7 @@ href=http://www.gnupg.org/;http://www.gnupg.org//a and build/install it manually. Then make sure the program ttgpg/tt is in your tt$PATH/tt. If you installed it via OpenPKG under iprefix/i -you can simply use ttiprefix/i/etc/rc openpkg env/tt for this. +you can simply use tteval `iprefix/i/etc/rc --eval openpkg env`/tt for this. p libImport the OpenPKG's OpenPGP public key/b p @@ -166,7 +166,7 @@ liDirectly from the master location (preferred):br tt$ lynx -source http://www.openpkg.org/openpkg.pgp | gpg --import/tt liFrom the keyserver of the PGP network:br - tt$ gpg --recv-keys --keyserver pgp.mit.edu 63C4CB9F/tt + tt$ gpg --recv-keys --keyserver pgp.openpkg.org 63C4CB9F/tt liFrom an existing OpenPKG hierarchy:br tt$ gpg --import iprefix/i/etc/openpkg/openpkg.pgp/tt /ul @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/ news.wml
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 04-Aug-2003 11:48:44 Branch: HEAD Handle: 2003080410484400 Modified files: openpkg-web news.wml Log: New in OpenPKG 1.3 Summary: RevisionChanges Path 1.6 +21 -0 openpkg-web/news.wml patch -p0 '@@ .' Index: openpkg-web/news.wml $ cvs diff -u -r1.5 -r1.6 news.wml --- openpkg-web/news.wml 22 Jan 2003 13:12:54 - 1.5 +++ openpkg-web/news.wml 4 Aug 2003 09:48:44 - 1.6 @@ -5,6 +5,27 @@ h1Latest News/h1 +h2New in OpenPKG 1.3/h2 + +box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 +ul +liIx86: FreeBSD 4.8/5.1, Debian GNU/Linux 2.2/3.0, RedHat GNU/Linux 9, SuSE GNU/Linux 8.2, Sun Solaris 9/li +liSparc64: Sun Solaris 8, Sun Solaris 9, Sun Solaris 2.6/li +liAlpha: FreeBSD 5.1/li +liExtended the release size to 400 packages/li +liFully based on GCC 3.3/li +liBundled with useful and more secure package preconfigurations./li +liAll daemons with optional OSSP fsl (fake syslog library) support, enabled by default/li +liRun-time tested log file rotation/li +liCompletely worked off Run-Command (RC) facility/li +liImproved rc stop, start, restart; new rc status scriptlets/li +liImproved daemon installation, upgrade and erase scriptlets/li +liFoundation to build encapsulated and self-contained environments./li +liQuality enhancements by package linting/li +liBootstrapping supports preexisting user/groups, relaxed system requirements/li +/ul +/box + h2New in OpenPKG 1.2/h2 box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/ bugdb.wml
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 04-Aug-2003 12:29:00 Branch: HEAD Handle: 200308041129 Modified files: openpkg-web bugdb.wml Log: move from jitterbug to rt Summary: RevisionChanges Path 1.3 +24 -6 openpkg-web/bugdb.wml patch -p0 '@@ .' Index: openpkg-web/bugdb.wml $ cvs diff -u -r1.2 -r1.3 bugdb.wml --- openpkg-web/bugdb.wml 27 Nov 2001 14:58:01 - 1.2 +++ openpkg-web/bugdb.wml 4 Aug 2003 10:29:00 - 1.3 @@ -5,11 +5,29 @@ h1Bug Database/h1 -We run a Jitterbug-based Bug Database for the OpenPKG project. -There are two access methods for entering the system: +We run a Request Tracker (RT) based Bug Database for the OpenPKG project +under a href=http://rt.openpkg.org/;rt.openpkg.org/a. -ul -lia href=bugdb/guestGuest Access/a -lia href=bugdb/adminAdministrator Access/a (requires login) -/ul +h2New Ticket/h2 +You can submit a request by sending an email to +a href=mailto:[EMAIL PROTECTED][EMAIL PROTECTED]/a +h2Open Tickets/h2 +Guest users can view new, +a href=https://rt.openpkg.org/SelfService/?user=guestpass=guest;open/a +and stalled tickets. + +h2Closed Tickets/h2 +Guest users can view +a href=https://rt.openpkg.org/SelfService/Closed.html?user=guestpass=guest;closed/a (resolved) +and rejected tickets. + +h2Ticket Status/h2 +table border=0 +trtdnew/tdtdsubmitted items waiting in incoming queue/td/tr +trtdopen/tdtdwork in progress/td/tr +trtdstalled/tdtddeferred for later investigation/td/tr +trtdresolved/tdtdproblem fixed/td/tr +trtdreject/tdtdno problem, impossible, out of scope, false alarm/td/tr +trtddeleted/tdtdspam and other trash (invisible but causing numbering gaps)/td/tr +/table @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/ news.txt upgrade.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-re Date: 04-Aug-2003 13:27:17 Branch: HEAD Handle: 2003080412271600 Modified files: openpkg-re news.txt upgrade.txt Log: make revision human readable and tell about most recent update Summary: RevisionChanges Path 1.22+3 -0 openpkg-re/news.txt 1.13+3 -0 openpkg-re/upgrade.txt patch -p0 '@@ .' Index: openpkg-re/news.txt $ cvs diff -u -r1.21 -r1.22 news.txt --- openpkg-re/news.txt 31 Jul 2003 14:11:48 - 1.21 +++ openpkg-re/news.txt 4 Aug 2003 11:27:16 - 1.22 @@ -2,6 +2,9 @@ General Note + o $Revision: 1.22 $. The most recent update of this file can be +downloaded from http://cvs.openpkg.org/openpkg-re/news.txt + o This file news.txt file talks about new features and major improvements. To receive information about tweaks and quirks when upgrading, common pitfalls and ways to bypass them read the @@ . patch -p0 '@@ .' Index: openpkg-re/upgrade.txt $ cvs diff -u -r1.12 -r1.13 upgrade.txt --- openpkg-re/upgrade.txt31 Jul 2003 19:53:21 - 1.12 +++ openpkg-re/upgrade.txt4 Aug 2003 11:27:16 - 1.13 @@ -2,6 +2,9 @@ General Notes = + o $Revision: 1.13 $. The most recent update of this file can be +downloaded from http://cvs.openpkg.org/openpkg-re/upgrade.txt + o This file upgrade.txt file talks about tweaks and quirks when upgrading. It lists common pitfalls and ways to bypass them. To receive information about new features and major improvements read @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[OpenPKG #224] [FWD] tcl/expect dependency problem.
Request 224 was acted upon. _ URL: https://rt.openpkg.org/id/224 Ticket: [OpenPKG #224] Subject: [FWD] tcl/expect dependency problem. Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: Nobody Status: new Transaction: Ticket created by thl Time: Mon Aug 04 13:46:08 2003 _ This is an old issue and was deferred until the latest release was sent out. We should try to circumvent this nasty tcl/expect issue in the future. - Forwarded message from Bill Campbell [EMAIL PROTECTED] - Date: Thu, 3 Apr 2003 10:31:45 -0800 From: Bill Campbell [EMAIL PROTECTED] Subject: tcl/expect dependency problem. To: [EMAIL PROTECTED] There appears to be a dependency loop between expect and tcl. Building the changes from yesterday, the tcl install failed saying: tcl = 8.4.1 is needed by expect-5.38-20021023 Attempting a ``openpkg build expect'' returns: tcl = 8.4.2 is needed by expect-5.38-20030304 Bill - End forwarded message - -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless
[OpenPKG #224] [FWD] tcl/expect dependency problem.
Request 224 was acted upon. _ URL: https://rt.openpkg.org/id/224 Ticket: [OpenPKG #224] Subject: [FWD] tcl/expect dependency problem. Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: Nobody Status: new Transaction: Correspondence added by thl Time: Mon Aug 04 13:47:46 2003 - Forwarded message from Michael van Elst [EMAIL PROTECTED] - Date: Thu, 3 Apr 2003 21:20:19 +0200 From: Michael van Elst [EMAIL PROTECTED] Subject: Re: tcl/expect dependency problem. To: [EMAIL PROTECTED] Not exactly a loop. expect _embeds_ tcl because it requires part of the tcl build environment that is not available even when you have installed the tcl package. However, it must embed exactly the same tcl version that you have installed to prevent run-time conflicts. You are not allowed to upgrade tcl because this would break the dependency of an already existing expect package. You are not allowed to upgrade expect because this requires the new tcl already installed. The ugly truth is that you have to _delete_ the expect package and then install expect again (which then updates tcl first). The correct solution is to add the missing parts to the tcl package that allows expect to build without embedding tcl. - End forwarded message - -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless
[OpenPKG #225] Simplification of rc scripts
Request 225 was acted upon. _ URL: https://rt.openpkg.org/id/225 Ticket: [OpenPKG #225] Subject: Simplification of rc scripts Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: Nobody Status: new Transaction: Ticket created by thl Time: Mon Aug 04 13:55:03 2003 _ This is an old issue and was deferred until the latest release was sent out. It seems we missed it when migrating from the previous ticket system. - Forwarded message from REIBER, CHRISTIAN via RT [EMAIL PROTECTED] - Date: Tue, 8 Apr 2003 18:23:56 +0200 (CEST) From: REIBER, CHRISTIAN via RT [EMAIL PROTECTED] Subject: [CW-IS #102] Simplification of rc scripts To: AdminCc of CW-IS Ticket #102: ; In rc-scripts it is possible to test a variable via opServiceEnabled in order to avoid running a section when the service is actually not enabled. A closer look reveals that in almost all cases this mechanism is needed in most sections. Therefore I suggest to make it the default behaviour giving the opportunity to remove that code from the sections (making them easier to read and to maintain). A option in the section name (e.g. -a for always) allows to switch off that behaviour, i.e. the sections's script than has complete control and is run whenever the section is requested, irrespective whether the service is enabled or not. Idea: This mechanism prevents a manually executed rc service start to work. But it would make sense to allow the system administrator to explicitely override the enable=no without being forced to change the setting of the rc variable (which could lead to unwanted results if he/she forgets to reset it again). -- Christian Reiber, Zeppelin Baumaschinen GmbH, IT/System Engineering eMail: [EMAIL PROTECTED] - End forwarded message - -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless
Re: [CVS] OpenPKG: openpkg-web/ faq.wml
On Tue, Jul 29, 2003, Ralf S. Engelschall wrote: Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 29-Jul-2003 20:52:12 Branch: HEAD Handle: 2003072919521200 Modified files: openpkg-web faq.wml Log: one entry obsoleted by OpenPKG 1.3, two new added for answering new things [...] -faq id=why-compress I would prefer we keep those items as they could have been referenced in a archived mailing list which is. Verified to be true in this case. -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
Re: [CVS] OpenPKG: openpkg-web/ tutorial.wml
On Fri, Aug 01, 2003, Ralf S. Engelschall wrote: On Fri, Aug 01, 2003, Thomas Lotterer wrote: [...] refresh tutorial for OpenPKG v1.3 [...] -bnbsp;nbsp;nbsp;nbsp;ftp://ftp.openpkg.org/release/release/BIN/solaris-9/bash-bashver-release.0.sparc64-solaris2.9-cw.rpm/b +bnbsp;nbsp;nbsp;nbsp;ftp://ftp.openpkg.org/release/release/BIN/ix86-freebsd4.8/bash-bashver-release.0.ix86-freebsd4.8-cw.rpm/b Ah, ok. The tutorial was at OpenPKG v1.1, we skipped v1.2 but there was a change in the directory naming. BTW, we should replace with lt; and with gt; in this part... No! These are WML variables (see top of wml file) and not meant to be displayed. -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/ tutorial.wml
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 01-Aug-2003 22:08:18 Branch: HEAD Handle: 2003080121081800 Modified files: openpkg-web tutorial.wml Log: refresh tutorial for OpenPKG v1.3 Summary: RevisionChanges Path 1.19+83 -50 openpkg-web/tutorial.wml patch -p0 '@@ .' Index: openpkg-web/tutorial.wml $ cvs diff -u -r1.18 -r1.19 tutorial.wml --- openpkg-web/tutorial.wml 22 Jan 2003 13:12:54 - 1.18 +++ openpkg-web/tutorial.wml 1 Aug 2003 20:08:18 - 1.19 @@ -1,87 +1,118 @@ #use page.inc page=tutorial -define-tag release1.1/define-tag +define-tag release1.3/define-tag define-tag bashver2.05b/define-tag titleUser Tutorial/title h1User Tutorial/h1 -This tutorial guides you on your way into the world of OpenPKG showing you how -to bootstrap OpenPKG and install GNU Bash as an example. For more details about -the commands used, see the -a href=doc/quickref/openpkg.txtOpenPKG Quick Reference/a or refer to the +This tutorial guides you on your way into the world of OpenPKG. It shows you how +to bootstrap OpenPKG and use it to install a common and useful example application, GNU bash. For details about +the commands being used in this document, see the +a href=doc/quickref/openpkg.txtOpenPKG Quick Reference/a, refer to the a href=doc/handbook/openpkg.htmlOpenPKG Handbook/a to dive deeper, or take off and have a look at the a href=doc/slideset/openpkg.html/OpenPKG Introduction Slideset/a for a bird's eye view. h2Prerequisites/h2 +OpenPKG by design makes minimal assumptions about the underlying +operating system, but some basic things need to be checked. -Ensure that your system is one of the fully supported platforms: - +h3Platform/h3 +The less you know about OpenPKG the more important is that you are using +a supported primary or at least secondary [*] platform which is any +of: p box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table trtdiarch-os/inbsp;/tdtduiplatform/i/unbsp;/tdtdbuname -m -r -s/bnbsp;/td/tr -trtdix86-freebsd4.7nbsp;/tdtdFreeBSD 4.7nbsp;/tdtdFreeBSD 4.7-STABLE i386nbsp;/td/tr -trtdix86-freebsd5.0nbsp;/tdtdFreeBSD 5.0nbsp;/tdtdFreeBSD 5.0-RELEASE i386nbsp;/td/tr +trtdix86-freebsd4.8nbsp;/tdtdFreeBSD 4.8nbsp;/tdtdFreeBSD 4.8-STABLE i386nbsp;/td/tr +trtdix86-freebsd5.1nbsp;/tdtdFreeBSD 5.1nbsp;/tdtdFreeBSD 5.1-CURRENT i386nbsp;/td/tr +trtdix86-linux2.2nbsp;/tdtdDebian GNU/Linux 2.2nbsp;/tdtdLinux 2.2.22 i686nbsp;/td/tr +trtdix86-linux2.4nbsp;/tdtdDebian GNU/Linux 3.0nbsp;/tdtdLinux 2.4.21 i686nbsp;/td/tr +trtdix86-linux2.4nbsp;/tdtdRedHat Linux 9nbsp;/tdtdLinux 2.4.20-18.9 i686nbsp;/td/tr +trtdix86-linux2.4nbsp;/tdtdSuSE Linux 8.2nbsp;/tdtdLinux 2.4.20-4GB i686nbsp;/td/tr trtdsparc64-solaris2.8nbsp;/tdtdSun Solaris 8nbsp;/tdtdSunOS 5.8 sun4unbsp;/td/tr trtdsparc64-solaris2.9nbsp;/tdtdSun Solaris 9nbsp;/tdtdSunOS 5.9 sun4unbsp;/td/tr -trtdix86-linux2.2nbsp;/tdtdDebian GNU/Linux 2.2nbsp;/tdtdLinux 2.2.22 i686nbsp;/td/tr -trtdix86-linux2.4nbsp;/tdtdDebian GNU/Linux 3.0nbsp;/tdtdLinux 2.4.19 i686nbsp;/td/tr +trtdix86-solaris9nbsp;/tdtdSun Solaris 9/x86nbsp;/tdtdSunOS 5.9 i86pcnbsp;/td/tr +trtdalpha-freebsd5.1nbsp;/tdtdFreeBSD 5.1nbsp;[*]nbsp;/tdtdFreeBSD 5.1-CURRENT alphanbsp;/td/tr +trtdsparc64-solaris2.6nbsp;/tdtdSun Solaris 2.6nbsp;[*]nbsp;/tdtdSunOS 5.6 sun4unbsp;/td/tr /table -/p /box - p If your platform is not part of this list, don't panic. OpenPKG runs well on many other Unix platforms. There is a high probability that your particular platform will work, especially if it is a recent version of a major Unix -platform such as BSD, Linux, Solaris, Tru64, or HP-UX. For more details of +platform such as NetBSD, OpenBSD, Gentoo Linux, HP Tru64, SCO UnixWare or QNX. For more details of see a href=http://www.openpkg.org/doc/handbook/openpkg.html#support-official;OpenPKG handbook/a -p -Additionally make sure you have root access to your system. Although not -always necessary, we do need this in the later stages of our example -installation. Also make sure you have approximately 300MB free disk -space on the / filesystem. You can move and symlink to some better places -afterwards. +h3Permission/h3 +Additionally make sure you have root access to your system. Although it is not +necessary to work out the whole stuff as root, we do need this in the later stages
[CVS] OpenPKG: openpkg-re/ news.txt upgrade.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-re Date: 31-Jul-2003 10:22:07 Branch: HEAD Handle: 2003073109220600 Modified files: openpkg-re news.txt upgrade.txt Log: general notes Summary: RevisionChanges Path 1.20+8 -0 openpkg-re/news.txt 1.7 +30 -4 openpkg-re/upgrade.txt patch -p0 '@@ .' Index: openpkg-re/news.txt $ cvs diff -u -r1.19 -r1.20 news.txt --- openpkg-re/news.txt 30 Jul 2003 12:17:54 - 1.19 +++ openpkg-re/news.txt 31 Jul 2003 08:22:06 - 1.20 @@ -1,4 +1,12 @@ + General Note + + + o This file news.txt file talks about new features and major +improvements. To receive information about tweaks and quirks when +upgrading, common pitfalls and ways to bypass them read the +companion upgrade.txt document. + Major changes between OpenPKG 1.2 and OpenPKG 1.3 = @@ . patch -p0 '@@ .' Index: openpkg-re/upgrade.txt $ cvs diff -u -r1.6 -r1.7 upgrade.txt --- openpkg-re/upgrade.txt30 Jul 2003 12:17:01 - 1.6 +++ openpkg-re/upgrade.txt31 Jul 2003 08:22:06 - 1.7 @@ -1,9 +1,35 @@ - General Note - + General Notes + = - You cannot skip a version. That means, upgrading from 0.9 to 1.1 - requires an upgrade to 1.0 as an intermediate step. + o This file upgrade.txt file talks about tweaks and quirks when +upgrading. It lists common pitfalls and ways to bypass them. To +receive information about new features and major improvements read +the companion news.txt document. + + o You cannot skip a version. That means, upgrading from 0.9 to 1.1 +requires an upgrade to 1.0 as an intermediate step. + + o Be aware that both major and minor OpenPKG upgrades might introduce +a new world order and are subject to change the OpenPKG experience +in an incompatible way. Any possible damage could have been done to +any piece of the system including, but not limited to, packages +being split, consolidated or renamed, packages being replaced with +updated vendor versions. In rare cases packages might have be +removed and no upgrade path exists at all. Package options and rc +variables might have been changed. OpenPKG itself might provide new +and incompatible modifications, obsolete parts might have been +removed. Do not expect a OpenPKG instance can be upgraded by just +building and upgrading every package and everything continues to run +without manual adjustments. + + o In contrast, OpenPKG security updates are designed to be drop-in +replacements and usually require little or no brain work. They +appear after a release was done. That's why they are not discussed +here. Please keep in mind that any new release raises the bar of +security compatiblity as we only support the latest release and it's +immediate successor. So don't fall behind by running outdated +releases for prolonged times. Upgrade from OpenPKG 1.2 to OpenPKG 1.3 === @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/ upgrade.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-re Date: 31-Jul-2003 11:07:31 Branch: HEAD Handle: 2003073110073000 Modified files: openpkg-re upgrade.txt Log: updated, removed and added packages Summary: RevisionChanges Path 1.8 +23 -0 openpkg-re/upgrade.txt patch -p0 '@@ .' Index: openpkg-re/upgrade.txt $ cvs diff -u -r1.7 -r1.8 upgrade.txt --- openpkg-re/upgrade.txt31 Jul 2003 08:22:06 - 1.7 +++ openpkg-re/upgrade.txt31 Jul 2003 09:07:30 - 1.8 @@ -34,6 +34,29 @@ Upgrade from OpenPKG 1.2 to OpenPKG 1.3 === + o important vendor updates: + +Package | v1.2| v1.3 +=+=+= +mysql3 | n/a | 3.23.57 +mysql| 3.23.54a| 4.0.14 +mysql4 | 4.0.9gamma | n/a +-+-+- +gcc | 3.2.1 | 3.3 +gcc32| n/a | 3.2.3 +-+-+- +gd1 | 1.8.4 | removed +gd | 2.0.11 | 2.0.15 +-+-+- +autogen | 5.5 | removed + + o removed packages: autogen gd1 mysql4 + + o added packages: aegis atk autotrace awk bogofilter cflow chkrootkit +crm114 cscope fontconfig gcc32 getopt glib2 gnuchess gpp gtk2 joe +latex2html lcal lesstif lha mtr pango pcal perl-poe sio snort sox +txt2html vcg vorbis-libs vorbis-tools xds xmlsec + o the rc variable openpkg_runall was renamed to openpkg_rc_all. Presence of the obsolete variable is detected, a warning is printed and the value of the obsolete variable overrides the newly @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/ upgrade.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-re Date: 31-Jul-2003 12:46:23 Branch: HEAD Handle: 2003073111462300 Modified files: openpkg-re upgrade.txt Log: list all removed, added, changed and unchanged rc.conf variables Summary: RevisionChanges Path 1.9 +473 -0 openpkg-re/upgrade.txt patch -p0 '@@ .' Index: openpkg-re/upgrade.txt $ cvs diff -u -r1.8 -r1.9 upgrade.txt --- openpkg-re/upgrade.txt31 Jul 2003 09:07:30 - 1.8 +++ openpkg-re/upgrade.txt31 Jul 2003 10:46:23 - 1.9 @@ -81,6 +81,479 @@ default to yes and inhibit certain applications. Also keep in mind that the execution of sections from all packages is additionaly controlled by the openpkg_runall variable. +OpenPKG v1.2 FOO_enable=yes +OpenPKG v1.3 FOO_enable=$openpkg_rc_def + + o This is a list of rc.conf variables that have been removed from +OpenPKG v1.3 because their package was removed. + +-mysql4_enable=yes +[EMAIL PROTECTED]@/etc/mysql4/my.pwd +[EMAIL PROTECTED]@/etc/mysql4/my.cnf +-mysql4_log_prolog=true +-mysql4_log_epilog=true +-mysql4_log_numfiles=10 +-mysql4_log_minsize=1M +-mysql4_log_complevel=9 +[EMAIL PROTECTED]@/var/mysql4/mysqld.pid +[EMAIL PROTECTED]@/var/mysql4/mysqld.err +[EMAIL PROTECTED]@/var/mysql4/common.log +[EMAIL PROTECTED]@/var/mysql4/update.log + + o No new rc.conf variables were introduced by the new packages being +added to OpenPKG v1.3. + + o This this a complete list of rc.conf variable/value pairs that exist +in both releases of OpenPKG and which have been removed from OpenPKG +v1.2 (-), added to OpenPKG v1.3 (+), changed (both - and +) or which +remain untouched (=). + +-amd_enable=yes ++amd_enable=$openpkg_rc_def +=amd_log_complevel=9 +=amd_log_epilog=true +=amd_log_minsize=1M +=amd_log_numfiles=10 +=amd_log_prolog=true + +-apache_enable=yes ++apache_enable=$openpkg_rc_def +-apache_log_rotprolog=true +-apache_log_rotepilog=true +-apache_log_rotsteps=10 +-apache_log_rotminsize=10M +-apache_log_rotcomplevel=9 ++apache_log_prolog=true ++apache_log_epilog=true ++apache_log_numfiles=10 ++apache_log_minsize=1M ++apache_log_complevel=9 +-apache_err_rotprolog=true +-apache_err_rotepilog=true +-apache_err_rotsteps=10 +-apache_err_rotminsize=1M +-apache_err_rotcomplevel=9 ++apache_err_prolog=true ++apache_err_epilog=true ++apache_err_numfiles=10 ++apache_err_minsize=1M ++apache_err_complevel=9 +=apache_err_files=@l_prefix@/var/apache/log/error.log +=apache_log_files=@l_prefix@/var/apache/log/access.log + +-bind_enable=yes +-bind_log_numfiles=5 +-bind_log_minsize=512K ++bind_enable=$openpkg_rc_def ++bind_flags= ++bind_log_prolog=true ++bind_log_epilog=true ++bind_log_numfiles=10 ++bind_log_minsize=1M +=bind_log_complevel=9 + +-cvs_pserverd_enable=no +-cvs_pserverd_gflags= +-cvs_pserverd_lflags= +-cvs_pserverd_listen=127.0.0.1:2401 ++cvs_enable=$openpkg_rc_def ++cvs_gflags= ++cvs_lflags= ++cvs_listen=127.0.0.1:2401 ++cvs_log_prolog=true ++cvs_log_epilog=true ++cvs_log_numfiles=10 ++cvs_log_minsize=1M ++cvs_log_complevel=9 + +-cvsd_enable=yes ++cvsd_enable=$openpkg_rc_def ++cvsd_log_prolog=true ++cvsd_log_epilog=true ++cvsd_log_numfiles=10 ++cvsd_log_minsize=1M ++cvsd_log_complevel=9 + +-dhcpd_enable=yes ++dhcpd_enable=$openpkg_rc_def ++dhcpd_flags=-q ++dhcpd_if= ++dhcpd_port=67 ++dhcpd_log_prolog=true ++dhcpd_log_epilog=true ++dhcpd_log_numfiles=10 ++dhcpd_log_minsize=1M ++dhcpd_log_complevel=9 + ++findutils_enable=$openpkg_rc_def + +-inn_enable=yes +-inn_nntpsend_enable=no ++inn_enable=$openpkg_rc_def ++inn_nntpsend_enable=$openpkg_rc_def + +-ircd_enable=yes ++ircd_enable=$openpkg_rc_def ++ircd_log_prolog=true ++ircd_log_epilog=true ++ircd_log_numfiles=10 ++ircd_log_minsize=1M ++ircd_log_complevel=9 + ++less_enable=$openpkg_rc_def + +-lmtp2nntp_enable=yes ++lmtp2nntp_enable=$openpkg_rc_def
[CVS] OpenPKG: openpkg-re/ upgrade.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-re Date: 31-Jul-2003 16:42:38 Branch: HEAD Handle: 2003073115423800 Modified files: openpkg-re upgrade.txt Log: coreutils appeared in OpenPKG 1.2 Summary: RevisionChanges Path 1.10+3 -4 openpkg-re/upgrade.txt patch -p0 '@@ .' Index: openpkg-re/upgrade.txt $ cvs diff -u -r1.9 -r1.10 upgrade.txt --- openpkg-re/upgrade.txt31 Jul 2003 10:46:23 - 1.9 +++ openpkg-re/upgrade.txt31 Jul 2003 14:42:38 - 1.10 @@ -584,6 +584,9 @@ openpkg:rc:WARNING: package squid has unresolved configuration file conflicts openpkg:rc:WARNING: indicated by *.rpm(new|orig|save) files in /cw/etc/squid + Upgrade from OpenPKG 1.1 to OpenPKG 1.2 + === + o coreutils GNU merged their fileutils, shellutils and textutils projects into @@ -592,10 +595,6 @@ coreutils package was created which replaces the three obsoleted ones now. - Upgrade from OpenPKG 1.1 to OpenPKG 1.2 - === - - o none Upgrade from OpenPKG 1.0 to OpenPKG 1.1 === @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/ upgrade.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-re Date: 31-Jul-2003 16:46:56 Branch: HEAD Handle: 2003073115465600 Modified files: openpkg-re upgrade.txt Log: The OpenPKG v1.3 way of upgrading a package Summary: RevisionChanges Path 1.11+93 -0 openpkg-re/upgrade.txt patch -p0 '@@ .' Index: openpkg-re/upgrade.txt $ cvs diff -u -r1.10 -r1.11 upgrade.txt --- openpkg-re/upgrade.txt31 Jul 2003 14:42:38 - 1.10 +++ openpkg-re/upgrade.txt31 Jul 2003 14:46:56 - 1.11 @@ -569,6 +569,99 @@ return unknown here. A package is active when it's daemon is up and running. + o The OpenPKG v1.3 way of upgrading a package + +1st) build the package (--rebuild --define 'feature yes') +2nd) rescue your configuration, unless it is build from an external source +3rd) upgrade the package (-Uvh) +4th) handle and remove all .rpm(save|old|orig) files +5th) start the service (%{l_prefix}/etc/rc service start) +6th) [ erase a package (-e) ] + +The first step is not different from previous releases of OpenPKG. + +The second step might be anything from nothing and restart from +scratch, copying, archiving or ignoring it completely because +you have a configuration management system which builds the +configuration from a source external to OpenPKG. + +The third step upgrades the package and copies the files to the +system. This might include modification of configuration files +which results in .rpm(save|old|orig) copies/suggestions. This works +exactly like previous releases of OpenPKG. Now for the news in v1.3: +all CORE and BASE packages have been tuned to restart the service +(= daemon that comes within a package) after upgrade (find comment +after upgrade, restart service in %post section of the spec). A +restart will keep stopped services stopped and running services will +experience a stop/start combination. We found two categories of +services. Regarding the restart issue, a simple service can continue +to run during the upgrade and only requires a rc service restart +after the upgrade (i.e. openssh). This works for any service that +only reads it's configuration during startup. The majority of +services falls into this category. Some complex ones read their +configuration while they are up and running (i.e. postfix) based +on new connections, timing, external signal, timestamp monitoring +or whatever. Or they require more complex upgrade activity like +user data conversion (i.e. postgresql). For the complex ones (find +comment before upgrade, save status and stop service of the %pre +section in the spec) the running state is saved before the upgrade, +the service is stopped using rc service stop and after the upgrade +the state is recovered, if possible, executing a rc service start. + +The fourth step is already tied closely to the the third one. In +OpenPKG v1.3, rc checks if it finds any .rpm(save|old|orig) files +in or below the package's %{l_prefix}/etc/%{name}/ directory. For +%start and %restart actions this situation is considered an error, +a message is printed to stderr (and sent to you via mail if it's +executed by cron, i.e. log file rotation in %daily scriptlet) and +starting or restarting is effectively inhibited. For all other +sections, including %status and %env, this situation is considered a +warning, a message is printed to stderr (...cron...) but execution +will continue. This behaviour is already true for the final %post +scriptlet in the third step discussed above. Simple services just +won't restart and the old one will continue to run (rc %restart +is suppressed) until stopped somehow. Complex services have been +shut down in the %pre scriptlet (rc %stop) and might not come up +again after the upgrade (rc %start is suppressed). This altogether +leads to the point that after an upgrade, the new service might +not be startable. You have to move the .rpm(save|old|orig) out of +rc sight by renaming, moving or removing them somehow. This could +be done manually, it could also be done automatically by a 3rd +party configuration management. As a sidenote please understand the +default configuration of all CORE and BASE packages
[CVS] OpenPKG: openpkg-web/press/ PR-004-openpkg-1.3.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 31-Jul-2003 21:42:39 Branch: HEAD Handle: 2003073120423800 Modified files: openpkg-web/press PR-004-openpkg-1.3.txt Log: marketing submission to propose rewrite of first section Summary: RevisionChanges Path 1.6 +17 -12 openpkg-web/press/PR-004-openpkg-1.3.txt patch -p0 '@@ .' Index: openpkg-web/press/PR-004-openpkg-1.3.txt $ cvs diff -u -r1.5 -r1.6 PR-004-openpkg-1.3.txt --- openpkg-web/press/PR-004-openpkg-1.3.txt 31 Jul 2003 16:05:40 - 1.5 +++ openpkg-web/press/PR-004-openpkg-1.3.txt 31 Jul 2003 19:42:38 - 1.6 @@ -4,24 +4,29 @@ The OpenPKG project releases version 1.3 of the unique cross-platform software packaging facility. - http://www.openpkg.org/ -- Munich, DE -- August 08, 2003 -- The + http://www.openpkg.org/ -- Munich, DE -- August 01, 2003 -- The OpenPKG project is proud to announce version 1.3 of its OpenPKG - software. A flexible and powerful software packaging facility, OpenPKG - eases the cross-platform installation and administration of Unix software. - ...WORLD LEADING... + Well known by vigilant Unix system administrators and widely adopted + across the enterprise, OpenPKG is the prevalent instrument when it + comes to deployment and maintenance of Open Source software. - Consolidating different vendor approaches into a unified architecture, - it serves system administrators of large networks previously burdened - by different systems. OpenPKG leverages proven technologies like Red - Hat Package Manager (RPM) and provides an additional system layer - on top of the operating system. With OpenPKG, a unique method of - cross-platform software deployment is taking form. + The unique OpenPKG architecture leverages proven technologies like + Red Hat Package Manager (RPM) to establish a unified environment + independent of the underlying operating system. It is particularly + useful in, but not limited to, setups where administration crosses + Unix platform boundaries. - Administrators using OpenPKG 1.3 benefit from official support on + OpenPKG removes the burden from system operators to become acquainted + with different vendor approaches and frees their valuable time to be + spent on the actual work. + + Administrators using OpenPKG 1.3 can expect official support on FreeBSD 4.8 and 5.1, Debian GNU/Linux 2.2 and 3.0, RedHat Linux 9, - SuSE Linux 8.2, and Sun Solaris 8 and 9. + SuSE Linux 8.2, and Sun Solaris 8 and 9. This is not an exhaustive + list, other related platforms receive and benefit from partial + support. NEW IN VERSION 1.3 @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/press/ PR-004-openpkg-1.3.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 31-Jul-2003 22:08:56 Branch: HEAD Handle: 2003073121085600 Modified files: openpkg-web/press PR-004-openpkg-1.3.txt Log: marketing submission to propose rewrite of new in section Summary: RevisionChanges Path 1.7 +15 -19 openpkg-web/press/PR-004-openpkg-1.3.txt patch -p0 '@@ .' Index: openpkg-web/press/PR-004-openpkg-1.3.txt $ cvs diff -u -r1.6 -r1.7 PR-004-openpkg-1.3.txt --- openpkg-web/press/PR-004-openpkg-1.3.txt 31 Jul 2003 19:42:38 - 1.6 +++ openpkg-web/press/PR-004-openpkg-1.3.txt 31 Jul 2003 20:08:56 - 1.7 @@ -30,26 +30,22 @@ NEW IN VERSION 1.3 - Since the release of OpenPKG 1.2 a half year ago, the official - OpenPKG repository has grown from 450 to 570 packages. From this - packaging pool 195 release-grade CORE and BASE classified packages - were carefully selected for inclusion into the official OpenPKG 1.3 - release. These packages are fully supported on all of the above nine - platforms, including full security tracking and updating until at - least two forthcoming releases are based on it. + Since the previous release a half year ago, the OpenPKG repository has + grown by 25%. A subset of 400 packages were selected for inclusion + into the OpenPKG 1.3 release. They are classified into the three + categories CORE, BASE and PLUS. The former two receive full support on + all official platforms mentioned earlier and binaries are available + for download. Service covers fixing portability issues and handling + the full scope of security tracking for the latest release and + it's immediate predecessor. The OpenPKG team participates in and + continously monitors leading security communities. PLUS packages are + provided for convenience only and do not receive the same level of + support. - An additional 205 PLUS classified packages were identified which are - provided for convenience reasons as an unsupported set of add-on - packages to OpenPKG 1.3. So, in total OpenPKG 1.3 consists of 400 - released packages which include proven versions of popular Unix - software like Apache, BIND, Binutils, GCC, INN, MySQL, NTP, OpenSSH, - PostgreSQL, ProFTPd, Samba, Squid, teTex and Vim -- all carefully - packaged for easy deployment. - - Additionally, several new appealing features are introduced with - OpenPKG 1.3. - - ... + The released packages include proven versions of popular Open Source + Unix software like Apache, BIND, Binutils, GCC, INN, MySQL, NTP, + OpenSSH, PostgreSQL, ProFTPd, Samba, Squid, teTex and Vim -- all + carefully packaged for easy deployment. HIGHLIGHTS OF OPENPKG @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[OpenPKG #216] Test as guest from web interface
Request 216 was acted upon. _ URL: https://rt.openpkg.org/id/216 Ticket: [OpenPKG #216] Subject: Test as guest from web interface Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: Nobody Status: new Transaction: Ticket created by thl Time: Wed Jul 30 08:56:18 2003 _ User reported it is not possible to submit issues from web interface.
[OpenPKG #217] openpkg-dev .cvspass handling
Request 217 was acted upon. _ URL: https://rt.openpkg.org/id/217 Ticket: [OpenPKG #217] Subject: openpkg-dev .cvspass handling Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: Nobody Status: new Transaction: Ticket created by thl Time: Wed Jul 30 09:08:40 2003 _ - Forwarded message from Ralf S. Engelschall [EMAIL PROTECTED] - Date: Tue, 29 Apr 2003 19:05:56 +0200 From: Ralf S. Engelschall [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [CVS] OpenPKG: openpkg-re/ openpkg-dev On Tue, Apr 29, 2003, Thomas Lotterer wrote: support anonymous cvs by creating .cvspass [...] +# create a .cvspass +echo ++ creating CVS password file (${OPENPKG_WORK}/.cvspass) +sed -e 's;^ *;;' EOF ${OPENPKG_WORK}/.cvspass +/1 ${OPENPKG_REPO} A +EOF Be careful, you _overwrite_ an existing .cvspass here. Better to _append_ to the file in case the guy has other entries there... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com - End forwarded message - -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless
[OpenPKG #216] Test as guest from web interface [comment]
Request 216 was acted upon. This is a comment. It is not sent to the Requestor(s). _ URL: https://rt.openpkg.org/id/216 Ticket: [OpenPKG #216] Subject: Test as guest from web interface Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: thl Status: new Transaction: Comments added by thl Time: Wed Jul 30 09:37:49 2003 _ [thl - Wed Jul 30 08:56:18 2003]: User reported it is not possible to submit issues from web interface. Interesting. The ticket was created and appeared on the mailing list. But after clicking SUBMIT rt reported ERROR. Very confusing. Needs to be fixed (if not changed completely). -- Thomas Lotterer OpenPKG Developer [EMAIL PROTECTED]
[OpenPKG #216] Test as guest from web interface
Request 216 was acted upon. _ URL: https://rt.openpkg.org/id/216 Ticket: [OpenPKG #216] Subject: Test as guest from web interface Requestors: [EMAIL PROTECTED] Queue: openpkg Owner: thl Status: open Transaction: Correspondence added by thl Time: Wed Jul 30 09:51:39 2003 On Sun, Jul 27, 2003, Martin Konold wrote: Hi, when people are entering the rt web interface they are offered to login as guest user. Later they are offered to enter a new ticket only to be confronted with an error after making the bug report. IMHO if anonymous users shall not be able to enter bug reports then guest users shall not get the new ticket menu entry. Regards, -- martin This is under investigation, PR#216. Currently, rt errornously reports an error :-) The ticket is created. However, we have to think about the problems anonymous users can cause and either get them under control or discontinue the web option. -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless
Re: openpkg.src.sh should check for dependencies or at least fail
On Sun, Jul 27, 2003, Martin Konold wrote: Fom: Bernhard Erdmann [EMAIL PROTECTED] To: Kolab Server and KDE Client development issues [EMAIL PROTECTED] openpkg-20030606-20030606.src.sh tries to execute uudecode without testing its existance or checking its return code: # extract the tarball echo $me: extracting to $dir... uudecode $me rm -rf $dir /dev/null 21 mkdir $dir || exit 1 As uudecode (part of sharutils) is not installed on each and every system, this line should read at least: uudecode $me || exit 1 Regrds, -- martin fixed, see https://rt.openpkg.org/SelfService/Display.html?id=215 http://cvs.openpkg.org/chngview?cn=11181 -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
Re: rc.postgresql -- rc standards
On Mon, Jul 07, 2003, Thomas Lotterer wrote: We understand the issues associated with changed configurations, and we are currently fighting three battles to improve things: - daemon bind/listen address https://rt.openpkg.org/SelfService/Display.html?user=guestpass=guestid=176 the goal is to ensure that any daemon will bind/listen to 127.0.0.1 by default which greatly reduces the risk of running a daemon on a live system which reverted back to default configuration. Currently (or at least not long ago) it was possible to upgrade postfix, revert to the default config and have such a stupid config running on a live system. This must not happen. - opServiceEnabled https://rt.openpkg.org/SelfService/Display.html?user=guestpass=guestid=174 https://rt.openpkg.org/SelfService/Display.html?user=guestpass=guestid=175 https://rt.openpkg.org/SelfService/Display.html?user=guestpass=guestid=184 the goal is to ensure that all rc.%{name} files acutally use the opServiceEnabled function (#175), the return code and environmental changes of any package does not influence other packages (#174, currently the first exit breaks the rc chain) and the function is enhanced to disable a service when a .*\.rpm(save|orig|new) file is found under the package's /etc subdirectory (#184). These issues have been consolidated under a meta-Ticket. For all CORE and BASE packages we have resolved all of these issues, unified the behaviour and tested it under run time. We are now ready for the next release. Find a progress table at the bottom of the ticket under https://rt.openpkg.org/SelfService/Display.html?user=guestpass=guestid=202 - rpmlint is currently under construction and checks RPMs like speclint checks spec files. One of the goals is to find config files which are not tagged as those. More work to do here. -- [EMAIL PROTECTED] Development Team, Operations Northern Europe, Cable Wireless __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/ upgrade.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-re Date: 30-Jul-2003 11:34:41 Branch: HEAD Handle: 2003073010344000 Modified files: openpkg-re upgrade.txt Log: configuration file conflict feature in rc Summary: RevisionChanges Path 1.4 +4 -1 openpkg-re/upgrade.txt patch -p0 '@@ .' Index: openpkg-re/upgrade.txt $ cvs diff -u -r1.3 -r1.4 upgrade.txt --- openpkg-re/upgrade.txt23 Jul 2003 12:03:17 - 1.3 +++ openpkg-re/upgrade.txt30 Jul 2003 09:34:40 - 1.4 @@ -51,11 +51,14 @@ - check anything listed here must be moved to NEWS or vice versa - removal of /var files including logs on erase - restart of application on startup - - inhibit rc ... start if .rpmsave found ... + - behaviour of rc output when executing a %section and the -o option - default daemons to listen on localhost (no wildcards, except amd/ntp/openssh) - fsl optional, defaults to yes; append=1 vs. trunc=0; jitter=1 - linters (i.e. use rclint for opServiceEnabled vs. rcService) - %{l_value} + - inhibit rc ... start if .rpmsave found ... +openpkg:rc:WARNING: package squid has unresolved configuration file conflicts +openpkg:rc:WARNING: indicated by *.rpm(new|orig|save) files in /cw/etc/squid o coreutils @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]