[CVS] OpenPKG: openpkg-src/openpkg/ HISTORY openpkg.spec shtool
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 07-Apr-2004 10:05:59 Branch: HEAD Handle: 2004040709055800 Modified files: openpkg-src/openpkg HISTORY openpkg.spec shtool Log: upgrade to GNU shtool 2.0b2 Summary: RevisionChanges Path 1.156 +1 -0 openpkg-src/openpkg/HISTORY 1.311 +1 -1 openpkg-src/openpkg/openpkg.spec 1.19+6 -6 openpkg-src/openpkg/shtool patch -p0 '@@ .' Index: openpkg-src/openpkg/HISTORY $ cvs diff -u -r1.155 -r1.156 HISTORY --- openpkg-src/openpkg/HISTORY 6 Apr 2004 08:20:03 - 1.155 +++ openpkg-src/openpkg/HISTORY 7 Apr 2004 08:05:58 - 1.156 @@ -2,6 +2,7 @@ 2004 +20040407 upgraded to GNU shtool 2.0b2 20040406 upgraded to GNU tar 1.13.94 20040405 RELEASE AS PART OF OPENPKG 2.0.1 *** @@ . patch -p0 '@@ .' Index: openpkg-src/openpkg/openpkg.spec $ cvs diff -u -r1.310 -r1.311 openpkg.spec --- openpkg-src/openpkg/openpkg.spec 6 Apr 2004 08:20:03 - 1.310 +++ openpkg-src/openpkg/openpkg.spec 7 Apr 2004 08:05:58 - 1.311 @@ -39,7 +39,7 @@ # o any cc(1) # the package version/release -%define V_openpkg 20040406 +%define V_openpkg 20040407 # the used software versions %define V_rpm 4.2.1 @@ . patch -p0 '@@ .' Index: openpkg-src/openpkg/shtool $ cvs diff -u -r1.18 -r1.19 shtool --- openpkg-src/openpkg/shtool18 Feb 2004 10:05:25 - 1.18 +++ openpkg-src/openpkg/shtool7 Apr 2004 08:05:58 - 1.19 @@ -6,7 +6,7 @@ ## See http://www.gnu.org/software/shtool/ for more information. ## See ftp://ftp.gnu.org/gnu/shtool/ for latest version. ## -## Version: 2.0b1 (18-Feb-2004) +## Version: 2.0b2 (07-Apr-2004) ## Contents: all available modules ## @@ -65,7 +65,7 @@ exit 1 fi if [ .$1 = .-h ] || [ .$1 = .--help ]; then -echo This is GNU shtool, version 2.0b1 (18-Feb-2004) +echo This is GNU shtool, version 2.0b2 (07-Apr-2004) echo Copyright (c) 1994-2004 Ralf S. Engelschall [EMAIL PROTECTED] echo Report bugs to [EMAIL PROTECTED] echo '' @@ -131,7 +131,7 @@ exit 0 fi if [ .$1 = .-v ] || [ .$1 = .--version ]; then -echo GNU shtool 2.0b1 (18-Feb-2004) +echo GNU shtool 2.0b2 (07-Apr-2004) exit 0 fi if [ .$1 = .-r ] || [ .$1 = .--recreate ]; then @@ -454,7 +454,7 @@ # parse option alias string eval `echo h:help,$opt_alias |\ - tr 'x-' 'x_' | sed -e 's/\([a-zA-Z0-9]\):\([^,]*\),*/opt_ALIAS_\2=\1;/g'` + sed -e 's/-/_/g' -e 's/\([a-zA-Z0-9]\):\([^,]*\),*/opt_ALIAS_\2=\1;/g'` # interate over argument line opt_PREV='' @@ -479,12 +479,12 @@ --[a-zA-Z0-9]*=*) eval `echo x$1 |\ sed -e 's/^x--\([a-zA-Z0-9-]*\)=\(.*\)$/opt_OPT=\1;opt_ARG=\2/'` -opt_STR=`echo $opt_OPT | tr 'x-' 'x_'` +opt_STR=`echo $opt_OPT | sed -e 's/-/_/g'` eval opt_OPT=\${opt_ALIAS_${opt_STR}-${opt_OPT}} ;; --[a-zA-Z0-9]*) opt_OPT=`echo x$1 | cut -c4-` -opt_STR=`echo $opt_OPT | tr 'x-' 'x_'` +opt_STR=`echo $opt_OPT | sed -e 's/-/_/g'` eval opt_OPT=\${opt_ALIAS_${opt_STR}-${opt_OPT}} opt_ARG='' ;; @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-src/aft/ aft.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 07-Apr-2004 12:14:08 Branch: HEAD Handle: 2004040711140800 Modified files: openpkg-src/aft aft.spec Log: upgrading package: aft 5.0931 - 5.094 Summary: RevisionChanges Path 1.23+2 -2 openpkg-src/aft/aft.spec patch -p0 '@@ .' Index: openpkg-src/aft/aft.spec $ cvs diff -u -r1.22 -r1.23 aft.spec --- openpkg-src/aft/aft.spec 7 Feb 2004 17:53:16 - 1.22 +++ openpkg-src/aft/aft.spec 7 Apr 2004 10:14:08 - 1.23 @@ -33,8 +33,8 @@ Class:PLUS Group:Text License: GPL -Version: 5.0931 -Release: 20040207 +Version: 5.094 +Release: 20040407 # list of sources Source0: http://www.maplefish.com/todd/aft-%{version}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-src/file/ file.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 07-Apr-2004 12:14:15 Branch: HEAD Handle: 2004040711141500 Modified files: openpkg-src/filefile.spec Log: upgrading package: file 4.08 - 4.09 Summary: RevisionChanges Path 1.45+2 -2 openpkg-src/file/file.spec patch -p0 '@@ .' Index: openpkg-src/file/file.spec $ cvs diff -u -r1.44 -r1.45 file.spec --- openpkg-src/file/file.spec24 Mar 2004 09:04:02 - 1.44 +++ openpkg-src/file/file.spec7 Apr 2004 10:14:15 - 1.45 @@ -33,8 +33,8 @@ Class:BASE Group:Filesystem License: BSD -Version: 4.08 -Release: 20040324 +Version: 4.09 +Release: 20040407 # list of sources Source0: ftp://ftp.astron.com/pub/file/file-%{version}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-src/rrdtool/ rrdtool.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 07-Apr-2004 12:15:12 Branch: HEAD Handle: 2004040711151100 Modified files: openpkg-src/rrdtool rrdtool.spec Log: upgrading package: rrdtool 1.0.47 - 1.0.48 Summary: RevisionChanges Path 1.51+2 -2 openpkg-src/rrdtool/rrdtool.spec patch -p0 '@@ .' Index: openpkg-src/rrdtool/rrdtool.spec $ cvs diff -u -r1.50 -r1.51 rrdtool.spec --- openpkg-src/rrdtool/rrdtool.spec 5 Apr 2004 06:24:26 - 1.50 +++ openpkg-src/rrdtool/rrdtool.spec 7 Apr 2004 10:15:11 - 1.51 @@ -33,8 +33,8 @@ Class:BASE Group:Database License: LGPL -Version: 1.0.47 -Release: 20040405 +Version: 1.0.48 +Release: 20040407 # list of sources Source0: http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/pub/rrdtool-%{version}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-src/vim/ vim.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 07-Apr-2004 12:17:05 Branch: HEAD Handle: 2004040711170500 Modified files: openpkg-src/vim vim.spec Log: upgrading package: vim 6.2.453 - 6.2.456 Summary: RevisionChanges Path 1.314 +5 -2 openpkg-src/vim/vim.spec patch -p0 '@@ .' Index: openpkg-src/vim/vim.spec $ cvs diff -u -r1.313 -r1.314 vim.spec --- openpkg-src/vim/vim.spec 6 Apr 2004 07:01:57 - 1.313 +++ openpkg-src/vim/vim.spec 7 Apr 2004 10:17:05 - 1.314 @@ -26,7 +26,7 @@ # package versions %define V_vl 6.2 %define V_vs 62 -%define V_pl 453 +%define V_pl 456 # package information Name: vim @@ -39,7 +39,7 @@ Group:Editor License: Charityware Version: %{V_vl}.%{V_pl} -Release: 20040406 +Release: 20040407 # package options %option with_x11no @@ -508,6 +508,9 @@ Patch451: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.451 Patch452: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.452 Patch453: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.453 +Patch454: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.454 +Patch455: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.455 +Patch456: ftp://ftp.vim.org/pub/vim/patches/%{V_vl}.456 # build information Prefix: %{l_prefix} @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-src/freetds/ freetds.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 07-Apr-2004 12:17:54 Branch: HEAD Handle: 2004040711175300 Modified files: openpkg-src/freetds freetds.spec Log: upgrading package: freetds 0.62.1 - 0.62.2 Summary: RevisionChanges Path 1.2 +2 -2 openpkg-src/freetds/freetds.spec patch -p0 '@@ .' Index: openpkg-src/freetds/freetds.spec $ cvs diff -u -r1.1 -r1.2 freetds.spec --- openpkg-src/freetds/freetds.spec 14 Feb 2004 19:03:09 - 1.1 +++ openpkg-src/freetds/freetds.spec 7 Apr 2004 10:17:53 - 1.2 @@ -33,8 +33,8 @@ Class:EVAL Group:Database License: LGPL -Version: 0.62.1 -Release: 20040214 +Version: 0.62.2 +Release: 20040407 # package options %option with_shared no @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-re/ todo.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-re Date: 07-Apr-2004 12:19:30 Branch: HEAD Handle: 2004040711193000 Modified files: openpkg-re todo.txt Log: webmin is very popular, so we should package it when time permits Summary: RevisionChanges Path 1.205 +1 -0 openpkg-re/todo.txt patch -p0 '@@ .' Index: openpkg-re/todo.txt $ cvs diff -u -r1.204 -r1.205 todo.txt --- openpkg-re/todo.txt 1 Apr 2004 15:08:14 - 1.204 +++ openpkg-re/todo.txt 7 Apr 2004 10:19:30 - 1.205 @@ -335,6 +335,7 @@ 3. PERHAPS: + - [rse] webmin - http://www.webmin.com/ - [rse] sge - http://gridengine.sunsource.net/ - [rse] zonecheck - http://www.zonecheck.fr/ - [rse] thttpd - http://www.acme.com/software/thttpd/ @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-src/sharutils/ sharutils.patch sharutils.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 07-Apr-2004 14:40:10 Branch: HEAD Handle: 2004040713400900 Added files: openpkg-src/sharutils sharutils.patch Modified files: openpkg-src/sharutils sharutils.spec Log: SA-2004.011-sharutils Summary: RevisionChanges Path 1.1 +16 -0 openpkg-src/sharutils/sharutils.patch 1.26+3 -1 openpkg-src/sharutils/sharutils.spec patch -p0 '@@ .' Index: openpkg-src/sharutils/sharutils.patch $ cvs diff -u -r0 -r1.1 sharutils.patch --- /dev/null 2004-04-07 14:40:09.0 +0200 +++ sharutils.patch 2004-04-07 14:40:09.0 +0200 @@ -0,0 +1,16 @@ +http://www.securityfocus.com/archive/1/359639 +GNU Sharutils buffer overflow vulnerability + +Index: src/shar.c +--- src/shar.c.orig 2004-04-07 14:27:20.0 +0200 src/shar.c 2004-04-07 14:30:27.0 +0200 +@@ -1905,7 +1905,7 @@ + break; + + case 'o': +-strcpy (output_base_name, optarg); ++strncpy (output_base_name, optarg, sizeof(output_base_name)); + if (!strchr (output_base_name, '%')) + strcat (output_base_name, .%02d); + part_number = 0; + @@ . patch -p0 '@@ .' Index: openpkg-src/sharutils/sharutils.spec $ cvs diff -u -r1.25 -r1.26 sharutils.spec --- openpkg-src/sharutils/sharutils.spec 7 Feb 2004 17:58:43 - 1.25 +++ openpkg-src/sharutils/sharutils.spec 7 Apr 2004 12:40:09 - 1.26 @@ -34,10 +34,11 @@ Group:Archiver License: GPL Version: 4.2.1 -Release: 20040207 +Release: 20040407 # list of sources Source0: ftp://ftp.gnu.org/gnu/sharutils/sharutils-%{version}.tar.gz +Patch0: sharutils.patch # build information Prefix: %{l_prefix} @@ -71,6 +72,7 @@ %prep %setup -q +%patch %build CC=%{l_cc} \ @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: OPENPKG_2_0_SOLID: openpkg-src/sharutils/ sharutils.pat...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 07-Apr-2004 14:42:11 Branch: OPENPKG_2_0_SOLIDHandle: 2004040713421100 Added files: (Branch: OPENPKG_2_0_SOLID) openpkg-src/sharutils sharutils.patch Modified files: (Branch: OPENPKG_2_0_SOLID) openpkg-src/sharutils sharutils.spec Log: SA-2004.011-sharutils Summary: RevisionChanges Path 1.1.2.1 +16 -0 openpkg-src/sharutils/sharutils.patch 1.25.2.2+3 -1 openpkg-src/sharutils/sharutils.spec patch -p0 '@@ .' Index: openpkg-src/sharutils/sharutils.patch $ cvs diff -u -r0 -r1.1.2.1 sharutils.patch --- /dev/null 2004-04-07 14:42:11.0 +0200 +++ sharutils.patch 2004-04-07 14:42:11.0 +0200 @@ -0,0 +1,16 @@ +http://www.securityfocus.com/archive/1/359639 +GNU Sharutils buffer overflow vulnerability + +Index: src/shar.c +--- src/shar.c.orig 2004-04-07 14:27:20.0 +0200 src/shar.c 2004-04-07 14:30:27.0 +0200 +@@ -1905,7 +1905,7 @@ + break; + + case 'o': +-strcpy (output_base_name, optarg); ++strncpy (output_base_name, optarg, sizeof(output_base_name)); + if (!strchr (output_base_name, '%')) + strcat (output_base_name, .%02d); + part_number = 0; + @@ . patch -p0 '@@ .' Index: openpkg-src/sharutils/sharutils.spec $ cvs diff -u -r1.25.2.1 -r1.25.2.2 sharutils.spec --- openpkg-src/sharutils/sharutils.spec 18 Feb 2004 14:51:39 - 1.25.2.1 +++ openpkg-src/sharutils/sharutils.spec 7 Apr 2004 12:42:11 - 1.25.2.2 @@ -34,10 +34,11 @@ Group:Archiver License: GPL Version: 4.2.1 -Release: 2.0.0 +Release: 2.0.1 # list of sources Source0: ftp://ftp.gnu.org/gnu/sharutils/sharutils-%{version}.tar.gz +Patch0: sharutils.patch # build information Prefix: %{l_prefix} @@ -71,6 +72,7 @@ %prep %setup -q +%patch %build CC=%{l_cc} \ @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: OPENPKG_1_3_SOLID: openpkg-src/sharutils/ sharutils.pat...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 07-Apr-2004 14:45:26 Branch: OPENPKG_1_3_SOLIDHandle: 2004040713452500 Added files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/sharutils sharutils.patch Modified files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/sharutils sharutils.spec Log: SA-2004.011-sharutils Summary: RevisionChanges Path 1.1.4.1 +16 -0 openpkg-src/sharutils/sharutils.patch 1.21.2.2.2.2+3 -1 openpkg-src/sharutils/sharutils.spec patch -p0 '@@ .' Index: openpkg-src/sharutils/sharutils.patch $ cvs diff -u -r0 -r1.1.4.1 sharutils.patch --- /dev/null 2004-04-07 14:45:25.0 +0200 +++ sharutils.patch 2004-04-07 14:45:25.0 +0200 @@ -0,0 +1,16 @@ +http://www.securityfocus.com/archive/1/359639 +GNU Sharutils buffer overflow vulnerability + +Index: src/shar.c +--- src/shar.c.orig 2004-04-07 14:27:20.0 +0200 src/shar.c 2004-04-07 14:30:27.0 +0200 +@@ -1905,7 +1905,7 @@ + break; + + case 'o': +-strcpy (output_base_name, optarg); ++strncpy (output_base_name, optarg, sizeof(output_base_name)); + if (!strchr (output_base_name, '%')) + strcat (output_base_name, .%02d); + part_number = 0; + @@ . patch -p0 '@@ .' Index: openpkg-src/sharutils/sharutils.spec $ cvs diff -u -r1.21.2.2.2.1 -r1.21.2.2.2.2 sharutils.spec --- openpkg-src/sharutils/sharutils.spec 29 Jul 2003 15:01:30 - 1.21.2.2.2.1 +++ openpkg-src/sharutils/sharutils.spec 7 Apr 2004 12:45:25 - 1.21.2.2.2.2 @@ -33,10 +33,11 @@ Group:Archiver License: GPL Version: 4.2.1 -Release: 1.3.0 +Release: 1.3.1 # list of sources Source0: ftp://ftp.gnu.org/gnu/sharutils/sharutils-%{version}.tar.gz +Patch0: sharutils.patch # build information Prefix: %{l_prefix} @@ -63,6 +64,7 @@ %prep %setup -q +%patch %build CC=%{l_cc} \ @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/ security.txt security.wml openpkg-web/secu...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 07-Apr-2004 14:45:54 Branch: HEAD Handle: 2004040713455301 Added files: openpkg-web/securityOpenPKG-SA-2004.011-sharutils Modified files: openpkg-web security.txt security.wml Log: SA-2004.011-sharutils Summary: RevisionChanges Path 1.69+1 -0 openpkg-web/security.txt 1.89+1 -0 openpkg-web/security.wml 1.1 +75 -0 openpkg-web/security/OpenPKG-SA-2004.011-sharutils patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.68 -r1.69 security.txt --- openpkg-web/security.txt 5 Apr 2004 12:48:29 - 1.68 +++ openpkg-web/security.txt 7 Apr 2004 12:45:53 - 1.69 @@ -1,3 +1,4 @@ +07-Apr-2004: Security Advisory: SOpenPKG-SA-2004.011-sharutils 05-Apr-2004: Security Advisory: SOpenPKG-SA-2004.009-mc 01-Apr-2004: Security Advisory: SOpenPKG-SA-2004.008-squid 18-Mar-2004: Security Advisory: SOpenPKG-SA-2004.007-openssl @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.88 -r1.89 security.wml --- openpkg-web/security.wml 5 Apr 2004 12:56:08 - 1.88 +++ openpkg-web/security.wml 7 Apr 2004 12:45:54 - 1.89 @@ -76,6 +76,7 @@ /define-tag box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 + sa 2004.011 sharutils sa 2004.009 mc sa 2004.008 squid sa 2004.007 openssl @@ . patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2004.011-sharutils $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2004.011-sharutils --- /dev/null 2004-04-07 14:45:54.0 +0200 +++ OpenPKG-SA-2004.011-sharutils 2004-04-07 14:45:54.0 +0200 @@ -0,0 +1,75 @@ +#FIXME, this is a template +#FIXME, the first three lines are just dummies +#FIXME, to help comparing this against sibling signed documents + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2004.011 07-Apr-2004 + + +Package: sharutils +Vulnerability: arbitrary code execution +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT = sharutils-4.2.1-20011201 = sharutils-4.2.1-20040407 +OpenPKG 2.0 = sharutils-4.2.1-2.0.0= sharutils-4.2.1-2.0.1 +OpenPKG 1.3 = sharutils-4.2.1-1.3.0= sharutils-4.2.1-1.3.1 + +Dependent Packages: none + +Description: + According to a posting on Bugtraq [1], Shaun Colley discovered and + researched a stack-based buffer overflow vulnerability which exists in + the GNU Sharutils [2] due to lack of bounds checking when handling the + '-o' command-line option. + + Please check whether you are affected by running prefix/bin/rpm + -q sharutils. If you have the sharutils package installed and its + version is affected (see above), we recommend that you immediately + upgrade it (see Solution). [3][4] + +Solution: + Select the updated source RPM appropriate for your OpenPKG release + [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror + location, verify its integrity [9], build a corresponding binary RPM + from it [3] and update your OpenPKG installation by applying the + binary RPM [4]. For the most recent release OpenPKG 2.0, perform the + following operations to permanently fix the security problem (for + other releases adjust accordingly). + + $ ftp ftp.openpkg.org + ftp bin + ftp cd release/2.0/UPD + ftp get sharutils-4.2.1-2.0.1.src.rpm + ftp bye + $ prefix/bin/openpkg rpm -v --checksig sharutils-4.2.1-2.0.1.src.rpm + $ prefix/bin/openpkg rpm --rebuild sharutils-4.2.1-2.0.1.src.rpm + $ su - + # prefix/bin/openpkg rpm -Fvh prefix/RPM/PKG/sharutils-4.2.1-2.0.1.*.rpm + + Additionally, we recommend that you rebuild and reinstall + all dependent packages (see above), if any, too. [3][4
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.010-tcpdump.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Michael Schloh Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 07-Apr-2004 15:02:19 Branch: HEAD Handle: 2004040714021900 Added files: openpkg-web/securityOpenPKG-SA-2004.010-tcpdump.txt Log: first draft OpenPKG-SA-2004.010-tcpdump (CAN-2004-0183 and CAN-2004-0184), to accompany update packages tcpdump-3.8.1-2.0.1.src.rpm and tcpdump-3.7.2-1.3.2.src.rpm Summary: RevisionChanges Path 1.1 +76 -0 openpkg-web/security/OpenPKG-SA-2004.010-tcpdump.txt patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2004.010-tcpdump.txt $ cvs diff -u -r0 -r1.1 OpenPKG-SA-2004.010-tcpdump.txt --- /dev/null 2004-04-07 15:02:19.0 +0200 +++ OpenPKG-SA-2004.010-tcpdump.txt 2004-04-07 15:02:19.0 +0200 @@ -0,0 +1,76 @@ + + +OpenPKG Security AdvisoryThe OpenPKG Project +http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] +OpenPKG-SA-2004.010 07-Apr-2004 + + +Package: tcpdump +Vulnerability: denial of service +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT = tcpdump-3.8.1-20040207 = tcpdump-3.8.2-20040330 +OpenPKG 2.0 = tcpdump-3.8.1-2.0.0 = tcpdump-3.8.1-2.0.1 +OpenPKG 1.3 = tcpdump-3.7.2-1.3.1 = tcpdump-3.7.2-1.3.2 + +Dependent Packages: none + +Description: + According to a security advisory published by Rapid7 [0], two + vulnerabilities exists in the ISAKMP packet display functions of + tcpdump [1]. The Common Vulnerabilities and Exposures (CVE) project + has reviewed both problems. CAN-2004-0183 [2] identifies an overflow + when displaying ISAKMP delete payloads with large number of SPIs, + while CAN-2004-0184 [3] identifies an integer underflow when + displaying ISAKMP identification payload. These vulnerabilities + appear only when verbose packet display is enabled by running tcpdump + with the -v option. + + Please check whether you are affected by running prefix/bin/rpm + -q tcpdump. If you have the tcpdump package installed and its + version is affected (see above), we recommend that you immediately + upgrade it (see Solution). [4][5] + +Solution: + Select the updated source RPM appropriate for your OpenPKG release + [6][7], fetch it from the OpenPKG FTP service [8][9] or a mirror + location, verify its integrity [10], build a corresponding binary RPM + from it [4] and update your OpenPKG installation by applying the + binary RPM [5]. For the most current release OpenPKG 2.0, perform the + following operations to permanently fix the security problem (for + other releases adjust accordingly). + + $ ftp ftp.openpkg.org + ftp bin + ftp cd release/2.0/UPD + ftp get tcpdump-3.8.1-2.0.1.src.rpm + ftp bye + $ prefix/bin/rpm -v --checksig tcpdump-3.8.1-2.0.1.src.rpm + $ prefix/bin/rpm --rebuild tcpdump-3.8.1-2.0.1.src.rpm + $ su - + # prefix/bin/rpm -Fvh prefix/RPM/PKG/tcpdump-3.8.1-2.0.1.*.rpm + + +References: + [0] http://www.rapid7.com/advisories/R7-0017.html + [1] http://www.tcpdump.org/ + [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0183 + [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0184 + [4] http://www.openpkg.org/tutorial.html#regular-source + [5] http://www.openpkg.org/tutorial.html#regular-binary + [6] ftp://ftp.openpkg.org/release/1.3/UPD/tcpdump-3.7.1-1.3.2.src.rpm + [7] ftp://ftp.openpkg.org/release/2.0/UPD/tcpdump-3.8.1-2.0.1.src.rpm + [8] ftp://ftp.openpkg.org/release/1.3/UPD/ + [9] ftp://ftp.openpkg.org/release/2.0/UPD/ + [10] http://www.openpkg.org/security.html#signature + + +For security reasons, this advisory was digitally signed with the +OpenPGP public key OpenPKG [EMAIL PROTECTED] (ID 63C4CB9F) of the +OpenPKG project which you can retrieve from http://pgp.openpkg.org and +hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/ +for details on how to verify the integrity of this advisory.
[CVS] OpenPKG: openpkg-src/xine-ui/ xine-ui.patch xine-ui.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Torsten Homeyer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 07-Apr-2004 15:37:14 Branch: HEAD Handle: 2004040714371400 Modified files: openpkg-src/xine-ui xine-ui.patch xine-ui.spec Log: Added linker flag to make statically linked symbols visible to objects loaded dynamically via dlopen Summary: RevisionChanges Path 1.2 +37 -0 openpkg-src/xine-ui/xine-ui.patch 1.19+1 -1 openpkg-src/xine-ui/xine-ui.spec patch -p0 '@@ .' Index: openpkg-src/xine-ui/xine-ui.patch $ cvs diff -u -r1.1 -r1.2 xine-ui.patch --- openpkg-src/xine-ui/xine-ui.patch 28 Dec 2003 12:47:21 - 1.1 +++ openpkg-src/xine-ui/xine-ui.patch 7 Apr 2004 13:37:14 - 1.2 @@ -9,3 +9,40 @@ #ifdef HAVE_X11 #include X11/Xlib.h +--- src/xitk/Makefile.in.orig 2004-04-07 12:49:16.0 +0200 src/xitk/Makefile.in2004-04-07 12:49:50.0 +0200 +@@ -370,10 +370,10 @@ +tvout.$(OBJEXT) tvset.$(OBJEXT) videowin.$(OBJEXT) \ +viewlog.$(OBJEXT) + xine_OBJECTS = $(am_xine_OBJECTS) +-xine_LDFLAGS = ++xine_LDFLAGS = -Wl,-E + am_xine_remote_OBJECTS = xine-remote.$(OBJEXT) + xine_remote_OBJECTS = $(am_xine_remote_OBJECTS) +-xine_remote_LDFLAGS = ++xine_remote_LDFLAGS = -Wl,-E + + DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/depcomp +--- src/aaui/Makefile.in.orig 2004-04-07 12:44:19.0 +0200 src/aaui/Makefile.in2004-04-07 12:45:56.0 +0200 +@@ -245,7 +245,7 @@ + + am_aaxine_OBJECTS = $(am__objects_1) main.$(OBJEXT) + aaxine_OBJECTS = $(am_aaxine_OBJECTS) +-aaxine_LDFLAGS = ++aaxine_LDFLAGS = -Wl,-E + + DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/depcomp +--- src/fb/Makefile.in.orig 2004-04-07 12:47:12.0 +0200 src/fb/Makefile.in 2004-04-07 12:47:51.0 +0200 +@@ -249,7 +249,7 @@ +stdctl.$(OBJEXT) post.$(OBJEXT) osd.$(OBJEXT) \ +config_wrapper.$(OBJEXT) + fbxine_OBJECTS = $(am_fbxine_OBJECTS) +-fbxine_LDFLAGS = ++fbxine_LDFLAGS = -Wl,-E + + DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/depcomp @@ . patch -p0 '@@ .' Index: openpkg-src/xine-ui/xine-ui.spec $ cvs diff -u -r1.18 -r1.19 xine-ui.spec --- openpkg-src/xine-ui/xine-ui.spec 7 Feb 2004 18:00:21 - 1.18 +++ openpkg-src/xine-ui/xine-ui.spec 7 Apr 2004 13:37:14 - 1.19 @@ -34,7 +34,7 @@ Group:Video License: GPL Version: 0.9.23 -Release: 20040207 +Release: 20040407 # list of sources Source0: http://download.sourceforge.net/xine/xine-ui-%{version}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-src/xine-lib/ xine-lib.patch xine-lib.spec
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Torsten Homeyer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 07-Apr-2004 16:40:25 Branch: HEAD Handle: 2004040715402500 Modified files: openpkg-src/xine-libxine-lib.patch xine-lib.spec Log: modifying package: xine-lib-1rc3b 20040330 - 20040407 Summary: RevisionChanges Path 1.10+9 -9 openpkg-src/xine-lib/xine-lib.patch 1.27+1 -1 openpkg-src/xine-lib/xine-lib.spec patch -p0 '@@ .' Index: openpkg-src/xine-lib/xine-lib.patch $ cvs diff -u -r1.9 -r1.10 xine-lib.patch --- openpkg-src/xine-lib/xine-lib.patch 30 Mar 2004 10:23:30 - 1.9 +++ openpkg-src/xine-lib/xine-lib.patch 7 Apr 2004 14:40:25 - 1.10 @@ -122,7 +122,7 @@ +#elif defined (__linux) # include stdint.h +#elif defined (__FreeBSD__) -+# include sys/inttypes.h ++# include inttypes.h +#else +# includesys/types.h #endif @@ -138,7 +138,7 @@ +#elif defined (__linux) # include stdint.h +#elif defined (__FreeBSD__) -+# include sys/inttypes.h ++# include inttypes.h +#else +# includesys/types.h #endif @@ -155,7 +155,7 @@ +#elif defined (__linux) +# include stdint.h +#elif defined (__FreeBSD__) -+# include sys/inttypes.h ++# include inttypes.h +#else +# includesys/types.h +#endif @@ -174,7 +174,7 @@ +#elif defined (__linux) +# include stdint.h +#elif defined (__FreeBSD__) -+# include sys/inttypes.h ++# include inttypes.h +#else +# includesys/types.h +#endif @@ -195,7 +195,7 @@ +#elif defined (__linux) +# include stdint.h +#elif defined (__FreeBSD__) -+# include sys/inttypes.h ++# include inttypes.h #else -# if HAVE_STDINT_H -# include stdint.h @@ -229,7 +229,7 @@ +#elif defined (__linux) +# include stdint.h +#elif defined (__FreeBSD__) -+# include sys/inttypes.h ++# include inttypes.h #else -# if HAVE_STDINT_H -# include stdint.h @@ -251,7 +251,7 @@ +#elif defined (__linux) +# include stdint.h +#elif defined (__FreeBSD__) -+# include sys/inttypes.h ++# include inttypes.h #else -#include stdint.h +# includesys/types.h @@ -271,7 +271,7 @@ +#elif defined (__linux) +# include stdint.h +#elif defined (__FreeBSD__) -+# include sys/inttypes.h ++# include inttypes.h #else -#include stdint.h +# includesys/types.h @@ -289,7 +289,7 @@ +#elif defined (__linux) +# include stdint.h +#elif defined (__FreeBSD__) -+# include sys/inttypes.h ++# include inttypes.h +#else +# includesys/types.h +#endif @@ . patch -p0 '@@ .' Index: openpkg-src/xine-lib/xine-lib.spec $ cvs diff -u -r1.26 -r1.27 xine-lib.spec --- openpkg-src/xine-lib/xine-lib.spec30 Mar 2004 10:23:30 - 1.26 +++ openpkg-src/xine-lib/xine-lib.spec7 Apr 2004 14:40:25 - 1.27 @@ -40,7 +40,7 @@ Group:Video License: GPL Version: %{V_opkg} -Release: 20040330 +Release: 20040407 # list of sources Source0: http://download.sourceforge.net/xine/xine-lib-%{V_dist}.tar.gz @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
Re: FYI: openpkg-tool - openpkg-tools
I tried several things, and it was not a perl suid issue. So I found build.pl and examined it, and found this (starting at line 1100): print # curling index $fetch\n; if ($fetch =~ /\.bz2$/) { $path = $CURL -q -s -o - \$fetch\ | $bzip2 -dc |; } else { $path = $CURL -q -s -o - \$fetch\ |; } From the docs for curl, it looks like -q as the first argument *disables* .curlrc Therefore, removing it solved my problem. Adding --disable-epsv to the command line above also had the same effect. I'm sure there are some good reasons to use -q, but in my case, since EPSV doesn't work, it would be nice to disable it without modifying build.pl Should we call this a bug or a feature? 8-) -- Vinod On Wed, 7 Apr 2004, Michael van Elst wrote: If curl is working for user opkg then you should be able to run 'openpkg build' as that user. Saying that, I just read about someone who, for some unknown reason, had suid-bits set on his perl executable. Maybe you are a victim too and the script isn't running under the uid of opkg ? __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[CVS] OpenPKG: OPENPKG_1_3_SOLID: openpkg-src/tcpdump/ tcpdump.patch t...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Michael Schloh Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 07-Apr-2004 17:44:02 Branch: OPENPKG_1_3_SOLIDHandle: 2004040716440200 Modified files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/tcpdump tcpdump.patch tcpdump.spec Log: OpenPKG-SA-2004.010-tcpdump (CAN-2004-0183 and CAN-2004-0184): Integrate patch code from debian's tcpdump_3.7.2-4.diff.gz to avoid denial of service from reading ISAKMP packets with malformed delete payloads and identification payloads Summary: RevisionChanges Path 1.1.6.2.2.2 +495 -11openpkg-src/tcpdump/tcpdump.patch 1.25.2.3.2.3+1 -1 openpkg-src/tcpdump/tcpdump.spec patch -p0 '@@ .' Index: openpkg-src/tcpdump/tcpdump.patch $ cvs diff -u -r1.1.6.2.2.1 -r1.1.6.2.2.2 tcpdump.patch --- openpkg-src/tcpdump/tcpdump.patch 16 Jan 2004 12:38:59 - 1.1.6.2.2.1 +++ openpkg-src/tcpdump/tcpdump.patch 7 Apr 2004 15:44:02 - 1.1.6.2.2.2 @@ -19,17 +19,19 @@ tcpdump patch patrix; [EMAIL PROTECTED] - tcpdump 371 371 372 381 - OpenPKG 120 121 130 20020822 ---- --- --- --- - CAN-2002-0380 nfs y n n n see past OpenPKG-SA-2003.014-tcpdump - CAN-2002-1350 bgp y n n n see past OpenPKG-SA-2003.014-tcpdump - CAN-2003-0108 isakmp y n n n see past OpenPKG-SA-2003.014-tcpdump -depthy y y n (*) - CAN-2003-0989 isakmp y y y n updates CAN-2003-0108-isakmp - CAN-2003-1029 l2tp y y n n - CAN-2004-0055 radius y y y y - CAN-2004-0057 isakmp y y y y + tcpdump 371 371 372 372 381 + OpenPKG 120 121 130 131 20020822 +--- --- --- --- --- + CAN-2002-0380 nfs y n n n n see past OpenPKG-SA-2003.014-tcpdump + CAN-2002-1350 bgp y n n n n see past OpenPKG-SA-2003.014-tcpdump + CAN-2003-0108 isakmp y n n n n see past OpenPKG-SA-2003.014-tcpdump +depthy y y n n (*) + CAN-2003-0989 isakmp y y y n n updates CAN-2003-0108-isakmp + CAN-2003-1029 l2tp y y n n n + CAN-2004-0055 radius y y y y y + CAN-2004-0057 isakmp y y y y y + CAN-2004-0183 isakmp y y y y y + CAN-2004-0184 isakmp y y y y y (*) the vendor code fix for CAN-2003-0108 had two other unrelated code changes piggybacked. We removed the cosmetics (constify) and @@ -492,3 +494,485 @@ static char * +Index: print-isakmp.c +diff -Nau print-isakmp.c.CAN-2004-0183 print-isakmp.c +--- print-isakmp.c.CAN-2004-0183 2004-04-07 16:29:55.0 +0200 print-isakmp.c 2004-04-07 17:16:45.0 +0200 +@@ -326,7 +326,7 @@ + return 0; + } + +-static void ++static int + rawprint(caddr_t loc, size_t len) + { + static u_char *p; +@@ -337,8 +337,9 @@ + p = (u_char *)loc; + for (i = 0; i len; i++) + printf(%02x, p[i] 0xff); ++ return 1; + trunc: +- return; ++ return 0; + } + + struct attrmap { +@@ -430,6 +431,7 @@ + printf(%s:, NPSTR(ISAKMP_NPTYPE_SA)); + + p = (struct isakmp_pl_sa *)ext; ++TCHECK(*p); + safememcpy(sa, ext, sizeof(sa)); + doi = ntohl(sa.doi); + sit = ntohl(sa.sit); +@@ -456,16 +458,21 @@ + + np = (u_char *)ext + sizeof(sa); + if (sit != 0x01) { ++TCHECK2(*(ext + 1), sizeof(ident)); + safememcpy(ident, ext + 1, sizeof(ident)); + printf( ident=%u, (u_int32_t)ntohl(ident)); + np += sizeof(ident); + } + + ext = (struct isakmp_gen *)np; ++TCHECK(*ext); + + cp = isakmp_sub_print(ISAKMP_NPTYPE_P, ext, ep, phase, doi, proto0, depth); + + return cp; ++trunc: ++printf( [|%s], NPSTR(ISAKMP_NPTYPE_SA)); ++return NULL; + } + + static u_char * +@@ -478,20 +485,26 @@ + printf(%s:, NPSTR(ISAKMP_NPTYPE_P)); + + p = (struct isakmp_pl_p *)ext; ++TCHECK(*p); + safememcpy(prop, ext, sizeof(prop)); + printf( #%d protoid=%s transform=%d, + prop.p_no, PROTOIDSTR(prop.prot_id), prop.num_t); + if (prop.spi_size) { + printf( spi=); +-rawprint((caddr_t)(p + 1), prop.spi_size); ++if (!rawprint((caddr_t)(p + 1), prop.spi_size)) ++
[CVS] OpenPKG: OPENPKG_1_3_SOLID: openpkg-src/tcpdump/ tcpdump.patch
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Michael Schloh Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 07-Apr-2004 18:08:02 Branch: OPENPKG_1_3_SOLIDHandle: 2004040717080100 Modified files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/tcpdump tcpdump.patch Log: correct spelling, align columns, and append new CAN identifiers to patch matrix Summary: RevisionChanges Path 1.1.6.2.2.3 +13 -13 openpkg-src/tcpdump/tcpdump.patch patch -p0 '@@ .' Index: openpkg-src/tcpdump/tcpdump.patch $ cvs diff -u -r1.1.6.2.2.2 -r1.1.6.2.2.3 tcpdump.patch --- openpkg-src/tcpdump/tcpdump.patch 7 Apr 2004 15:44:02 - 1.1.6.2.2.2 +++ openpkg-src/tcpdump/tcpdump.patch 7 Apr 2004 16:08:01 - 1.1.6.2.2.3 @@ -17,21 +17,21 @@ #include string.h -tcpdump patch patrix; [EMAIL PROTECTED] +tcpdump patch matrix; [EMAIL PROTECTED] tcpdump 371 371 372 372 381 - OpenPKG 120 121 130 131 20020822 ---- --- --- --- --- - CAN-2002-0380 nfs y n n n n see past OpenPKG-SA-2003.014-tcpdump - CAN-2002-1350 bgp y n n n n see past OpenPKG-SA-2003.014-tcpdump - CAN-2003-0108 isakmp y n n n n see past OpenPKG-SA-2003.014-tcpdump -depthy y y n n (*) - CAN-2003-0989 isakmp y y y n n updates CAN-2003-0108-isakmp - CAN-2003-1029 l2tp y y n n n - CAN-2004-0055 radius y y y y y - CAN-2004-0057 isakmp y y y y y - CAN-2004-0183 isakmp y y y y y - CAN-2004-0184 isakmp y y y y y + OpenPKG 120 121 130 131 20040207 +--- --- --- --- + CAN-2002-0380 nfs y n n n n see past OpenPKG-SA-2003.014-tcpdump + CAN-2002-1350 bgp y n n n n see past OpenPKG-SA-2003.014-tcpdump + CAN-2003-0108 isakmp y n n n n see past OpenPKG-SA-2003.014-tcpdump +depthy y y n n (*) + CAN-2003-0989 isakmp y y y n n updates CAN-2003-0108-isakmp + CAN-2003-1029 l2tp y y n n n see past OpenPKG-SA-2004.002-tcpdump + CAN-2004-0055 radius y y y y y see past OpenPKG-SA-2004.002-tcpdump + CAN-2004-0057 isakmp y y y y y see past OpenPKG-SA-2004.002-tcpdump + CAN-2004-0183 isakmp y y y y y + CAN-2004-0184 isakmp y y y y y (*) the vendor code fix for CAN-2003-0108 had two other unrelated code changes piggybacked. We removed the cosmetics (constify) and @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
Re: FYI: openpkg-tool - openpkg-tools
From the docs for curl, it looks like -q as the first argument *disables* .curlrc I am sure that it used to mean something different. -- Michael van Elst Internet: [EMAIL PROTECTED] A potential Snark may lurk in every tree. __ The OpenPKG Projectwww.openpkg.org Developer Communication List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/ security.txt security.wml
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Michael Schloh Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 07-Apr-2004 18:24:59 Branch: HEAD Handle: 2004040717245900 Modified files: openpkg-web security.txt security.wml Log: publish OpenPKG-SA-2004.010-tcpdump Summary: RevisionChanges Path 1.70+1 -0 openpkg-web/security.txt 1.90+1 -0 openpkg-web/security.wml patch -p0 '@@ .' Index: openpkg-web/security.txt $ cvs diff -u -r1.69 -r1.70 security.txt --- openpkg-web/security.txt 7 Apr 2004 12:45:53 - 1.69 +++ openpkg-web/security.txt 7 Apr 2004 16:24:59 - 1.70 @@ -1,4 +1,5 @@ 07-Apr-2004: Security Advisory: SOpenPKG-SA-2004.011-sharutils +07-Apr-2004: Security Advisory: SOpenPKG-SA-2004.010-tcpdump 05-Apr-2004: Security Advisory: SOpenPKG-SA-2004.009-mc 01-Apr-2004: Security Advisory: SOpenPKG-SA-2004.008-squid 18-Mar-2004: Security Advisory: SOpenPKG-SA-2004.007-openssl @@ . patch -p0 '@@ .' Index: openpkg-web/security.wml $ cvs diff -u -r1.89 -r1.90 security.wml --- openpkg-web/security.wml 7 Apr 2004 12:45:54 - 1.89 +++ openpkg-web/security.wml 7 Apr 2004 16:24:59 - 1.90 @@ -77,6 +77,7 @@ box bdwidth=1 bdcolor=#a5a095 bdspace=10 bgcolor=#e5e0d5 table cellspacing=0 cellpadding=0 border=0 sa 2004.011 sharutils + sa 2004.010 tcpdump sa 2004.009 mc sa 2004.008 squid sa 2004.007 openssl @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.011-sharutils.txt
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 07-Apr-2004 22:24:12 Branch: HEAD Handle: 2004040721241200 Modified files: openpkg-web/securityOpenPKG-SA-2004.011-sharutils.txt Log: release OpenPKG Security Advisory 2004.011 (sharutils) Summary: RevisionChanges Path 1.2 +10 -6 openpkg-web/security/OpenPKG-SA-2004.011-sharutils.txt patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2004.011-sharutils.txt $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2004.011-sharutils.txt --- openpkg-web/security/OpenPKG-SA-2004.011-sharutils.txt7 Apr 2004 12:45:54 - 1.1 +++ openpkg-web/security/OpenPKG-SA-2004.011-sharutils.txt7 Apr 2004 20:24:12 - 1.2 @@ -1,6 +1,6 @@ -#FIXME, this is a template -#FIXME, the first three lines are just dummies -#FIXME, to help comparing this against sibling signed documents +-BEGIN PGP SIGNED MESSAGE- +Hash: SHA1 + OpenPKG Security AdvisoryThe OpenPKG Project @@ -49,9 +49,6 @@ $ prefix/bin/openpkg rpm --rebuild sharutils-4.2.1-2.0.1.src.rpm $ su - # prefix/bin/openpkg rpm -Fvh prefix/RPM/PKG/sharutils-4.2.1-2.0.1.*.rpm - - Additionally, we recommend that you rebuild and reinstall - all dependent packages (see above), if any, too. [3][4] References: @@ -73,3 +70,10 @@ for details on how to verify the integrity of this advisory. +-BEGIN PGP SIGNATURE- +Comment: OpenPKG [EMAIL PROTECTED] + +iD8DBQFAdGMzgHWT4GPEy58RAsZuAKDSh3FdkQsjfqT4nUsd1Vv13S3usQCguVO8 +XXHwppXg6f1oPAs2ewAqB9k= +=c2IQ +-END PGP SIGNATURE- @@ . __ The OpenPKG Projectwww.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]
[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2003.023-delegate.txt ...
OpenPKG CVS Repository http://cvs.openpkg.org/ Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 07-Apr-2004 22:43:32 Branch: HEAD Handle: 2004040721433200 Modified files: openpkg-web/securityOpenPKG-SA-2003.023-delegate.txt OpenPKG-SA-2003.027-sendmail.txt OpenPKG-SA-2003.030-ghostscript.txt OpenPKG-SA-2004.008-squid.txt Log: SA typo fixing, spell checking, cosmetics, alignment and resigning - logic unchanged in all cases Summary: RevisionChanges Path 1.4 +4 -4 openpkg-web/security/OpenPKG-SA-2003.023-delegate.txt 1.8 +4 -4 openpkg-web/security/OpenPKG-SA-2003.027-sendmail.txt 1.3 +11 -11 openpkg-web/security/OpenPKG-SA-2003.030-ghostscript.txt 1.6 +3 -3 openpkg-web/security/OpenPKG-SA-2004.008-squid.txt patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2003.023-delegate.txt $ cvs diff -u -r1.3 -r1.4 OpenPKG-SA-2003.023-delegate.txt --- openpkg-web/security/OpenPKG-SA-2003.023-delegate.txt 19 Mar 2003 14:53:07 - 1.3 +++ openpkg-web/security/OpenPKG-SA-2003.023-delegate.txt 7 Apr 2004 20:43:32 - 1.4 @@ -6,7 +6,7 @@ OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] -OpenPKG-SA-SA-2003.023 19-Mar-2003 +OpenPKG-SA-2003.023 19-Mar-2003 Package: delegate @@ -75,7 +75,7 @@ -BEGIN PGP SIGNATURE- Comment: OpenPKG [EMAIL PROTECTED] -iD8DBQE+eIPogHWT4GPEy58RAjk9AKCpX55H/+HUu2cpdmtM/SNdDNeA+ACgvMTE -Dh1C6hKWEKzhXj+k89E8CpI= -=6xux +iD8DBQFAdGYagHWT4GPEy58RAgUEAKDPqdUsbnWLna17+XVtNj06UueTmgCg+HlV +MhANpJdRaulh2AjFUMSAMhw= +=KcAA -END PGP SIGNATURE- @@ . patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2003.027-sendmail.txt $ cvs diff -u -r1.7 -r1.8 OpenPKG-SA-2003.027-sendmail.txt --- openpkg-web/security/OpenPKG-SA-2003.027-sendmail.txt 30 Mar 2003 12:42:18 - 1.7 +++ openpkg-web/security/OpenPKG-SA-2003.027-sendmail.txt 7 Apr 2004 20:43:32 - 1.8 @@ -6,7 +6,7 @@ OpenPKG Security AdvisoryThe OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] -OpenPKG-SA-SA-2003.027 30-Mar-2003 +OpenPKG-SA-2003.027 30-Mar-2003 Package: sendmail @@ -78,7 +78,7 @@ -BEGIN PGP SIGNATURE- Comment: OpenPKG [EMAIL PROTECTED] -iD8DBQE+huYSgHWT4GPEy58RAhdpAKDGqKOKSGwfuxVT5imK+1H0LBDcPACgu1nq -cia1t2PI8lNReMIeza3KLKI= -=38Sm +iD8DBQFAdGYugHWT4GPEy58RAlCFAJ47UU1ZbfV9rlPXTXrqADcLO5h4EwCfaCNl +p2d4y4SAHv36qdUWeLnUnMY= +=kPrv -END PGP SIGNATURE- @@ . patch -p0 '@@ .' Index: openpkg-web/security/OpenPKG-SA-2003.030-ghostscript.txt $ cvs diff -u -r1.2 -r1.3 OpenPKG-SA-2003.030-ghostscript.txt --- openpkg-web/security/OpenPKG-SA-2003.030-ghostscript.txt 3 Jun 2003 13:44:01 - 1.2 +++ openpkg-web/security/OpenPKG-SA-2003.030-ghostscript.txt 7 Apr 2004 20:43:32 - 1.3 @@ -9,14 +9,14 @@ OpenPKG-SA-2003.030 03-Jun-2003 -Package: ghostscript -Vulnerability: execute arbitrary commands -OpenPKG Specific: no - -Affected Releases: Affected Packages: Corrected Packages: -OpenPKG CURRENT= ghostscript-7.04-20021013 = ghostscript-8.00-20021122 -OpenPKG 1.2none N.A. -OpenPKG 1.1= ghostscript-7.04-1.1.0= ghostscript-7.04-1.1.1 +Package: ghostscript +Vulnerability: execute arbitrary commands +OpenPKG Specific:no + +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT =
coreutils patch, uname and hostname conflicts.
The attached patch removes the uname and hostname files when compiling with with_legacy = yes on coreutils. The uname program is used extensively in autoconf files, often expecting vendor-specific behaviour as a means of identifying the system. On SuSE Linux systems using the OpenPKG version of hostname in system scripts can cause some very interesting side affects. This particular diff was make on a Release 2.0 .spec file, but should be easily adapted to current. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``Never chastise a Windows user...just smile at them kindly as you would a disadvantaged child.'' WBM --- coreutils.spec.orig 2004-04-05 07:14:12.0 -0700 +++ coreutils.spec 2004-04-07 14:59:16.0 -0700 @@ -38,7 +38,7 @@ Group:Utility License: GPL Version: %{V_release} -Release: 2.0.1 +Release: 20040407 # package options %option with_legacy no @@ -126,6 +126,11 @@ for i in g*; do ln -s $i `echo $i | sed -e 's;^g;;'` done + # these cause problems on SuSE 8.x and Darwin + for p in hostname uname ; do + rm $RPM_BUILD_ROOT%{l_prefix}/bin/$p + rm $RPM_BUILD_ROOT%{l_prefix}/man/man1/${p}* + done ) || exit $? %endif rm -f $RPM_BUILD_ROOT%{l_prefix}/info/dir
[OpenPKG] Version Tracking Report (2004-04-08 07:42)
OpenPKG Version Tracking Report === Reporting Time:2004-04-08 07:42 Tracking Duration: 0:30:44 (H:M:S) Tracking Input:1036 sources (713 packages) Tracking Result: 983 up-to-date, 11 out-dated, 42 error The following 11 sources were determined to be out-dated because newer vendor versions were found. Upgrade the corresponding OpenPKG packages. - - - Package Old Version New Version - - - cvs 1.12.51.12.6 gcc34 3.4-20040331 3.4-20040407 kde-base 3.1.4 3.2.1 mozilla-mplayer 1.2 2.50 netpbm10.18.11 10.18.12 orpie 1.0.1 1.0.2 perl-www:WWW-Mechanize0.74 0.76 scanssh 1.60b 2.0 uvscan:datfiles 4348 4349 vim:patchlevel6.2.458 6.2.460 zoem 04-09004-098 - - - The following 42 sources could not be successfully checked because an error occurred while processing. Keep at least an eye on them. - - - Package Old Version Error - - - atk 1.6.0 1st connection failed o.. cocor 17connection failed or ti.. firefox 0.8 2nd connection failed o.. flex:release 2.5.4aconnection failed or ti.. gdk-pixbuf0.22.02nd connection failed o.. gimp 2.0.0 1st connection failed o.. glib 1.2.10connection failed or ti.. glib2 2.4.0 1st connection failed o.. glimpse 4.17.4latest version online [1] gnupg 1.2.4 connection failed or ti.. gpg-error 0.7 connection failed or ti.. gtk 1.2.101st connection failed o.. gtk2 2.4.0 1st connection failed o.. kde-qt3.2.3 connection failed or ti.. less 382 latest version online l.. libart2.3.162nd connection failed o.. lyx:xforms1.0 2nd regex didn't matc [2] max 7.4.2 regex didn't match (p [3] mirror2.9 connection failed or ti.. mtools3.9.9 regex didn't match (pro.. mutt151.5.6iconnection failed or ti.. newsyslog 1.1 connection failed or ti.. nspr 4.4.1 1st connection failed o.. ocaml 3.07pl2 regex didn't match (pro.. pango 1.4.0 1st connection failed o.. patch:alpha 2.5.9 connection failed or ti.. pax 2004-02-29regex didn't match (pro.. perl-time:Class-Date 1.1.7 connection failed or ti.. rdist 7.0.0-alpha10 connection failed or ti.. ripe-asused:netwhois 1.19 regex didn't match (pro.. rt3-0-9 regex didn't match (pro.. smtpfeed 1.18 connection failed or [4] snmp 5.1.1 regex didn't match (p [5] tiff 3.6.1 connection failed or ti.. top 3.5beta12.10 connection failed or ti.. unarj 2.65 latest version online l.. unarj:patch 2.65-1latest version online l.. unixodbc 2.2.8 connection failed or ti.. vcheck1.2.1 regex didn't match (p [6] xalan 2_5_1 regex didn't match (pro.. xpm 3.4k connection failed or ti.. yodl