Re: [SECURITY] libwmf

2015-07-09 Thread Dr. Volker Zell 
 Yaakov Selkowitz writes:

 On Mon, 2015-06-29 at 17:56 +0200, Dr. Volker Zell wrote:
  Yaakov Selkowitz writes:
  On Mon, 2015-06-08 at 15:42 -0500, Yaakov Selkowitz wrote:
  On Fri, 2015-06-05 at 03:17 -0500, Yaakov Selkowitz wrote:
   Dr. Volker,
   
   A security vulnerability has been made public for libwmf:
   
   https://bugzilla.redhat.com/show_bug.cgi?id=1227243
  
  Actually, it's worse than that.  Despite configuring with 
--with-sys-gd,
  libwmf is still being built with the bundled libgd (which has either 
an
  older or custom API) instead of the system one.  Therefore, 
practically
  the entire patchset is required to fix all known vulnerabilities:
  
  http://pkgs.fedoraproject.org/cgit/libwmf.git/
 
  Are you still with us?  
 
 Yes, but NO time right now (plus upcoming vacation)

 Understood, I've uploaded 0.2.8.4-15 with the complete patchset.

Thanks

 BTW, tzcode has been a bit neglected as of late, and it's the sort of
 package that really needs to be kept timely (forgive the pun).  Would
 you mind if we took over maintainership?

Just go ahead...

 --
 Yaakov

Ciao
  Volker

Re: [PLUSH HIPPO] Re: [ITA] xdelta

2015-07-09 Thread Andrew Schulman 
 Thanks for taking over YA orphaned, non-64 bit package, btw.  This
 deserves a plush hippo.  Andrew?

Awarded!  https://cygwin.com/goldstars/#MA

Re: [ITP] cfitsio : FITS (Flexible Image Transport System) lib and utility

2015-07-09 Thread Marco Atzeri 

On 5/3/2015 10:25 PM, Marco Atzeri wrote:

On 5/3/2015 10:07 PM, Achim Gratz wrote:

Marco Atzeri writes:

package already presents in the major disti's.


Yaakov has the previous version in ports, IIRC with a slightly different
packaging.  You might want to check his cygport files and coordinate
with him.


Regards,
Achim.



Noted. But he patched autoconf and I patched cmake build.
Similar outcome, I just packed more utilities.

I will look at the zlib approach

Regards
Marco


Yaakov,
could you please check and reply?

I added the zlib dependency and used your numbering scheme.

$ cygcheck -cd |grep fitsio
cfitsio-util3.370-1
libcfitsio-devel3.370-1
libcfitsio3 3.370-1

This package expand and replace your fpack cygport package.

$ cygcheck -l cfitsio-util
/usr/bin/cookbook.exe
/usr/bin/fitscopy.exe
/usr/bin/fpack.exe
/usr/bin/funpack.exe
/usr/bin/imcopy.exe
/usr/bin/speed.exe

to download (remove the index.html's) :

wget -r -np -nH --cut-dirs=0 \
http://matzeri.altervista.org/x86/cfitsio/index.html
wget -r -np -nH --cut-dirs=0 \
http://matzeri.altervista.org/x86_64/cfitsio/index.html

find x86 x86_64 -name index.html -o -name md5.sum | xargs rm


Regards
Marco

Re: [SECURITY] libwmf

2015-07-09 Thread Yaakov Selkowitz 
On Mon, 2015-06-29 at 17:56 +0200, Dr. Volker Zell wrote:
  Yaakov Selkowitz writes:
  On Mon, 2015-06-08 at 15:42 -0500, Yaakov Selkowitz wrote:
  On Fri, 2015-06-05 at 03:17 -0500, Yaakov Selkowitz wrote:
   Dr. Volker,
   
   A security vulnerability has been made public for libwmf:
   
   https://bugzilla.redhat.com/show_bug.cgi?id=1227243
  
  Actually, it's worse than that.  Despite configuring with 
 --with-sys-gd,
  libwmf is still being built with the bundled libgd (which has either an
  older or custom API) instead of the system one.  Therefore, practically
  the entire patchset is required to fix all known vulnerabilities:
  
  http://pkgs.fedoraproject.org/cgit/libwmf.git/
 
  Are you still with us?  
 
 Yes, but NO time right now (plus upcoming vacation)

Understood, I've uploaded 0.2.8.4-15 with the complete patchset.

BTW, tzcode has been a bit neglected as of late, and it's the sort of
package that really needs to be kept timely (forgive the pun).  Would
you mind if we took over maintainership?

--
Yaakov

Re: setup : request

2015-07-09 Thread Yaakov Selkowitz 
On Sat, 2015-07-04 at 11:25 +0200, Marco Atzeri wrote:
 Achim,
 as you are playing with setup,
 can you add a switch that allow to commute between:
 
 old behaviour : current or test is default installed
 current behaviour : if installed is higher than current do nothing
 
 The new behaviour is usually fine, but going back and forth
 between all new perl test stuff is a pain when I need to remove
 the 5.22 stuff.

On Fedora there is yum update and yum distro-sync, which are
distinct commands corresponding to each of these behaviours.  So my
thought was that we could add a fourth Sync option to the
Keep/Curr/Exp radio buttons.  I've attached a barely tested *draft*
patch along these lines, but it almost certainly needs more work.

--
Yaakov

diff --git a/IniDBBuilderPackage.cc b/IniDBBuilderPackage.cc
index 7ee2af4..d7a4237 100644
--- a/IniDBBuilderPackage.cc
+++ b/IniDBBuilderPackage.cc
@@ -568,6 +568,7 @@ IniDBBuilderPackage::add_correct_version()
   switch (trust)
   {
 case TRUST_CURR:
+case TRUST_SYNC:
   v = (cp-curr);
 break;
 case TRUST_PREV:
diff --git a/PackageTrust.h b/PackageTrust.h
index 3e6801d..97f3a5f 100644
--- a/PackageTrust.h
+++ b/PackageTrust.h
@@ -23,6 +23,7 @@ typedef enum
   TRUST_PREV,
   TRUST_CURR,
   TRUST_TEST,
+  TRUST_SYNC,
   NTRUST
 }
 trusts;
diff --git a/choose.cc b/choose.cc
index ec42c94..1d318b5 100644
--- a/choose.cc
+++ b/choose.cc
@@ -81,6 +81,7 @@ static ControlAdjuster::ControlInfo ChooserControlsInfo[] = {
   {IDC_CHOOSE_KEEP, 		CP_RIGHT,   CP_TOP},
   {IDC_CHOOSE_CURR, 		CP_RIGHT,   CP_TOP},
   {IDC_CHOOSE_EXP, 		CP_RIGHT,   CP_TOP},
+  {IDC_CHOOSE_SYNC, 		CP_RIGHT,   CP_TOP},
   {IDC_CHOOSE_VIEW, 		CP_RIGHT,   CP_TOP},
   {IDC_LISTVIEW_POS, 		CP_RIGHT,   CP_TOP},
   {IDC_CHOOSE_VIEWCAPTION,	CP_RIGHT,   CP_TOP},
@@ -154,7 +155,7 @@ ChooserPage::createListview ()
 	 GetLastError ()  endLog;
 
   /* FIXME: do we need to init the desired fields ? */
-  static int ta[] = { IDC_CHOOSE_KEEP, IDC_CHOOSE_CURR, IDC_CHOOSE_EXP, 0 };
+  static int ta[] = { IDC_CHOOSE_KEEP, IDC_CHOOSE_CURR, IDC_CHOOSE_EXP, IDC_CHOOSE_SYNC, 0 };
   rbset (GetHWND (), ta, IDC_CHOOSE_CURR);
   ClearBusy ();
 }
@@ -282,6 +283,7 @@ ChooserPage::OnInit ()
   AddTooltip (IDC_CHOOSE_KEEP, IDS_TRUSTKEEP_TOOLTIP);
   AddTooltip (IDC_CHOOSE_CURR, IDS_TRUSTCURR_TOOLTIP);
   AddTooltip (IDC_CHOOSE_EXP, IDS_TRUSTEXP_TOOLTIP);
+  AddTooltip (IDC_CHOOSE_SYNC, IDS_TRUSTSYNC_TOOLTIP);
   AddTooltip (IDC_CHOOSE_VIEW, IDS_VIEWBUTTON_TOOLTIP);
   AddTooltip (IDC_CHOOSE_HIDE, IDS_HIDEOBS_TOOLTIP);
   AddTooltip (IDC_CHOOSE_SEARCH_EDIT, IDS_SEARCH_TOOLTIP);
@@ -414,6 +416,11 @@ ChooserPage::OnMessageCmd (int id, HWND hwndctl, UINT code)
 changeTrust (TRUST_TEST);
   break;
 
+case IDC_CHOOSE_SYNC:
+  if (IsButtonChecked (id))
+changeTrust (TRUST_SYNC);
+  break;
+
 case IDC_CHOOSE_VIEW:
   chooser-cycleViewMode ();
   if (!SetDlgItemText
diff --git a/package_meta.h b/package_meta.h
index b24d4fc..ccb64e6 100644
--- a/package_meta.h
+++ b/package_meta.h
@@ -101,8 +101,10 @@ public:
than curr.  Rather than pulling the user back to curr, we install
test if a test version is available and the version number is higher,
or we stick to installed if not.  This reflects the behaviour of
-   `yum update' on Fedora. */
-if (_default  curr  installed
+   `yum update' on Fedora.
+   If TRUST_SYNC is chosen, then we want to pull the user back to curr.
+   This reflects the behaviour of `yum distro-sync' on Fedora. */
+if (_default  curr  installed  t != TRUST_SYNC
 	 packageversion::compareVersions (curr, installed)  0)
   {
 	if (exp  packageversion::compareVersions (installed, exp)  0)
diff --git a/res.rc b/res.rc
index 5013b31..0b574db 100644
--- a/res.rc
+++ b/res.rc
@@ -316,7 +316,8 @@ END
 #define SETUP_VIEWCAP_X		(SETUP_STANDARD_DIALOG_W - SETUP_VIEWCAP_W - 7)
 #define SETUP_VIEW_W		(26)
 #define SETUP_VIEW_X		(SETUP_VIEWCAP_X - SETUP_VIEW_W - 5)
-#define SETUP_EXP_X		(SETUP_VIEW_X - SETUP_KPCE_W - 5)
+#define SETUP_SYNC_X		(SETUP_VIEW_X - SETUP_KPCE_W - 5)
+#define SETUP_EXP_X		(SETUP_SYNC_X - SETUP_KPCE_W - 5)
 #define SETUP_CURR_X		(SETUP_EXP_X - SETUP_KPCE_W - 5)
 #define SETUP_KEEP_X		(SETUP_CURR_X - SETUP_KPCE_W - 5)
 
@@ -346,6 +347,8 @@ BEGIN
 SETUP_CURR_X, 30, SETUP_KPCE_W, 14
 CONTROL Exp, IDC_CHOOSE_EXP, Button, BS_AUTORADIOBUTTON,
 SETUP_EXP_X, 30, SETUP_KPCE_W, 14
+CONTROL Sync, IDC_CHOOSE_SYNC, Button, BS_AUTORADIOBUTTON,
+SETUP_SYNC_X, 30, SETUP_KPCE_W, 14
 PUSHBUTTON  View, IDC_CHOOSE_VIEW, SETUP_VIEW_X, 30, SETUP_VIEW_W,
 14, WS_GROUP
 CONTROL , IDC_HEADSEPARATOR, Static, SS_BLACKFRAME | SS_SUNKEN,
@@ -531,10 +534,12 @@ BEGIN
 IDS_TRUSTKEEP_TOOLTIP   Sets all packages to their currently installed 
version.  This is equivalent to telling setup not to