Date: Sat, 29 May 2010 19:48:07 GMT From: Pavel Pankov <pankov_p@mail.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/147195: [maintainer update][patch]Update port: www/ziproxy to 3.0.1 Message-ID: <201005291948.o4TJm7ps006647@www.freebsd.org> Resent-Message-ID: <201005291950.o4TJo2K0025336@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 147195 >Category: ports >Synopsis: [maintainer update][patch]Update port: www/ziproxy to 3.0.1 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat May 29 19:50:01 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Pavel Pankov >Release: 8.0-STABLE >Organization: PKD >Environment: FreeBSD vds4.pankov.pp.ru 8.0-STABLE FreeBSD 8.0-STABLE #0 r8M: Tue May 18 10:39:52 IRKST 2010 root@freebsd8-amd64.ispsystem.net:/root/src/sys/amd64/compile/ISPSYSTEM amd64 >Description: - Update to 3.0.1 - VuXML entry for ziproxy security flaw - Restore installing of error files (lost due to misprint) >How-To-Repeat: >Fix: Apply the attached patch. Patch attached with submission follows: Index: ports/security/vuxml/vuln.xml =================================================================== RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.2159 diff -u -r1.2159 vuln.xml --- ports/security/vuxml/vuln.xml 14 May 2010 18:28:43 -0000 1.2159 +++ ports/security/vuxml/vuln.xml 29 May 2010 19:46:52 -0000 @@ -34,6 +34,33 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="b43004b8-6a53-11df-bc7b-0245fb008c0b"> + <topic>ziproxy -- atypical huge picture files vulnerability</topic> + <affects> + <package> + <name>ziproxy</name> + <range><lt>3.0.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Ziproxy 3.0.1 release fixes a security vulnerability related + to atypical huge picture files (>4GB of size once expanded).</p> + </body> + </description> + <references> + <url>http://ziproxy.sourceforge.net/#news</url> + <url>http://secunia.com/advisories/39941</url> + <cvename>CVE-2010-1513</cvename> + <bid>40344</bid> + <mlist msgid="201005210019.37119.dancab@gmx.net">http://sourceforge.net/mailarchive/message.php?msg_name=201005210019.37119.dancab%40gmx.net</mlist> + </references> + <dates> + <discovery>2010-05-20</discovery> + <entry>2010-05-28</entry> + </dates> + </vuln> + <vuln vid="fcc39d22-5777-11df-bf33-001a92771ec2"> <topic>redmine -- multiple vulnerabilities</topic> <affects> Index: ports/www/ziproxy/Makefile =================================================================== RCS file: /home/ncvs/ports/www/ziproxy/Makefile,v retrieving revision 1.22 diff -u -r1.22 Makefile --- ports/www/ziproxy/Makefile 2 May 2010 16:52:10 -0000 1.22 +++ ports/www/ziproxy/Makefile 29 May 2010 19:46:52 -0000 @@ -5,7 +5,7 @@ # $FreeBSD: ports/www/ziproxy/Makefile,v 1.22 2010/05/02 16:52:10 sylvio Exp $ PORTNAME= ziproxy -PORTVERSION= 3.0.0 +PORTVERSION= 3.0.1 CATEGORIES= www MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION} @@ -65,7 +65,7 @@ .endif @${MKDIR} ${DATADIR}/error -.for FILE in ${ERRORFILES} +.for FILE in ${ERROR_FILES} @${INSTALL_DATA} ${WRKSRC}/var/ziproxy/error/${FILE} ${DATADIR}/error/${FILE} .endfor Index: ports/www/ziproxy/distinfo =================================================================== RCS file: /home/ncvs/ports/www/ziproxy/distinfo,v retrieving revision 1.15 diff -u -r1.15 distinfo --- ports/www/ziproxy/distinfo 2 May 2010 16:52:11 -0000 1.15 +++ ports/www/ziproxy/distinfo 29 May 2010 19:46:52 -0000 @@ -1,3 +1,3 @@ -MD5 (ziproxy-3.0.0.tar.bz2) = f72c3859475fe8b119040f5f5f659ca0 -SHA256 (ziproxy-3.0.0.tar.bz2) = 05e74181d265e764a565a9f3567f53c254d364bb176bac0f5fa1bfe3facd7cb8 -SIZE (ziproxy-3.0.0.tar.bz2) = 257263 +MD5 (ziproxy-3.0.1.tar.bz2) = 7af0f00a5b58d17f8d9a4f768e740ef7 +SHA256 (ziproxy-3.0.1.tar.bz2) = c46032e2c1e0239bf869d91ff28226faf88130d822cf327f8c363ed2e1ed3e11 +SIZE (ziproxy-3.0.1.tar.bz2) = 257664 Index: ports/www/ziproxy/pkg-plist =================================================================== RCS file: /home/ncvs/ports/www/ziproxy/pkg-plist,v retrieving revision 1.7 diff -u -r1.7 pkg-plist --- ports/www/ziproxy/pkg-plist 2 May 2010 16:52:11 -0000 1.7 +++ ports/www/ziproxy/pkg-plist 29 May 2010 19:46:52 -0000 @@ -13,5 +13,13 @@ @exec if [ ! -f %D/etc/ziproxy/ziproxy.conf ] ; then cp -p %D/%F %B/ziproxy.conf; fi etc/ziproxy/ziproxy.conf.sample @dirrmtry etc/ziproxy +%%DATADIR%%/error/400.html +%%DATADIR%%/error/403.html +%%DATADIR%%/error/404.html +%%DATADIR%%/error/407.html +%%DATADIR%%/error/408.html +%%DATADIR%%/error/409.html +%%DATADIR%%/error/500.html +%%DATADIR%%/error/503.html @dirrm %%DATADIR%%/error @dirrm %%DATADIR%% >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201005291948.o4TJm7ps006647>