Site Navigation

Date:      Wed, 17 Oct 2007 13:59:28 +0200
From:      "Arjan van Leeuwen" <freebsd-maintainer@opera.com>
To:        "FreeBSD gnats submit" <FreeBSD-gnats-submit@FreeBSD.org>
Subject:   ports/117268: Update www/opera to version 9.24
Message-ID:  <1192622368.25105@avl.oslo.opera.com>
Resent-Message-ID: <200710171220.l9HCK2Tt068201@freefall.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

>Number:         117268
>Category:       ports
>Synopsis:       Update www/opera to version 9.24
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 17 12:20:02 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator:     Arjan van Leeuwen
>Release:        FreeBSD 7.0-PRERELEASE amd64
>Organization:
Opera Software ASA 
>Environment:


System: FreeBSD 7.0-PRERELEASE #0: Tue Oct 16 17:22:02 CEST 2007
    root@avl.oslo.opera.com:/usr/obj/usr/src/sys/GENERIC



>Description:


This patch updates www/opera to version 9.24. This version plugs several security vulnerabilities.

More information here: http://www.opera.com/docs/changelogs/freebsd/924/

A vuxml patch is also included.


>How-To-Repeat:





>Fix:


--- opera.diff begins here ---
diff -urN /usr/ports/www/opera/Makefile opera/Makefile
--- /usr/ports/www/opera/Makefile	2007-10-04 08:21:45.000000000 +0200
+++ opera/Makefile	2007-10-17 13:45:03.000000000 +0200
@@ -28,11 +28,11 @@
 MAINTAINER=	freebsd-maintainer@opera.com
 COMMENT=	A blazingly fast, full-featured, standards-compliant browser
 
-OPERA_VER=	9.23
+OPERA_VER=	9.24
 OPERA_MINVER=
 OPERA_REL=	final
-OPERA_DATE=	20070809
-OPERA_BUILD=	660
+OPERA_DATE=	20071015
+OPERA_BUILD=	671
 
 DATADIR=	${PREFIX}/share/${PORTNAME}
 DOCSDIR=	${PREFIX}/share/doc/${PORTNAME}
diff -urN /usr/ports/www/opera/distinfo opera/distinfo
--- /usr/ports/www/opera/distinfo	2007-08-15 14:18:54.000000000 +0200
+++ opera/distinfo	2007-10-17 13:42:36.000000000 +0200
@@ -1,9 +1,9 @@
-MD5 (opera-9.23-20070809.1-static-qt.i386.freebsd-en.tar.bz2) = dddff7d9045a0e8b581cf69e68c10d28
-SHA256 (opera-9.23-20070809.1-static-qt.i386.freebsd-en.tar.bz2) = a5292cd809994ae0e02daa393f42edc658a570a2be279b6923f4fde880921c3f
-SIZE (opera-9.23-20070809.1-static-qt.i386.freebsd-en.tar.bz2) = 6547187
-MD5 (opera-9.23-20070809.3-shared-qt.i386.freebsd-en.tar.bz2) = a4387e74cc05549fd5b9b3641ba39a85
-SHA256 (opera-9.23-20070809.3-shared-qt.i386.freebsd-en.tar.bz2) = 7ab4ba5e1af6c96d32aeb4f1c5d1e7b6586719ba180a1deedac60894024955ea
-SIZE (opera-9.23-20070809.3-shared-qt.i386.freebsd-en.tar.bz2) = 5119513
-MD5 (opera-9.23-20070809.4-shared-qt.i386.freebsd-en.tar.bz2) = 6ff2bf3d6a90085a8795656375447699
-SHA256 (opera-9.23-20070809.4-shared-qt.i386.freebsd-en.tar.bz2) = d46f4402becd25e5a73239ec0cc129685749c4d5e0da6a0d00f3855b52997b82
-SIZE (opera-9.23-20070809.4-shared-qt.i386.freebsd-en.tar.bz2) = 5122054
+MD5 (opera-9.24-20071015.1-static-qt.i386.freebsd-en.tar.bz2) = 1d6b47c431a5cf405684744f144be251
+SHA256 (opera-9.24-20071015.1-static-qt.i386.freebsd-en.tar.bz2) = 334f744fee13810e6895477ba26b2f2e9a3a88cf99173f2100df0f325942ab02
+SIZE (opera-9.24-20071015.1-static-qt.i386.freebsd-en.tar.bz2) = 6549193
+MD5 (opera-9.24-20071015.3-shared-qt.i386.freebsd-en.tar.bz2) = fe92a4da6e943a0dacca1f49fba1ca5b
+SHA256 (opera-9.24-20071015.3-shared-qt.i386.freebsd-en.tar.bz2) = 4cc0b06051adcbc7900c6a24b8f36ab6e0931db89add3501eeab2c71ae74e67e
+SIZE (opera-9.24-20071015.3-shared-qt.i386.freebsd-en.tar.bz2) = 5121361
+MD5 (opera-9.24-20071015.4-shared-qt.i386.freebsd-en.tar.bz2) = ac8e536e9327a15dcb8f7dc8fd6c5bf1
+SHA256 (opera-9.24-20071015.4-shared-qt.i386.freebsd-en.tar.bz2) = c0bc7497a8114f13bda60fe14c9dd6ad732c1311cdc8d55597d67b09fe389593
+SIZE (opera-9.24-20071015.4-shared-qt.i386.freebsd-en.tar.bz2) = 5123101
--- opera.diff ends here ---
--- vuln.xml.diff begins here ---
--- vuln.xml.orig	2007-10-17 13:47:43.000000000 +0200
+++ vuln.xml	2007-10-17 13:58:26.000000000 +0200
@@ -34,6 +34,67 @@
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="24d8cb68-7ca8-11dc-bcc3-001372ae3ab9">
+    <topic>opera -- Scripts can overwrite functions on pages from other domains</topic>
+      <affects>
+        <package>
+          <name>opera</name>
+          <name>opera-devel</name>
+          <name>linux-opera</name>
+          <range><lt>9.24.20071015</lt></range>
+        </package>
+      </affects>
+      <description>
+        <body xmlns="http://www.w3.org/1999/xhtml">;
+          <p>An advisory from Opera reports:</p>
+          <blockquote cite="http://www.opera.com/support/search/view/867/">;
+            <p>Scripts can overwrite functions on pages from other domains.</p>
+            <p>When accesing frames from different Web sites, specially crafted scripts
+            can bypass the same-origin policy, and overwrite functions from those frames.
+            If scripts on the page then run those functions, this can cause the script of
+            the attacker's choice to run in the context of the target Web site.</p>
+          </blockquote>
+        </body>
+      </description>
+      <references>
+        <url>http://www.opera.com/support/search/view/867/</url>;
+      </references>
+      <dates>
+        <discovery>2007-10-15</discovery>
+        <entry>2007-10-17</entry>
+      </dates>
+  </vuln>
+
+  <vuln vid="195703eb-7ca8-11dc-bcc3-001372ae3ab9">
+    <topic>opera -- external news readers and e-mail clients can be used to execute arbitrary code</topic>
+      <affects>
+        <package>
+          <name>opera</name>
+          <name>opera-devel</name>
+	  <name>linux-opera</name>
+	  <range><lt>9.24.20071015</lt></range>
+        </package>
+      </affects>
+      <description>
+        <body xmlns="http://www.w3.org/1999/xhtml">;
+          <p>An advisory from Opera reports:</p>
+	  <blockquote cite="http://www.opera.com/support/search/view/866/">;
+	    <p>External news readers and e-mail clients can be used to execute arbitrary code.</p>
+	    <p>If a user has configured Opera to use an external newsgroup client or e-mail
+            application, specially crafted Web pages can cause Opera to run that application
+            incorrectly. In some cases this can lead to execution of arbitrary code.</p>
+          </blockquote>
+        </body>
+      </description>
+      <references>
+	<url>http://www.opera.com/support/search/view/866/</url>;
+      </references>
+      <dates>
+        <discovery>2007-10-15</discovery>
+        <entry>2007-10-17</entry>
+      </dates>
+  </vuln>
+
   <vuln vid="51b51d4a-7c0f-11dc-9e47-0011d861d5e2">
     <topic>phpmyadmin -- cross-site scripting vulnerability</topic>
     <affects>
--- vuln.xml.diff ends here ---



>Release-Note:
>Audit-Trail:
>Unformatted:

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1192622368.25105>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact