From owner-freebsd-emulation@FreeBSD.ORG Sun Apr 27 21:29:11 2014 Return-Path: Delivered-To: emulation@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 243BE3F1 for ; Sun, 27 Apr 2014 21:29:11 +0000 (UTC) Received: from owm.eumx.net (eumx.net [91.82.101.43]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C92DA1BC for ; Sun, 27 Apr 2014 21:29:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=eumx.net; h=date :message-id:from:to:cc:subject:in-reply-to:references :mime-version:content-type; s=default; bh=vfGGDBTGNa414LPfrXWIDO +mxG0=; b=VRIcatGORT8nNJYyCvl7qMduXgSjaGQyYnDCa5h9QhtTUfEP6TIhu/ 81BrXjq5wBDCr/4KoTY1QDrzzeOL6L+9ORMxd7NqR8PuGxbn4Rdsz0lTppF2M7DI 4RxHjSMNXXVHFcvCOsj2Z/qM27cOEnd3y2No84K6L5imr+mMX+Pe4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=eumx.net; h=date:message-id :from:to:cc:subject:in-reply-to:references:mime-version :content-type; q=dns; s=default; b=E92R00gF2qkNDc+W3XUVtygTz3ZiA W3w7Vk1rwvYJ+O9eY3fGcDT5p6LToacQB9AsiPdiqncMw9Rqj68CHMbs7WtiOkzz WFA5MVDCK9W4WaEGRs5nFBReKEByY2rNq4lQ4uciQsVlQxA0Pr6fl4er/WRgHAbC jhZJHk4HgJP7WA= Date: Sun, 27 Apr 2014 23:28:59 +0200 Message-ID: <86tx9e1mxw.wl%hskuhra@eumx.net> From: "Herbert J. Skuhra" To: Ludwig Pummer Subject: Re: new linux-f10-expat due to CVE-2009-3720 ? In-Reply-To: <5357E7F6.7060805@chip-web.com> References: <5357E7F6.7060805@chip-web.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/24.4.50 (i386-pc-freebsd10.0) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: multipart/mixed; boundary="Multipart_Sun_Apr_27_23:28:58_2014-1" Cc: emulation@FreeBSD.org X-BeenThere: freebsd-emulation@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Development of Emulators of other operating systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Apr 2014 21:29:11 -0000 --Multipart_Sun_Apr_27_23:28:58_2014-1 Content-Type: text/plain; charset=US-ASCII On Wed, 23 Apr 2014 09:19:02 -0700 Ludwig Pummer wrote: > portaudit started complaining to me about: > > Affected package: linux-f10-expat-2.0.1 > Type of problem: expat2 -- Parser crash with specially formatted UTF-8 > sequences. > Reference: > http://portaudit.FreeBSD.org/5f030587-e39a-11de-881e-001aa0166822.html > > Affects: > expat2 <2.0.1_1 > linux-f10-expat <2.0.1_1 > > However, this port hasn't been touched in 2 months and is still at > version 2.0.1: > > http://svnweb.freebsd.org/ports/head/textproc/linux-f10-expat/ > > What are my options for clearing this security warning? You can try: --Multipart_Sun_Apr_27_23:28:58_2014-1 Content-Type: text/plain; name="patch_linux-f10-expat.txt"; charset=US-ASCII Content-Disposition: inline; filename="patch_linux-f10-expat.txt" Index: Makefile =================================================================== --- Makefile (revision 352452) +++ Makefile (working copy) @@ -3,8 +3,10 @@ PORTNAME= expat PORTVERSION= 2.0.1 +PORTREVISION= 1 CATEGORIES= textproc linux -MASTER_SITES= CRITICAL/rpm/${LINUX_RPM_ARCH}/fedora/${LINUX_DIST_VER} +MASTER_SITES= http://archives.fedoraproject.org/pub/archive/fedora/linux/updates/10/i386/ \ + http://archive.fedoraproject.org/pub/archive/fedora/linux/updates/10/SRPMS/ PKGNAMEPREFIX= linux-f10- DISTNAME= ${PORTNAME}-${PORTVERSION}-${RPMVERSION} @@ -16,7 +18,7 @@ ONLY_FOR_ARCHS= i386 amd64 USE_LINUX_RPM= yes LINUX_DIST_VER= 10 -RPMVERSION= 5 +RPMVERSION= 8.fc10 BRANDELF_FILES= usr/bin/xmlwf USE_LDCONFIG= yes Index: distinfo.i386 =================================================================== --- distinfo.i386 (revision 352452) +++ distinfo.i386 (working copy) @@ -1,4 +1,4 @@ -SHA256 (rpm/i386/fedora/10/expat-2.0.1-5.i386.rpm) = 1a583a21620e9590cc2287fb69d5d9df6e6d5ca4305161be621caba6a8302eb4 -SIZE (rpm/i386/fedora/10/expat-2.0.1-5.i386.rpm) = 84975 -SHA256 (rpm/i386/fedora/10/expat-2.0.1-5.src.rpm) = 26eff74d146417c668cc7229e2db338291bdcff8365fe7d8e6447a73099e2679 -SIZE (rpm/i386/fedora/10/expat-2.0.1-5.src.rpm) = 453519 +SHA256 (rpm/i386/fedora/10/expat-2.0.1-8.fc10.i386.rpm) = e242a5ede9751dd7b6b584c630b58fbac5b01ec938f8c64d6700620816652c45 +SIZE (rpm/i386/fedora/10/expat-2.0.1-8.fc10.i386.rpm) = 84981 +SHA256 (rpm/i386/fedora/10/expat-2.0.1-8.fc10.src.rpm) = 7ea0ba634f6142237803ecc7fd4a2b73136a9393033b4ef0875511729fbc6c97 +SIZE (rpm/i386/fedora/10/expat-2.0.1-8.fc10.src.rpm) = 455074 --Multipart_Sun_Apr_27_23:28:58_2014-1 Content-Type: text/plain; charset=US-ASCII But Fedora 10 reached EOL on December, 27th 2009! Or try: https://github.com/xmj/linux-ports/ -- Herbert --Multipart_Sun_Apr_27_23:28:58_2014-1--