Site Navigation

Date:      Wed, 30 Aug 2006 23:41:38 GMT
From:      Trevor Johnson <trevor@FreeBSD.org>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/102708: security update to linux_base-suse-9.2 port
Message-ID:  <200608302341.k7UNfcLB062946@freefall.freebsd.org>
Resent-Message-ID: <200608302350.k7UNoIdN063137@freefall.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

>Number:         102708
>Category:       ports
>Synopsis:       security update to linux_base-suse-9.2 port
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 30 23:50:18 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Trevor Johnson
>Release:        
>Organization:
>Environment:
>Description:
Update the bzip2 RPM (description from the INDEX file provided by Novell):

         bzip2 could crash or run into an enless loop when decompressing
         certain specially crafted archives. This problem has been fixed.
         (CAN-2005-1260)

An advisory is at
<url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1260>.

Update the coreutils RPM (description from the INDEX file provided by Novell):

         Fix a bug in the cp and mv utilities that cause them to terminate
         with a segmentation fault when copying extended attributes fails.

Update the zlib RPM:

   The previous zlib update for CAN-2005-2096 fixed a flaw in zlib that
   could allow a carefully crafted compressed stream to crash an
   application. While the original patch corrected the reported
   overflow, Markus Oberhumer discovered additional ways a stream could
   trigger an overflow. This update fixes those problems as well.
   
   This issue is tracked by the Mitre CVE ID CAN-2005-1849.
   
   Since only zlib 1.2.x is affected, older SUSE products are not
   affected by this problem.

--<url:http://www.novell.com/linux/security/advisories/2005_43_zlib.html>;

Add linux_base-8 and linux_base-suse-9.3 to CONFLICTS.

Remove quotes from RESTRICTED line (portlint).

Take maintainership.

Remove deprecation.

Remove duplicate $FreeBSD$ tag.

Increment PORTREVISION to 2.
>How-To-Repeat:
>Fix:
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/emulators/linux_base-suse-9.2/Makefile,v
retrieving revision 1.97
diff -u -r1.97 Makefile
--- Makefile	17 Jun 2006 09:28:02 -0000	1.97
+++ Makefile	30 Aug 2006 19:12:53 -0000
@@ -9,7 +9,7 @@
 
 PORTNAME=		linux_base-suse
 PORTVERSION=		9.2
-PORTREVISION=		1
+PORTREVISION=		2
 CATEGORIES=		emulators linux
 MASTER_SITES=		${MASTER_SITE_SUSE} ${MASTER_SITE_SUSE:S/$/:update/}
 MASTER_SITE_SUBDIR=	i386/9.2/suse/i586 i386/update/9.2/rpm/i586/:update
@@ -25,13 +25,13 @@
 	bash-3.0-8.2.i586.rpm:update \
 	ncurses-5.4-65.i586.rpm \
 	readline-5.0-1.2.i586.rpm:update \
-	zlib-1.2.1-74.i586.rpm \
-	bzip2-1.0.2-347.i586.rpm \
+	zlib-1.2.1-74.4.i586.rpm:update \
+	bzip2-1.0.2-347.3.i586.rpm:update \
 	libzio-0.1-4.i586.rpm \
 	info-4.7-6.i586.rpm \
 	grep-2.5.1-431.i586.rpm \
 	desktop-file-utils-0.7-2.1.i586.rpm \
-	coreutils-5.2.1-32.i586.rpm \
+	coreutils-5.2.1-32.2.i586.rpm:update \
 	popt-1.7-190.i586.rpm \
 	insserv-1.00.5-6.2.i586.rpm \
 	setserial-2.17-579.i586.rpm \
@@ -43,19 +43,16 @@
 	libgcc-3.3.4-11.i586.rpm \
 	termcap-2.0.8-878.i586.rpm
 
-MAINTAINER=		ports@FreeBSD.org
+MAINTAINER=		trevor@FreeBSD.org
 COMMENT=		Basic packages for Linux mode from SUSE 9.2/i386
 
 EXTRACT_DEPENDS=	rpm:${PORTSDIR}/archivers/rpm
 
-CONFLICTS=		linux_base-7* linux_base-debian* linux_base-fc* \
-			linux_base-gentoo* linux_base-rh* linux_base-suse-9.1*
+CONFLICTS=		linux_base-7* linux_base-8* linux_base-debian* \
+			linux_base-fc* linux_base-gentoo* linux_base-rh* \
+			linux_base-suse-9.1* linux_base-suse-9.3*
 
-DEPRECATED=	unmaintained and does not comply to the linux_base invariants
-EXPIRATION_DATE=2006-09-01
-IGNORE=		${DEPRECATED}
-
-RESTRICTED=	"binaries under GNU GPL:  http://www.gnu.org/licenses/gpl.txt"
+RESTRICTED=	binaries under GNU GPL:  http://www.gnu.org/licenses/gpl.txt
 ONLY_FOR_ARCHS=		amd64 i386
 DIST_SUBDIR=		rpm/i386/suse/9.2
 PREFIX=			${LINUXBASE}
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/emulators/linux_base-suse-9.2/distinfo,v
retrieving revision 1.22
diff -u -r1.22 distinfo
--- distinfo	22 Jan 2006 09:47:23 -0000	1.22
+++ distinfo	30 Aug 2006 19:13:44 -0000
@@ -31,12 +31,12 @@
 MD5 (rpm/i386/suse/9.2/readline-5.0-1.2.i586.rpm) = 44b6eb67921d1833682d1b3fc26fb19a
 SHA256 (rpm/i386/suse/9.2/readline-5.0-1.2.i586.rpm) = af42e7e5a49de147112b0ae8ff6ec220bff449ed2217aad7a13207d2f2cd7e1d
 SIZE (rpm/i386/suse/9.2/readline-5.0-1.2.i586.rpm) = 173935
-MD5 (rpm/i386/suse/9.2/zlib-1.2.1-74.i586.rpm) = fd6300d65994f13b479161cb6930f6c9
-SHA256 (rpm/i386/suse/9.2/zlib-1.2.1-74.i586.rpm) = c4ffb042af2219abcc4661e16dda28f7339422be368c7f7f207b057a10274a43
-SIZE (rpm/i386/suse/9.2/zlib-1.2.1-74.i586.rpm) = 63579
-MD5 (rpm/i386/suse/9.2/bzip2-1.0.2-347.i586.rpm) = 8468ec523c33d4559fb967ec916c2628
-SHA256 (rpm/i386/suse/9.2/bzip2-1.0.2-347.i586.rpm) = 6364ba6235701f8c7ea30ff8fe272e340351cb3bc62164d21f21534c2ea615b8
-SIZE (rpm/i386/suse/9.2/bzip2-1.0.2-347.i586.rpm) = 221859
+MD5 (rpm/i386/suse/9.2/zlib-1.2.1-74.4.i586.rpm) = 0d48ecb24fe312086b7c2b0c5a038d9a
+SHA256 (rpm/i386/suse/9.2/zlib-1.2.1-74.4.i586.rpm) = 272616ec96dd3e69b761fadb038ac58d639091ac43862c725e951a5b218a0698
+SIZE (rpm/i386/suse/9.2/zlib-1.2.1-74.4.i586.rpm) = 63815
+MD5 (rpm/i386/suse/9.2/bzip2-1.0.2-347.3.i586.rpm) = 6c7b2a8fb06a087c280c16abadef0537
+SHA256 (rpm/i386/suse/9.2/bzip2-1.0.2-347.3.i586.rpm) = ff83d8e0849b4a2b53d4d713e287bd2f508165258992f353cc563a7d5fe321b4
+SIZE (rpm/i386/suse/9.2/bzip2-1.0.2-347.3.i586.rpm) = 222140
 MD5 (rpm/i386/suse/9.2/libzio-0.1-4.i586.rpm) = 277f05b2ecd45a2b0088c7e045124297
 SHA256 (rpm/i386/suse/9.2/libzio-0.1-4.i586.rpm) = 4edc8414a8944bad0d03ca28e4f74eaf0839145dc49f3efa338fce0b87c73359
 SIZE (rpm/i386/suse/9.2/libzio-0.1-4.i586.rpm) = 17991
@@ -49,9 +49,9 @@
 MD5 (rpm/i386/suse/9.2/desktop-file-utils-0.7-2.1.i586.rpm) = 53c1872498adea24084ffe12b167aab3
 SHA256 (rpm/i386/suse/9.2/desktop-file-utils-0.7-2.1.i586.rpm) = bfe622fe46bce432f4c12989e549aaf665bd487640c27fd174a285eb62b67e34
 SIZE (rpm/i386/suse/9.2/desktop-file-utils-0.7-2.1.i586.rpm) = 174729
-MD5 (rpm/i386/suse/9.2/coreutils-5.2.1-32.i586.rpm) = f5f8fed7738007df5db3374a2d61c148
-SHA256 (rpm/i386/suse/9.2/coreutils-5.2.1-32.i586.rpm) = 7de988d7b8148d545c1877b7c7e726601582e3e843a3ca253d59d0028c5cf639
-SIZE (rpm/i386/suse/9.2/coreutils-5.2.1-32.i586.rpm) = 1984866
+MD5 (rpm/i386/suse/9.2/coreutils-5.2.1-32.2.i586.rpm) = f6729310dd10e88cb5bffe738d17c42e
+SHA256 (rpm/i386/suse/9.2/coreutils-5.2.1-32.2.i586.rpm) = 9cee45bf97545457da4f93f44fc4970982c8d10ab913daac5bccb6998b7a146b
+SIZE (rpm/i386/suse/9.2/coreutils-5.2.1-32.2.i586.rpm) = 1985052
 MD5 (rpm/i386/suse/9.2/popt-1.7-190.i586.rpm) = 248ef2cc0513b505eab464e4641f45ed
 SHA256 (rpm/i386/suse/9.2/popt-1.7-190.i586.rpm) = 91042f632184ea2df144c67de123b8c686ed6348a1ef6df3d0050c9d32012201
 SIZE (rpm/i386/suse/9.2/popt-1.7-190.i586.rpm) = 56646
>Release-Note:
>Audit-Trail:
>Unformatted:

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608302341.k7UNfcLB062946>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact