Date: Mon, 5 May 2003 14:51:47 +0200 (CEST) From: Davide Lemma <davide@sito.it> To: FreeBSD-gnats-submit@FreeBSD.org Cc: portmgr@FreeBSD.org Subject: ports/51789: high security hole in old dcgui/dclib ports Message-ID: <200305051251.h45CplPG083183@nerone.sito.it> Resent-Message-ID: <200305051300.h45D0K41077406@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 51789
>Category: ports
>Synopsis: high security hole in old dcgui/dclib ports
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon May 05 06:00:19 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Davide Lemma
>Release: FreeBSD 4.8-STABLE i386
>Organization:
none
>Environment:
System: FreeBSD 4.8-STABLE i386
>Description:
high security hole in old dcgui/dclib ports
>How-To-Repeat:
installing a software version older than 0.2.2
>Fix:
installing a version newer than 0.2.1
--- dclib.diff begins here ---
diff -ruN dclib/Makefile dclib.new/Makefile
--- dclib/Makefile Mon Mar 31 17:14:03 2003
+++ dclib.new/Makefile Mon May 5 14:22:44 2003
@@ -1,25 +1,21 @@
# New ports collection makefile for: dclib
-# Date created: Wed 10 Jul 2002
-# Whom: Sverrir Valgeirsson <e96sv@yahoo.se> and
-# Amar Takhar <verm@drunkmonk.net> et al
+# Date created: Mon 31 Mar 2003
+# Whom: Davide Lemma <davide@sito.it>
#
-# $FreeBSD: ports/net/dclib/Makefile,v 1.6 2003/03/31 15:14:03 trevor Exp $
+# $FreeBSD$
#
PORTNAME= dclib
-PORTVERSION= 0.1.11
+PORTVERSION= 0.2.12
CATEGORIES= net
-MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} \
+MASTER_SITES= http://download.berlios.de/dcgui/ \
http://ftp.kde.com/Networking_Internet/File_Sharing/Direct_Connect_4_Linux/ \
- http://download.berlios.de/dcgui/ \
ftp://ftp.kde.com/Networking_Internet/File_Sharing/Direct_Connect_4_Linux/ \
http://dc.ketelhot.de/files/dcgui/unstable/source/
-MASTER_SITE_SUBDIR= dc-gui
-DISTNAME= dclib-0.1beta11
+DISTNAME= dclib-0.2.12
-MAINTAINER= e96sv@yahoo.se
+MAINTAINER= davide@sito.it
COMMENT= Direct connect interface library for dcgui
-FORBIDDEN= "security bug--see <URL:http://dc.ketelhot.de/news.php>"
LIB_DEPENDS= jpeg.9:${PORTSDIR}/graphics/jpeg \
xml2.5:${PORTSDIR}/textproc/libxml2
@@ -28,23 +24,6 @@
USE_GMAKE= yes
USE_REINPLACE= yes
GNU_CONFIGURE= yes
-CONFIGURE_ARGS= --with-xml-prefix=${LOCALBASE}
INSTALLS_SHLIB= yes
-
-post-patch:
-# fix libxml2 test
-# and, do not add optimizations because it might break some ARCHs, e.g.,
-# alpha
-
- @${REINPLACE_CMD} -e 's@xmlversion.h@libxml/xmlversion.h@; \
- s@-O2@@; \
- s@%%LOCALBASE%%@${LOCALBASE}@g' \
- ${CONFIGURE_WRKSRC}/${CONFIGURE_SCRIPT}
- @${REINPLACE_CMD} -e "s@Lu@llu@g" \
- ${WRKSRC}/dclib/cstring.cpp \
- ${WRKSRC}/dclib/cquerymanager.cpp
-# malloc.h is deprecated in favor of stdlib.h
- @${FIND} ${WRKSRC} -type f -name "*.cpp" -o -name "*.h" | \
- ${XARGS} -n 10 ${REINPLACE_CMD} 's|malloc\.h|stdlib.h|'
.include <bsd.port.mk>
diff -ruN dclib/distinfo dclib.new/distinfo
--- dclib/distinfo Sat Oct 5 21:15:42 2002
+++ dclib.new/distinfo Mon May 5 14:22:44 2003
@@ -1 +1 @@
-MD5 (dclib-0.1beta11.tar.bz2) = 1105c521ca69230e0bcbb2d03ef5cd7f
+MD5 (dclib-0.2.12.tar.bz2) = ef55a1190ba972c086a2f758542088a0
diff -ruN dclib/pkg-descr dclib.new/pkg-descr
--- dclib/pkg-descr Tue Jul 16 02:45:57 2002
+++ dclib.new/pkg-descr Mon May 5 14:22:44 2003
@@ -3,5 +3,5 @@
WWW: http://dc.ketelhot.de/
-- sverrir
-e96sv@yahoo.se
+- davide
+davide@sito.it
diff -ruN dclib/pkg-plist dclib.new/pkg-plist
--- dclib/pkg-plist Sat Oct 5 21:15:42 2002
+++ dclib.new/pkg-plist Mon May 5 14:22:44 2003
@@ -6,24 +6,31 @@
include/dclib/cclient.h
include/dclib/cconfig.h
include/dclib/cconnection.h
+include/dclib/cdcproto.h
include/dclib/cdir.h
include/dclib/cdownloadmanager.h
include/dclib/cdownloadqueue.h
include/dclib/cencrypt.h
+include/dclib/cfile.h
include/dclib/cfilemanager.h
include/dclib/che3.h
include/dclib/chttp.h
include/dclib/chubsearch.h
include/dclib/clist.h
include/dclib/clisten.h
+include/dclib/clogfile.h
+include/dclib/cmanager.h
include/dclib/cmd4.h
include/dclib/cmd5.h
include/dclib/cmessagehandler.h
include/dclib/cobject.h
+include/dclib/cplugin.h
+include/dclib/cpluginmanager.h
include/dclib/cquerymanager.h
include/dclib/cservermanager.h
include/dclib/csingleton.h
include/dclib/csocket.h
+include/dclib/cssl.h
include/dclib/cstring.h
include/dclib/cstringlist.h
include/dclib/cthread.h
@@ -31,8 +38,9 @@
include/dclib/cxml.h
include/dclib/dcobject.h
include/dclib/dcos.h
+include/dclib/filecopy.h
lib/libdc.a
lib/libdc.la
lib/libdc.so
lib/libdc.so.0
-@dirrm include/dclib
+@dirrm include/dclib
\ No newline at end of file
--- dclib.diff ends here ---
--- dcgui.diff begins here ---
diff -ruN dcgui/Makefile dcgui.new/Makefile
--- dcgui/Makefile Mon Mar 31 17:14:02 2003
+++ dcgui.new/Makefile Mon May 5 14:25:40 2003
@@ -1,25 +1,22 @@
# New ports collection makefile for: dclib
-# Date created: Wed 10 Jul 2002
-# Whom: Sverrir Valgeirsson <e96sv@yahoo.se> and
-# Amar Takhar <verm@drunkmonk.net> et al
+# Date created: Mon 31 Mar 2003
+# Whom: Davide Lemma <davide@sito.it>
#
-# $FreeBSD: ports/net/dcgui/Makefile,v 1.5 2003/03/31 15:14:02 trevor Exp $
+# $FreeBSD$
#
PORTNAME= dcgui
-PORTVERSION= 0.1.11
+PORTVERSION= 0.2.12
CATEGORIES= net
-MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} \
+MASTER_SITES= http://download.berlios.de/dcgui/ \
http://ftp.kde.com/Networking_Internet/File_Sharing/Direct_Connect_4_Linux/ \
- http://download.berlios.de/dcgui/ \
ftp://ftp.kde.com/Networking_Internet/File_Sharing/Direct_Connect_4_Linux/ \
http://dc.ketelhot.de/files/dcgui/unstable/source/
MASTER_SITE_SUBDIR= dc-gui
-DISTNAME= dcgui-0.1beta11
+DISTNAME= dcgui-qt-0.2.12
-MAINTAINER= e96sv@yahoo.se
+MAINTAINER= davide@sito.it
COMMENT= A Direct Connect client QT GUI
-FORBIDDEN= "security bug--see <URL:http://dc.ketelhot.de/news.php>"
LIB_DEPENDS= dc.0:${PORTSDIR}/net/dclib \
xml2.5:${PORTSDIR}/textproc/libxml2
@@ -31,15 +28,11 @@
USE_REINPLACE= yes
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --with-libdc=${LOCALBASE} \
- --with-xml-prefix=${LOCALBASE} \
--program-prefix=
-post-patch:
-# Fix libxml2 test
-# And, do not add optimizations because it might break some ARCHs, e.g.,
-# alpha
- @${REINPLACE_CMD} -e 's@xmlversion.h@libxml/xmlversion.h@; \
- s@-O2@@' \
- ${CONFIGURE_WRKSRC}/${CONFIGURE_SCRIPT}
+post-extract:
+ cd ${WRKSRC} && ./configure && gmake distclean
+post-install:
+ ${LN} -s ${PREFIX}/bin/dcgui-qt ${PREFIX}/bin/dcgui
.include <bsd.port.mk>
diff -ruN dcgui/distinfo dcgui.new/distinfo
--- dcgui/distinfo Sat Oct 5 21:16:16 2002
+++ dcgui.new/distinfo Mon May 5 14:25:40 2003
@@ -1 +1 @@
-MD5 (dcgui-0.1beta11.tar.bz2) = 0487c67a4a205fb1846df19d611b1aee
+MD5 (dcgui-qt-0.2.12.tar.bz2) = 2eca58630444ea0d66d8a18c325147f7
diff -ruN dcgui/pkg-descr dcgui.new/pkg-descr
--- dcgui/pkg-descr Tue Jul 16 02:42:04 2002
+++ dcgui.new/pkg-descr Mon May 5 14:25:40 2003
@@ -3,5 +3,5 @@
WWW: http://dc.ketelhot.de/
-- sverrir
-e96sv@yahoo.se
+- davide
+davide@sito.it
diff -ruN dcgui/pkg-plist dcgui.new/pkg-plist
--- dcgui/pkg-plist Tue Jul 16 02:42:04 2002
+++ dcgui.new/pkg-plist Mon May 5 14:25:40 2003
@@ -1 +1,19 @@
bin/dcgui
+bin/dcgui-qt
+share/dcgui/emoticons/emotes.xml
+share/dcgui/emoticons/emoticons.xpm
+share/dcgui/translation/dcgui.cs.qm
+share/dcgui/translation/dcgui.da.qm
+share/dcgui/translation/dcgui.de.qm
+share/dcgui/translation/dcgui.en_GB.qm
+share/dcgui/translation/dcgui.es.qm
+share/dcgui/translation/dcgui.fi.qm
+share/dcgui/translation/dcgui.fr.qm
+share/dcgui/translation/dcgui.is.qm
+share/dcgui/translation/dcgui.it.qm
+share/dcgui/translation/dcgui.nb.qm
+share/dcgui/translation/dcgui.nl.qm
+share/dcgui/translation/dcgui.pl.qm
+share/dcgui/translation/dcgui.ro.qm
+share/dcgui/translation/dcgui.sv.qm
+@dirrm share/dcgui
\ No newline at end of file
--- dcgui.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305051251.h45CplPG083183>