From owner-freebsd-ports-bugs@FreeBSD.ORG Mon May 5 06:00:26 2003 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C6D0737B405 for ; Mon, 5 May 2003 06:00:25 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6519743F93 for ; Mon, 5 May 2003 06:00:20 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h45D0KUp077407 for ; Mon, 5 May 2003 06:00:20 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h45D0K41077406; Mon, 5 May 2003 06:00:20 -0700 (PDT) Resent-Date: Mon, 5 May 2003 06:00:20 -0700 (PDT) Resent-Message-Id: <200305051300.h45D0K41077406@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Davide Lemma Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C80B137B401; Mon, 5 May 2003 05:51:45 -0700 (PDT) Received: from nerone.sito.it (adsl054.18.cyb.it [195.191.18.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EBA743F3F; Mon, 5 May 2003 05:51:43 -0700 (PDT) (envelope-from root@nerone.sito.it) Received: from nerone.sito.it (localhost [127.0.0.1]) by nerone.sito.it (8.12.8/8.11.5) with ESMTP id h45CpvL9083184; Mon, 5 May 2003 14:51:57 +0200 (CEST) Received: (from root@localhost) by nerone.sito.it (8.12.9/8.12.6/Submit) id h45CplPG083183; Mon, 5 May 2003 14:51:47 +0200 (CEST) (envelope-from root) Message-Id: <200305051251.h45CplPG083183@nerone.sito.it> Date: Mon, 5 May 2003 14:51:47 +0200 (CEST) From: Davide Lemma To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: portmgr@FreeBSD.org Subject: ports/51789: high security hole in old dcgui/dclib ports X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Davide Lemma List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 May 2003 13:00:26 -0000 >Number: 51789 >Category: ports >Synopsis: high security hole in old dcgui/dclib ports >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Mon May 05 06:00:19 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Davide Lemma >Release: FreeBSD 4.8-STABLE i386 >Organization: none >Environment: System: FreeBSD 4.8-STABLE i386 >Description: high security hole in old dcgui/dclib ports >How-To-Repeat: installing a software version older than 0.2.2 >Fix: installing a version newer than 0.2.1 --- dclib.diff begins here --- diff -ruN dclib/Makefile dclib.new/Makefile --- dclib/Makefile Mon Mar 31 17:14:03 2003 +++ dclib.new/Makefile Mon May 5 14:22:44 2003 @@ -1,25 +1,21 @@ # New ports collection makefile for: dclib -# Date created: Wed 10 Jul 2002 -# Whom: Sverrir Valgeirsson and -# Amar Takhar et al +# Date created: Mon 31 Mar 2003 +# Whom: Davide Lemma # -# $FreeBSD: ports/net/dclib/Makefile,v 1.6 2003/03/31 15:14:03 trevor Exp $ +# $FreeBSD$ # PORTNAME= dclib -PORTVERSION= 0.1.11 +PORTVERSION= 0.2.12 CATEGORIES= net -MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} \ +MASTER_SITES= http://download.berlios.de/dcgui/ \ http://ftp.kde.com/Networking_Internet/File_Sharing/Direct_Connect_4_Linux/ \ - http://download.berlios.de/dcgui/ \ ftp://ftp.kde.com/Networking_Internet/File_Sharing/Direct_Connect_4_Linux/ \ http://dc.ketelhot.de/files/dcgui/unstable/source/ -MASTER_SITE_SUBDIR= dc-gui -DISTNAME= dclib-0.1beta11 +DISTNAME= dclib-0.2.12 -MAINTAINER= e96sv@yahoo.se +MAINTAINER= davide@sito.it COMMENT= Direct connect interface library for dcgui -FORBIDDEN= "security bug--see " LIB_DEPENDS= jpeg.9:${PORTSDIR}/graphics/jpeg \ xml2.5:${PORTSDIR}/textproc/libxml2 @@ -28,23 +24,6 @@ USE_GMAKE= yes USE_REINPLACE= yes GNU_CONFIGURE= yes -CONFIGURE_ARGS= --with-xml-prefix=${LOCALBASE} INSTALLS_SHLIB= yes - -post-patch: -# fix libxml2 test -# and, do not add optimizations because it might break some ARCHs, e.g., -# alpha - - @${REINPLACE_CMD} -e 's@xmlversion.h@libxml/xmlversion.h@; \ - s@-O2@@; \ - s@%%LOCALBASE%%@${LOCALBASE}@g' \ - ${CONFIGURE_WRKSRC}/${CONFIGURE_SCRIPT} - @${REINPLACE_CMD} -e "s@Lu@llu@g" \ - ${WRKSRC}/dclib/cstring.cpp \ - ${WRKSRC}/dclib/cquerymanager.cpp -# malloc.h is deprecated in favor of stdlib.h - @${FIND} ${WRKSRC} -type f -name "*.cpp" -o -name "*.h" | \ - ${XARGS} -n 10 ${REINPLACE_CMD} 's|malloc\.h|stdlib.h|' .include diff -ruN dclib/distinfo dclib.new/distinfo --- dclib/distinfo Sat Oct 5 21:15:42 2002 +++ dclib.new/distinfo Mon May 5 14:22:44 2003 @@ -1 +1 @@ -MD5 (dclib-0.1beta11.tar.bz2) = 1105c521ca69230e0bcbb2d03ef5cd7f +MD5 (dclib-0.2.12.tar.bz2) = ef55a1190ba972c086a2f758542088a0 diff -ruN dclib/pkg-descr dclib.new/pkg-descr --- dclib/pkg-descr Tue Jul 16 02:45:57 2002 +++ dclib.new/pkg-descr Mon May 5 14:22:44 2003 @@ -3,5 +3,5 @@ WWW: http://dc.ketelhot.de/ -- sverrir -e96sv@yahoo.se +- davide +davide@sito.it diff -ruN dclib/pkg-plist dclib.new/pkg-plist --- dclib/pkg-plist Sat Oct 5 21:15:42 2002 +++ dclib.new/pkg-plist Mon May 5 14:22:44 2003 @@ -6,24 +6,31 @@ include/dclib/cclient.h include/dclib/cconfig.h include/dclib/cconnection.h +include/dclib/cdcproto.h include/dclib/cdir.h include/dclib/cdownloadmanager.h include/dclib/cdownloadqueue.h include/dclib/cencrypt.h +include/dclib/cfile.h include/dclib/cfilemanager.h include/dclib/che3.h include/dclib/chttp.h include/dclib/chubsearch.h include/dclib/clist.h include/dclib/clisten.h +include/dclib/clogfile.h +include/dclib/cmanager.h include/dclib/cmd4.h include/dclib/cmd5.h include/dclib/cmessagehandler.h include/dclib/cobject.h +include/dclib/cplugin.h +include/dclib/cpluginmanager.h include/dclib/cquerymanager.h include/dclib/cservermanager.h include/dclib/csingleton.h include/dclib/csocket.h +include/dclib/cssl.h include/dclib/cstring.h include/dclib/cstringlist.h include/dclib/cthread.h @@ -31,8 +38,9 @@ include/dclib/cxml.h include/dclib/dcobject.h include/dclib/dcos.h +include/dclib/filecopy.h lib/libdc.a lib/libdc.la lib/libdc.so lib/libdc.so.0 -@dirrm include/dclib +@dirrm include/dclib \ No newline at end of file --- dclib.diff ends here --- --- dcgui.diff begins here --- diff -ruN dcgui/Makefile dcgui.new/Makefile --- dcgui/Makefile Mon Mar 31 17:14:02 2003 +++ dcgui.new/Makefile Mon May 5 14:25:40 2003 @@ -1,25 +1,22 @@ # New ports collection makefile for: dclib -# Date created: Wed 10 Jul 2002 -# Whom: Sverrir Valgeirsson and -# Amar Takhar et al +# Date created: Mon 31 Mar 2003 +# Whom: Davide Lemma # -# $FreeBSD: ports/net/dcgui/Makefile,v 1.5 2003/03/31 15:14:02 trevor Exp $ +# $FreeBSD$ # PORTNAME= dcgui -PORTVERSION= 0.1.11 +PORTVERSION= 0.2.12 CATEGORIES= net -MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} \ +MASTER_SITES= http://download.berlios.de/dcgui/ \ http://ftp.kde.com/Networking_Internet/File_Sharing/Direct_Connect_4_Linux/ \ - http://download.berlios.de/dcgui/ \ ftp://ftp.kde.com/Networking_Internet/File_Sharing/Direct_Connect_4_Linux/ \ http://dc.ketelhot.de/files/dcgui/unstable/source/ MASTER_SITE_SUBDIR= dc-gui -DISTNAME= dcgui-0.1beta11 +DISTNAME= dcgui-qt-0.2.12 -MAINTAINER= e96sv@yahoo.se +MAINTAINER= davide@sito.it COMMENT= A Direct Connect client QT GUI -FORBIDDEN= "security bug--see " LIB_DEPENDS= dc.0:${PORTSDIR}/net/dclib \ xml2.5:${PORTSDIR}/textproc/libxml2 @@ -31,15 +28,11 @@ USE_REINPLACE= yes GNU_CONFIGURE= yes CONFIGURE_ARGS= --with-libdc=${LOCALBASE} \ - --with-xml-prefix=${LOCALBASE} \ --program-prefix= -post-patch: -# Fix libxml2 test -# And, do not add optimizations because it might break some ARCHs, e.g., -# alpha - @${REINPLACE_CMD} -e 's@xmlversion.h@libxml/xmlversion.h@; \ - s@-O2@@' \ - ${CONFIGURE_WRKSRC}/${CONFIGURE_SCRIPT} +post-extract: + cd ${WRKSRC} && ./configure && gmake distclean +post-install: + ${LN} -s ${PREFIX}/bin/dcgui-qt ${PREFIX}/bin/dcgui .include diff -ruN dcgui/distinfo dcgui.new/distinfo --- dcgui/distinfo Sat Oct 5 21:16:16 2002 +++ dcgui.new/distinfo Mon May 5 14:25:40 2003 @@ -1 +1 @@ -MD5 (dcgui-0.1beta11.tar.bz2) = 0487c67a4a205fb1846df19d611b1aee +MD5 (dcgui-qt-0.2.12.tar.bz2) = 2eca58630444ea0d66d8a18c325147f7 diff -ruN dcgui/pkg-descr dcgui.new/pkg-descr --- dcgui/pkg-descr Tue Jul 16 02:42:04 2002 +++ dcgui.new/pkg-descr Mon May 5 14:25:40 2003 @@ -3,5 +3,5 @@ WWW: http://dc.ketelhot.de/ -- sverrir -e96sv@yahoo.se +- davide +davide@sito.it diff -ruN dcgui/pkg-plist dcgui.new/pkg-plist --- dcgui/pkg-plist Tue Jul 16 02:42:04 2002 +++ dcgui.new/pkg-plist Mon May 5 14:25:40 2003 @@ -1 +1,19 @@ bin/dcgui +bin/dcgui-qt +share/dcgui/emoticons/emotes.xml +share/dcgui/emoticons/emoticons.xpm +share/dcgui/translation/dcgui.cs.qm +share/dcgui/translation/dcgui.da.qm +share/dcgui/translation/dcgui.de.qm +share/dcgui/translation/dcgui.en_GB.qm +share/dcgui/translation/dcgui.es.qm +share/dcgui/translation/dcgui.fi.qm +share/dcgui/translation/dcgui.fr.qm +share/dcgui/translation/dcgui.is.qm +share/dcgui/translation/dcgui.it.qm +share/dcgui/translation/dcgui.nb.qm +share/dcgui/translation/dcgui.nl.qm +share/dcgui/translation/dcgui.pl.qm +share/dcgui/translation/dcgui.ro.qm +share/dcgui/translation/dcgui.sv.qm +@dirrm share/dcgui \ No newline at end of file --- dcgui.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: