From vmiklos at frugalware.org Thu Aug 2 16:02:37 2007 From: vmiklos at frugalware.org (VMiklos) Date: Thu Aug 2 16:02:39 2007 Subject: [Frugalware-darcs] frugalware-0.6: firefox-2.0.0.6-1terminus1-i686 Message-ID: <20070802140237.2EF9413A4022@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070802140204-e2957-67fb4a56ece050bbc5d41ab8b8b59198f89d0ee3.gz; [firefox-2.0.0.6-1terminus1-i686 VMiklos **20070802140204 secfix bump closes #2303 ] { hunk ./source/xapps/firefox/FrugalBuild 7 -pkgver=2.0.0.5 +pkgver=2.0.0.6 } From vmiklos at frugalware.org Thu Aug 2 17:43:59 2007 From: vmiklos at frugalware.org (VMiklos) Date: Thu Aug 2 17:44:02 2007 Subject: [Frugalware-darcs] frugalware-0.6: vim-7.0-4terminus2-i686 Message-ID: <20070802154359.A924213A4022@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070802154242-e2957-87e18496c83dae0ca3a221c578b7dddc5d177241.gz; [vim-7.0-4terminus2-i686 VMiklos **20070802154242 added '7.1.039' secfix closes #2292 ] { hunk ./source/apps/vim/FrugalBuild 6 -pkgrel=4terminus1 +pkgrel=4terminus2 hunk ./source/apps/vim/FrugalBuild 15 - vim-vimrc.diff frugalware.diff CVE-2007-2438.diff) + vim-vimrc.diff frugalware.diff CVE-2007-2438.diff \ + ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039) hunk ./source/apps/vim/FrugalBuild 22 + Fpatch 7.1.039 hunk ./source/apps/vim/FrugalBuild 33 -sha1sums=('38ef48cabf942d0dc804a794dcc6f002b9457fc8'\ - 'd58d1eadd1c8a0276680c86e8ca859e9c6282f3f'\ - '7c33d734f2c91486fcd51c8b8ac96867e0819f21'\ - '033deb2f4a736835fd590aeff4fec65f82db34f8') +sha1sums=('38ef48cabf942d0dc804a794dcc6f002b9457fc8' \ + 'd58d1eadd1c8a0276680c86e8ca859e9c6282f3f' \ + '7c33d734f2c91486fcd51c8b8ac96867e0819f21' \ + '033deb2f4a736835fd590aeff4fec65f82db34f8' \ + '87ee68d607022d1dea8496c9a6a88185040d292e') } From vmiklos at frugalware.org Thu Aug 2 22:43:07 2007 From: vmiklos at frugalware.org (VMiklos) Date: Thu Aug 2 22:43:09 2007 Subject: [Frugalware-darcs] frugalware-0.6: gvim-7.0-4terminus1-i686 Message-ID: <20070802204307.E441A13A4022@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070802204101-e2957-b96f63ddab8c3e2859fb6c032e8a27c8e096b3ce.gz; [gvim-7.0-4terminus1-i686 VMiklos **20070802204101 added CVE-2007-2438.diff and '7.1.039' secfixes closes #2010 and #2292 ] { addfile ./source/xapps/gvim/CVE-2007-2438.diff hunk ./source/xapps/gvim/CVE-2007-2438.diff 1 +To: vim-dev@vim.org +Subject: patch 7.0.235 +Fcc: outbox +From: Bram Moolenaar +Mime-Version: 1.0 +Content-Type: text/plain; charset=ISO-8859-1 +Content-Transfer-Encoding: 8bit +------------ + +Patch 7.0.235 +Problem: It is possible to use writefile() in the sandbox. +Solution: Add a few more checks for the sandbox. +Files: src/eval.c + + +*** ../vim-7.0.234/src/eval.c Fri Apr 27 22:17:43 2007 +--- src/eval.c Sat Apr 28 21:36:02 2007 +*************** +*** 15598,15603 **** +--- 15598,15606 ---- + int err = FALSE; + FILE *fd; + ++ if (check_restricted() || check_secure()) ++ return; ++ + if (argvars[1].v_type != VAR_UNKNOWN) + { + /* +*************** +*** 16430,16435 **** +--- 16433,16441 ---- + char_u *s; + int ret = 0; + int c; ++ ++ if (check_restricted() || check_secure()) ++ return; + + if (argvars[0].v_type != VAR_LIST) + { +*** ../vim-7.0.234/src/version.c Fri Apr 27 22:17:43 2007 +--- src/version.c Sun Apr 29 13:54:29 2007 +*************** +*** 668,669 **** +--- 668,671 ---- + { /* Add new patch number below this line */ ++ /**/ ++ 235, + /**/ + hunk ./source/xapps/gvim/FrugalBuild 6 -pkgrel=3 +pkgrel=4terminus1 hunk ./source/xapps/gvim/FrugalBuild 14 -source=(ftp://ftp.vim.org/pub/vim/unix/vim-$pkgver.tar.bz2 $pkgname.xpm) -sha1sums=('38ef48cabf942d0dc804a794dcc6f002b9457fc8' - 'f7262c7429c42b7c1ef9cf1eaa6aa12292933525') +source=(ftp://ftp.vim.org/pub/vim/unix/vim-$pkgver.tar.bz2 $pkgname.xpm \ + CVE-2007-2438.diff \ + ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039) +sha1sums=('38ef48cabf942d0dc804a794dcc6f002b9457fc8' \ + 'f7262c7429c42b7c1ef9cf1eaa6aa12292933525' \ + '033deb2f4a736835fd590aeff4fec65f82db34f8' \ + '87ee68d607022d1dea8496c9a6a88185040d292e') hunk ./source/xapps/gvim/FrugalBuild 26 + Fpatch 7.1.039 } From vmiklos at frugalware.org Fri Aug 3 09:47:16 2007 From: vmiklos at frugalware.org (VMiklos) Date: Fri Aug 3 09:47:20 2007 Subject: [Frugalware-darcs] frugalware-0.6: epiphany-2.18.0-2terminus4-i686 Message-ID: <20070803074716.F02AB167800D@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070803074605-e2957-33ac4e6faf57142087a3b90c82388442ce2e34d6.gz; [epiphany-2.18.0-2terminus4-i686 VMiklos **20070803074605 rebuilt with firefox-2.0.0.6 ] { hunk ./source/gnome-extra/epiphany/FrugalBuild 6 -pkgrel=2terminus3 +pkgrel=2terminus4 hunk ./source/gnome-extra/epiphany/FrugalBuild 10 - 'firefox=2.0.0.5' 'docbook-xsl') + 'firefox=2.0.0.6' 'docbook-xsl') } From vmiklos at frugalware.org Fri Aug 3 09:47:17 2007 From: vmiklos at frugalware.org (VMiklos) Date: Fri Aug 3 09:47:20 2007 Subject: [Frugalware-darcs] frugalware-0.6: galeon-2.0.3-6terminus4-i686 Message-ID: <20070803074717.2AC7A167800E@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070803074543-e2957-04720baa70cd0001bd673ab955476fb12e28c08c.gz; [galeon-2.0.3-6terminus4-i686 VMiklos **20070803074543 rebuilt with firefox-2.0.0.6 ] { hunk ./source/gnome-extra/galeon/FrugalBuild 6 -pkgrel=6terminus3 +pkgrel=6terminus4 hunk ./source/gnome-extra/galeon/FrugalBuild 9 -depends=('firefox=2.0.0.5' 'gnome-desktop' 'dbus-glib>=0.71-2') +depends=('firefox=2.0.0.6' 'gnome-desktop' 'dbus-glib>=0.71-2') } From vmiklos at frugalware.org Fri Aug 3 09:47:17 2007 From: vmiklos at frugalware.org (VMiklos) Date: Fri Aug 3 09:47:21 2007 Subject: [Frugalware-darcs] frugalware-0.6: yelp-2.18.0-2terminus4-i686 Message-ID: <20070803074717.8B3B5167800F@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070803074519-e2957-1a32ae0e182fccddc4729fca26af377d78190c35.gz; [yelp-2.18.0-2terminus4-i686 VMiklos **20070803074519 rebuilt with firefox-2.0.0.6 ] { hunk ./source/gnome/yelp/FrugalBuild 6 -pkgrel=2terminus3 +pkgrel=2terminus4 hunk ./source/gnome/yelp/FrugalBuild 9 -depends=('libgnomeui>=2.18.0' 'libxslt' 'firefox=2.0.0.5' \ +depends=('libgnomeui>=2.18.0' 'libxslt' 'firefox=2.0.0.6' \ } From vmiklos at frugalware.org Fri Aug 3 09:47:17 2007 From: vmiklos at frugalware.org (VMiklos) Date: Fri Aug 3 09:47:21 2007 Subject: [Frugalware-darcs] frugalware-0.6: devhelp-0.13-3terminus4-i686 Message-ID: <20070803074717.A070B16A8010@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070803074149-e2957-bd064a8b351c6d5df271458b2995c722dd274794.gz; [devhelp-0.13-3terminus4-i686 VMiklos **20070803074149 rebuilt with firefox-2.0.0.6 ] { hunk ./source/gnome-extra/devhelp/FrugalBuild 6 -pkgrel=3terminus3 +pkgrel=3terminus4 hunk ./source/gnome-extra/devhelp/FrugalBuild 9 -depends=('libglade' 'libwnck' 'gconf' 'firefox=2.0.0.5' 'dbus-glib>=0.71-2') +depends=('libglade' 'libwnck' 'gconf' 'firefox=2.0.0.6' 'dbus-glib>=0.71-2') } From voroskoi at frugalware.org Sun Aug 5 11:22:05 2007 From: voroskoi at frugalware.org (voroskoi) Date: Sun Aug 5 11:22:08 2007 Subject: [Frugalware-darcs] frugalware-0.6: clamav-0.90.2-1terminus3-i686 Message-ID: <20070805092205.C446E13A402C@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070805091514-dd049-18d4faa9686a48dce1d09d7b27f42aae751992e9.gz; [clamav-0.90.2-1terminus3-i686 voroskoi **20070805091514 secfix relbump, closes #2257 ] { addfile ./source/apps-extra/clamav/CVE-2007-3725.diff hunk ./source/apps-extra/clamav/CVE-2007-3725.diff 1 +Index: unrar.c +=================================================================== +--- clamav/libclamav/unrar/unrar.c (revision 3126) ++++ unrar.c (working copy) +@@ -1650,7 +1650,7 @@ + cli_dbgmsg("Computed File CRC: 0x%x\n", state->unpack_data->unp_crc^0xffffffff); + if (state->unpack_data->unp_crc != 0xffffffff) { + if (state->file_header->file_crc != (state->unpack_data->unp_crc^0xffffffff)) { +- cli_warnmsg("RAR CRC error. Please report the bug at http://bugs.clamav.net/\n"); ++ cli_warnmsg("RAR CRC error. If the file is not corrupted, please report at http://bugs.clamav.net/\n"); + } + } + if (!retval) { +Index: unrarvm.c +=================================================================== +--- clamav/libclamav/unrar/unrarvm.c (revision 3126) ++++ unrarvm.c (working copy) +@@ -347,18 +347,18 @@ + unsigned int file_offset, cur_pos, predicted; + int32_t offset, addr; + const int file_size=0x1000000; +- ++ + switch(filter_type) { + case VMSF_E8: + case VMSF_E8E9: + data=rarvm_data->mem; + data_size = rarvm_data->R[4]; + file_offset = rarvm_data->R[6]; +- +- if (data_size >= VM_GLOBALMEMADDR) { ++ ++ if ((data_size >= VM_GLOBALMEMADDR) || (data_size < 4)) { + break; + } +- ++ + cmp_byte2 = filter_type==VMSF_E8E9 ? 0xe9:0xe8; + for (cur_pos = 0 ; cur_pos < data_size-4 ; ) { + cur_byte = *(data++); hunk ./source/apps-extra/clamav/FrugalBuild 6 -pkgrel=1terminus2 +pkgrel=1terminus3 hunk ./source/apps-extra/clamav/FrugalBuild 18 - 31_others.c.CVE-2007-3024.dpatch.diff) + 31_others.c.CVE-2007-3024.dpatch.diff \ + CVE-2007-3725.diff) hunk ./source/apps-extra/clamav/FrugalBuild 42 - '766cd15c0856b328520f603dfe1fd75f84f78621') + '766cd15c0856b328520f603dfe1fd75f84f78621' \ + '699ab0197b39df250582ec488e51bf173c9ce32f') } From voroskoi at frugalware.org Sun Aug 5 11:34:50 2007 From: voroskoi at frugalware.org (voroskoi) Date: Sun Aug 5 11:34:52 2007 Subject: [Frugalware-darcs] frugalware-0.6: opera-9.22-1terminus1-i686 Message-ID: <20070805093450.C908413A402C@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070805092854-dd049-4ff0c8136b68052910c9e1b8d163512a8d31cdc4.gz; [opera-9.22-1terminus1-i686 voroskoi **20070805092854 secfix bump, closes #2266 ] { hunk ./source/xapps-extra/opera/FrugalBuild 6 -pkgver=9.20 -pkgextraver=20070409.1-static-qt.i386-en +pkgver=9.22 +pkgextraver=20070716.1-static-qt.i386-en hunk ./source/xapps-extra/opera/FrugalBuild 15 -source=(ftp://ftp.opera.com/pub/opera/linux/920/final/en/i386/static/opera-$pkgver-$pkgextraver.tar.bz2) +source=(ftp://ftp.opera.com/pub/opera/linux/${pkgver//./}/final/en/i386/static/opera-$pkgver-$pkgextraver.tar.bz2) hunk ./source/xapps-extra/opera/FrugalBuild 23 - Fcd $pkgname-$pkgver-$pkgextraver-638 + Fcd $pkgname-$pkgver-$pkgextraver-655 hunk ./source/xapps-extra/opera/FrugalBuild 28 -sha1sums=('04163b6dc56cc2ac9e6d78e50cfd7971e2f9e371') +sha1sums=('bdcbdd5e8303f42e5af254f9b074fb19c3e90436') } From vmiklos at frugalware.org Mon Aug 6 14:54:56 2007 From: vmiklos at frugalware.org (VMiklos) Date: Mon Aug 6 14:54:59 2007 Subject: [Frugalware-darcs] frugalware-0.6: apache-2.2.4-2terminus1-i686 Message-ID: <20070806125456.AFB3713A402C@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070806125305-e2957-a1ee1481ba0ae889583db520f8b6fbf16042152e.gz; [apache-2.2.4-2terminus1-i686 VMiklos **20070806125305 added CVE-2006-5752.patch, CVE-2007-1863.patch and CVE-2007-3304.patch secfixes closes #2298 ] { addfile ./source/network/apache/CVE-2006-5752.patch hunk ./source/network/apache/CVE-2006-5752.patch 1 +--- trunk/modules/generators/mod_status.c 2007/06/20 17:22:08 549158 ++++ trunk/modules/generators/mod_status.c 2007/06/20 17:29:24 549159 +@@ -270,7 +270,7 @@ + if (r->method_number != M_GET) + return DECLINED; + +- ap_set_content_type(r, "text/html"); ++ ap_set_content_type(r, "text/html; charset=ISO-8859-1"); + + /* + * Simple table-driven form data set parser that lets you alter the header +@@ -299,7 +299,7 @@ + no_table_report = 1; + break; + case STAT_OPT_AUTO: +- ap_set_content_type(r, "text/plain"); ++ ap_set_content_type(r, "text/plain; charset=ISO-8859-1"); + short_report = 1; + break; + } +@@ -673,7 +673,8 @@ + ap_escape_html(r->pool, + ws_record->client), + ap_escape_html(r->pool, +- ws_record->request), ++ ap_escape_logitem(r->pool, ++ ws_record->request)), + ap_escape_html(r->pool, + ws_record->vhost)); + } +@@ -763,7 +764,8 @@ + ap_escape_html(r->pool, + ws_record->vhost), + ap_escape_html(r->pool, +- ws_record->request)); ++ ap_escape_logitem(r->pool, ++ ws_record->request))); + } /* no_table_report */ + } /* for (j...) */ + } /* for (i...) */ addfile ./source/network/apache/CVE-2007-1863.patch hunk ./source/network/apache/CVE-2007-1863.patch 1 +--- trunk/modules/cache/cache_util.c 2007/05/06 14:17:08 535616 ++++ trunk/modules/cache/cache_util.c 2007/05/06 14:35:02 535617 +@@ -243,7 +243,8 @@ + age = ap_cache_current_age(info, age_c, r->request_time); + + /* extract s-maxage */ +- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) { ++ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val) ++ && val != NULL) { + smaxage = apr_atoi64(val); + } + else { +@@ -252,7 +253,8 @@ + + /* extract max-age from request */ + if (!conf->ignorecachecontrol +- && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) { ++ && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val) ++ && val != NULL) { + maxage_req = apr_atoi64(val); + } + else { +@@ -260,7 +262,8 @@ + } + + /* extract max-age from response */ +- if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) { ++ if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val) ++ && val != NULL) { + maxage_cresp = apr_atoi64(val); + } + else { +@@ -282,7 +285,20 @@ + + /* extract max-stale */ + if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) { +- maxstale = apr_atoi64(val); ++ if(val != NULL) { ++ maxstale = apr_atoi64(val); ++ } ++ else { ++ /* ++ * If no value is assigned to max-stale, then the client is willing ++ * to accept a stale response of any age (RFC2616 14.9.3). We will ++ * set it to one year in this case as this situation is somewhat ++ * similar to a "never expires" Expires header (RFC2616 14.21) ++ * which is set to a date one year from the time the response is ++ * sent in this case. ++ */ ++ maxstale = APR_INT64_C(86400*365); ++ } + } + else { + maxstale = 0; +@@ -290,7 +306,8 @@ + + /* extract min-fresh */ + if (!conf->ignorecachecontrol +- && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) { ++ && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val) ++ && val != NULL) { + minfresh = apr_atoi64(val); + } + else { +@@ -418,6 +435,9 @@ + *val = apr_pstrmemdup(p, val_start, + next - val_start); + } ++ } ++ else { ++ *val = NULL; + } + } + return 1; addfile ./source/network/apache/CVE-2007-3304.patch hunk ./source/network/apache/CVE-2007-3304.patch 1 +Index: server/mpm/prefork/prefork.c +=================================================================== +--- server/mpm/prefork/prefork.c (revision 551928) ++++ server/mpm/prefork/prefork.c (working copy) +@@ -1127,7 +1127,7 @@ + for (index = 0; index < ap_daemons_limit; ++index) { + if (ap_scoreboard_image->servers[index][0].status != SERVER_DEAD) { + /* Ask each child to close its listeners. */ +- kill(MPM_CHILD_PID(index), AP_SIG_GRACEFUL); ++ ap_mpm_safe_kill(MPM_CHILD_PID(index), AP_SIG_GRACEFUL); + active_children++; + } + } +@@ -1165,12 +1165,10 @@ + + active_children = 0; + for (index = 0; index < ap_daemons_limit; ++index) { +- if (MPM_CHILD_PID(index) != 0) { +- if (kill(MPM_CHILD_PID(index), 0) == 0) { +- active_children = 1; +- /* Having just one child is enough to stay around */ +- break; +- } ++ if (ap_mpm_safe_kill(MPM_CHILD_PID(index), 0) == APR_SUCCESS) { ++ active_children = 1; ++ /* Having just one child is enough to stay around */ ++ break; + } + } + } while (!shutdown_pending && active_children && +@@ -1222,7 +1220,7 @@ + * piped loggers, etc. They almost certainly won't handle + * it gracefully. + */ +- kill(ap_scoreboard_image->parent[index].pid, AP_SIG_GRACEFUL); ++ ap_mpm_safe_kill(ap_scoreboard_image->parent[index].pid, AP_SIG_GRACEFUL); + } + } + } +Index: server/mpm/worker/worker.c +=================================================================== +--- server/mpm/worker/worker.c (revision 551928) ++++ server/mpm/worker/worker.c (working copy) +@@ -1813,12 +1813,10 @@ + + active_children = 0; + for (index = 0; index < ap_daemons_limit; ++index) { +- if (MPM_CHILD_PID(index) != 0) { +- if (kill(MPM_CHILD_PID(index), 0) == 0) { +- active_children = 1; +- /* Having just one child is enough to stay around */ +- break; +- } ++ if (ap_mpm_safe_kill(MPM_CHILD_PID(index), 0) == APR_SUCCESS) { ++ active_children = 1; ++ /* Having just one child is enough to stay around */ ++ break; + } + } + } while (!shutdown_pending && active_children && +Index: server/mpm/experimental/event/event.c +=================================================================== +--- server/mpm/experimental/event/event.c (revision 551928) ++++ server/mpm/experimental/event/event.c (working copy) +@@ -1998,12 +1998,10 @@ + + active_children = 0; + for (index = 0; index < ap_daemons_limit; ++index) { +- if (MPM_CHILD_PID(index) != 0) { +- if (kill(MPM_CHILD_PID(index), 0) == 0) { +- active_children = 1; +- /* Having just one child is enough to stay around */ +- break; +- } ++ if (ap_mpm_safe_kill(MPM_CHILD_PID(index), 0) == APR_SUCCESS) { ++ active_children = 1; ++ /* Having just one child is enough to stay around */ ++ break; + } + } + } while (!shutdown_pending && active_children && +Index: server/mpm_common.c +=================================================================== +--- server/mpm_common.c (revision 551928) ++++ server/mpm_common.c (working copy) +@@ -126,6 +126,11 @@ + apr_proc_t proc; + apr_status_t waitret; + ++ /* Ensure pid sanity. */ ++ if (pid < 1) { ++ return 1; ++ } ++ + proc.pid = pid; + waitret = apr_proc_wait(&proc, NULL, NULL, APR_NOWAIT); + if (waitret != APR_CHILD_NOTDONE) { +@@ -305,6 +310,66 @@ + cur_extra = next; + } + } ++ ++/* Before sending the signal to the pid this function verifies that ++ * the pid is a member of the current process group; either using ++ * apr_proc_wait(), where waitpid() guarantees to fail for non-child ++ * processes; or by using getpgid() directly, if available. */ ++apr_status_t ap_mpm_safe_kill(pid_t pid, int sig) ++{ ++#ifndef HAVE_GETPGID ++ apr_proc_t proc; ++ apr_status_t rv; ++ apr_exit_why_e why; ++ int status; ++ ++ /* Ensure pid sanity */ ++ if (pid < 1) { ++ return APR_EINVAL; ++ } ++ ++ proc.pid = pid; ++ rv = apr_proc_wait(&proc, &status, &why, APR_NOWAIT); ++ if (rv == APR_CHILD_DONE) { ++#ifdef AP_MPM_WANT_PROCESS_CHILD_STATUS ++ /* The child already died - log the termination status if ++ * necessary: */ ++ ap_process_child_status(&proc, why, status); ++#endif ++ return APR_EINVAL; ++ } ++ else if (rv != APR_CHILD_NOTDONE) { ++ /* The child is already dead and reaped, or was a bogus pid - ++ * log this either way. */ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, rv, ap_server_conf, ++ "cannot send signal %d to pid %ld (non-child or " ++ "already dead)", sig, (long)pid); ++ return APR_EINVAL; ++ } ++#else ++ pid_t pg; ++ ++ /* Ensure pid sanity. */ ++ if (pid < 1) { ++ return APR_EINVAL; ++ } ++ ++ pg = getpgid(pid); ++ if (pg == -1) { ++ /* Process already dead... */ ++ return errno; ++ } ++ ++ if (pg != getpgrp()) { ++ ap_log_error(APLOG_MARK, APLOG_ALERT, 0, ap_server_conf, ++ "refusing to send signal %d to pid %ld outside " ++ "process group", sig, (long)pid); ++ return APR_EINVAL; ++ } ++#endif ++ ++ return kill(pid, sig) ? errno : APR_SUCCESS; ++} + #endif /* AP_MPM_WANT_RECLAIM_CHILD_PROCESSES */ + + #ifdef AP_MPM_WANT_WAIT_OR_TIMEOUT +Index: include/mpm_common.h +=================================================================== +--- include/mpm_common.h (revision 551928) ++++ include/mpm_common.h (working copy) +@@ -145,6 +145,19 @@ + #endif + + /** ++ * Safely signal an MPM child process, if the process is in the ++ * current process group. Otherwise fail. ++ * @param pid the process id of a child process to signal ++ * @param sig the signal number to send ++ * @return APR_SUCCESS if signal is sent, otherwise an error as per kill(3); ++ * APR_EINVAL is returned if passed either an invalid (< 1) pid, or if ++ * the pid is not in the current process group ++ */ ++#ifdef AP_MPM_WANT_RECLAIM_CHILD_PROCESSES ++apr_status_t ap_mpm_safe_kill(pid_t pid, int sig); ++#endif ++ ++/** + * Determine if any child process has died. If no child process died, then + * this process sleeps for the amount of time specified by the MPM defined + * macro SCOREBOARD_MAINTENANCE_INTERVAL. +Index: include/ap_mmn.h +=================================================================== +--- include/ap_mmn.h (revision 551928) ++++ include/ap_mmn.h (working copy) +@@ -113,6 +113,8 @@ + * 20051115.3 (2.2.3) Added server_scheme member to server_rec (minor) + * 20051115.4 (2.2.4) Added ap_get_server_banner() and + * ap_get_server_description() (minor) ++ * 20051115.5 (2.2.5) Added ap_mpm_safe_kill() (minor) ++ * + */ + + #define MODULE_MAGIC_COOKIE 0x41503232UL /* "AP22" */ +@@ -120,7 +122,7 @@ + #ifndef MODULE_MAGIC_NUMBER_MAJOR + #define MODULE_MAGIC_NUMBER_MAJOR 20051115 + #endif +-#define MODULE_MAGIC_NUMBER_MINOR 4 /* 0...n */ ++#define MODULE_MAGIC_NUMBER_MINOR 5 /* 0...n */ + + /** + * Determine if the server's current MODULE_MAGIC_NUMBER is at least a +Index: configure.in +=================================================================== +--- configure.in (revision 551928) ++++ configure.in (working copy) +@@ -392,6 +392,7 @@ + bindprocessor \ + prctl \ + timegm \ ++getpgid + ) + + dnl confirm that a void pointer is large enough to store a long integer hunk ./source/network/apache/FrugalBuild 7 -pkgrel=1 +pkgrel=2terminus1 hunk ./source/network/apache/FrugalBuild 18 - README.Frugalware index.html http://frugalware.org/images/frugalware.png) -signatures=($source.asc '' '' '' '' '' '' '' '') + README.Frugalware index.html http://frugalware.org/images/frugalware.png \ + CVE-2006-5752.patch CVE-2007-1863.patch CVE-2007-3304.patch) +signatures=($source.asc '' '' '' '' '' '' '' '' '' '' '') hunk ./source/network/apache/FrugalBuild 25 - Fbuild --sysconfdir=/etc/httpd/conf --enable-layout=RedHat --datadir=/var/www \ + Fpatchall + autoconf || return 1 + Fmake --sysconfdir=/etc/httpd/conf --enable-layout=RedHat --datadir=/var/www \ hunk ./source/network/apache/FrugalBuild 32 + Fmakeinstall } From vmiklos at frugalware.org Mon Aug 6 15:25:35 2007 From: vmiklos at frugalware.org (VMiklos) Date: Mon Aug 6 15:25:38 2007 Subject: [Frugalware-darcs] frugalware-0.6: libvorbis-1.2.0-1terminus1-i686 Message-ID: <20070806132535.94DAA13A402C@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070806132100-e2957-4d347b7ef0e044e701ff841b81b82624e1cc042e.gz; [libvorbis-1.2.0-1terminus1-i686 VMiklos **20070806132100 secfix bump closes #2293 ] { hunk ./source/lib/libvorbis/FrugalBuild 7 -pkgver=1.1.2 -pkgrel=1 +pkgver=1.2.0 +pkgrel=1terminus1 hunk ./source/lib/libvorbis/FrugalBuild 16 -sha1sums=('26289fc41aa5436b1a277d726bb5cb106d675c35') +sha1sums=('6ff5f9d9d71cc385ee180171cc21af5653b76a16') } From vmiklos at frugalware.org Tue Aug 7 10:17:23 2007 From: vmiklos at frugalware.org (VMiklos) Date: Tue Aug 7 10:17:24 2007 Subject: [Frugalware-darcs] frugalware-0.6: joomla-1.0.13-1terminus1-i686 Message-ID: <20070807081723.4ED9D13A402C@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070807081539-e2957-1afd2ea4a60252cf11ae67cfa91f8b8816126711.gz; [joomla-1.0.13-1terminus1-i686 VMiklos **20070807081539 secfix bump closes #2290 ] { hunk ./source/network-extra/joomla/7832.diff 1 -Index: 1.0/administrator/includes/admin.php -=================================================================== ---- 1.0/administrator/includes/admin.php (revision 7831) -+++ 1.0/administrator/includes/admin.php (revision 7832) -@@ -323,7 +323,7 @@ - $wrongSettingsTexts[] = 'PHP register_globals setting is `ON` instead of `OFF`'; - } - if ( RG_EMULATION != 0 ) { -- $wrongSettingsTexts[] = 'Joomla! RG_EMULATION setting is `ON` instead of `OFF` in file globals.php
`ON` by default for compatibility reasons'; -+ $wrongSettingsTexts[] = 'Joomla! "Register Globals Emulation" setting is `ON`.   To disable Register Globals Emulation, navigate to Site -> Global Configuration -> Server, select `OFF`, and save.
Register Globals Emulation is `ON` by default for backward compatibility.'; - } - - if ( count($wrongSettingsTexts) ) { -Index: 1.0/administrator/index.php -=================================================================== ---- 1.0/administrator/index.php (revision 7831) -+++ 1.0/administrator/index.php (revision 7832) -@@ -95,8 +95,7 @@ - session_start(); - - // construct Session ID -- $logintime = time(); -- $session_id = md5( $my->id . $my->username . $my->usertype . $logintime ); -+ $session_id = session_id(); - - // add Session ID entry to DB - $query = "INSERT INTO #__session" -Index: 1.0/includes/joomla.php -=================================================================== ---- 1.0/includes/joomla.php (revision 7831) -+++ 1.0/includes/joomla.php (revision 7832) -@@ -764,11 +764,11 @@ - $my->gid = intval( mosGetParam( $_SESSION, 'session_gid', '' ) ); - $my->params = mosGetParam( $_SESSION, 'session_user_params', '' ); - -- $session_id = mosGetParam( $_SESSION, 'session_id', '' ); -+ $old_session_id = mosGetParam( $_SESSION, 'session_id', '' ); - $logintime = mosGetParam( $_SESSION, 'session_logintime', '' ); - - // check to see if session id corresponds with correct format -- if ( $session_id == md5( $my->id . $my->username . $my->usertype . $logintime ) ) { -+ if (strlen($old_session_id) == 32) { - // if task action is to `save` or `apply` complete action before doing session checks. - if ($task != 'save' && $task != 'apply') { - // test for session_life_admin -@@ -789,11 +789,24 @@ - $this->_db->setQuery( $query ); - $this->_db->query(); - -+ // destroy the old session -+ $oldSession = $_SESSION; -+ session_destroy(); -+ -+ // create a clean session -+ session_start(); -+ session_regenerate_id(); -+ -+ // restore the old session state with a new id -+ $_SESSION = $oldSession; -+ $_SESSION['session_id'] = session_id(); -+ - // update session timestamp - $current_time = time(); - $query = "UPDATE #__session" - . "\n SET time = " . $this->_db->Quote( $current_time ) -- . "\n WHERE session_id = " . $this->_db->Quote( $session_id ) -+ . "\n , session_id = " . $this->_db->Quote( session_id() ) -+ . "\n WHERE session_id = " . $this->_db->Quote( $old_session_id ) - ; - $this->_db->setQuery( $query ); - $this->_db->query(); -@@ -804,7 +817,7 @@ - // check against db record of session - $query = "SELECT COUNT( session_id )" - . "\n FROM #__session" -- . "\n WHERE session_id = " . $this->_db->Quote( $session_id ) -+ . "\n WHERE session_id = " . $this->_db->Quote( session_id() ) - . "\n AND username = ". $this->_db->Quote( $my->username ) - . "\n AND userid = ". intval( $my->id ) - ; -@@ -860,7 +873,7 @@ - $_SESSION['task'] = $task; - } - } -- } else if ($session_id == '') { -+ } else if ($old_session_id == '') { - // no session_id as user has not attempted to login, or session.auto_start is switched on - if (ini_get( 'session.auto_start' ) || !ini_get( 'session.use_cookies' )) { - echo "\n"; -@@ -2478,6 +2491,9 @@ - return false; - } - -+ $ignoreList = array('description'); -+ $this->filter($ignoreList); -+ - // check for existing name - $query = "SELECT id" - . "\n FROM #__categories " -@@ -2544,6 +2560,10 @@ - $this->_error = "Your Section must have a name."; - return false; - } -+ -+ $ignoreList = array('description'); -+ $this->filter($ignoreList); -+ - // check for existing name - $query = "SELECT id" - . "\n FROM #__sections " -@@ -2742,6 +2762,10 @@ - function check() { - $this->id = (int) $this->id; - $this->params = (string) trim( $this->params . ' ' ); -+ -+ $ignoreList = array( 'link' ); -+ $this->filter( $ignoreList ); -+ - return true; - } - } -@@ -3152,6 +3176,10 @@ - $msg = $iFilter->process( $msg ); - } - -+ // Strip out any line breaks and throw away the rest -+ $url = preg_split("/[\r\n]/", $url); -+ $url = $url[0]; -+ - if ($iFilter->badAttributeValue( array( 'href', $url ))) { - $url = $GLOBALS['mosConfig_live_site']; - } rmfile ./source/network-extra/joomla/7832.diff hunk ./source/network-extra/joomla/FrugalBuild 5 -pkgver=1.0.12 -pkgrel=2terminus1 +pkgver=1.0.13 +pkgrel=1terminus1 hunk ./source/network-extra/joomla/FrugalBuild 14 -source=(http://ftp.frugalware.org/pub/other/sources/joomla/Joomla_"$pkgver"-Stable-Full_Package.tar.gz joomlasetup README.Frugalware 7832.diff) +source=(http://joomlacode.org/gf/download/frsrelease/4508/13216/Joomla_$pkgver-Stable-Full_Package.tar.gz joomlasetup README.Frugalware) hunk ./source/network-extra/joomla/FrugalBuild 17 - patch -p1 < 7832.diff || Fdie hunk ./source/network-extra/joomla/FrugalBuild 27 -sha1sums=('3719d9b3b8ea9d32d4ad1b2ab34a2b21698718d9' \ - '436fa260a2750e2394eb23f1504757bdb8045af1' \ - 'c079d041113ca5302340955027a5e313bee47f4a' \ - 'f10b9f0c2b6e6bfe36574cfd6851ed300ea438e9') +sha1sums=('91934fe13e65ccb679ba50db1962449c306211df' \ + '436fa260a2750e2394eb23f1504757bdb8045af1' \ + 'c079d041113ca5302340955027a5e313bee47f4a') } From vmiklos at frugalware.org Tue Aug 7 11:04:10 2007 From: vmiklos at frugalware.org (VMiklos) Date: Tue Aug 7 11:04:11 2007 Subject: [Frugalware-darcs] frugalware-0.6: xpdf-3.02-1terminus1-i686 Message-ID: <20070807090410.3393413A402C@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070807090300-e2957-a3e26a1f60686e7061f80d556f54f80f32a8ada6.gz; [xpdf-3.02-1terminus1-i686 VMiklos **20070807090300 secfix bump closes #2299 ] { hunk ./source/xapps/xpdf/FrugalBuild 5 -pkgver=3.01 -pkgrel=4 +pkgver=3.02 +pkgrel=1terminus1 hunk ./source/xapps/xpdf/FrugalBuild 15 -source=(ftp://ftp.foolabs.com/pub/xpdf/$pkgname-$pkgver.tar.gz \ - ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl2.patch) -sha1sums=('472cbf0f3df4e20a3ab7ada2e704b4e10d1d385b' \ - 'c04ce1cc5ef30aa47ea528124d2ffbd840d22472') +source=(ftp://ftp.foolabs.com/pub/xpdf/xpdf-$pkgver.tar.gz \ + ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch) +sha1sums=('f9940698840c8a8045677e8be68ab8580903e20a' \ + 'cd3c8ed6e1fd3606098b85d5cc8a7d1aa305266d') } From vmiklos at frugalware.org Wed Aug 8 13:15:53 2007 From: vmiklos at frugalware.org (VMiklos) Date: Wed Aug 8 13:15:55 2007 Subject: [Frugalware-darcs] frugalware-0.6: drupal-4.7.7-1terminus1-i686 Message-ID: <20070808111553.A6FE113A402C@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070808111509-e2957-0d5b6d32b3192cdeb6c1f159944813df1b4bdc47.gz; [drupal-4.7.7-1terminus1-i686 VMiklos **20070808111509 secfix bump closes #2295 ] { hunk ./source/network-extra/drupal/FrugalBuild 5 -pkgver=4.7.5 -pkgrel=1 +pkgver=4.7.7 +pkgrel=1terminus1 hunk ./source/network-extra/drupal/FrugalBuild 17 -sha1sums=('0671d9e19d3d145ffd568db4704e65feb59cdef0' \ - 'b942c666cf3f264bcab7cbdba8e614ad07f0a646' \ - '64c0eadd7a2e00b11644458a4eeea8e3203fa739') +sha1sums=('4bdc5c0d9c5115ef15211bbdc2cc471768d9a4f8' \ + 'b942c666cf3f264bcab7cbdba8e614ad07f0a646' \ + '64c0eadd7a2e00b11644458a4eeea8e3203fa739') } From vmiklos at frugalware.org Thu Aug 9 11:23:19 2007 From: vmiklos at frugalware.org (VMiklos) Date: Thu Aug 9 11:23:26 2007 Subject: [Frugalware-darcs] frugalware-0.6: kdegraphics-3.5.6-2terminus1-i686 Message-ID: <20070809092319.C2C4316A8033@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070809092230-e2957-a68d29fd33da2a1e1803c67991fcbd0d4ce12c1e.gz; [kdegraphics-3.5.6-2terminus1-i686 VMiklos **20070809092230 added post-3.5.6-kdegraphics-CVE-2007-3387.diff secfix closes #2302 ] { hunk ./source/kde/kdegraphics/FrugalBuild 6 -pkgrel=1 +pkgrel=2terminus1 hunk ./source/kde/kdegraphics/FrugalBuild 16 +source=($source post-3.5.6-kdegraphics-CVE-2007-3387.diff) hunk ./source/kde/kdegraphics/FrugalBuild 27 -sha1sums=('481d3f3733c042f7dfe7d9fc6620d17f8b945957') +sha1sums=('481d3f3733c042f7dfe7d9fc6620d17f8b945957' \ + 'cd403dcea659e9b4c700835c3a39ad3048f48533') addfile ./source/kde/kdegraphics/post-3.5.6-kdegraphics-CVE-2007-3387.diff hunk ./source/kde/kdegraphics/post-3.5.6-kdegraphics-CVE-2007-3387.diff 1 +diff -Naur kdegraphics-3.5.6.orig/kpdf/xpdf/xpdf/Stream.cc kdegraphics-3.5.6/kpdf/xpdf/xpdf/Stream.cc +--- kdegraphics-3.5.6.orig/kpdf/xpdf/xpdf/Stream.cc 2007-01-15 12:21:56.000000000 +0100 ++++ kdegraphics-3.5.6/kpdf/xpdf/xpdf/Stream.cc 2007-08-09 09:45:03.000000000 +0200 +@@ -411,14 +411,11 @@ + nBits = nBitsA; + predLine = NULL; + ok = gFalse; +- +- if (width <= 0 || nComps <= 0 || nBits <= 0 || +- nComps >= INT_MAX / nBits || +- width >= INT_MAX / nComps / nBits) +- return; +- + nVals = width * nComps; +- if (nVals * nBits + 7 < 0) ++ if (width <= 0 || nComps <= 0 || nBits <= 0 || ++ nComps > gfxColorMaxComps || nBits > 16 || ++ width >= INT_MAX / nComps || ++ nVals >= (INT_MAX - 7) / nBits) + return; + pixBytes = (nComps * nBits + 7) >> 3; + rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; } From vmiklos at frugalware.org Fri Aug 10 11:20:58 2007 From: vmiklos at frugalware.org (VMiklos) Date: Fri Aug 10 11:21:00 2007 Subject: [Frugalware-darcs] frugalware-0.6: asterisk-1.4.8-1terminus1-i686 Message-ID: <20070810092058.5771916E8022@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070810092025-e2957-4cf56ec56322bc29a47a4795a266b8f44fa6d3bc.gz; [asterisk-1.4.8-1terminus1-i686 VMiklos **20070810092025 secfix bump closes #2269 ] { hunk ./source/apps-extra/asterisk/AEL2_secfix.patch 1 -diff -Naur asterisk-1.4.2.old/apps/app_stack.c asterisk-1.4.2/apps/app_stack.c ---- asterisk-1.4.2.old/apps/app_stack.c 2007-04-05 13:38:12.000000000 +0530 -+++ asterisk-1.4.2/apps/app_stack.c 2007-04-05 13:38:37.000000000 +0530 -@@ -1,7 +1,7 @@ - /* - * Asterisk -- An open source telephony toolkit. - * -- * Copyright (c) 2004-2006 Tilghman Lesher . -+ * Copyright (c) 2004-2006 Tilghman Lesher . - * - * This code is released by the author with no restrictions on usage. - * -@@ -20,14 +20,14 @@ - * - * \brief Stack applications Gosub, Return, etc. - * -- * \author Tilghman Lesher -+ * \author Tilghman Lesher - * - * \ingroup applications - */ - - #include "asterisk.h" - --ASTERISK_FILE_VERSION(__FILE__, "$Revision: 40722 $") -+ASTERISK_FILE_VERSION(__FILE__, "$Revision$") - - #include - #include -@@ -41,10 +41,10 @@ - #include "asterisk/pbx.h" - #include "asterisk/module.h" - #include "asterisk/config.h" -+#include "asterisk/app.h" - - #define STACKVAR "~GOSUB~STACK~" - -- - static const char *app_gosub = "Gosub"; - static const char *app_gosubif = "GosubIf"; - static const char *app_return = "Return"; -@@ -56,63 +56,219 @@ - static const char *pop_synopsis = "Remove one address from gosub stack"; - - static const char *gosub_descrip = --"Gosub([[context|]exten|]priority)\n" -+"Gosub([[context|]exten|]priority[(arg1[|...][|argN])])\n" - " Jumps to the label specified, saving the return address.\n"; - static const char *gosubif_descrip = --"GosubIf(condition?labeliftrue[:labeliffalse])\n" -+"GosubIf(condition?labeliftrue[(arg1[|...])][:labeliffalse[(arg1[|...])]])\n" - " If the condition is true, then jump to labeliftrue. If false, jumps to\n" - "labeliffalse, if specified. In either case, a jump saves the return point\n" - "in the dialplan, to be returned to with a Return.\n"; - static const char *return_descrip = --"Return()\n" --" Jumps to the last label on the stack, removing it.\n"; -+"Return([return-value])\n" -+" Jumps to the last label on the stack, removing it. The return value, if\n" -+"any, is saved in the channel variable GOSUB_RETVAL.\n"; - static const char *pop_descrip = - "StackPop()\n" - " Removes last label on the stack, discarding it.\n"; - - -+static void gosub_free(void *data); -+ -+static struct ast_datastore_info stack_info = { -+ .type = "GOSUB", -+ .destroy = gosub_free, -+}; -+ -+struct gosub_stack_frame { -+ AST_LIST_ENTRY(gosub_stack_frame) entries; -+ /* 100 arguments is all that we support anyway, but this will handle up to 255 */ -+ unsigned char arguments; -+ int priority; -+ char *context; -+ char extension[0]; -+}; -+ -+static void gosub_release_frame(struct ast_channel *chan, struct gosub_stack_frame *frame) -+{ -+ unsigned char i; -+ char argname[15]; -+ -+ /* If chan is not defined, then we're calling it as part of gosub_free, -+ * and the channel variables will be deallocated anyway. Otherwise, we're -+ * just releasing a single frame, so we need to clean up the arguments for -+ * that frame, so that we re-expose the variables from the previous frame -+ * that were hidden by this one. -+ */ -+ if (chan) { -+ for (i = 1; i <= frame->arguments && i != 0; i++) { -+ snprintf(argname, sizeof(argname), "ARG%hhd", i); -+ pbx_builtin_setvar_helper(chan, argname, NULL); -+ } -+ } -+ ast_free(frame); -+} -+ -+static struct gosub_stack_frame *gosub_allocate_frame(const char *context, const char *extension, int priority, unsigned char arguments) -+{ -+ struct gosub_stack_frame *new = NULL; -+ int len_extension = strlen(extension), len_context = strlen(context); -+ -+ if ((new = ast_calloc(1, sizeof(*new) + 2 + len_extension + len_context))) { -+ strcpy(new->extension, extension); -+ new->context = new->extension + len_extension + 1; -+ strcpy(new->context, context); -+ new->priority = priority; -+ new->arguments = arguments; -+ } -+ return new; -+} -+ -+static void gosub_free(void *data) -+{ -+ AST_LIST_HEAD(, gosub_stack_frame) *oldlist = data; -+ struct gosub_stack_frame *oldframe; -+ AST_LIST_LOCK(oldlist); -+ while ((oldframe = AST_LIST_REMOVE_HEAD(oldlist, entries))) { -+ gosub_release_frame(NULL, oldframe); -+ } -+ AST_LIST_UNLOCK(oldlist); -+ AST_LIST_HEAD_DESTROY(oldlist); -+ ast_free(oldlist); -+} -+ - static int pop_exec(struct ast_channel *chan, void *data) - { -- pbx_builtin_setvar_helper(chan, STACKVAR, NULL); -+ struct ast_datastore *stack_store = ast_channel_datastore_find(chan, &stack_info, NULL); -+ struct gosub_stack_frame *oldframe; -+ AST_LIST_HEAD(, gosub_stack_frame) *oldlist; -+ -+ if (!stack_store) { -+ ast_log(LOG_WARNING, "%s called with no gosub stack allocated.\n", app_pop); -+ return 0; -+ } -+ -+ oldlist = stack_store->data; -+ AST_LIST_LOCK(oldlist); -+ oldframe = AST_LIST_REMOVE_HEAD(oldlist, entries); -+ AST_LIST_UNLOCK(oldlist); -+ -+ if (oldframe) -+ gosub_release_frame(chan, oldframe); -+ else if (option_debug) -+ ast_log(LOG_DEBUG, "%s called with an empty gosub stack\n", app_pop); - - return 0; - } - - static int return_exec(struct ast_channel *chan, void *data) - { -- const char *label = pbx_builtin_getvar_helper(chan, STACKVAR); -+ struct ast_datastore *stack_store = ast_channel_datastore_find(chan, &stack_info, NULL); -+ struct gosub_stack_frame *oldframe; -+ AST_LIST_HEAD(, gosub_stack_frame) *oldlist; -+ char *retval = data; - -- if (ast_strlen_zero(label)) { -- ast_log(LOG_ERROR, "Return without Gosub: stack is empty\n"); -+ if (!stack_store) { -+ ast_log(LOG_ERROR, "Return without Gosub: stack is unallocated\n"); - return -1; -- } else if (ast_parseable_goto(chan, label)) { -- ast_log(LOG_WARNING, "No next statement after Gosub?\n"); -+ } -+ -+ oldlist = stack_store->data; -+ AST_LIST_LOCK(oldlist); -+ oldframe = AST_LIST_REMOVE_HEAD(oldlist, entries); -+ AST_LIST_UNLOCK(oldlist); -+ -+ if (!oldframe) { -+ ast_log(LOG_ERROR, "Return without Gosub: stack is empty\n"); - return -1; - } - -- pbx_builtin_setvar_helper(chan, STACKVAR, NULL); -+ ast_explicit_goto(chan, oldframe->context, oldframe->extension, oldframe->priority); -+ gosub_release_frame(chan, oldframe); -+ -+ /* Set a return value, if any */ -+ pbx_builtin_setvar_helper(chan, "GOSUB_RETVAL", S_OR(retval, "")); - return 0; - } - - static int gosub_exec(struct ast_channel *chan, void *data) - { -- char newlabel[AST_MAX_EXTENSION * 2 + 3 + 11]; -+ struct ast_datastore *stack_store = ast_channel_datastore_find(chan, &stack_info, NULL); -+ AST_LIST_HEAD(, gosub_stack_frame) *oldlist; -+ struct gosub_stack_frame *newframe; -+ char argname[15], *tmp = ast_strdupa(data), *label, *endparen; -+ int i; - struct ast_module_user *u; -+ AST_DECLARE_APP_ARGS(args2, -+ AST_APP_ARG(argval)[100]; -+ ); - - if (ast_strlen_zero(data)) { -- ast_log(LOG_ERROR, "%s requires an argument: %s([[context|]exten|]priority)\n", app_gosub, app_gosub); -+ ast_log(LOG_ERROR, "%s requires an argument: %s([[context|]exten|]priority[(arg1[|...][|argN])])\n", app_gosub, app_gosub); - return -1; - } - - u = ast_module_user_add(chan); -- snprintf(newlabel, sizeof(newlabel), "%s|%s|%d", chan->context, chan->exten, chan->priority + 1); - -- if (ast_parseable_goto(chan, data)) { -+ if (!stack_store) { -+ if (option_debug) -+ ast_log(LOG_DEBUG, "Channel %s has no datastore, so we're allocating one.\n", chan->name); -+ stack_store = ast_channel_datastore_alloc(&stack_info, NULL); -+ if (!stack_store) { -+ ast_log(LOG_ERROR, "Unable to allocate new datastore. Gosub will fail.\n"); -+ ast_module_user_remove(u); -+ return -1; -+ } -+ -+ oldlist = ast_calloc(1, sizeof(*oldlist)); -+ if (!oldlist) { -+ ast_log(LOG_ERROR, "Unable to allocate datastore list head. Gosub will fail.\n"); -+ ast_channel_datastore_free(stack_store); -+ ast_module_user_remove(u); -+ return -1; -+ } -+ -+ stack_store->data = oldlist; -+ AST_LIST_HEAD_INIT(oldlist); -+ ast_channel_datastore_add(chan, stack_store); -+ } -+ -+ /* Separate the arguments from the label */ -+ /* NOTE: you cannot use ast_app_separate_args for this, because '(' cannot be used as a delimiter. */ -+ label = strsep(&tmp, "("); -+ if (tmp) { -+ endparen = strrchr(tmp, ')'); -+ if (endparen) -+ *endparen = '\0'; -+ else -+ ast_log(LOG_WARNING, "Ouch. No closing paren: '%s'?\n", (char *)data); -+ AST_STANDARD_APP_ARGS(args2, tmp); -+ } else -+ args2.argc = 0; -+ -+ /* Create the return address, but don't save it until we know that the Gosub destination exists */ -+ newframe = gosub_allocate_frame(chan->context, chan->exten, chan->priority + 1, args2.argc); -+ -+ if (ast_parseable_goto(chan, label)) { -+ ast_log(LOG_ERROR, "Gosub address is invalid: '%s'\n", (char *)data); -+ ast_free(newframe); - ast_module_user_remove(u); - return -1; - } - -- pbx_builtin_pushvar_helper(chan, STACKVAR, newlabel); -+ /* Now that we know for certain that we're going to a new location, set our arguments */ -+ for (i = 0; i < args2.argc; i++) { -+ snprintf(argname, sizeof(argname), "ARG%d", i + 1); -+ pbx_builtin_pushvar_helper(chan, argname, args2.argval[i]); -+ if (option_debug) -+ ast_log(LOG_DEBUG, "Setting '%s' to '%s'\n", argname, args2.argval[i]); -+ } -+ -+ /* And finally, save our return address */ -+ oldlist = stack_store->data; -+ AST_LIST_LOCK(oldlist); -+ AST_LIST_INSERT_HEAD(oldlist, newframe, entries); -+ AST_LIST_UNLOCK(oldlist); -+ - ast_module_user_remove(u); - - return 0; -@@ -121,28 +277,39 @@ - static int gosubif_exec(struct ast_channel *chan, void *data) - { - struct ast_module_user *u; -- char *condition="", *label1, *label2, *args; -+ char *args; - int res=0; -+ AST_DECLARE_APP_ARGS(cond, -+ AST_APP_ARG(ition); -+ AST_APP_ARG(labels); -+ ); -+ AST_DECLARE_APP_ARGS(label, -+ AST_APP_ARG(iftrue); -+ AST_APP_ARG(iffalse); -+ ); - - if (ast_strlen_zero(data)) { -- ast_log(LOG_WARNING, "GosubIf requires an argument\n"); -+ ast_log(LOG_WARNING, "GosubIf requires an argument: GosubIf(cond?label1(args):label2(args)\n"); - return 0; - } - -+ u = ast_module_user_add(chan); -+ - args = ast_strdupa(data); -+ AST_NONSTANDARD_APP_ARGS(cond, args, '?'); -+ if (cond.argc != 2) { -+ ast_log(LOG_WARNING, "GosubIf requires an argument: GosubIf(cond?label1(args):label2(args)\n"); -+ ast_module_user_remove(u); -+ return 0; -+ } - -- u = ast_module_user_add(chan); -+ AST_NONSTANDARD_APP_ARGS(label, cond.labels, ':'); - -- condition = strsep(&args, "?"); -- label1 = strsep(&args, ":"); -- label2 = args; -- -- if (pbx_checkcondition(condition)) { -- if (label1) { -- res = gosub_exec(chan, label1); -- } -- } else if (label2) { -- res = gosub_exec(chan, label2); -+ if (pbx_checkcondition(cond.ition)) { -+ if (!ast_strlen_zero(label.iftrue)) -+ res = gosub_exec(chan, label.iftrue); -+ } else if (!ast_strlen_zero(label.iffalse)) { -+ res = gosub_exec(chan, label.iffalse); - } - - ast_module_user_remove(u); rmfile ./source/apps-extra/asterisk/AEL2_secfix.patch hunk ./source/apps-extra/asterisk/ASA10.diff 1 ---- channels/chan_sip.c 2007/03/21 03:25:48 59081 -+++ channels/chan_sip.c 2007/03/22 23:40:01 59182 -@@ -5091,15 +5091,15 @@ - ast_log(LOG_DEBUG, "Transcoding JBIG: %d\n",x); - if (x == 1) - peert38capability |= T38FAX_TRANSCODING_JBIG; -- } else if ((sscanf(a, "T38FaxRateManagement:%s", s) == 1)) { -+ } else if ((sscanf(a, "T38FaxRateManagement:%255s", s) == 1)) { - found = 1; - if (option_debug > 2) -- ast_log(LOG_DEBUG, "RateMangement: %s\n", s); -+ ast_log(LOG_DEBUG, "RateManagement: %s\n", s); - if (!strcasecmp(s, "localTCF")) - peert38capability |= T38FAX_RATE_MANAGEMENT_LOCAL_TCF; - else if (!strcasecmp(s, "transferredTCF")) - peert38capability |= T38FAX_RATE_MANAGEMENT_TRANSFERED_TCF; -- } else if ((sscanf(a, "T38FaxUdpEC:%s", s) == 1)) { -+ } else if ((sscanf(a, "T38FaxUdpEC:%255s", s) == 1)) { - found = 1; - if (option_debug > 2) - ast_log(LOG_DEBUG, "UDP EC: %s\n", s); rmfile ./source/apps-extra/asterisk/ASA10.diff hunk ./source/apps-extra/asterisk/ASA11.diff 1 ---- channels/chan_sip.c 2007/03/22 23:40:01 59182 -+++ channels/chan_sip.c 2007/03/24 01:39:44 59195 -@@ -14609,20 +14609,20 @@ - ast_set_flag(req, SIP_PKT_IGNORE); - ast_set_flag(req, SIP_PKT_IGNORE_RESP); - append_history(p, "Ignore", "Ignoring this retransmit\n"); -- } -- -- e = ast_skip_blanks(e); -- if (sscanf(e, "%d %n", &respid, &len) != 1) { -- ast_log(LOG_WARNING, "Invalid response: '%s'\n", e); -- } else { -- if (respid <= 0) { -- ast_log(LOG_WARNING, "Invalid SIP response code: '%d'\n", respid); -- return 0; -+ } else if (e) { -+ e = ast_skip_blanks(e); -+ if (sscanf(e, "%d %n", &respid, &len) != 1) { -+ ast_log(LOG_WARNING, "Invalid response: '%s'\n", e); -+ } else { -+ if (respid <= 0) { -+ ast_log(LOG_WARNING, "Invalid SIP response code: '%d'\n", respid); -+ return 0; -+ } -+ /* More SIP ridiculousness, we have to ignore bogus contacts in 100 etc responses */ -+ if ((respid == 200) || ((respid >= 300) && (respid <= 399))) -+ extract_uri(p, req); -+ handle_response(p, respid, e + len, req, ignore, seqno); - } -- /* More SIP ridiculousness, we have to ignore bogus contacts in 100 etc responses */ -- if ((respid == 200) || ((respid >= 300) && (respid <= 399))) -- extract_uri(p, req); -- handle_response(p, respid, e + len, req, ignore, seqno); - } - return 0; - } rmfile ./source/apps-extra/asterisk/ASA11.diff hunk ./source/apps-extra/asterisk/ASA12.diff 1 ---- main/manager.c 2007/04/20 18:19:18 61690 -+++ main/manager.c 2007/04/24 21:34:53 61787 -@@ -926,7 +926,8 @@ - } else if (ha) - ast_free_ha(ha); - if (!strcasecmp(authtype, "MD5")) { -- if (!ast_strlen_zero(key) && s->challenge) { -+ if (!ast_strlen_zero(key) && -+ !ast_strlen_zero(s->challenge) && !ast_strlen_zero(password)) { - int x; - int len = 0; - char md5key[256] = ""; rmfile ./source/apps-extra/asterisk/ASA12.diff hunk ./source/apps-extra/asterisk/CVE-2007-2488.diff 1 ---- trunk/channels/chan_iax2.c 2007/04/30 16:16:26 62457 -+++ trunk/channels/chan_iax2.c 2007/05/02 17:49:36 62693 -@@ -6822,6 +6822,13 @@ - ast_mutex_unlock(&iaxsl[fr->callno]); - return 1; - } -+ /* Ensure text frames are NULL-terminated */ -+ if (f.frametype == AST_FRAME_TEXT && thread->buf[res - 1] != '\0') { -+ if (res < sizeof(thread->buf)) -+ thread->buf[res++] = '\0'; -+ else /* Trims one character from the text message, but that's better than overwriting the end of the buffer. */ -+ thread->buf[res - 1] = '\0'; -+ } - f.datalen = res - sizeof(*fh); - - /* Handle implicit ACKing unless this is an INVAL, and only if this is rmfile ./source/apps-extra/asterisk/CVE-2007-2488.diff hunk ./source/apps-extra/asterisk/FrugalBuild 6 -pkgver=1.4.2 -pkgrel=2terminus2 +pkgver=1.4.8 +pkgrel=1terminus1 hunk ./source/apps-extra/asterisk/FrugalBuild 18 -source=(http://ftp.digium.com/pub/$pkgname/$pkgname-$pkgver.tar.gz \ - rc.asterisk \ - AEL2_secfix.patch ASA10.diff ASA11.diff ASA12.diff CVE-2007-2488.diff) -sha1sums=('e11f605c0f467b58350b960a5c0e1e739b2262f5'\ - '1c18155cdece83d556e2295b54508636ff74f307'\ - 'c862d7f43260e9645fffe897669cb37843bdb25c'\ - 'c796107d4528c8bcc1b89b52e74ef4e1dd572708'\ - '40dee6c0024ae241cc0624dd55e7eb884802c2e9'\ - '6a59164078855f3b6f5ab6236729879f7c65ce15'\ - '547fa02528354db04bdc7d488a800fb961794c8c') +source=(http://ftp.digium.com/pub/$pkgname/releases/$pkgname-$pkgver.tar.gz \ + rc.asterisk) +sha1sums=('030a6719940321b30f0aef32abc89c3caeeaa57b' \ + '1c18155cdece83d556e2295b54508636ff74f307') } From janny at frugalware.org Sun Aug 12 13:18:57 2007 From: janny at frugalware.org (Janny) Date: Sun Aug 12 13:18:59 2007 Subject: [Frugalware-darcs] frugalware-0.6: clamav-1terminus1 Message-ID: <20070812111857.534FD13A4007@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070810215913-ee5de-d6a991136d5abf12c53955e9f562bead016909ad.gz; [clamav-1terminus1 Janny **20070810215913 closes #2322 version bump with viruses and functionality ] { hunk ./source/apps-extra/clamav/28_ole2_extract.c.CVE-2007-2650.dpatch.diff 1 -## 28_ole2_extract.c.CVE-2007-2650.dpatch by -Index: libclamav/ole2_extract.c -=================================================================== ---- a/libclamav/ole2_extract.c (revision 406) -+++ b/libclamav/ole2_extract.c (working copy) -@@ -1,7 +1,7 @@ - /* - * Extract component parts of OLE2 files (e.g. MS Office Documents) - * -- * Copyright (C) 2004 trog@uncon.org -+ * Copyright (C) 2004-2007 trog@uncon.org - * - * This code is based on the OpenOffice and libgsf sources. - * -@@ -585,6 +585,7 @@ - unsigned char *buff; - int32_t current_block, ofd, len, offset; - char *name, *newname; -+ bitset_t *blk_bitset; - - if (prop->type != 2) { - /* Not a file */ -@@ -635,14 +636,33 @@ - close(ofd); - return FALSE; - } -- -+ -+ blk_bitset = cli_bitset_init(); -+ if (!blk_bitset) { -+ cli_errmsg("ERROR [handler_writefile]: init bitset failed\n"); -+ close(ofd); -+ return FALSE; -+ } - while((current_block >= 0) && (len > 0)) { -+ /* Check we aren't in a loop */ -+ if (cli_bitset_test(blk_bitset, (unsigned long) current_block)) { -+ /* Loop in block list */ -+ cli_dbgmsg("OLE2: Block list loop detected\n"); -+ close(ofd); -+ free(buff); -+ cli_bitset_free(blk_bitset); -+ return FALSE; -+ } -+ if (!cli_bitset_set(blk_bitset, (unsigned long) current_block)) { -+ return FALSE; -+ } - if (prop->size < (int64_t)hdr->sbat_cutoff) { - /* Small block file */ - if (!ole2_get_sbat_data_block(fd, hdr, buff, current_block)) { - cli_dbgmsg("ole2_get_sbat_data_block failed\n"); - close(ofd); - free(buff); -+ cli_bitset_free(blk_bitset); - return FALSE; - } - /* buff now contains the block with 8 small blocks in it */ -@@ -650,6 +670,7 @@ - if (cli_writen(ofd, &buff[offset], MIN(len,64)) != MIN(len,64)) { - close(ofd); - free(buff); -+ cli_bitset_free(blk_bitset); - return FALSE; - } - -@@ -660,12 +681,14 @@ - if (!ole2_read_block(fd, hdr, buff, current_block)) { - close(ofd); - free(buff); -+ cli_bitset_free(blk_bitset); - return FALSE; - } - if (cli_writen(ofd, buff, MIN(len,(1 << hdr->log2_big_block_size))) != - MIN(len,(1 << hdr->log2_big_block_size))) { - close(ofd); - free(buff); -+ cli_bitset_free(blk_bitset); - return FALSE; - } - -@@ -675,6 +698,7 @@ - } - close(ofd); - free(buff); -+ cli_bitset_free(blk_bitset); - return TRUE; - } - rmfile ./source/apps-extra/clamav/28_ole2_extract.c.CVE-2007-2650.dpatch.diff hunk ./source/apps-extra/clamav/29_unsp.c.CVE-2007-3023.dpatch.diff 1 -## 29_unsp.c.CVE-XXXX-XXXX.dpatch by -Index: libclamav/unsp.c -=================================================================== ---- a/libclamav/unsp.c (revision 406) -+++ b/libclamav/unsp.c (working copy) -@@ -152,7 +151,11 @@ - - dsize = cli_readint32(start_of_stuff+9); - ssize = cli_readint32(start_of_stuff+5); -- -+ if (ssize <= 13) { -+ free(table); -+ return 1; -+ } -+ - tre = very_real_unpack(table,tablesz,tre,allocsz,firstbyte,src,ssize,dst,dsize); - free(table); - if (tre) return 1; -@@ -195,7 +198,7 @@ - read_struct.oldval = 0; - read_struct.src_curr = src; - read_struct.bitmap = 0xffffffff; -- read_struct.src_end = src + ssize; -+ read_struct.src_end = src + ssize - 13; - read_struct.table = (char *)table; - read_struct.tablesz = tablesz; - rmfile ./source/apps-extra/clamav/29_unsp.c.CVE-2007-3023.dpatch.diff hunk ./source/apps-extra/clamav/30_unrar.c.CVE-2007-3122_3123.dpatch.diff 1 -## 30_unrar.c.CVE-XXXX-XXXX.dpatch by -Index: libclamav/unrar/unrar.c -=================================================================== ---- a/libclamav/unrar/unrar.c (revision 406) -+++ b/libclamav/unrar/unrar.c (working copy) -@@ -942,8 +942,8 @@ - } - if (new_filter) { - vm_codesize = rarvm_read_data(&rarvm_input); -- if (vm_codesize >= 0x1000 || vm_codesize == 0) { -- cli_dbgmsg("ERROR: vm_codesize=0x%x\n", vm_codesize); -+ if (vm_codesize >= 0x1000 || vm_codesize == 0 || (vm_codesize > rarvm_input.buf_size)) { -+ cli_dbgmsg("ERROR: vm_codesize=0x%x buf_size=0x%x\n", vm_codesize, rarvm_input.buf_size); - return FALSE; - } - vm_code = (unsigned char *) cli_malloc(vm_codesize); -@@ -1015,6 +1015,10 @@ - } - global_data = &stack_filter->prg.global_data[VM_FIXEDGLOBALSIZE]; - for (i=0 ; i< data_size ; i++) { -+ if ((rarvm_input.in_addr+2) > rarvm_input.buf_size) { -+ cli_dbgmsg("Buffer truncated\n"); -+ return FALSE; -+ } - global_data[i] = rarvm_getbits(&rarvm_input) >> 8; - rar_dbgmsg("global_data[%d] = %d\n", i, global_data[i]); - rarvm_addbits(&rarvm_input, 8); -@@ -1635,15 +1639,12 @@ - ((state->main_hdr->flags&MHD_SOLID)!=0), state->unpack_data); - } else { - if ((state->file_count == 1) && (state->file_header->flags & LHD_SOLID)) { -- cli_warnmsg("RAR: First file can't be SOLID.\n"); -- -- free(state->file_header->filename); -- free(state->file_header); -- return CL_ERAR; -- } else { -- retval = rar_unpack(state->fd, state->file_header->unpack_ver, -+ cli_warnmsg("RAR: Bad header. First file can't be SOLID.\n"); -+ cli_warnmsg("RAR: Clearing flag and continuing.\n"); -+ state->file_header->flags -= LHD_SOLID; -+ } -+ retval = rar_unpack(state->fd, state->file_header->unpack_ver, - state->file_header->flags & LHD_SOLID, state->unpack_data); -- } - } - cli_dbgmsg("Expected File CRC: 0x%x\n", state->file_header->file_crc); - cli_dbgmsg("Computed File CRC: 0x%x\n", state->unpack_data->unp_crc^0xffffffff); rmfile ./source/apps-extra/clamav/30_unrar.c.CVE-2007-3122_3123.dpatch.diff hunk ./source/apps-extra/clamav/31_others.c.CVE-2007-3024.dpatch.diff 1 -## 31_others.c.CVE-XXXX-XXXX.dpatch by -Index: libclamav/others.c -=================================================================== ---- a/libclamav/others.c (revision 406) -+++ b/libclamav/others.c (working copy) -@@ -531,16 +531,22 @@ - char *cli_gentempstream(const char *dir, FILE **fs) - { - char *name; -+ mode_t omask; - -+ - name = cli_gentempname(dir); -+ if(!name) -+ return NULL; - -- if(name && ((*fs = fopen(name, "wb+")) == NULL)) { -+ omask = umask(077); -+ if((*fs = fopen(name, "wb+")) == NULL) { - cli_dbgmsg("cli_gentempstream(): can't create temp file: %s\n", name); - free(name); - name = NULL; - } -+ umask(omask); - -- return(name); -+ return name; - } - - #ifdef C_WINDOWS rmfile ./source/apps-extra/clamav/31_others.c.CVE-2007-3024.dpatch.diff hunk ./source/apps-extra/clamav/CVE-2007-3725.diff 1 -Index: unrar.c -=================================================================== ---- clamav/libclamav/unrar/unrar.c (revision 3126) -+++ unrar.c (working copy) -@@ -1650,7 +1650,7 @@ - cli_dbgmsg("Computed File CRC: 0x%x\n", state->unpack_data->unp_crc^0xffffffff); - if (state->unpack_data->unp_crc != 0xffffffff) { - if (state->file_header->file_crc != (state->unpack_data->unp_crc^0xffffffff)) { -- cli_warnmsg("RAR CRC error. Please report the bug at http://bugs.clamav.net/\n"); -+ cli_warnmsg("RAR CRC error. If the file is not corrupted, please report at http://bugs.clamav.net/\n"); - } - } - if (!retval) { -Index: unrarvm.c -=================================================================== ---- clamav/libclamav/unrar/unrarvm.c (revision 3126) -+++ unrarvm.c (working copy) -@@ -347,18 +347,18 @@ - unsigned int file_offset, cur_pos, predicted; - int32_t offset, addr; - const int file_size=0x1000000; -- -+ - switch(filter_type) { - case VMSF_E8: - case VMSF_E8E9: - data=rarvm_data->mem; - data_size = rarvm_data->R[4]; - file_offset = rarvm_data->R[6]; -- -- if (data_size >= VM_GLOBALMEMADDR) { -+ -+ if ((data_size >= VM_GLOBALMEMADDR) || (data_size < 4)) { - break; - } -- -+ - cmp_byte2 = filter_type==VMSF_E8E9 ? 0xe9:0xe8; - for (cur_pos = 0 ; cur_pos < data_size-4 ; ) { - cur_byte = *(data++); rmfile ./source/apps-extra/clamav/CVE-2007-3725.diff hunk ./source/apps-extra/clamav/FrugalBuild 5 -pkgver=0.90.2 -pkgrel=1terminus3 +pkgver=0.91.1 +pkgrel=1terminus1 hunk ./source/apps-extra/clamav/FrugalBuild 14 -source=($source rc.clamav rc.clamav-hu.po \ - 28_ole2_extract.c.CVE-2007-2650.dpatch.diff \ - 29_unsp.c.CVE-2007-3023.dpatch.diff \ - 30_unrar.c.CVE-2007-3122_3123.dpatch.diff \ - 31_others.c.CVE-2007-3024.dpatch.diff \ - CVE-2007-3725.diff) +source=($source rc.clamav rc.clamav-hu.po) +sha1sums=('51ff98325b5ffd49dfc0f0cbf92134c0d872cd21' \ + '699ab0197b39df250582ec488e51bf173c9ce32f') hunk ./source/apps-extra/clamav/FrugalBuild 33 -sha1sums=('ecc72d212a27eef1aa40e61a0b2705e4e42996ce' \ - '90b22c99927b56992ac05042029d2702db79a8b0' \ - '57d36966c45adfd6b3ebd10b91874194924ab2c3' \ - '7f0c1be227dbec90bf4da99506e9c296788e7dd8' \ - '94e7ebf648f14f822f8ac540998fa48651b27f81' \ - 'd1256bcf5d753cd267a33334486d5bc24b663e71' \ - '766cd15c0856b328520f603dfe1fd75f84f78621' \ - '699ab0197b39df250582ec488e51bf173c9ce32f') - } From vmiklos at frugalware.org Mon Aug 13 04:45:12 2007 From: vmiklos at frugalware.org (VMiklos) Date: Mon Aug 13 04:45:15 2007 Subject: [Frugalware-darcs] frugalware-0.6: koffice-1.6.2-2terminus1-i686 Message-ID: <20070813024512.802C713A400D@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070813024315-e2957-ee60d9b59c1fb565a316e88f009fa3998d489f58.gz; [koffice-1.6.2-2terminus1-i686 VMiklos **20070813024315 added koffice-xpdf-CVE-2007-3387.diff secfix closes #2301 ] { hunk ./source/kde-extra/koffice/FrugalBuild 7 -pkgrel=1 +pkgrel=2terminus1 hunk ./source/kde-extra/koffice/FrugalBuild 21 + ftp://ftp.kde.org/pub/kde/security_patches/koffice-xpdf-CVE-2007-3387.diff \ hunk ./source/kde-extra/koffice/FrugalBuild 32 -sha1sums=('a6a0dcc254f7a7f90d7e5b31f6ebecd54800f211'\ +sha1sums=('a6a0dcc254f7a7f90d7e5b31f6ebecd54800f211' \ + 'bff4f540389a77320bc87e2dedece50b82932e59' \ } From vmiklos at frugalware.org Mon Aug 13 21:17:45 2007 From: vmiklos at frugalware.org (VMiklos) Date: Mon Aug 13 21:17:48 2007 Subject: [Frugalware-darcs] frugalware-0.6: qt-3.3.7-5terminus1-i686 Message-ID: <20070813191745.BB6B313A400D@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070813191607-e2957-de8157d3464ab0e1520615867d063a46a606ec65.gz; [qt-3.3.7-5terminus1-i686 VMiklos **20070813191607 added CVE-2007-3388.patch closes #2311 ] { addfile ./source/kde/qt/CVE-2007-3388.patch hunk ./source/kde/qt/CVE-2007-3388.patch 1 +diff -Naurp qt-x11-free-3.3.8/src/sql/qdatatable.cpp qt-x11-free-3.3.8-p/src/sql/qdatatable.cpp +--- qt-x11-free-3.3.8/src/sql/qdatatable.cpp 2007-01-11 14:46:33.000000000 +0100 ++++ qt-x11-free-3.3.8-p/src/sql/qdatatable.cpp 2007-08-03 14:39:11.000000000 +0200 +@@ -1043,8 +1043,8 @@ bool QDataTable::insertCurrent() + return FALSE; + if ( !sqlCursor()->canInsert() ) { + #ifdef QT_CHECK_RANGE +- qWarning("QDataTable::insertCurrent: insert not allowed for " + +- sqlCursor()->name() ); ++ qWarning("QDataTable::insertCurrent: insert not allowed for %s", ++ sqlCursor()->name().latin1() ); + #endif + endInsert(); + return FALSE; +@@ -1117,16 +1117,16 @@ bool QDataTable::updateCurrent() + return FALSE; + if ( sqlCursor()->primaryIndex().count() == 0 ) { + #ifdef QT_CHECK_RANGE +- qWarning("QDataTable::updateCurrent: no primary index for " + +- sqlCursor()->name() ); ++ qWarning("QDataTable::updateCurrent: no primary index for %s", ++ sqlCursor()->name().latin1() ); + #endif + endUpdate(); + return FALSE; + } + if ( !sqlCursor()->canUpdate() ) { + #ifdef QT_CHECK_RANGE +- qWarning("QDataTable::updateCurrent: updates not allowed for " + +- sqlCursor()->name() ); ++ qWarning("QDataTable::updateCurrent: updates not allowed for %s", ++ sqlCursor()->name().latin1() ); + #endif + endUpdate(); + return FALSE; +@@ -1191,8 +1191,8 @@ bool QDataTable::deleteCurrent() + return FALSE; + if ( sqlCursor()->primaryIndex().count() == 0 ) { + #ifdef QT_CHECK_RANGE +- qWarning("QDataTable::deleteCurrent: no primary index " + +- sqlCursor()->name() ); ++ qWarning("QDataTable::deleteCurrent: no primary index %s", ++ sqlCursor()->name().latin1() ); + #endif + return FALSE; + } +diff -Naurp qt-x11-free-3.3.8/src/sql/qsqldatabase.cpp qt-x11-free-3.3.8-p/src/sql/qsqldatabase.cpp +--- qt-x11-free-3.3.8/src/sql/qsqldatabase.cpp 2007-01-11 16:03:02.000000000 +0100 ++++ qt-x11-free-3.3.8-p/src/sql/qsqldatabase.cpp 2007-08-03 14:39:11.000000000 +0200 +@@ -234,7 +234,8 @@ QSqlDatabase* QSqlDatabaseManager::datab + db->open(); + #ifdef QT_CHECK_RANGE + if ( !db->isOpen() ) +- qWarning("QSqlDatabaseManager::database: unable to open database: " + db->lastError().databaseText() + ": " + db->lastError().driverText() ); ++ qWarning("QSqlDatabaseManager::database: unable to open database: %s: %s", ++ db->lastError().databaseText().latin1(), db->lastError().driverText().latin1() ); + #endif + } + return db; +@@ -686,7 +687,7 @@ void QSqlDatabase::init( const QString& + if ( !d->driver ) { + #ifdef QT_CHECK_RANGE + qWarning( "QSqlDatabase: %s driver not loaded", type.latin1() ); +- qWarning( "QSqlDatabase: available drivers: " + drivers().join(" ") ); ++ qWarning( "QSqlDatabase: available drivers: %s", drivers().join(" ").latin1() ); + #endif + d->driver = new QNullDriver(); + d->driver->setLastError( QSqlError( "Driver not loaded", "Driver not loaded" ) ); +diff -Naurp qt-x11-free-3.3.8/src/sql/qsqlindex.cpp qt-x11-free-3.3.8-p/src/sql/qsqlindex.cpp +--- qt-x11-free-3.3.8/src/sql/qsqlindex.cpp 2007-01-11 14:46:35.000000000 +0100 ++++ qt-x11-free-3.3.8-p/src/sql/qsqlindex.cpp 2007-08-03 14:39:11.000000000 +0200 +@@ -273,7 +273,7 @@ QSqlIndex QSqlIndex::fromStringList( con + if ( field ) + newSort.append( *field, desc ); + else +- qWarning( "QSqlIndex::fromStringList: unknown field: '" + f + "'" ); ++ qWarning( "QSqlIndex::fromStringList: unknown field: '%s'", f.latin1()); + } + return newSort; + } +diff -Naurp qt-x11-free-3.3.8/src/sql/qsqlrecord.cpp qt-x11-free-3.3.8-p/src/sql/qsqlrecord.cpp +--- qt-x11-free-3.3.8/src/sql/qsqlrecord.cpp 2007-01-11 14:46:35.000000000 +0100 ++++ qt-x11-free-3.3.8-p/src/sql/qsqlrecord.cpp 2007-08-03 14:39:11.000000000 +0200 +@@ -298,7 +298,7 @@ int QSqlRecord::position( const QString& + return i; + } + #ifdef QT_CHECK_RANGE +- qWarning( "QSqlRecord::position: unable to find field " + name ); ++ qWarning( "QSqlRecord::position: unable to find field %s", name.latin1() ); + #endif + return -1; + } +@@ -313,7 +313,7 @@ QSqlField* QSqlRecord::field( int i ) + checkDetach(); + if ( !sh->d->contains( i ) ) { + #ifdef QT_CHECK_RANGE +- qWarning( "QSqlRecord::field: index out of range: " + QString::number( i ) ); ++ qWarning( "QSqlRecord::field: index out of range: %d", i ); + #endif + return 0; + } +@@ -344,7 +344,7 @@ const QSqlField* QSqlRecord::field( int + { + if ( !sh->d->contains( i ) ) { + #ifdef QT_CHECK_RANGE +- qWarning( "QSqlRecord::field: index out of range: " + QString::number( i ) ); ++ qWarning( "QSqlRecord::field: index out of range: %d", i ); + #endif // QT_CHECK_RANGE + return 0; + } +diff -Naurp qt-x11-free-3.3.8/src/tools/qglobal.cpp qt-x11-free-3.3.8-p/src/tools/qglobal.cpp +--- qt-x11-free-3.3.8/src/tools/qglobal.cpp 2007-02-02 15:01:06.000000000 +0100 ++++ qt-x11-free-3.3.8-p/src/tools/qglobal.cpp 2007-08-03 14:39:11.000000000 +0200 +@@ -680,7 +680,7 @@ void qSystemWarning( const char* msg, in + if ( code != -1 ) + qWarning( "%s\n\tError code %d - %s", msg, code, strerror( code ) ); + else +- qWarning( msg ); ++ qWarning( "%s", msg ); + #endif + #else + Q_UNUSED( msg ); +diff -Naurp qt-x11-free-3.3.8/src/widgets/qtextedit.cpp qt-x11-free-3.3.8-p/src/widgets/qtextedit.cpp +--- qt-x11-free-3.3.8/src/widgets/qtextedit.cpp 2007-02-02 15:01:23.000000000 +0100 ++++ qt-x11-free-3.3.8-p/src/widgets/qtextedit.cpp 2007-08-03 14:39:11.000000000 +0200 +@@ -6349,7 +6349,7 @@ void QTextEdit::optimParseTags( QString + cur = tag->prev; + if ( !cur ) { + #ifdef QT_CHECK_RANGE +- qWarning( "QTextEdit::optimParseTags: no left-tag for '<" + tag->tag + ">' in line %d.", tag->line + 1 ); ++ qWarning( "QTextEdit::optimParseTags: no left-tag for '<%s>' in line %d.", tag->tag.ascii(), tag->line + 1 ); + #endif + return; // something is wrong - give up + } +@@ -6372,7 +6372,7 @@ void QTextEdit::optimParseTags( QString + break; + } else if ( !cur->leftTag ) { + #ifdef QT_CHECK_RANGE +- qWarning( "QTextEdit::optimParseTags: mismatching %s-tag for '<" + cur->tag + ">' in line %d.", cur->tag[0] == '/' ? "left" : "right", cur->line + 1 ); ++ qWarning( "QTextEdit::optimParseTags: mismatching %s-tag for '<%s>' in line %d.", cur->tag[0] == '/' ? "left" : "right", cur->tag.ascii(), cur->line + 1 ); + #endif + return; // something is amiss - give up + } +diff -Naurp qt-x11-free-3.3.8/src/xml/qsvgdevice.cpp qt-x11-free-3.3.8-p/src/xml/qsvgdevice.cpp +--- qt-x11-free-3.3.8/src/xml/qsvgdevice.cpp 2007-02-02 15:01:03.000000000 +0100 ++++ qt-x11-free-3.3.8-p/src/xml/qsvgdevice.cpp 2007-08-03 14:39:11.000000000 +0200 +@@ -978,7 +978,7 @@ bool QSvgDevice::play( const QDomNode &n + // ### catch references to embedded .svg files + QPixmap pix; + if ( !pix.load( href ) ) { +- qWarning( "QSvgDevice::play: Couldn't load image "+href ); ++ qWarning( "QSvgDevice::play: Couldn't load image %s", href.latin1() ); + break; + } + pt->drawPixmap( QRect( x1, y1, w, h ), pix ); +@@ -1024,8 +1024,8 @@ bool QSvgDevice::play( const QDomNode &n + break; + } + case InvalidElement: +- qWarning( "QSvgDevice::play: unknown element type " + +- node.nodeName() ); ++ qWarning( "QSvgDevice::play: unknown element type %s", ++ node.nodeName().latin1() ); + break; + }; + +@@ -1111,7 +1111,7 @@ double QSvgDevice::parseLen( const QStri + { + QRegExp reg( QString::fromLatin1("([+-]?\\d*\\.*\\d*[Ee]?[+-]?\\d*)(em|ex|px|%|pt|pc|cm|mm|in|)$") ); + if ( reg.search( str ) == -1 ) { +- qWarning( "QSvgDevice::parseLen: couldn't parse " + str ); ++ qWarning( "QSvgDevice::parseLen: couldn't parse %s ", str.latin1() ); + if ( ok ) + *ok = FALSE; + return 0.0; +@@ -1140,7 +1140,7 @@ double QSvgDevice::parseLen( const QStri + else if ( u == "pc" ) + dbl *= m.logicalDpiX() / 6.0; + else +- qWarning( "QSvgDevice::parseLen: Unknown unit " + u ); ++ qWarning( "QSvgDevice::parseLen: Unknown unit %s", u.latin1() ); + } + if ( ok ) + *ok = TRUE; hunk ./source/kde/qt/FrugalBuild 7 -pkgrel=4 +pkgrel=5terminus1 hunk ./source/kde/qt/FrugalBuild 26 - 0075-fix-array-underrun.diff) + 0075-fix-array-underrun.diff \ + CVE-2007-3388.patch) hunk ./source/kde/qt/FrugalBuild 87 -sha1sums=('824a4a69f78450e0c32b6c4bca17ef5d07a3b58d'\ - '8fd70a87d8640915cdfff1eb26177b96fb8cb5d0'\ - '0464d40d9bd518fe8d139b1306136089349a4cdf'\ - '7562323175ec47483dcb45c2857519f6276e0a51'\ - '54d37e3988c4b195ae960ef2c59e678151115211'\ - '0d5fcbe569723792700bad3c82abe34d5e5163c4'\ - 'dba54b91b2b00c1d052ac512d824b29d31aefb89'\ - '0e88e4f3a184b0f0544bd0cbd8302e55aaf14871'\ - 'dffee9bbe4d3256b7331eb3d26ebd9d6b5adc996'\ - '62abbe0142a494d81811b6293937a75462203523') +sha1sums=('824a4a69f78450e0c32b6c4bca17ef5d07a3b58d' \ + '8fd70a87d8640915cdfff1eb26177b96fb8cb5d0' \ + '0464d40d9bd518fe8d139b1306136089349a4cdf' \ + '7562323175ec47483dcb45c2857519f6276e0a51' \ + '54d37e3988c4b195ae960ef2c59e678151115211' \ + '0d5fcbe569723792700bad3c82abe34d5e5163c4' \ + 'dba54b91b2b00c1d052ac512d824b29d31aefb89' \ + '0e88e4f3a184b0f0544bd0cbd8302e55aaf14871' \ + 'dffee9bbe4d3256b7331eb3d26ebd9d6b5adc996' \ + '62abbe0142a494d81811b6293937a75462203523' \ + 'f7634fb0419bda723053adb885facd270ccb10ec') } From vmiklos at frugalware.org Wed Aug 15 03:55:34 2007 From: vmiklos at frugalware.org (VMiklos) Date: Wed Aug 15 03:55:36 2007 Subject: [Frugalware-darcs] frugalware-0.6: streamripper-1.62.2-1terminus1-i686 Message-ID: <20070815015534.9D15513A400D@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070815015421-e2957-aebb7053a550509b194f5fd14dc0f3a1e2230ca3.gz; [streamripper-1.62.2-1terminus1-i686 VMiklos **20070815015421 secfix bump closes #2334 ] { hunk ./source/multimedia-extra/streamripper/FrugalBuild 5 -pkgver=1.61.27 -pkgrel=1 +pkgver=1.62.2 +pkgrel=1terminus1 hunk ./source/multimedia-extra/streamripper/FrugalBuild 13 -Fconfopts="$Fconfopts --with-included-tre" + +build() +{ + Fcd + cp /usr/share/automake/mkinstalldirs . + Fsed '@MKINSTALLDIRS@' "`pwd`/mkinstalldirs" tre-0.7.2/po/Makefile.in.in + Fbuild --with-included-tre +} hunk ./source/multimedia-extra/streamripper/FrugalBuild 24 -sha1sums=('bdbf0e301c3c783e1f13c2977508afd5076328ad') +sha1sums=('6daeec5979858a6969dccca23fcc96d781e571ba') } From vmiklos at frugalware.org Thu Aug 16 12:57:01 2007 From: vmiklos at frugalware.org (VMiklos) Date: Thu Aug 16 12:57:04 2007 Subject: [Frugalware-darcs] frugalware-0.6: seamonkey-1.1.4-1terminus1-i686 Message-ID: <20070816105701.56E8913A400D@genesis.frugalware.org> Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070816105534-e2957-bfc2657caeafe0a18eec6660c9d65fbc5f4efcd8.gz; [seamonkey-1.1.4-1terminus1-i686 VMiklos **20070816105534 secfix bump closes #2296 ] { hunk ./source/xapps-extra/seamonkey/FrugalBuild 5 -pkgver=1.1.2 +pkgver=1.1.4 hunk ./source/xapps-extra/seamonkey/FrugalBuild 52 -sha1sums=('d0aa219b54a54cd75e690a458280b0d12bcf9607'\ - '0dd4777e87d70eba6834d56813f6a415fe991007'\ +sha1sums=('6450464647ab010a939cfc23ff340a1966981ddc' \ + '0dd4777e87d70eba6834d56813f6a415fe991007' \ }