From trevor@FreeBSD.org Wed Aug 30 23:45:31 2006 Return-Path: Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E73BC16A4DA for ; Wed, 30 Aug 2006 23:45:31 +0000 (UTC) (envelope-from trevor@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA35C43D45 for ; Wed, 30 Aug 2006 23:45:30 +0000 (GMT) (envelope-from trevor@FreeBSD.org) Received: from freefall.freebsd.org (trevor@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k7UNjUhv063071 for ; Wed, 30 Aug 2006 23:45:30 GMT (envelope-from trevor@freefall.freebsd.org) Received: (from trevor@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k7UNjUoS063070; Wed, 30 Aug 2006 23:45:30 GMT (envelope-from trevor) Message-Id: <200608302345.k7UNjUoS063070@freefall.freebsd.org> Date: Wed, 30 Aug 2006 23:45:30 GMT From: Trevor Johnson Reply-To: Trevor Johnson To: FreeBSD-gnats-submit@freebsd.org Cc: Subject: security update to linux_base-suse-9.3 port X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 102709 >Category: ports >Synopsis: security update to linux_base-suse-9.3 port >Confidential: no >Severity: critical >Priority: high >Responsible: trevor >State: closed >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Aug 30 23:50:18 GMT 2006 >Closed-Date: Thu Aug 31 06:18:36 GMT 2006 >Last-Modified: Thu Aug 31 06:18:36 GMT 2006 >Originator: Trevor Johnson >Release: >Organization: >Environment: >Description: Use updated RPMs (all descriptions are taken verbatim from the INDEX file provided by Novell): glibc-2.3.4-23.4 This update fixes a problem when debugging threaded programs using gdb. The symptom would be that 'info threads' returns empty in every case. Everyone who debugs should update. coreutils-5.3.0-10.2 Fix a bug in the cp and mv utilities that cause them to terminate with a segmentation fault when copying extended attributes fails. libtiff-3.7.1-7.8, This update of libtiff is the result of a source-code audit done by Tavis Ormandy. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) giflib-4.1.3-5.2 This update fixes the following security issues: - specially crafted GIF files could crash applications (CVE-2005-2974). - specially crafted GIF files could overwrite memory which potentially allowed to execute arbitrary code (CVE-2005-3350). freetype2-2.1.9-4.4 This security update fixes crashes in the PCF handling of freetype2 which might be used to crash freetype2 using applications or even to execude code in them. This issue is tracked by the Mitre CVE ID CVE-2006-3467. gtk2-2.6.4-6.3 This update fixes the following security problem: a heap overflow in the XPM reader allowed attackers to execute arbitrary code via specially crafted XPM images (CVE-2005-3186, CVE-2005-2976). kdelibs3-3.4.0-20.10 This update contain a fix for kdelibs3. The package contained libraries or applications having an internal empty rpath / runpath. This problem leads to programs searching shared libaries in the current directory. arts-1.4.0-10.2 The KDE soundserver aRts lacked checks around some setuid() calls. This could potentially be used by a local attacker to gain root privileges. (CVE-2006-2916) Add linux_base-8 to CONFLICTS. Set PORTREVISION to 4. Take maintainership. Remove deprecation. >How-To-Repeat: >Fix: Index: Makefile =================================================================== RCS file: /home/ncvs/ports/emulators/linux_base-suse-9.3/Makefile,v retrieving revision 1.99 diff -u -r1.99 Makefile --- Makefile 17 Jun 2006 09:28:02 -0000 1.99 +++ Makefile 30 Aug 2006 19:36:08 -0000 @@ -9,22 +9,19 @@ PORTNAME= linux_base-suse PORTVERSION= 9.3 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= emulators linux MASTER_SITES= ${MASTER_SITE_SUSE} ${MASTER_SITE_SUSE:S/$/:update/} MASTER_SITE_SUBDIR= i386/9.3/suse/i586 i386/update/9.3/rpm/i586/:update -MAINTAINER= ports@FreeBSD.org +MAINTAINER= trevor@FreeBSD.org COMMENT= Basic packages for Linux mode from SUSE 9.3/i386 EXTRACT_DEPENDS= rpm:${PORTSDIR}/archivers/rpm -CONFLICTS= linux_base-7* linux_base-debian* linux_base-gentoo* linux_base-rh* \ - linux_base-suse-9.1* linux_base-suse-9.2* linux_base-fc* - -DEPRECATED= unmaintained and does not comply to the linux_base invariants -EXPIRATION_DATE=2006-09-01 -IGNORE= ${DEPRECATED} +CONFLICTS= linux_base-7* linux_base-8* linux_base-debian* \ + linux_base-fc* linux_base-gentoo* linux_base-rh* \ + linux_base-suse-9.1* linux_base-suse-9.2* RPMLIST= ${.CURDIR}/files/rpmlist.conf Index: distinfo =================================================================== RCS file: /home/ncvs/ports/emulators/linux_base-suse-9.3/distinfo,v retrieving revision 1.27 diff -u -r1.27 distinfo --- distinfo 7 Jan 2006 20:14:39 -0000 1.27 +++ distinfo 30 Aug 2006 20:36:21 -0000 @@ -1,6 +1,6 @@ -MD5 (rpm/i386/suse/9.3/glibc-2.3.4-23.2.i586.rpm) = ccab7cefbc033d374c75368e43a8fb6d -SHA256 (rpm/i386/suse/9.3/glibc-2.3.4-23.2.i586.rpm) = 3aac37a7c9212cf8b986e5bec1bf9ada41f23d3f33f88a33197b443795145b06 -SIZE (rpm/i386/suse/9.3/glibc-2.3.4-23.2.i586.rpm) = 1978858 +MD5 (rpm/i386/suse/9.3/glibc-2.3.4-23.4.i586.rpm) = a15d2766acdcab1938f6b5a3859cd968 +SHA256 (rpm/i386/suse/9.3/glibc-2.3.4-23.4.i586.rpm) = 15f031210e65bd606be16bbb4c1fbf9960f70fc486d3e3d3fb6d4e844ba3a454 +SIZE (rpm/i386/suse/9.3/glibc-2.3.4-23.4.i586.rpm) = 2207209 MD5 (rpm/i386/suse/9.3/filesystem-9.3-2.i586.rpm) = adaae0c676bd9ad87b9f170f41559fff SHA256 (rpm/i386/suse/9.3/filesystem-9.3-2.i586.rpm) = 2d8d6b73e20518db1fb2d17f230c0a135f73174c9e53e981179af8a538e2072b SIZE (rpm/i386/suse/9.3/filesystem-9.3-2.i586.rpm) = 42108 @@ -40,9 +40,9 @@ MD5 (rpm/i386/suse/9.3/libacl-2.2.30-3.i586.rpm) = 2c654da2d186bcd2a0bfbf32ad15b5d4 SHA256 (rpm/i386/suse/9.3/libacl-2.2.30-3.i586.rpm) = 3f0c6080f3adf1c08bbc48dd9329a3c0721f103d529996f712407494c3c0b139 SIZE (rpm/i386/suse/9.3/libacl-2.2.30-3.i586.rpm) = 19059 -MD5 (rpm/i386/suse/9.3/coreutils-5.3.0-10.i586.rpm) = b552c57769a856400489d9dc2cc48d61 -SHA256 (rpm/i386/suse/9.3/coreutils-5.3.0-10.i586.rpm) = 62ba827d1ab35c2e7cae80e5d468bf8ebc3dc3d72aacfa4dd28897363b17d671 -SIZE (rpm/i386/suse/9.3/coreutils-5.3.0-10.i586.rpm) = 1816939 +MD5 (rpm/i386/suse/9.3/coreutils-5.3.0-10.2.i586.rpm) = a87a109b682828c26fd75af5b1d96795 +SHA256 (rpm/i386/suse/9.3/coreutils-5.3.0-10.2.i586.rpm) = 8a1554bb5fb730584617fa7fdfb44d9316b77105966c459761978a69eb6422bd +SIZE (rpm/i386/suse/9.3/coreutils-5.3.0-10.2.i586.rpm) = 1816274 MD5 (rpm/i386/suse/9.3/insserv-1.00.8-4.i586.rpm) = f2a0a0e7fd1b2cce258f0ef8270c42e0 SHA256 (rpm/i386/suse/9.3/insserv-1.00.8-4.i586.rpm) = 8e147b8e07efd446e9b23c43852e460748f8bc1b4e2fa11c52ce9f0d87f3c42e SIZE (rpm/i386/suse/9.3/insserv-1.00.8-4.i586.rpm) = 26271 @@ -85,15 +85,15 @@ MD5 (rpm/i386/suse/9.3/imlib2-1.1.1-7.i586.rpm) = 53d6d87d77b8d5ef740f817bcbd65dc0 SHA256 (rpm/i386/suse/9.3/imlib2-1.1.1-7.i586.rpm) = 6f8236e7fb92e270401fe755dffe7397adf97f9e95290efdb887d1d7fe4f32cb SIZE (rpm/i386/suse/9.3/imlib2-1.1.1-7.i586.rpm) = 204624 -MD5 (rpm/i386/suse/9.3/libtiff-3.7.1-7.2.i586.rpm) = 9ac4f7cbf78f9cac45d6fc01b0947e9d -SHA256 (rpm/i386/suse/9.3/libtiff-3.7.1-7.2.i586.rpm) = 24aa0addd3de16b8fd10af18fb185a610b8cebb7fc403b30be10f2b1db524d32 -SIZE (rpm/i386/suse/9.3/libtiff-3.7.1-7.2.i586.rpm) = 107928 +MD5 (rpm/i386/suse/9.3/libtiff-3.7.1-7.8.i586.rpm) = a9302f4fcd3b68edcbf6fa65ee8442c3 +SHA256 (rpm/i386/suse/9.3/libtiff-3.7.1-7.8.i586.rpm) = d10fade87c2afe25e7087d68c987b1e44ae496466ca849c78aa4a5d86c6280f9 +SIZE (rpm/i386/suse/9.3/libtiff-3.7.1-7.8.i586.rpm) = 109249 MD5 (rpm/i386/suse/9.3/freetype-1.3.1-1160.i586.rpm) = 01d0011e2933b341076f8ca7f5662f39 SHA256 (rpm/i386/suse/9.3/freetype-1.3.1-1160.i586.rpm) = 3d062d34595e990c51c59ee7eee7608b2bad90645d32aa05bbe923c2ab0fac8d SIZE (rpm/i386/suse/9.3/freetype-1.3.1-1160.i586.rpm) = 276050 -MD5 (rpm/i386/suse/9.3/freetype2-2.1.9-4.i586.rpm) = 9f29c01114914399b90ef9d70ec0da9c -SHA256 (rpm/i386/suse/9.3/freetype2-2.1.9-4.i586.rpm) = e102b23dd2a195cf66187cb0f6ccaf40590143984b8694cc35211cab4dfb1952 -SIZE (rpm/i386/suse/9.3/freetype2-2.1.9-4.i586.rpm) = 517975 +MD5 (rpm/i386/suse/9.3/freetype2-2.1.9-4.4.i586.rpm) = c4c0764be947a478d0b5583e50510903 +SHA256 (rpm/i386/suse/9.3/freetype2-2.1.9-4.4.i586.rpm) = a764ee249ffc56014ec9160ecc805b5ec484c6fbc1eca8e5a48c170fac4cf0c8 +SIZE (rpm/i386/suse/9.3/freetype2-2.1.9-4.4.i586.rpm) = 518258 MD5 (rpm/i386/suse/9.3/fontconfig-2.2.99.20050218-8.i586.rpm) = ef11d39caa92131a4d21b57069ba7c5d SHA256 (rpm/i386/suse/9.3/fontconfig-2.2.99.20050218-8.i586.rpm) = 187c35726a727f2ca5a5ca3cc928231d89c10d1f9b4771b04140c2b918f4e127 SIZE (rpm/i386/suse/9.3/fontconfig-2.2.99.20050218-8.i586.rpm) = 169707 @@ -103,9 +103,9 @@ MD5 (rpm/i386/suse/9.3/xorg-x11-Mesa-6.8.2-30.i586.rpm) = 7dc81ae384f3e922acbd5fe5b7cf34fe SHA256 (rpm/i386/suse/9.3/xorg-x11-Mesa-6.8.2-30.i586.rpm) = d1bd8d2f66ba79c97d79a58b0c5f6f9761ee63815936461b38dde533cf73d641 SIZE (rpm/i386/suse/9.3/xorg-x11-Mesa-6.8.2-30.i586.rpm) = 8295266 -MD5 (rpm/i386/suse/9.3/giflib-4.1.3-5.i586.rpm) = c6fe303ab52707a477beb4f4f76ccbcc -SHA256 (rpm/i386/suse/9.3/giflib-4.1.3-5.i586.rpm) = e5a954db92ed4410b3e5fe984398e8ec77f0c6c6221d1fda2a8bba3a1a8f4c7c -SIZE (rpm/i386/suse/9.3/giflib-4.1.3-5.i586.rpm) = 21252 +MD5 (rpm/i386/suse/9.3/giflib-4.1.3-5.2.i586.rpm) = eaae4ad2aecf5824136dec3f76fea463 +SHA256 (rpm/i386/suse/9.3/giflib-4.1.3-5.2.i586.rpm) = cc1c0ad45185d3cef0461d010b9671fb096bdaf63aadba36e2c62f6be039530e +SIZE (rpm/i386/suse/9.3/giflib-4.1.3-5.2.i586.rpm) = 21437 MD5 (rpm/i386/suse/9.3/jpeg-6b-738.i586.rpm) = 4e342e5583fc4dca4b315a5fa797250c SHA256 (rpm/i386/suse/9.3/jpeg-6b-738.i586.rpm) = ecd2e01eee7f9bd886d9e55b1dd70f0fb8ad81e435789baa16ed417b9b40d233 SIZE (rpm/i386/suse/9.3/jpeg-6b-738.i586.rpm) = 109642 @@ -136,9 +136,9 @@ MD5 (rpm/i386/suse/9.3/gtk-1.2.10-885.i586.rpm) = 6b66523f81287ac0e9bfa2b2bc0ff89d SHA256 (rpm/i386/suse/9.3/gtk-1.2.10-885.i586.rpm) = 25a918b79ad8a3233c3252d69a7c1010469544e4a43c64eecd35bb33735a3d5f SIZE (rpm/i386/suse/9.3/gtk-1.2.10-885.i586.rpm) = 800173 -MD5 (rpm/i386/suse/9.3/gtk2-2.6.4-6.i586.rpm) = 71cbb106135a2f5aee9f8746f7e0c0ce -SHA256 (rpm/i386/suse/9.3/gtk2-2.6.4-6.i586.rpm) = 82adc217e446b09ffa679d5137ce6a10ea9dbffcd3efd0eff82e6cea3490dd84 -SIZE (rpm/i386/suse/9.3/gtk2-2.6.4-6.i586.rpm) = 3383029 +MD5 (rpm/i386/suse/9.3/gtk2-2.6.4-6.3.i586.rpm) = e7e6dceafe5a32ebab7a5b8a57661f87 +SHA256 (rpm/i386/suse/9.3/gtk2-2.6.4-6.3.i586.rpm) = 839e5e1a3c656f2a8a74b714799294b643ec63ddcda47a79e6a597a4b34eda3f +SIZE (rpm/i386/suse/9.3/gtk2-2.6.4-6.3.i586.rpm) = 3383976 MD5 (rpm/i386/suse/9.3/expat-1.95.8-4.i586.rpm) = cd2b301012f0d25536dbd0e9fe05a42e SHA256 (rpm/i386/suse/9.3/expat-1.95.8-4.i586.rpm) = 9cbc81c55a5e0c40db2952a8b77f6a5392c22c3543b06dfab61f46915338caf2 SIZE (rpm/i386/suse/9.3/expat-1.95.8-4.i586.rpm) = 171522 @@ -175,12 +175,12 @@ MD5 (rpm/i386/suse/9.3/qt3-3.3.4-11.3.i586.rpm) = 008590575958f614e9417e4479208b65 SHA256 (rpm/i386/suse/9.3/qt3-3.3.4-11.3.i586.rpm) = f3d897dab645048b668d96adc463d15fc705251f4c0aed21e5db4a05a647e806 SIZE (rpm/i386/suse/9.3/qt3-3.3.4-11.3.i586.rpm) = 3050803 -MD5 (rpm/i386/suse/9.3/kdelibs3-3.4.0-20.7.i586.rpm) = 94af87ce5da2926f9ce9f7d12ed92eb8 -SHA256 (rpm/i386/suse/9.3/kdelibs3-3.4.0-20.7.i586.rpm) = b94b68c2fcca712893f438be2aec2b7ea44c7117dc59f85041f7f7860015f583 -SIZE (rpm/i386/suse/9.3/kdelibs3-3.4.0-20.7.i586.rpm) = 15702048 +MD5 (rpm/i386/suse/9.3/kdelibs3-3.4.0-20.10.i586.rpm) = c39e37cec38e079d5b1151c6adeb8d43 +SHA256 (rpm/i386/suse/9.3/kdelibs3-3.4.0-20.10.i586.rpm) = a16af542202782ee35f35008f3c23afcd8adf8e6ce529e905d52f0200ae0673a +SIZE (rpm/i386/suse/9.3/kdelibs3-3.4.0-20.10.i586.rpm) = 15712178 MD5 (rpm/i386/suse/9.3/setserial-2.17-580.i586.rpm) = 7183c85b79d443355a2d8841bebd976f SHA256 (rpm/i386/suse/9.3/setserial-2.17-580.i586.rpm) = b11d378f2998b3cb61a2b282e276196c6ab0183dbedc086037d1c1aeca6ffd52 SIZE (rpm/i386/suse/9.3/setserial-2.17-580.i586.rpm) = 24031 -MD5 (rpm/i386/suse/9.3/arts-1.4.0-10.i586.rpm) = 37cfd45f86faa3cec9d9347ab648745d -SHA256 (rpm/i386/suse/9.3/arts-1.4.0-10.i586.rpm) = a7fa72e7abe34c83e49fd0c800dc5d16dde0d124c3eddbe5b8b01a039810999b -SIZE (rpm/i386/suse/9.3/arts-1.4.0-10.i586.rpm) = 1254193 +MD5 (rpm/i386/suse/9.3/arts-1.4.0-10.2.i586.rpm) = d7f61a94f096be9e7e1658385b93f1df +SHA256 (rpm/i386/suse/9.3/arts-1.4.0-10.2.i586.rpm) = d51bcb24481efcd32381b2807d374f15afae0a96ff989b5f3f8159a450fcea99 +SIZE (rpm/i386/suse/9.3/arts-1.4.0-10.2.i586.rpm) = 1252907 Index: files/rpmlist.conf =================================================================== RCS file: /home/ncvs/ports/emulators/linux_base-suse-9.3/files/rpmlist.conf,v retrieving revision 1.5 diff -u -r1.5 rpmlist.conf --- files/rpmlist.conf 4 Oct 2005 05:12:45 -0000 1.5 +++ files/rpmlist.conf 30 Aug 2006 20:28:25 -0000 @@ -1,4 +1,4 @@ -glibc|glibc-2.3.4-23.2.i586.rpm||on +glibc|glibc-2.3.4-23.4.i586.rpm:update||on filesystem|filesystem-9.3-2.i586.rpm||on db|db-4.3.27-3.i586.rpm||on compatgdbm|compat-gdbm-1.8.0-5.i586.rpm||on @@ -12,7 +12,7 @@ grep|grep-2.5.1a-4.i586.rpm||on desktop-file-utils|desktop-file-utils-0.10-8.i586.rpm||on libacl|libacl-2.2.30-3.i586.rpm||on -coreutils|coreutils-5.3.0-10.i586.rpm||on +coreutils|coreutils-5.3.0-10.2.i586.rpm:update||on insserv|insserv-1.00.8-4.i586.rpm||on slang|slang-1.4.9-126.i586.rpm||on libselinux|libselinux-1.21.7-3.i586.rpm||on @@ -27,13 +27,13 @@ audiofile|audiofile-0.2.6-3.i586.rpm|optional|off imlib|imlib-1.9.14-195.i586.rpm|optional|off imlib2|imlib2-1.1.1-7.i586.rpm|optional|off -libtiff|libtiff-3.7.1-7.2.i586.rpm:update|optional|off -giflib|giflib-4.1.3-5.i586.rpm|optional|off +libtiff|libtiff-3.7.1-7.8.i586.rpm:update|optional|off +giflib|giflib-4.1.3-5.2.i586.rpm:update|optional|off jpeg|jpeg-6b-738.i586.rpm|optional|off libmng|libmng-1.0.9-4.i586.rpm|optional|off libpng|libpng-1.2.8-3.i586.rpm|optional|off freetype1|freetype-1.3.1-1160.i586.rpm|optional|off -freetype2|freetype2-2.1.9-4.i586.rpm|optional|off +freetype2|freetype2-2.1.9-4.4.i586.rpm:update|optional|off fontconfig|fontconfig-2.2.99.20050218-8.i586.rpm|optional|off xorglibs|xorg-x11-libs-6.8.2-30.2.i586.rpm:update|optional|off xorgmesa|xorg-x11-Mesa-6.8.2-30.i586.rpm|optional|off @@ -44,7 +44,7 @@ glib1|glib-1.2.10-593.i586.rpm|optional|off glib2|glib2-2.6.3-4.i586.rpm|optional|off gtk1|gtk-1.2.10-885.i586.rpm|optional|off -gtk2|gtk2-2.6.4-6.i586.rpm|optional (3 MB)|off +gtk2|gtk2-2.6.4-6.3.i586.rpm:update|optional (3 MB)|off expat|expat-1.95.8-4.i586.rpm|optional|off libxml1|libxml-1.8.17-374.i586.rpm|optional|off libxml2|libxml2-2.6.17-4.i586.rpm|optional|off @@ -57,6 +57,6 @@ gconf2|gconf2-2.10.0-5.i586.rpm|optional|off gnomelibs|gnome-libs-1.4.1.7-682.i586.rpm|optional|off qt|qt3-3.3.4-11.3.i586.rpm|optional (3 MB)|off -kdelibs|kdelibs3-3.4.0-20.7.i586.rpm:update|optional (15 MB)|off +kdelibs|kdelibs3-3.4.0-20.10.i586.rpm:update|optional (15 MB)|off setserial|setserial-2.17-580.i586.rpm|optional|off -arts|arts-1.4.0-10.i586.rpm|optional|off +arts|arts-1.4.0-10.2.i586.rpm:update|optional|off >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-ports-bugs->trevor Responsible-Changed-By: edwin Responsible-Changed-When: Thu Aug 31 00:32:50 UTC 2006 Responsible-Changed-Why: Submitter has GNATS access http://www.freebsd.org/cgi/query-pr.cgi?pr=102709 Responsible-Changed-From-To: trevor->freebsd-ports-bugs Responsible-Changed-By: trevor Responsible-Changed-When: Thu Aug 31 03:50:37 UTC 2006 Responsible-Changed-Why: I submitted this PR because I'm unable to commit for some reason. http://www.freebsd.org/cgi/query-pr.cgi?pr=102709 State-Changed-From-To: open->closed State-Changed-By: trevor State-Changed-When: Thu Aug 31 06:17:46 UTC 2006 State-Changed-Why: committed without the change in maintainership (disapproved by portmgr) Responsible-Changed-From-To: freebsd-ports-bugs->trevor Responsible-Changed-By: trevor Responsible-Changed-When: Thu Aug 31 06:17:46 UTC 2006 Responsible-Changed-Why: back to me http://www.freebsd.org/cgi/query-pr.cgi?pr=102709 >Unformatted: