From vmiklos at frugalware.org Thu Apr 1 00:29:03 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Thu, 1 Apr 2010 00:29:03 +0200 (CEST) Subject: [Frugalware-git] frugalware-current: php-5.3.2-2-i686 Message-ID: <20100331222903.C38AE1240001@genesis.frugalware.org> Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=d9c1d6eb1c06b820b918ad881cdf8f6161df0b82 commit d9c1d6eb1c06b820b918ad881cdf8f6161df0b82 Author: Miklos Vajna Date: Wed Mar 31 21:58:19 2010 +0200 php-5.3.2-2-i686 - add CVE-2010-0397.patch - closes #4165 diff --git a/source/devel/php/CVE-2010-0397.patch b/source/devel/php/CVE-2010-0397.patch new file mode 100644 index 0000000..74bd96d --- /dev/null +++ b/source/devel/php/CVE-2010-0397.patch @@ -0,0 +1,32 @@ +Index: php/ext/xmlrpc/xmlrpc-epi-php.c +=================================================================== +--- php.orig/ext/xmlrpc/xmlrpc-epi-php.c ++++ php/ext/xmlrpc/xmlrpc-epi-php.c +@@ -778,6 +778,7 @@ zval* decode_request_worker(char *xml_in + zval* retval = NULL; + XMLRPC_REQUEST response; + STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}}; ++ const char *method_name; + opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(encoding_in) : ENCODING_DEFAULT; + + /* generate XMLRPC_REQUEST from raw xml */ +@@ -788,10 +789,15 @@ zval* decode_request_worker(char *xml_in + + if (XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) { + if (method_name_out) { +- zval_dtor(method_name_out); +- Z_TYPE_P(method_name_out) = IS_STRING; +- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response)); +- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); ++ method_name = XMLRPC_RequestGetMethodName(response); ++ if (method_name) { ++ zval_dtor(method_name_out); ++ Z_TYPE_P(method_name_out) = IS_STRING; ++ Z_STRVAL_P(method_name_out) = estrdup(method_name); ++ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); ++ } else { ++ retval = NULL; ++ } + } + } + diff --git a/source/devel/php/FrugalBuild b/source/devel/php/FrugalBuild index d6acb9d..068d1a9 100644 --- a/source/devel/php/FrugalBuild +++ b/source/devel/php/FrugalBuild @@ -4,7 +4,7 @@ pkgname=php pkgver=5.3.2 -pkgrel=1 +pkgrel=2 pkgdesc="A widely-used general-purpose scripting language" url="http://www.php.net" backup=(etc/{php.ini,httpd/conf/modules.d/$pkgname.conf}) @@ -18,7 +18,7 @@ groups=('devel') archs=('i686' 'x86_64') up2date="lynx -dump http://www.php.net/downloads.php |grep 'Complete Source Code' -3|sed -n 's/.*P \(.*\)/\1/;2 p'" source=(http://www.php.net/distributions/$pkgname-$pkgver.tar.gz \ - php.ini php.conf README.Frugalware phpize.in.patch) + php.ini php.conf README.Frugalware phpize.in.patch CVE-2010-0397.patch) subpkgs=("$pkgname-cgi") suboptions=('nodocs') ## its depends on PHP and the same files are installed etc @@ -139,6 +139,7 @@ sha1sums=('ef9e11975eee9bcd17ed535a21559a471a1061d2' \ 'e5165779c0d3d7958e3a11c7f72762e911129e54' \ '0850ef23512a02e8460dc36f08f453d148dcd9df' \ '40ae88f0721e02a2c75de76be342c51c85bf734d' \ - '4c598e1c8683518090f7a0e9fef01c57593137c8') + '4c598e1c8683518090f7a0e9fef01c57593137c8' \ + '3cfe9055876f0c5b9cf3479b5918cf78c8892168') # optimization OK From vmiklos at frugalware.org Thu Apr 1 00:30:21 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Thu, 1 Apr 2010 00:30:21 +0200 (CEST) Subject: [Frugalware-git] frugalware-1.2: php-5.3.2-1locris1-i686 Message-ID: <20100331223021.80EC21240001@genesis.frugalware.org> Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.2.git;a=commitdiff;h=ce530696914aa04ac46ceaa490d384be23b73f50 commit ce530696914aa04ac46ceaa490d384be23b73f50 Author: Miklos Vajna Date: Wed Mar 31 22:14:17 2010 +0200 php-5.3.2-1locris1-i686 - secfix bump - add CVE-2010-0397.patch - closes #4165 (cherry picked from commits 544398a93c4978e43297f07d16038831445e1479 and c7f5c75ee63711fd94b5e16c19ce56258152ba6b) diff --git a/source/devel/php/CVE-2010-0397.patch b/source/devel/php/CVE-2010-0397.patch new file mode 100644 index 0000000..74bd96d --- /dev/null +++ b/source/devel/php/CVE-2010-0397.patch @@ -0,0 +1,32 @@ +Index: php/ext/xmlrpc/xmlrpc-epi-php.c +=================================================================== +--- php.orig/ext/xmlrpc/xmlrpc-epi-php.c ++++ php/ext/xmlrpc/xmlrpc-epi-php.c +@@ -778,6 +778,7 @@ zval* decode_request_worker(char *xml_in + zval* retval = NULL; + XMLRPC_REQUEST response; + STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}}; ++ const char *method_name; + opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(encoding_in) : ENCODING_DEFAULT; + + /* generate XMLRPC_REQUEST from raw xml */ +@@ -788,10 +789,15 @@ zval* decode_request_worker(char *xml_in + + if (XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) { + if (method_name_out) { +- zval_dtor(method_name_out); +- Z_TYPE_P(method_name_out) = IS_STRING; +- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response)); +- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); ++ method_name = XMLRPC_RequestGetMethodName(response); ++ if (method_name) { ++ zval_dtor(method_name_out); ++ Z_TYPE_P(method_name_out) = IS_STRING; ++ Z_STRVAL_P(method_name_out) = estrdup(method_name); ++ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); ++ } else { ++ retval = NULL; ++ } + } + } + diff --git a/source/devel/php/FrugalBuild b/source/devel/php/FrugalBuild index 58a7b75..6599b6b 100644 --- a/source/devel/php/FrugalBuild +++ b/source/devel/php/FrugalBuild @@ -3,8 +3,8 @@ # Contributor: VMiklos pkgname=php -pkgver=5.3.1 -pkgrel=2 +pkgver=5.3.2 +pkgrel=1locris1 pkgdesc="A widely-used general-purpose scripting language" url="http://www.php.net" backup=(etc/{php.ini,httpd/conf/modules.d/$pkgname.conf}) @@ -18,12 +18,12 @@ groups=('devel') archs=('i686' 'x86_64') up2date="lynx -dump http://www.php.net/downloads.php |grep 'Complete Source Code' -3|sed -n 's/.*P \(.*\)/\1/;2 p'" source=(http://www.php.net/distributions/$pkgname-$pkgver.tar.gz \ - php.ini php.conf README.Frugalware phpize.in.patch) + php.ini php.conf README.Frugalware phpize.in.patch CVE-2010-0397.patch) subpkgs=("$pkgname-cgi") suboptions=('nodocs') ## its depends on PHP and the same files are installed etc subdescs=("CGI binary for php and its libs.") -subdepends=("$pkgname=$pkgver") +subrodepends=("$pkgname=$pkgver") subgroups=('devel-extra') subarchs=('i686 x86_64') @@ -135,10 +135,11 @@ build() Fln /usr/share/libtool/config/ltmain.sh /usr/lib/php/build/ltmain.sh Fln /usr/share/aclocal/libtool.m4 /usr/lib/php/build/libtool.m4 } -sha1sums=('eb21fbacbb9399ed6ddc26d827025e1c3ced3d8c' \ +sha1sums=('ef9e11975eee9bcd17ed535a21559a471a1061d2' \ 'e5165779c0d3d7958e3a11c7f72762e911129e54' \ '0850ef23512a02e8460dc36f08f453d148dcd9df' \ '40ae88f0721e02a2c75de76be342c51c85bf734d' \ - '4c598e1c8683518090f7a0e9fef01c57593137c8') + '4c598e1c8683518090f7a0e9fef01c57593137c8' \ + '3cfe9055876f0c5b9cf3479b5918cf78c8892168') # optimization OK From vmiklos at frugalware.org Thu Apr 1 00:30:35 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Thu, 1 Apr 2010 00:30:35 +0200 (CEST) Subject: [Frugalware-git] homepage-ng: FSA650-php Message-ID: <20100331223035.BEAEF1240001@genesis.frugalware.org> Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=79e7e7728bf6d4e2921424df053d6b69be1a32a0 commit 79e7e7728bf6d4e2921424df053d6b69be1a32a0 Author: Miklos Vajna Date: Wed Mar 31 22:19:36 2010 +0200 FSA650-php diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 32cd44e..e776a05 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,6 +26,23 @@ + 650 + 2010-04-01 + Miklos Vajna + php + 5.3.1-2 + 5.3.2-1locris1 + http://bugs.frugalware.org/task/4165 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1128 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1129 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1130 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0397 + Two vulnerabilities have been reported in PHP, which can be exploited by malicious users to bypass certain security restrictions. + 1) An error in the session extension can be exploited to bypass the "safe_mode" and "open_basedir" feature. + 2) A validation error exists within the "tempnam()" function, which can be exploited to bypass the "safe_mode" feature. + A NULL pointer dereference has been reported in the xmlrpc extension, in a call to estrdup(). This bug can at least be used to perform DoS attacks. + + 649 2010-03-31 Miklos Vajna From vmiklos at frugalware.org Thu Apr 1 01:30:01 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Thu, 1 Apr 2010 01:30:01 +0200 (CEST) Subject: [Frugalware-git] php52: php-5.2.13-1locris1-i686 Message-ID: <20100331233001.342F71240001@genesis.frugalware.org> Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=php52.git;a=commitdiff;h=20777a99d39b0bc251b425e7cd53daa4893776e7 commit 20777a99d39b0bc251b425e7cd53daa4893776e7 Author: Miklos Vajna Date: Thu Apr 1 01:29:38 2010 +0200 php-5.2.13-1locris1-i686 - version bump diff --git a/source/devel/php/FrugalBuild b/source/devel/php/FrugalBuild index f41d7fc..ae4a86d 100644 --- a/source/devel/php/FrugalBuild +++ b/source/devel/php/FrugalBuild @@ -3,8 +3,8 @@ # Contributor: VMiklos pkgname=php -pkgver=5.2.11 -pkgrel=1getorin1 +pkgver=5.2.13 +pkgrel=1locris1 pkgdesc="A widely-used general-purpose scripting language" url="http://www.php.net" backup=(etc/{php.ini,httpd/conf/modules.d/$pkgname.conf}) @@ -23,7 +23,7 @@ source=(http://www.php.net/distributions/$pkgname-$pkgver.tar.gz \ subpkgs=("$pkgname-cgi") suboptions=('nodocs') ## its depends on PHP and the same files are installed etc subdescs=("CGI binary for php and its libs.") -subdepends=("$pkgname=$pkgver") +subrodepends=("$pkgname=$pkgver") subgroups=('devel-extra') subarchs=('i686 x86_64') @@ -135,7 +135,7 @@ build() Fln /usr/share/libtool/config/ltmain.sh /usr/lib/php/build/ltmain.sh Fln /usr/share/aclocal/libtool.m4 /usr/lib/php/build/libtool.m4 } -sha1sums=('5e5f800b3b22b91ea0967e7f6cb8cdec0ccbaa47' \ +sha1sums=('238dfcedcacf0db91da0a36bbb4f3a80b25a1cc9' \ '9ba6e9430bdba5f6ab2bad15e7cc354d0ea3fd58' \ '0850ef23512a02e8460dc36f08f453d148dcd9df' \ '40ae88f0721e02a2c75de76be342c51c85bf734d' \ From ryuo at frugalware.org Thu Apr 1 07:51:06 2010 From: ryuo at frugalware.org (James Buren) Date: Thu, 1 Apr 2010 07:51:06 +0200 (CEST) Subject: [Frugalware-git] frugalware-current: generatesyntax * add Finclude to FUNCTIONS Message-ID: <20100401055106.3EDE11240001@genesis.frugalware.org> Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=04c7b818e0b0676cd9528a877b4354e6599ee9cf commit 04c7b818e0b0676cd9528a877b4354e6599ee9cf Author: James Buren Date: Thu Apr 1 00:47:00 2010 -0500 generatesyntax * add Finclude to FUNCTIONS diff --git a/tools/generatesyntax b/tools/generatesyntax index 1e79455..9adf232 100755 --- a/tools/generatesyntax +++ b/tools/generatesyntax @@ -43,8 +43,11 @@ fi # Schemas to search SCHEMAS=$(git rev-parse --show-cdup)/source/include/*.sh +# Set base functions +FUNCTIONS="Finclude" + # Assemble names of all functions, filter out any starting with '__' -FUNCTIONS=`grep -ho '^\w\+()\s*{\?' $SCHEMAS | grep -v '^__' | sed 's|[(){ \t]||g' | sort -u` +FUNCTIONS="$FUNCTIONS `grep -ho '^\w\+()\s*{\?' $SCHEMAS | grep -v '^__' | sed 's|[(){ \t]||g' | sort -u`" # Define variables all FrugalBuilds may have VARIABLES="pkgname pkgver pkgrel pkgdesc pkgdesc_localized url license install" From ryuo at frugalware.org Thu Apr 1 07:53:19 2010 From: ryuo at frugalware.org (James Buren) Date: Thu, 1 Apr 2010 07:53:19 +0200 (CEST) Subject: [Frugalware-git] frugalware-current: frugalbuild.lang * add Finclude Message-ID: <20100401055319.6EE771240001@genesis.frugalware.org> Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=47e664f24dbfb25a6864da292c9dff5acd0fe4cf commit 47e664f24dbfb25a6864da292c9dff5acd0fe4cf Author: James Buren Date: Thu Apr 1 00:49:48 2010 -0500 frugalbuild.lang * add Finclude diff --git a/source/xapps-extra/medit/frugalbuild.lang b/source/xapps-extra/medit/frugalbuild.lang index a748255..e233eb8 100644 --- a/source/xapps-extra/medit/frugalbuild.lang +++ b/source/xapps-extra/medit/frugalbuild.lang @@ -13,6 +13,7 @@ (?<![\w\-\.]) (?![\w\-\.]) + Finclude build check_option CMake_build From ryuo at frugalware.org Thu Apr 1 08:08:47 2010 From: ryuo at frugalware.org (James Buren) Date: Thu, 1 Apr 2010 08:08:47 +0200 (CEST) Subject: [Frugalware-git] gnometesting: gtksourceview-2.10.0-2-i686 * add FrugalBuild syntax highlighting file * this will now allow all gtksourceview based editors to have syntax * highlighting for FrugalBuilds (gedit, gobby, ...) * release bump Message-ID: <20100401060847.12BFB1240001@genesis.frugalware.org> Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=gnometesting.git;a=commitdiff;h=8c7c7a130fdc188cf7e937a80d4ed8eb72426c60 commit 8c7c7a130fdc188cf7e937a80d4ed8eb72426c60 Author: James Buren Date: Thu Apr 1 01:02:39 2010 -0500 gtksourceview-2.10.0-2-i686 * add FrugalBuild syntax highlighting file * this will now allow all gtksourceview based editors to have syntax * highlighting for FrugalBuilds (gedit, gobby, ...) * release bump diff --git a/source/gnome/gtksourceview/FrugalBuild b/source/gnome/gtksourceview/FrugalBuild index d5afd88..d07fdfc 100644 --- a/source/gnome/gtksourceview/FrugalBuild +++ b/source/gnome/gtksourceview/FrugalBuild @@ -3,18 +3,21 @@ pkgname=gtksourceview pkgver=2.10.0 -pkgrel=1 +pkgrel=2 pkgdesc="A text widget adding syntax highlighting and more to GNOME" depends=('gtk+2>=2.20.0') makedepends=('intltool' 'gtk-doc') groups=('gnome' 'gnome-minimal') archs=('i686' 'x86_64' 'ppc') Finclude gnome +source=(${source[@]} frugalbuild.lang) build() { Fbuild --enable-gtk-doc Frm usr/share/gtksourceview-2.0/language-specs/boo.lang + Ffile /usr/share/gtksourceview-2.0/language-specs/frugalbuild.lang } -sha1sums=('53a2c78d3c91c3e697b4467f48051c8f6f3f1c85') +sha1sums=('53a2c78d3c91c3e697b4467f48051c8f6f3f1c85' \ + '324adf29c9b02db1f496295f5a391d3a73adb513') # optimization OK diff --git a/source/gnome/gtksourceview/frugalbuild.lang b/source/gnome/gtksourceview/frugalbuild.lang new file mode 100644 index 0000000..e233eb8 --- /dev/null +++ b/source/gnome/gtksourceview/frugalbuild.lang @@ -0,0 +1,163 @@ + + + + + text/x-shellscript;application/x-shellscript;text/x-sh + FrugalBuild + # + + +