From 975d6f489c6c43bbc7b816ac43333c54c1f4df21 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 16 Apr 2013 00:06:15 -0700 Subject: Tue Apr 16 00:06:15 PDT 2013 --- ...inter-reference-when-closing-an-unused-mu.patch | 39 ----------- core/curl/PKGBUILD | 32 ++++----- core/gcc/PKGBUILD | 34 ++++++---- core/gpm/PKGBUILD | 11 +-- core/gpm/gpm | 41 ----------- core/gpm/gpm.conf.d | 4 -- core/isl/PKGBUILD | 10 +-- core/perl/CVE-2012-6329.patch | 79 ++++++++++++++++++++++ core/perl/PKGBUILD | 7 +- 9 files changed, 125 insertions(+), 132 deletions(-) delete mode 100644 core/curl/0001-Fix-NULL-pointer-reference-when-closing-an-unused-mu.patch delete mode 100755 core/gpm/gpm delete mode 100644 core/gpm/gpm.conf.d create mode 100644 core/perl/CVE-2012-6329.patch (limited to 'core') diff --git a/core/curl/0001-Fix-NULL-pointer-reference-when-closing-an-unused-mu.patch b/core/curl/0001-Fix-NULL-pointer-reference-when-closing-an-unused-mu.patch deleted file mode 100644 index aaedc27c6..000000000 --- a/core/curl/0001-Fix-NULL-pointer-reference-when-closing-an-unused-mu.patch +++ /dev/null @@ -1,39 +0,0 @@ -From da3fc1ee91de656a30f3a12de394bcba55119872 Mon Sep 17 00:00:00 2001 -From: Linus Nielsen Feltzing -Date: Sun, 10 Feb 2013 22:57:58 +0100 -Subject: [PATCH] Fix NULL pointer reference when closing an unused multi - handle. - ---- - lib/multi.c | 8 +++++--- - tests/data/Makefile.am | 1 + - tests/data/test1508 | 31 +++++++++++++++++++++++++++++ - tests/libtest/Makefile.inc | 6 +++++- - tests/libtest/lib1508.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++ - 5 files changed, 91 insertions(+), 4 deletions(-) - create mode 100644 tests/data/test1508 - create mode 100644 tests/libtest/lib1508.c - -diff --git a/lib/multi.c b/lib/multi.c -index fa0afb9..706df23 100644 ---- a/lib/multi.c -+++ b/lib/multi.c -@@ -1773,10 +1773,12 @@ CURLMcode curl_multi_cleanup(CURLM *multi_handle) - /* Close all the connections in the connection cache */ - close_all_connections(multi); - -- multi->closure_handle->dns.hostcache = multi->hostcache; -- Curl_hostcache_clean(multi->closure_handle); -+ if(multi->closure_handle) { -+ multi->closure_handle->dns.hostcache = multi->hostcache; -+ Curl_hostcache_clean(multi->closure_handle); - -- Curl_close(multi->closure_handle); -+ Curl_close(multi->closure_handle); -+ } - multi->closure_handle = NULL; - - Curl_hash_destroy(multi->sockhash); --- -1.8.1.3 - diff --git a/core/curl/PKGBUILD b/core/curl/PKGBUILD index 51d860f43..cda53a9cc 100644 --- a/core/curl/PKGBUILD +++ b/core/curl/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 177958 2013-02-12 13:57:28Z dreisner $ +# $Id: PKGBUILD 182802 2013-04-15 12:46:55Z dreisner $ # Maintainer: Dave Reisner # Contributor: Angel Velasquez # Contributor: Eric Belanger @@ -6,8 +6,8 @@ # Contributor: Daniel J Griffiths pkgname=curl -pkgver=7.29.0 -pkgrel=2 +pkgver=7.30.0 +pkgrel=1 pkgdesc="An URL retrieval utility and library" arch=('i686' 'x86_64') url="http://curl.haxx.se" @@ -15,27 +15,14 @@ license=('MIT') depends=('ca-certificates' 'libssh2' 'openssl' 'zlib') options=('!libtool') source=("http://curl.haxx.se/download/$pkgname-$pkgver.tar.gz"{,.asc} - 0001-Fix-NULL-pointer-reference-when-closing-an-unused-mu.patch curlbuild.h) -md5sums=('4f57d3b4a3963038bd5e04dbff385390' - '6283fbb36933cf8720acc34c43169f1d' - '5bfd1899e8b19cfdd78774f6337f8b47' +md5sums=('60bb6ff558415b73ba2f00163fd307c5' + 'SKIP' '751bd433ede935c8fae727377625a8ae') -ptrsize=$(cpp <<<'__SIZEOF_POINTER__' | sed '/^#/d') -case $ptrsize in - 8) _curlbuild=curlbuild-64.h ;; - 4) _curlbuild=curlbuild-32.h ;; - *) error "unknown pointer size for architecture: %s bytes" "$ptrsize" - exit 1 - ;; -esac - build() { cd "$pkgname-$pkgver" - patch -Np1 <"$srcdir/0001-Fix-NULL-pointer-reference-when-closing-an-unused-mu.patch" - ./configure \ --prefix=/usr \ --mandir=/usr/share/man \ @@ -58,6 +45,15 @@ package() { make DESTDIR="$pkgdir" install + local ptrsize=$(cpp <<<'__SIZEOF_POINTER__' | sed '/^#/d') + case $ptrsize in + 8) _curlbuild=curlbuild-64.h ;; + 4) _curlbuild=curlbuild-32.h ;; + *) error "unknown pointer size for architecture: %s bytes" "$ptrsize" + exit 1 + ;; + esac + # license install -Dm644 COPYING "$pkgdir/usr/share/licenses/$pkgname/COPYING" diff --git a/core/gcc/PKGBUILD b/core/gcc/PKGBUILD index 4b855c496..393b40877 100644 --- a/core/gcc/PKGBUILD +++ b/core/gcc/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 181166 2013-04-02 06:48:56Z allan $ +# $Id: PKGBUILD 182769 2013-04-15 01:13:43Z allan $ # Maintainer: Allan McRae # toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc @@ -6,18 +6,18 @@ pkgname=('gcc' 'gcc-libs' 'gcc-fortran' 'gcc-objc' 'gcc-ada' 'gcc-go') pkgver=4.8.0 -pkgrel=1 -#_snapshot=4.7-20120721 +pkgrel=2 +_snapshot=4.8-20130411 pkgdesc="The GNU Compiler Collection" arch=('i686' 'x86_64') license=('GPL' 'LGPL' 'FDL' 'custom') url="http://gcc.gnu.org" makedepends=('binutils>=2.23' 'libmpc' 'cloog' 'gcc-ada' 'doxygen') -checkdepends=('dejagnu') +checkdepends=('dejagnu' 'inetutils') options=('!libtool' '!emptydirs') -source=(ftp://gcc.gnu.org/pub/gcc/releases/gcc-${pkgver}/gcc-${pkgver}.tar.bz2) - #ftp://gcc.gnu.org/pub/gcc/snapshots/${_snapshot}/gcc-${_snapshot}.tar.bz2 -md5sums=('e6040024eb9e761c3bea348d1fa5abb0') +source=(ftp://gcc.gnu.org/pub/gcc/snapshots/${_snapshot}/gcc-${_snapshot}.tar.bz2) + #ftp://gcc.gnu.org/pub/gcc/releases/gcc-${pkgver}/gcc-${pkgver}.tar.bz2 +md5sums=('cb529205469260f0d56adc01088c4850') if [ -n "${_snapshot}" ]; then @@ -26,7 +26,7 @@ else _basedir=gcc-${pkgver} fi -build() { +prepare() { cd ${srcdir}/${_basedir} # Do not run fixincludes @@ -37,14 +37,20 @@ build() { echo ${pkgver} > gcc/BASE-VER + # hack! - some configure tests for header files using "$CPP $CPPFLAGS" + sed -i "/ac_cpp=/s/\$CPPFLAGS/\$CPPFLAGS -O2/" {libiberty,gcc}/configure + + mkdir ${srcdir}/gcc-build +} + +build() { + cd ${srcdir}/gcc-build + # using -pipe causes spurious test-suite failures # http://gcc.gnu.org/bugzilla/show_bug.cgi?id=48565 CFLAGS=${CFLAGS/-pipe/} CXXFLAGS=${CXXFLAGS/-pipe/} - cd ${srcdir} - mkdir gcc-build && cd gcc-build - ${srcdir}/${_basedir}/configure --prefix=/usr \ --libdir=/usr/lib --libexecdir=/usr/lib \ --mandir=/usr/share/man --infodir=/usr/share/info \ @@ -132,17 +138,15 @@ package_gcc() # unfortunately it is much, much easier to install the lot and clean-up the mess... rm $pkgdir/usr/bin/{{$CHOST-,}gfortran,{$CHOST-,}gccgo,gnat*} rm $pkgdir/usr/lib/*.so* - rm $pkgdir/usr/lib/lib{atomic,ffi,gfortran,go{,begin},iberty,objc}.a + rm $pkgdir/usr/lib/lib{atomic,gfortran,go{,begin},iberty,objc}.a rm $pkgdir/usr/lib/libgfortran.spec rm -r $pkgdir/usr/lib/gcc/$CHOST/${pkgver}/{ada{include,lib},finclude,include/objc} - rm $pkgdir/usr/lib/gcc/$CHOST/${pkgver}/include/ffi{,target}.h rm $pkgdir/usr/lib/gcc/$CHOST/${pkgver}/{cc1obj{,plus},f951,gnat1,go1} rm $pkgdir/usr/lib/gcc/$CHOST/${pkgver}/{libcaf_single,libgfortranbegin}.a rm -r $pkgdir/usr/lib/go - rm $pkgdir/usr/share/info/{gccgo,gfortran,gnat*,libffi,libgomp,libquadmath,libitm}.info + rm $pkgdir/usr/share/info/{gccgo,gfortran,gnat*,libgomp,libquadmath,libitm}.info rm $pkgdir/usr/share/locale/{de,fr}/LC_MESSAGES/libstdc++.mo rm $pkgdir/usr/share/man/man1/{gccgo,gfortran}.1 - rm $pkgdir/usr/share/man/man3/ffi* # many packages expect this symlinks ln -s gcc ${pkgdir}/usr/bin/cc diff --git a/core/gpm/PKGBUILD b/core/gpm/PKGBUILD index d77f47151..fbb494374 100644 --- a/core/gpm/PKGBUILD +++ b/core/gpm/PKGBUILD @@ -1,22 +1,19 @@ -# $Id: PKGBUILD 170033 2012-10-31 05:23:26Z eric $ +# $Id: PKGBUILD 182863 2013-04-15 21:02:26Z eric $ # Maintainer: Eric BĂ©langer pkgname=gpm pkgver=1.20.7 -pkgrel=1 +pkgrel=2 pkgdesc="A mouse server for the console and xterm" arch=('i686' 'x86_64') url="http://www.nico.schottelius.org/software/gpm/" license=('GPL') depends=('ncurses' 'bash') -backup=('etc/conf.d/gpm') options=('!makeflags') install=gpm.install source=(http://www.nico.schottelius.org/software/gpm/archives/${pkgname}-${pkgver}.tar.lzma \ - gpm gpm.conf.d gpm.sh gpm.service) + gpm.sh gpm.service) sha1sums=('8d9f3655c80ce7667d31ede2a100b44986480369' - '19e1feb1493373512a77801699df012d186336ea' - '4c31cb7dd51cee4d16d3f7a8956e6d87fac1ad86' '88fe5ff10916c68a87abc8418a56eb0073f69fa9' '20b92360f0ad38a2032fcae37bdbd01b31e43f77') @@ -30,8 +27,6 @@ build() { package() { cd "${srcdir}/${pkgname}-${pkgver}" make DESTDIR="${pkgdir}" install - install -D -m755 ../gpm "${pkgdir}/etc/rc.d/gpm" - install -D -m644 ../gpm.conf.d "${pkgdir}/etc/conf.d/gpm" install -D -m755 ../gpm.sh "${pkgdir}/etc/profile.d/gpm.sh" install -D -m644 ../gpm.service "${pkgdir}/usr/lib/systemd/system/gpm.service" diff --git a/core/gpm/gpm b/core/gpm/gpm deleted file mode 100755 index 7b5213dd7..000000000 --- a/core/gpm/gpm +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -# source application-specific settings -GPM_ARGS= -[ -f /etc/conf.d/gpm ] && . /etc/conf.d/gpm - -. /etc/rc.conf -. /etc/rc.d/functions - -PID=$(pidof -o %PPID /usr/sbin/gpm) -case "$1" in - start) - stat_busy "Starting GPM Daemon" - [ -z "$PID" ] && /usr/sbin/gpm ${GPM_ARGS} - PID=$(pidof -o %PPID /usr/sbin/gpm) - if [ -z "$PID" ]; then - stat_fail - else - add_daemon gpm - stat_done - fi - ;; - stop) - stat_busy "Stopping GPM Daemon" - [ ! -z "$PID" ] && kill $PID &> /dev/null - if [ $? -gt 0 ]; then - stat_fail - else - rm_daemon gpm - stat_done - fi - ;; - restart) - $0 stop - sleep 1 - $0 start - ;; - *) - echo "usage: $0 {start|stop|restart}" -esac -exit 0 diff --git a/core/gpm/gpm.conf.d b/core/gpm/gpm.conf.d deleted file mode 100644 index ab43bb7eb..000000000 --- a/core/gpm/gpm.conf.d +++ /dev/null @@ -1,4 +0,0 @@ -# -# Parameters to be passed to gpm -# -GPM_ARGS="-m /dev/input/mice -t imps2" diff --git a/core/isl/PKGBUILD b/core/isl/PKGBUILD index 7333352ed..ac1fc27bc 100644 --- a/core/isl/PKGBUILD +++ b/core/isl/PKGBUILD @@ -1,9 +1,9 @@ -# $Id: PKGBUILD 182142 2013-04-08 05:56:24Z allan $ +# $Id: PKGBUILD 182768 2013-04-15 01:13:42Z allan $ # Maintainer: Allan McRae pkgname=isl -pkgver=0.11.1 -pkgrel=2 +pkgver=0.11.2 +pkgrel=1 pkgdesc="Library for manipulating sets and relations of integer points bounded by linear constraints" arch=('i686' 'x86_64') url="http://www.kotnet.org/~skimo/isl/" @@ -11,7 +11,7 @@ depends=('gmp') license=('MIT') options=('!libtool') source=(http://www.kotnet.org/~skimo/isl/$pkgname-$pkgver.tar.bz2) -md5sums=('bce1586384d8635a76d2f017fb067cd2') +md5sums=('c40daa17d2995d1c98a0c1aca607541f') build() { cd "$srcdir/$pkgname-$pkgver" @@ -29,7 +29,7 @@ package() { make -j1 DESTDIR="$pkgdir/" install install -dm755 $pkgdir/usr/share/gdb/auto-load/usr/lib/ - mv $pkgdir/{,/usr/share/gdb/auto-load/}usr/lib/libisl.so.10.1.1-gdb.py + mv $pkgdir/{,/usr/share/gdb/auto-load/}usr/lib/libisl.so.10.1.2-gdb.py install -Dm644 LICENSE $pkgdir/usr/share/licenses/isl/LICENSE } diff --git a/core/perl/CVE-2012-6329.patch b/core/perl/CVE-2012-6329.patch new file mode 100644 index 000000000..5f59e03c1 --- /dev/null +++ b/core/perl/CVE-2012-6329.patch @@ -0,0 +1,79 @@ +commit 1735f6f53ca19f99c6e9e39496c486af323ba6a8 +Author: Brian Carlson +Date: Wed Nov 28 08:54:33 2012 -0500 + + Fix misparsing of maketext strings. + + Case 61251: This commit fixes a misparse of maketext strings that could + lead to arbitrary code execution. Basically, maketext was compiling + bracket notation into functions, but neglected to escape backslashes + inside the content or die on fully-qualified method names when + generating the code. This change escapes all such backslashes and dies + when a method name with a colon or apostrophe is specified. +--- + AUTHORS | 1 + + dist/Locale-Maketext/lib/Locale/Maketext.pm | 24 ++++++++---------------- + 2 files changed, 9 insertions(+), 16 deletions(-) + +diff --git a/AUTHORS b/AUTHORS +index 70734b0..009dea0 100644 +--- a/AUTHORS ++++ b/AUTHORS +@@ -154,6 +154,7 @@ Breno G. de Oliveira + Brent Dax + Brooks D Boyd + Brian Callaghan ++Brian Carlson + Brian Clarke + brian d foy + Brian Fraser +diff --git a/dist/Locale-Maketext/lib/Locale/Maketext.pm b/dist/Locale-Maketext/lib/Locale/Maketext.pm +index 4822027..63e5fba 100644 +--- a/dist/Locale-Maketext/lib/Locale/Maketext.pm ++++ b/dist/Locale-Maketext/lib/Locale/Maketext.pm +@@ -625,21 +625,9 @@ sub _compile { + # 0-length method name means to just interpolate: + push @code, ' ('; + } +- elsif($m =~ /^\w+(?:\:\:\w+)*$/s +- and $m !~ m/(?:^|\:)\d/s +- # exclude starting a (sub)package or symbol with a digit ++ elsif($m =~ /^\w+$/s ++ # exclude anything fancy, especially fully-qualified module names + ) { +- # Yes, it even supports the demented (and undocumented?) +- # $obj->Foo::bar(...) syntax. +- $target->_die_pointing( +- $string_to_compile, q{Can't use "SUPER::" in a bracket-group method}, +- 2 + length($c[-1]) +- ) +- if $m =~ m/^SUPER::/s; +- # Because for SUPER:: to work, we'd have to compile this into +- # the right package, and that seems just not worth the bother, +- # unless someone convinces me otherwise. +- + push @code, ' $_[0]->' . $m . '('; + } + else { +@@ -693,7 +681,9 @@ sub _compile { + elsif(substr($1,0,1) ne '~') { + # it's stuff not containing "~" or "[" or "]" + # i.e., a literal blob +- $c[-1] .= $1; ++ my $text = $1; ++ $text =~ s/\\/\\\\/g; ++ $c[-1] .= $text; + + } + elsif($1 eq '~~') { # "~~" +@@ -731,7 +721,9 @@ sub _compile { + else { + # It's a "~X" where X is not a special character. + # Consider it a literal ~ and X. +- $c[-1] .= $1; ++ my $text = $1; ++ $text =~ s/\\/\\\\/g; ++ $c[-1] .= $text; + } + } + } diff --git a/core/perl/PKGBUILD b/core/perl/PKGBUILD index 1dd0db9fb..29693141f 100644 --- a/core/perl/PKGBUILD +++ b/core/perl/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 180140 2013-03-18 08:31:17Z bluewind $ +# $Id: PKGBUILD 182787 2013-04-15 10:15:37Z bluewind $ # Maintainer: Florian Pritz # Contributor: Angel Velasquez # Contributor: kevin @@ -7,7 +7,7 @@ pkgname=perl pkgver=5.16.3 -pkgrel=1 +pkgrel=2 pkgdesc="A highly capable, feature-rich programming language" arch=(i686 x86_64) license=('GPL' 'PerlArtistic') @@ -18,6 +18,7 @@ source=(http://www.cpan.org/src/5.0/perl-${pkgver}.tar.bz2 cgi-cr-escaping.diff perlbin.sh perlbin.csh + CVE-2012-6329.patch provides.pl) install=perl.install options=('makeflags' '!purge') @@ -25,6 +26,7 @@ md5sums=('025102de0e4a597cf541e57da80c6aa3' '0486659c9eefe682364a3e364d814296' '5ed2542fdb9a60682f215bd33701e61a' '1f0cbbee783e8a6d32f01be5118e0d5e' + '5dc374e095d896fb30618e414aeb9017' '999c3eea6464860704abbb055a0f0896') # workaround to let the integrity check find the correct provides array if [[ ${0##*/} = "parse_pkgbuilds.sh" ]]; then @@ -35,6 +37,7 @@ build() { cd ${srcdir}/${pkgname}-${pkgver} patch -i "$srcdir/cgi-cr-escaping.diff" -p1 + patch -i "$srcdir/CVE-2012-6329.patch" -p1 if [ "${CARCH}" = "x86_64" ]; then # for x86_64 -- cgit v1.2.3-54-g00ecf