[git.ipfire.org] IPFire 3.x development tree branch, master, updated. bef9b7be19c1df172576f3c963c9febe270c8c5a
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via bef9b7be19c1df172576f3c963c9febe270c8c5a (commit) via f235f2662d1d5bc64a0c38b2bb2df4d880ae496c (commit) via aec6d4b016d4cf33a1453b13796c7de992c0a773 (commit) via 9db818e66af8e2e1ae017254c324c3834b874e08 (commit) via ad5390d08dd283d4ccf7a1896a8bf2c159356253 (commit) via fc6c9e6587a4e957e0470c0baf8e9c8a4f7f9a10 (commit) via 3d60007df141b2e6f634d0277cb251c27025d9e8 (commit) from 9bf77c63d07566141a318b206f7766d445efd8b0 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit bef9b7be19c1df172576f3c963c9febe270c8c5a Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Apr 12 19:33:04 2014 +0200
gmp: Update to 6.0.0 and new compat-gmp package.
Fixes #10519 and #10520.
commit f235f2662d1d5bc64a0c38b2bb2df4d880ae496c Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Apr 12 19:25:22 2014 +0200
libpng: Update to 1.6.10.
Fixes #10516.
commit aec6d4b016d4cf33a1453b13796c7de992c0a773 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Apr 12 17:20:12 2014 +0200
grep: Update to version 2.18.
commit 9db818e66af8e2e1ae017254c324c3834b874e08 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Apr 12 16:59:25 2014 +0200
openssl: Fix CVE-2014-0160 aka Heartbleed.
commit ad5390d08dd283d4ccf7a1896a8bf2c159356253 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 10 12:43:55 2014 +0200
pcre: Update to 8.35.
commit fc6c9e6587a4e957e0470c0baf8e9c8a4f7f9a10 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 10 12:43:05 2014 +0200
pciutils: Update to 3.2.1.
commit 3d60007df141b2e6f634d0277cb251c27025d9e8 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 10 12:41:07 2014 +0200
file: Update to 5.18.
-----------------------------------------------------------------------
Summary of changes: compat-gmp/compat-gmp.nm | 77 +++++++++++++++++++++ compat-gmp/patches/gmp-fix-tscan.patch0 | 13 ++++ file/file.nm | 2 +- gmp/gmp.nm | 51 ++++---------- grep/grep.nm | 7 +- libpng/libpng.nm | 2 +- openssl/openssl.nm | 2 +- openssl/patches/openssl.git-96db902.patch | 108 ++++++++++++++++++++++++++++++ pciutils/pciutils.nm | 2 +- pcre/pcre.nm | 4 +- 10 files changed, 218 insertions(+), 50 deletions(-) create mode 100644 compat-gmp/compat-gmp.nm create mode 100644 compat-gmp/patches/gmp-fix-tscan.patch0 create mode 100644 openssl/patches/openssl.git-96db902.patch
Difference in files: diff --git a/compat-gmp/compat-gmp.nm b/compat-gmp/compat-gmp.nm new file mode 100644 index 0000000..fc1d918 --- /dev/null +++ b/compat-gmp/compat-gmp.nm @@ -0,0 +1,77 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +name = compat-gmp +version = 4.3.2 +release = 1 +thisapp = gmp-%{version} + +groups = System/Libraries +url = http://gmplib.org/ +license = LGPLv3+ +summary = A GNU arbitrary precision library. + +description + The gmp package contains GNU MP, a library for arbitrary precision + arithmetic, signed integers operations, rational numbers and floating + point numbers. GNU MP is designed for speed, for both small and very + large operands. GNU MP is fast because it uses fullwords as the basic + arithmetic type, it uses fast algorithms, it carefully optimizes + assembly code for many CPUs' most common inner loops, and it generally + emphasizes speed over simplicity/elegance in its operations. +end + +source_dl += https://gmplib.org/download/gmp/ ftp://ftp.gnu.org/gnu/gmp/ +sources = %{thisapp}.tar.xz + +build + requires + gcc-c++ + m4 + end + + export ABI = standard + + if "%{DISTRO_ARCH}" == "x86_64" + ABI = 64 + end + + if "%{DISTRO_ARCH}" == "i686" + ABI = 32 + end + + configure_options += \ + --enable-cxx \ + --enable-mpbsd \ + --disable-static + + test + export LD_LIBRARY_PATH=$(pwd)/.libs + make check + end + + install + # Install just the library and no headers. + mkdir -pv %{BUILDROOT}%{libdir} + install -m 644 .libs/libgmp.so.3.5.2 %{BUILDROOT}%{libdir} + ln -svf libgmp.so.3.5.2 %{BUILDROOT}%{libdir}/libgmp.so.3 + end +end + +packages + package %{name} + provides + gmp = %{thisver} + end + + obsoletes + gmp <= %{thisver} + end + end + + package %{name}-debuginfo + template DEBUGINFO + end +end diff --git a/compat-gmp/patches/gmp-fix-tscan.patch0 b/compat-gmp/patches/gmp-fix-tscan.patch0 new file mode 100644 index 0000000..cddbfe0 --- /dev/null +++ b/compat-gmp/patches/gmp-fix-tscan.patch0 @@ -0,0 +1,13 @@ +https://gmplib.org/list-archives/gmp-bugs/2011-October/002417.html + +--- tests/mpz/t-scan.c 2011-05-08 11:49:29.000000000 +0200 ++++ tests/mpz/t-scan.c 2011-10-10 16:37:13.657829003 +0200 +@@ -79,7 +79,7 @@ + + for (isize = 0; isize <= size; isize++) + { +- for (oindex = 0; oindex <= numberof (offset); oindex++) ++ for (oindex = 0; oindex < numberof (offset); oindex++) + { + o = offset[oindex]; + if ((int) isize*GMP_NUMB_BITS < -o) diff --git a/file/file.nm b/file/file.nm index c9eed0d..9ac198e 100644 --- a/file/file.nm +++ b/file/file.nm @@ -4,7 +4,7 @@ ###############################################################################
name = file -version = 5.13 +version = 5.18 release = 1
groups = System/Tools diff --git a/gmp/gmp.nm b/gmp/gmp.nm index 8eee8fa..a3cd0f2 100644 --- a/gmp/gmp.nm +++ b/gmp/gmp.nm @@ -4,11 +4,9 @@ ###############################################################################
name = gmp -version = 5.0.5 +version = 6.0.0 release = 1
-compat_version = 4.3.2 - groups = System/Libraries url = http://gmplib.org/ license = LGPLv3+ @@ -24,8 +22,8 @@ description emphasizes speed over simplicity/elegance in its operations. end
-source_dl += ftp://ftp.gnu.org/gnu/gmp/ -sources = %{thisapp}.tar.bz2 %{name}-%{compat_version}.tar.bz2 +source_dl += https://gmplib.org/download/gmp/ ftp://ftp.gnu.org/gnu/gmp/ +sources = %{thisapp}.tar.xz
build requires @@ -55,6 +53,12 @@ build --enable-mpbsd \ --disable-static
+ if "%{DISTRO_ARCH}" == "armv7hl" + # GMP cannot be built with THUMB support. + CFLAGS := %(echo "%{CFLAGS}" | sed -e "s/-mthumb//g") + CXXFLAGS := %(echo "%{CXXFLAGS}" | sed -e "s/-mthumb//g") + end + prepare_cmds for version in %{build_versions}; do mkdir -p build-${version} @@ -66,10 +70,8 @@ build end
build_one - CFLAGS="${CFLAGS}" \ - CXXFLAGS="${CXXFLAGS}" \ - ./configure \ - %{configure_options} + ./configure \ + %{configure_options}
# Kill RPATHs. sed -e 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' \ @@ -91,18 +93,14 @@ build CXXFLAGS="%{CXXFLAGS}" if [ "${version}" = "sse2" ]; then # Enable sse2. - CFLAGS="${CFLAGS} -march=pentium4" - CXXFLAGS="${CXXFLAGS} -march=pentium4" + CFLAGS="%{CFLAGS} -march=pentium4" + CXXFLAGS="%{CXXFLAGS} -march=pentium4" fi
%{build_one}
cd .. done - - # Build compat version of library. - cd %{DIR_SRC}/%{name}-%{compat_version} - %{build_one} end
test @@ -114,12 +112,6 @@ build
cd .. done - - # Check compat version of library. - cd %{DIR_SRC}/%{name}-%{compat_version} - - export LD_LIBRARY_PATH=$(pwd)/.libs - make check end
install @@ -137,21 +129,12 @@ build install -m 755 .libs/libgmpxx.so.*.* %{BUILDROOT}/usr/lib/sse2 cp -a .libs/libgmpxx.so.? %{BUILDROOT}/usr/lib/sse2 chmod 755 %{BUILDROOT}/usr/lib/sse2/libgmpxx.so.? - - install -m 755 .libs/libmp.so.*.* %{BUILDROOT}/usr/lib/sse2 - cp -a .libs/libmp.so.? %{BUILDROOT}/usr/lib/sse2 - chmod 755 %{BUILDROOT}/usr/lib/sse2/libmp.so.? else make install DESTDIR="%{BUILDROOT}" fi
cd .. done - - # Install compat version of library. - cd %{DIR_SRC}/%{name}-%{compat_version} - install -m 644 .libs/libgmp.so.3.5.2 %{BUILDROOT}%{libdir} - ln -svf libgmp.so.3.5.2 %{BUILDROOT}%{libdir}/libgmp.so.3 end end
@@ -162,14 +145,6 @@ packages template DEVEL end
- package %{name}-compat - summary = Compatibility version of %{thisapp} (%{compat_version}). - - files - %{libdir}/libgmp.so.3* - end - end - package %{name}-debuginfo template DEBUGINFO end diff --git a/grep/grep.nm b/grep/grep.nm index 2dea0cc..1462ba3 100644 --- a/grep/grep.nm +++ b/grep/grep.nm @@ -4,7 +4,7 @@ ###############################################################################
name = grep -version = 2.17 +version = 2.18 release = 1
groups = Applications/Text @@ -30,11 +30,6 @@ build texinfo end
- prepare_cmds - sed -e "s/gnulib-tests//" -i Makefile.am - autoreconf -vfi - end - configure_options += \ --without-included-regex
diff --git a/libpng/libpng.nm b/libpng/libpng.nm index 09083e2..688151f 100644 --- a/libpng/libpng.nm +++ b/libpng/libpng.nm @@ -4,7 +4,7 @@ ###############################################################################
name = libpng -version = 1.6.8 +version = 1.6.10 release = 1
compat_ver = 1.5.17 diff --git a/openssl/openssl.nm b/openssl/openssl.nm index b52e8c7..5a7e24e 100644 --- a/openssl/openssl.nm +++ b/openssl/openssl.nm @@ -5,7 +5,7 @@
name = openssl version = 1.0.1e -release = 1 +release = 2
maintainer = Michael Tremer michael.tremer@ipfire.org groups = System/Libraries diff --git a/openssl/patches/openssl.git-96db902.patch b/openssl/patches/openssl.git-96db902.patch new file mode 100644 index 0000000..6fed32a --- /dev/null +++ b/openssl/patches/openssl.git-96db902.patch @@ -0,0 +1,108 @@ +From: Dr. Stephen Henson steve@openssl.org +Date: Sat, 5 Apr 2014 23:51:06 +0000 (+0100) +Subject: Add heartbeat extension bounds check. +X-Git-Tag: OpenSSL_1_0_1g~3 +X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=96db902 + +Add heartbeat extension bounds check. + +A missing bounds check in the handling of the TLS heartbeat extension +can be used to reveal up to 64k of memory to a connected client or +server. + +Thanks for Neel Mehta of Google Security for discovering this bug and to +Adam Langley agl@chromium.org and Bodo Moeller bmoeller@acm.org for +preparing the fix (CVE-2014-0160) +--- + +diff --git a/ssl/d1_both.c b/ssl/d1_both.c +index 7a5596a..2e8cf68 100644 +--- a/ssl/d1_both.c ++++ b/ssl/d1_both.c +@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s) + unsigned int payload; + unsigned int padding = 16; /* Use minimum padding */ + +- /* Read type and payload length first */ +- hbtype = *p++; +- n2s(p, payload); +- pl = p; +- + if (s->msg_callback) + s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, + &s->s3->rrec.data[0], s->s3->rrec.length, + s, s->msg_callback_arg); + ++ /* Read type and payload length first */ ++ if (1 + 2 + 16 > s->s3->rrec.length) ++ return 0; /* silently discard */ ++ hbtype = *p++; ++ n2s(p, payload); ++ if (1 + 2 + payload + 16 > s->s3->rrec.length) ++ return 0; /* silently discard per RFC 6520 sec. 4 */ ++ pl = p; ++ + if (hbtype == TLS1_HB_REQUEST) + { + unsigned char *buffer, *bp; ++ unsigned int write_length = 1 /* heartbeat type */ + ++ 2 /* heartbeat length */ + ++ payload + padding; + int r; + ++ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) ++ return 0; ++ + /* Allocate memory for the response, size is 1 byte + * message type, plus 2 bytes payload length, plus + * payload, plus padding + */ +- buffer = OPENSSL_malloc(1 + 2 + payload + padding); ++ buffer = OPENSSL_malloc(write_length); + bp = buffer; + + /* Enter response type, length and copy payload */ +@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s) + /* Random padding */ + RAND_pseudo_bytes(bp, padding); + +- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); ++ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); + + if (r >= 0 && s->msg_callback) + s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, +- buffer, 3 + payload + padding, ++ buffer, write_length, + s, s->msg_callback_arg); + + OPENSSL_free(buffer); +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index b82fada..bddffd9 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s) + unsigned int payload; + unsigned int padding = 16; /* Use minimum padding */ + +- /* Read type and payload length first */ +- hbtype = *p++; +- n2s(p, payload); +- pl = p; +- + if (s->msg_callback) + s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, + &s->s3->rrec.data[0], s->s3->rrec.length, + s, s->msg_callback_arg); + ++ /* Read type and payload length first */ ++ if (1 + 2 + 16 > s->s3->rrec.length) ++ return 0; /* silently discard */ ++ hbtype = *p++; ++ n2s(p, payload); ++ if (1 + 2 + payload + 16 > s->s3->rrec.length) ++ return 0; /* silently discard per RFC 6520 sec. 4 */ ++ pl = p; ++ + if (hbtype == TLS1_HB_REQUEST) + { + unsigned char *buffer, *bp; diff --git a/pciutils/pciutils.nm b/pciutils/pciutils.nm index edcf016..f280520 100644 --- a/pciutils/pciutils.nm +++ b/pciutils/pciutils.nm @@ -4,7 +4,7 @@ ###############################################################################
name = pciutils -version = 3.2.0 +version = 3.2.1 release = 1
groups = System/Base diff --git a/pcre/pcre.nm b/pcre/pcre.nm index f25f130..506d827 100644 --- a/pcre/pcre.nm +++ b/pcre/pcre.nm @@ -4,8 +4,8 @@ ###############################################################################
name = pcre -version = 8.34 -release = 2 +version = 8.35 +release = 1
compat_version = 8.21
hooks/post-receive -- IPFire 3.x development tree
-
git@ipfire.org