From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 3.x development tree branch, master, updated. bef9b7be19c1df172576f3c963c9febe270c8c5a
Date: Sat, 12 Apr 2014 19:35:04 +0200 [thread overview]
Message-ID: <20140412173505.02981210FA@argus.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 15279 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 3.x development tree".
The branch, master has been updated
via bef9b7be19c1df172576f3c963c9febe270c8c5a (commit)
via f235f2662d1d5bc64a0c38b2bb2df4d880ae496c (commit)
via aec6d4b016d4cf33a1453b13796c7de992c0a773 (commit)
via 9db818e66af8e2e1ae017254c324c3834b874e08 (commit)
via ad5390d08dd283d4ccf7a1896a8bf2c159356253 (commit)
via fc6c9e6587a4e957e0470c0baf8e9c8a4f7f9a10 (commit)
via 3d60007df141b2e6f634d0277cb251c27025d9e8 (commit)
from 9bf77c63d07566141a318b206f7766d445efd8b0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bef9b7be19c1df172576f3c963c9febe270c8c5a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Apr 12 19:33:04 2014 +0200
gmp: Update to 6.0.0 and new compat-gmp package.
Fixes #10519 and #10520.
commit f235f2662d1d5bc64a0c38b2bb2df4d880ae496c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Apr 12 19:25:22 2014 +0200
libpng: Update to 1.6.10.
Fixes #10516.
commit aec6d4b016d4cf33a1453b13796c7de992c0a773
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Apr 12 17:20:12 2014 +0200
grep: Update to version 2.18.
commit 9db818e66af8e2e1ae017254c324c3834b874e08
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Apr 12 16:59:25 2014 +0200
openssl: Fix CVE-2014-0160 aka Heartbleed.
commit ad5390d08dd283d4ccf7a1896a8bf2c159356253
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 10 12:43:55 2014 +0200
pcre: Update to 8.35.
commit fc6c9e6587a4e957e0470c0baf8e9c8a4f7f9a10
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 10 12:43:05 2014 +0200
pciutils: Update to 3.2.1.
commit 3d60007df141b2e6f634d0277cb251c27025d9e8
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Apr 10 12:41:07 2014 +0200
file: Update to 5.18.
-----------------------------------------------------------------------
Summary of changes:
compat-gmp/compat-gmp.nm | 77 +++++++++++++++++++++
compat-gmp/patches/gmp-fix-tscan.patch0 | 13 ++++
file/file.nm | 2 +-
gmp/gmp.nm | 51 ++++----------
grep/grep.nm | 7 +-
libpng/libpng.nm | 2 +-
openssl/openssl.nm | 2 +-
openssl/patches/openssl.git-96db902.patch | 108 ++++++++++++++++++++++++++++++
pciutils/pciutils.nm | 2 +-
pcre/pcre.nm | 4 +-
10 files changed, 218 insertions(+), 50 deletions(-)
create mode 100644 compat-gmp/compat-gmp.nm
create mode 100644 compat-gmp/patches/gmp-fix-tscan.patch0
create mode 100644 openssl/patches/openssl.git-96db902.patch
Difference in files:
diff --git a/compat-gmp/compat-gmp.nm b/compat-gmp/compat-gmp.nm
new file mode 100644
index 0000000..fc1d918
--- /dev/null
+++ b/compat-gmp/compat-gmp.nm
@@ -0,0 +1,77 @@
+###############################################################################
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) - IPFire Development Team <info(a)ipfire.org> #
+###############################################################################
+
+name = compat-gmp
+version = 4.3.2
+release = 1
+thisapp = gmp-%{version}
+
+groups = System/Libraries
+url = http://gmplib.org/
+license = LGPLv3+
+summary = A GNU arbitrary precision library.
+
+description
+ The gmp package contains GNU MP, a library for arbitrary precision
+ arithmetic, signed integers operations, rational numbers and floating
+ point numbers. GNU MP is designed for speed, for both small and very
+ large operands. GNU MP is fast because it uses fullwords as the basic
+ arithmetic type, it uses fast algorithms, it carefully optimizes
+ assembly code for many CPUs' most common inner loops, and it generally
+ emphasizes speed over simplicity/elegance in its operations.
+end
+
+source_dl += https://gmplib.org/download/gmp/ ftp://ftp.gnu.org/gnu/gmp/
+sources = %{thisapp}.tar.xz
+
+build
+ requires
+ gcc-c++
+ m4
+ end
+
+ export ABI = standard
+
+ if "%{DISTRO_ARCH}" == "x86_64"
+ ABI = 64
+ end
+
+ if "%{DISTRO_ARCH}" == "i686"
+ ABI = 32
+ end
+
+ configure_options += \
+ --enable-cxx \
+ --enable-mpbsd \
+ --disable-static
+
+ test
+ export LD_LIBRARY_PATH=$(pwd)/.libs
+ make check
+ end
+
+ install
+ # Install just the library and no headers.
+ mkdir -pv %{BUILDROOT}%{libdir}
+ install -m 644 .libs/libgmp.so.3.5.2 %{BUILDROOT}%{libdir}
+ ln -svf libgmp.so.3.5.2 %{BUILDROOT}%{libdir}/libgmp.so.3
+ end
+end
+
+packages
+ package %{name}
+ provides
+ gmp = %{thisver}
+ end
+
+ obsoletes
+ gmp <= %{thisver}
+ end
+ end
+
+ package %{name}-debuginfo
+ template DEBUGINFO
+ end
+end
diff --git a/compat-gmp/patches/gmp-fix-tscan.patch0 b/compat-gmp/patches/gmp-fix-tscan.patch0
new file mode 100644
index 0000000..cddbfe0
--- /dev/null
+++ b/compat-gmp/patches/gmp-fix-tscan.patch0
@@ -0,0 +1,13 @@
+https://gmplib.org/list-archives/gmp-bugs/2011-October/002417.html
+
+--- tests/mpz/t-scan.c 2011-05-08 11:49:29.000000000 +0200
++++ tests/mpz/t-scan.c 2011-10-10 16:37:13.657829003 +0200
+@@ -79,7 +79,7 @@
+
+ for (isize = 0; isize <= size; isize++)
+ {
+- for (oindex = 0; oindex <= numberof (offset); oindex++)
++ for (oindex = 0; oindex < numberof (offset); oindex++)
+ {
+ o = offset[oindex];
+ if ((int) isize*GMP_NUMB_BITS < -o)
diff --git a/file/file.nm b/file/file.nm
index c9eed0d..9ac198e 100644
--- a/file/file.nm
+++ b/file/file.nm
@@ -4,7 +4,7 @@
###############################################################################
name = file
-version = 5.13
+version = 5.18
release = 1
groups = System/Tools
diff --git a/gmp/gmp.nm b/gmp/gmp.nm
index 8eee8fa..a3cd0f2 100644
--- a/gmp/gmp.nm
+++ b/gmp/gmp.nm
@@ -4,11 +4,9 @@
###############################################################################
name = gmp
-version = 5.0.5
+version = 6.0.0
release = 1
-compat_version = 4.3.2
-
groups = System/Libraries
url = http://gmplib.org/
license = LGPLv3+
@@ -24,8 +22,8 @@ description
emphasizes speed over simplicity/elegance in its operations.
end
-source_dl += ftp://ftp.gnu.org/gnu/gmp/
-sources = %{thisapp}.tar.bz2 %{name}-%{compat_version}.tar.bz2
+source_dl += https://gmplib.org/download/gmp/ ftp://ftp.gnu.org/gnu/gmp/
+sources = %{thisapp}.tar.xz
build
requires
@@ -55,6 +53,12 @@ build
--enable-mpbsd \
--disable-static
+ if "%{DISTRO_ARCH}" == "armv7hl"
+ # GMP cannot be built with THUMB support.
+ CFLAGS := %(echo "%{CFLAGS}" | sed -e "s/-mthumb//g")
+ CXXFLAGS := %(echo "%{CXXFLAGS}" | sed -e "s/-mthumb//g")
+ end
+
prepare_cmds
for version in %{build_versions}; do
mkdir -p build-${version}
@@ -66,10 +70,8 @@ build
end
build_one
- CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
- ./configure \
- %{configure_options}
+ ./configure \
+ %{configure_options}
# Kill RPATHs.
sed -e 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' \
@@ -91,18 +93,14 @@ build
CXXFLAGS="%{CXXFLAGS}"
if [ "${version}" = "sse2" ]; then
# Enable sse2.
- CFLAGS="${CFLAGS} -march=pentium4"
- CXXFLAGS="${CXXFLAGS} -march=pentium4"
+ CFLAGS="%{CFLAGS} -march=pentium4"
+ CXXFLAGS="%{CXXFLAGS} -march=pentium4"
fi
%{build_one}
cd ..
done
-
- # Build compat version of library.
- cd %{DIR_SRC}/%{name}-%{compat_version}
- %{build_one}
end
test
@@ -114,12 +112,6 @@ build
cd ..
done
-
- # Check compat version of library.
- cd %{DIR_SRC}/%{name}-%{compat_version}
-
- export LD_LIBRARY_PATH=$(pwd)/.libs
- make check
end
install
@@ -137,21 +129,12 @@ build
install -m 755 .libs/libgmpxx.so.*.* %{BUILDROOT}/usr/lib/sse2
cp -a .libs/libgmpxx.so.? %{BUILDROOT}/usr/lib/sse2
chmod 755 %{BUILDROOT}/usr/lib/sse2/libgmpxx.so.?
-
- install -m 755 .libs/libmp.so.*.* %{BUILDROOT}/usr/lib/sse2
- cp -a .libs/libmp.so.? %{BUILDROOT}/usr/lib/sse2
- chmod 755 %{BUILDROOT}/usr/lib/sse2/libmp.so.?
else
make install DESTDIR="%{BUILDROOT}"
fi
cd ..
done
-
- # Install compat version of library.
- cd %{DIR_SRC}/%{name}-%{compat_version}
- install -m 644 .libs/libgmp.so.3.5.2 %{BUILDROOT}%{libdir}
- ln -svf libgmp.so.3.5.2 %{BUILDROOT}%{libdir}/libgmp.so.3
end
end
@@ -162,14 +145,6 @@ packages
template DEVEL
end
- package %{name}-compat
- summary = Compatibility version of %{thisapp} (%{compat_version}).
-
- files
- %{libdir}/libgmp.so.3*
- end
- end
-
package %{name}-debuginfo
template DEBUGINFO
end
diff --git a/grep/grep.nm b/grep/grep.nm
index 2dea0cc..1462ba3 100644
--- a/grep/grep.nm
+++ b/grep/grep.nm
@@ -4,7 +4,7 @@
###############################################################################
name = grep
-version = 2.17
+version = 2.18
release = 1
groups = Applications/Text
@@ -30,11 +30,6 @@ build
texinfo
end
- prepare_cmds
- sed -e "s/gnulib-tests//" -i Makefile.am
- autoreconf -vfi
- end
-
configure_options += \
--without-included-regex
diff --git a/libpng/libpng.nm b/libpng/libpng.nm
index 09083e2..688151f 100644
--- a/libpng/libpng.nm
+++ b/libpng/libpng.nm
@@ -4,7 +4,7 @@
###############################################################################
name = libpng
-version = 1.6.8
+version = 1.6.10
release = 1
compat_ver = 1.5.17
diff --git a/openssl/openssl.nm b/openssl/openssl.nm
index b52e8c7..5a7e24e 100644
--- a/openssl/openssl.nm
+++ b/openssl/openssl.nm
@@ -5,7 +5,7 @@
name = openssl
version = 1.0.1e
-release = 1
+release = 2
maintainer = Michael Tremer <michael.tremer(a)ipfire.org>
groups = System/Libraries
diff --git a/openssl/patches/openssl.git-96db902.patch b/openssl/patches/openssl.git-96db902.patch
new file mode 100644
index 0000000..6fed32a
--- /dev/null
+++ b/openssl/patches/openssl.git-96db902.patch
@@ -0,0 +1,108 @@
+From: Dr. Stephen Henson <steve(a)openssl.org>
+Date: Sat, 5 Apr 2014 23:51:06 +0000 (+0100)
+Subject: Add heartbeat extension bounds check.
+X-Git-Tag: OpenSSL_1_0_1g~3
+X-Git-Url: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=96db902
+
+Add heartbeat extension bounds check.
+
+A missing bounds check in the handling of the TLS heartbeat extension
+can be used to reveal up to 64k of memory to a connected client or
+server.
+
+Thanks for Neel Mehta of Google Security for discovering this bug and to
+Adam Langley <agl(a)chromium.org> and Bodo Moeller <bmoeller(a)acm.org> for
+preparing the fix (CVE-2014-0160)
+---
+
+diff --git a/ssl/d1_both.c b/ssl/d1_both.c
+index 7a5596a..2e8cf68 100644
+--- a/ssl/d1_both.c
++++ b/ssl/d1_both.c
+@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s)
+ unsigned int payload;
+ unsigned int padding = 16; /* Use minimum padding */
+
+- /* Read type and payload length first */
+- hbtype = *p++;
+- n2s(p, payload);
+- pl = p;
+-
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+ &s->s3->rrec.data[0], s->s3->rrec.length,
+ s, s->msg_callback_arg);
+
++ /* Read type and payload length first */
++ if (1 + 2 + 16 > s->s3->rrec.length)
++ return 0; /* silently discard */
++ hbtype = *p++;
++ n2s(p, payload);
++ if (1 + 2 + payload + 16 > s->s3->rrec.length)
++ return 0; /* silently discard per RFC 6520 sec. 4 */
++ pl = p;
++
+ if (hbtype == TLS1_HB_REQUEST)
+ {
+ unsigned char *buffer, *bp;
++ unsigned int write_length = 1 /* heartbeat type */ +
++ 2 /* heartbeat length */ +
++ payload + padding;
+ int r;
+
++ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
++ return 0;
++
+ /* Allocate memory for the response, size is 1 byte
+ * message type, plus 2 bytes payload length, plus
+ * payload, plus padding
+ */
+- buffer = OPENSSL_malloc(1 + 2 + payload + padding);
++ buffer = OPENSSL_malloc(write_length);
+ bp = buffer;
+
+ /* Enter response type, length and copy payload */
+@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s)
+ /* Random padding */
+ RAND_pseudo_bytes(bp, padding);
+
+- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
++ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
+
+ if (r >= 0 && s->msg_callback)
+ s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+- buffer, 3 + payload + padding,
++ buffer, write_length,
+ s, s->msg_callback_arg);
+
+ OPENSSL_free(buffer);
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index b82fada..bddffd9 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s)
+ unsigned int payload;
+ unsigned int padding = 16; /* Use minimum padding */
+
+- /* Read type and payload length first */
+- hbtype = *p++;
+- n2s(p, payload);
+- pl = p;
+-
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+ &s->s3->rrec.data[0], s->s3->rrec.length,
+ s, s->msg_callback_arg);
+
++ /* Read type and payload length first */
++ if (1 + 2 + 16 > s->s3->rrec.length)
++ return 0; /* silently discard */
++ hbtype = *p++;
++ n2s(p, payload);
++ if (1 + 2 + payload + 16 > s->s3->rrec.length)
++ return 0; /* silently discard per RFC 6520 sec. 4 */
++ pl = p;
++
+ if (hbtype == TLS1_HB_REQUEST)
+ {
+ unsigned char *buffer, *bp;
diff --git a/pciutils/pciutils.nm b/pciutils/pciutils.nm
index edcf016..f280520 100644
--- a/pciutils/pciutils.nm
+++ b/pciutils/pciutils.nm
@@ -4,7 +4,7 @@
###############################################################################
name = pciutils
-version = 3.2.0
+version = 3.2.1
release = 1
groups = System/Base
diff --git a/pcre/pcre.nm b/pcre/pcre.nm
index f25f130..506d827 100644
--- a/pcre/pcre.nm
+++ b/pcre/pcre.nm
@@ -4,8 +4,8 @@
###############################################################################
name = pcre
-version = 8.34
-release = 2
+version = 8.35
+release = 1
compat_version = 8.21
hooks/post-receive
--
IPFire 3.x development tree
reply other threads:[~2014-04-12 17:35 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140412173505.02981210FA@argus.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox