Date: Sun, 27 Apr 2014 23:28:59 +0200 From: "Herbert J. Skuhra" <hskuhra@eumx.net> To: Ludwig Pummer <ludwigp-freebsd@chip-web.com> Cc: emulation@FreeBSD.org Subject: Re: new linux-f10-expat due to CVE-2009-3720 ? Message-ID: <86tx9e1mxw.wl%hskuhra@eumx.net> In-Reply-To: <5357E7F6.7060805@chip-web.com> References: <5357E7F6.7060805@chip-web.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Multipart_Sun_Apr_27_23:28:58_2014-1 Content-Type: text/plain; charset=US-ASCII On Wed, 23 Apr 2014 09:19:02 -0700 Ludwig Pummer wrote: > portaudit started complaining to me about: > > Affected package: linux-f10-expat-2.0.1 > Type of problem: expat2 -- Parser crash with specially formatted UTF-8 > sequences. > Reference: > http://portaudit.FreeBSD.org/5f030587-e39a-11de-881e-001aa0166822.html > > Affects: > expat2 <2.0.1_1 > linux-f10-expat <2.0.1_1 > > However, this port hasn't been touched in 2 months and is still at > version 2.0.1: > > http://svnweb.freebsd.org/ports/head/textproc/linux-f10-expat/ > > What are my options for clearing this security warning? You can try: --Multipart_Sun_Apr_27_23:28:58_2014-1 Content-Type: text/plain; name="patch_linux-f10-expat.txt"; charset=US-ASCII Content-Disposition: inline; filename="patch_linux-f10-expat.txt" Index: Makefile =================================================================== --- Makefile (revision 352452) +++ Makefile (working copy) @@ -3,8 +3,10 @@ PORTNAME= expat PORTVERSION= 2.0.1 +PORTREVISION= 1 CATEGORIES= textproc linux -MASTER_SITES= CRITICAL/rpm/${LINUX_RPM_ARCH}/fedora/${LINUX_DIST_VER} +MASTER_SITES= http://archives.fedoraproject.org/pub/archive/fedora/linux/updates/10/i386/ \ + http://archive.fedoraproject.org/pub/archive/fedora/linux/updates/10/SRPMS/ PKGNAMEPREFIX= linux-f10- DISTNAME= ${PORTNAME}-${PORTVERSION}-${RPMVERSION} @@ -16,7 +18,7 @@ ONLY_FOR_ARCHS= i386 amd64 USE_LINUX_RPM= yes LINUX_DIST_VER= 10 -RPMVERSION= 5 +RPMVERSION= 8.fc10 BRANDELF_FILES= usr/bin/xmlwf USE_LDCONFIG= yes Index: distinfo.i386 =================================================================== --- distinfo.i386 (revision 352452) +++ distinfo.i386 (working copy) @@ -1,4 +1,4 @@ -SHA256 (rpm/i386/fedora/10/expat-2.0.1-5.i386.rpm) = 1a583a21620e9590cc2287fb69d5d9df6e6d5ca4305161be621caba6a8302eb4 -SIZE (rpm/i386/fedora/10/expat-2.0.1-5.i386.rpm) = 84975 -SHA256 (rpm/i386/fedora/10/expat-2.0.1-5.src.rpm) = 26eff74d146417c668cc7229e2db338291bdcff8365fe7d8e6447a73099e2679 -SIZE (rpm/i386/fedora/10/expat-2.0.1-5.src.rpm) = 453519 +SHA256 (rpm/i386/fedora/10/expat-2.0.1-8.fc10.i386.rpm) = e242a5ede9751dd7b6b584c630b58fbac5b01ec938f8c64d6700620816652c45 +SIZE (rpm/i386/fedora/10/expat-2.0.1-8.fc10.i386.rpm) = 84981 +SHA256 (rpm/i386/fedora/10/expat-2.0.1-8.fc10.src.rpm) = 7ea0ba634f6142237803ecc7fd4a2b73136a9393033b4ef0875511729fbc6c97 +SIZE (rpm/i386/fedora/10/expat-2.0.1-8.fc10.src.rpm) = 455074 --Multipart_Sun_Apr_27_23:28:58_2014-1 Content-Type: text/plain; charset=US-ASCII But Fedora 10 reached EOL on December, 27th 2009! Or try: https://github.com/xmj/linux-ports/ -- Herbert --Multipart_Sun_Apr_27_23:28:58_2014-1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86tx9e1mxw.wl%hskuhra>