pkg/38624: Security update for centerim 4.22.1nb3

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/38624: Security update for centerim 4.22.1nb3
From: "César Catrián Carreño" <ccatrian%eml.cc@localhost>
Date: Sat, 10 May 2008 16:10:00 +0000 (UTC)

>Number:         38624
>Category:       pkg
>Synopsis:       Security update for centerim 4.22.1nb3
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat May 10 16:10:00 +0000 2008
>Originator:     CÃ©sar CatriÃ¡n CarreÃ±o
>Release:        NetBSD 4.99.44 i386
>Organization:
>Environment:


System: NetBSD 4.99.44 (Basado en GENERIC: 1.781) #0: Sat Mar 22 18:07:59 CLT 
2008
        
cetrox%core.cjc.cl@localhost:/home/cetrox/src/netbsd-current/src/sys/arch/i386/compile/SAT



>Description:


These patches upgrade centerim to 4.22.5 , and solve a shell-command-injection 
vulnerability, detailed at 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1467 .

As read in the advisory, the versions affected by the vulnerability are =< 
4.22.3 , so it is required to fix the pkg-vulnerabilities file, as is marked to 
match "centerim-[0-9]*".

It is required to remove the patches patch-aa, patch-ac, patch-au, patch-av, 
patch-aw, patch-ax, patch-ay, patch-az and patch-ba from the repository, as 
they were updated upstream (most of them). Other patches are applied without 
errors.


>How-To-Repeat:





>Fix:


--- chat/centerim/Makefile.orig 2008-05-08 22:21:37.000000000 -0400
+++ chat/centerim/Makefile      2008-05-10 11:25:00.000000000 -0400
@@ -1,8 +1,7 @@
 # $NetBSD: Makefile,v 1.6 2008/01/18 05:06:22 tnn Exp $
 #
 
-DISTNAME=      centerim-4.22.1
-PKGREVISION=   3
+DISTNAME=      centerim-4.22.5
 CATEGORIES=    chat
 MASTER_SITES=  http://www.centerim.org/download/releases/ \
                http://transacid.de/centerim/releases/
@@ -23,7 +22,7 @@
 CONFIGURE_ARGS+=       --with-ssl --with-openssl=${SSLBASE:Q}
 LIBS+=                 ${LDFLAGS}
 
-REPLACE_PERL=          misc/cicqconv
+REPLACE_PERL=          misc/cimconv
 
 INCOMPAT_CURSES+=      NetBSD-1.[45]*-* NetBSD-1.6-* NetBSD-1.6.[1-9]-*
 INCOMPAT_CURSES+=      NetBSD-1.6_*-* NetBSD-1.6.[1-9]_*-* NetBSD-1.6[A-T]-*


--- chat/centerim/PLIST.orig    2008-05-10 11:20:03.000000000 -0400
+++ chat/centerim/PLIST 2008-05-10 11:21:23.000000000 -0400
@@ -1,8 +1,8 @@
 @comment $NetBSD: PLIST,v 1.2 2007/08/30 10:50:55 jnemeth Exp $
 bin/centerim
-bin/cicqconv
+bin/cimconv
 man/man1/centerim.1
-man/man1/cicqconv.1
+man/man1/cimconv.1
 share/centerim/email.wav
 share/centerim/msg.wav
 share/centerim/offline.wav
@@ -24,5 +24,6 @@
 share/locale/ru/LC_MESSAGES/centerim.mo
 share/locale/sv/LC_MESSAGES/centerim.mo
 share/locale/uk/LC_MESSAGES/centerim.mo
-share/locale/zh_TW.Big5/LC_MESSAGES/centerim.mo
+share/locale/zh_CN/LC_MESSAGES/centerim.mo
+share/locale/zh_TW/LC_MESSAGES/centerim.mo
 @dirrm share/centerim


--- chat/centerim/distinfo.orig 2008-05-08 22:22:31.000000000 -0400
+++ chat/centerim/distinfo      2008-05-10 10:59:37.000000000 -0400
@@ -1,10 +1,8 @@
 $NetBSD: distinfo,v 1.2 2007/12/22 23:29:03 jdolecek Exp $
 
-SHA1 (centerim-4.22.1.tar.gz) = 221b3e505d5ea432977db7e5c0cebc85b4f928f2
-RMD160 (centerim-4.22.1.tar.gz) = 165b1acad70fa5d38b045510045b438c89776f3f
-Size (centerim-4.22.1.tar.gz) = 2606696 bytes
-SHA1 (patch-aa) = 244ccb35ceb53715af2134d27ab4c591ed62dd30
-SHA1 (patch-ac) = b32ff8df936ea66f3ff029ba322d4a94f1ebe4e6
+SHA1 (centerim-4.22.5.tar.gz) = 422c368064f47886585720c1c639515acff21ae9
+RMD160 (centerim-4.22.5.tar.gz) = 94ade501f8ba46ff24bf4b3cc283533924c3e2f4
+Size (centerim-4.22.5.tar.gz) = 2803217 bytes
 SHA1 (patch-ad) = bfe19ca98facfbb23a87dd28a176980fb4e986de
 SHA1 (patch-al) = d0c627ffc4ec2a7d179367dd2ddbbfd5ba52a377
 SHA1 (patch-am) = 942bab1a28fd79a40ac824e58855af35fb139141
@@ -14,10 +12,3 @@
 SHA1 (patch-aq) = 03be56591d3c925a6ffa48a1b87eb61a582f25c6
 SHA1 (patch-ar) = c74e757e3ef6bf1f6bc9575955f5b8f73ac4b51d
 SHA1 (patch-as) = b74310eb515c425cc98528f2b0384652370cef18
-SHA1 (patch-au) = 542111ddc738cc377c037ad910cedc0772707faf
-SHA1 (patch-av) = bf032d4447349d3b4f75c43f58eca3e0342b9f9d
-SHA1 (patch-aw) = d0238209328a6da5ae9f74d37f0fc44cf964b528
-SHA1 (patch-ax) = a96edcc859b30fde6e6577a833005fab8d45eabf
-SHA1 (patch-ay) = d7511f39004f2a86bda14b265ab2c4d03214dc2d
-SHA1 (patch-az) = 4542871c64fffb311cc464bc0b25fb59ef2db3b3
-SHA1 (patch-ba) = dee59621310b246097543257991e57cfb05b3ef3

Prev by Date: PR/37856 CVS commit: pkgsrc/audio/cmus
Next by Date: PR/38473 CVS commit: pkgsrc/x11/fbdesk
Previous by Thread: PR/37856 CVS commit: pkgsrc/audio/cmus
Next by Thread: Re: pkg/38624: Security update for centerim 4.22.1nb3
Indexes:

Home | Main Index | Thread Index | Old Index