Hello community, here is the log from the commit of package tnftp for openSUSE:Factory checked in at 2014-11-04 17:28:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tnftp (Old) and /work/SRC/openSUSE:Factory/.tnftp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "tnftp" Changes: -------- --- /work/SRC/openSUSE:Factory/tnftp/tnftp.changes 2013-05-07 07:38:05.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.tnftp.new/tnftp.changes 2014-11-04 17:28:10.000000000 +0100 @@ -1,0 +2,13 @@ +Thu Oct 30 13:18:42 UTC 2014 - tchvatal@suse.com + +- Apply fix for bnc#903011 CVE-2014-8517 + * tnftp-cve-2014-8517.patch +- Version bump to 20130505: + * various triv fixes + * more ssl support + * refresh tnftp-20100108-am_and_libedit.patch +- Cleanup with spec-cleaner +- Use update-alternatives properly +- Do not verify the sig in spec, just let OBS do it + +------------------------------------------------------------------- Old: ---- tnftp-20100108.tar.gz tnftp-20100108.tar.gz.asc New: ---- tnftp-20130505.tar.gz tnftp-20130505.tar.gz.asc tnftp-cve-2014-8517.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tnftp.spec ++++++ --- /var/tmp/diff_new_pack.m92Mfm/_old 2014-11-04 17:28:10.000000000 +0100 +++ /var/tmp/diff_new_pack.m92Mfm/_new 2014-11-04 17:28:10.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package tnftp # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,59 +17,65 @@ Name: tnftp -Version: 20100108 +Version: 20130505 Release: 0 Summary: Enhanced FTP Client License: BSD-3-Clause Group: Productivity/Networking/Ftp/Clients Url: ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/ -Patch0: tnftp-20100108-am_and_libedit.patch Source0: ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/%{name}-%{version}.tar.gz Source1: ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/%{name}-%{version}.tar.gz.asc Source2: tnftp.keyring -BuildRequires: libedit-devel -BuildRequires: pkgconfig -BuildRequires: update-alternatives +# PATCH-FIX-UPSTREAM: do not use bundled libedit +Patch0: tnftp-20100108-am_and_libedit.patch +# PATCH-FIX-UPSTREAM: fix cve2014-8517 bnc#903011 +Patch1: tnftp-cve-2014-8517.patch BuildRequires: autoconf BuildRequires: automake +BuildRequires: libedit-devel +BuildRequires: libopenssl-devel BuildRequires: libtool -%if 0%{?suse_version} >= 1230 -BuildRequires: gpg-offline -%endif -Conflicts: ftp +BuildRequires: pkgconfig +BuildRequires: update-alternatives +Requires(post): coreutils +Requires(post): update-alternatives +Requires(pre): coreutils +Requires(pre): update-alternatives Provides: lukemftp = 1.6 -Provides: nkitb:/usr/bin/ftp +Provides: nkitb:%{_bindir}/ftp Obsoletes: lukemftp <= 1.5 -Requires(pre): update-alternatives -Requires(pre): coreutils -Requires(post): update-alternatives -Requires(post): coreutils BuildRoot: %{_tmppath}/%{name}-%{version}-build +Conflicts: ftp %description - +%{name} is the FTP (File Transfer Protocol) client from NetBSD. FTP is a widely +used protocol for transferring files over the Internet and for archiving files. +%{name} provides some advanced features beyond the Linux netkit ftp client, but +maintains a similar user interface to the traditional ftp client. It was +formerly called lukemftp. %prep -%if 0%{?suse_version} >= 1230 -%gpg_verify %{SOURCE1} -%endif - %setup -q -%patch0 +%patch0 -p1 +%patch1 -p1 %build #axe bundled library -%__rm -rf libedit +rm -rf libedit autoreconf -fiv %configure -%__make %{?_smp_mflags} +make %{?_smp_mflags} %install -%makeinstall -touch ${RPM_BUILD_ROOT}%{_bindir}/ftp +make DESTDIR=%{buildroot} install %{?_smp_mflags} + +mkdir -p %{buildroot}%{_sysconfdir}/alternatives +touch %{buildroot}%{_sysconfdir}/alternatives/ftp +ln -sf %{_sysconfdir}/alternatives/ftp %{buildroot}%{_bindir}/ftp +touch %{buildroot}%{_sysconfdir}/alternatives/ftp.1.gz +ln -sf %{_sysconfdir}/alternatives/ftp.1.gz %{buildroot}%{_mandir}/man1/ftp.1.gz %post -test -L %{_bindir}/ftp || rm -f %{_bindir}/ftp update-alternatives --install %{_bindir}/ftp ftp %{_bindir}/%{name} 10 \ --slave %{_mandir}/man1/ftp.1.gz ftp.1 %{_mandir}/man1/%{name}.1.gz update-alternatives --auto ftp @@ -79,14 +85,14 @@ update-alternatives --remove ftp %{_bindir}/%{name} fi -%clean -%__rm -rf $RPM_BUILD_ROOT - %files %defattr(-,root,root) %doc COPYING ChangeLog NEWS README THANKS -%ghost %attr(0755,root,root) %{_bindir}/ftp +%ghost %{_sysconfdir}/alternatives/ftp +%ghost %{_sysconfdir}/alternatives/ftp.1.gz +%{_bindir}/ftp +%{_mandir}/man1/ftp.1.gz %{_bindir}/%{name} -%{_mandir}/man1/* +%{_mandir}/man1/%{name}.1.gz %changelog ++++++ tnftp-20100108-am_and_libedit.patch ++++++ --- /var/tmp/diff_new_pack.m92Mfm/_old 2014-11-04 17:28:10.000000000 +0100 +++ /var/tmp/diff_new_pack.m92Mfm/_new 2014-11-04 17:28:10.000000000 +0100 @@ -1,26 +1,25 @@ -Index: configure.ac -=================================================================== ---- configure.ac.orig -+++ configure.ac -@@ -62,10 +62,16 @@ AH_TEMPLATE([USE_SOCKS], +diff -urN tnftp-20130505.old/configure.ac tnftp-20130505/configure.ac +--- tnftp-20130505.old/configure.ac 2014-10-30 10:55:11.376328347 +0100 ++++ tnftp-20130505/configure.ac 2014-10-30 10:56:37.813328337 +0100 +@@ -71,10 +71,16 @@ # # Checks for programs. # --AC_PROG_CC +-AC_PROG_CC() +AC_PROG_CC_STDC +AC_USE_SYSTEM_EXTENSIONS +AC_SYS_LARGEFILE +AM_PROG_AR +AM_PROG_CC_C_O - AC_PROG_AWK - AC_PROG_LIBTOOL - + AC_PROG_AWK() + AC_PROG_LIBTOOL() + +PKG_CHECK_MODULES([LIBEDIT], [libedit]) + # # Checks for tool features. # -@@ -86,13 +92,6 @@ AS_CASE([$target_os], +@@ -95,13 +101,6 @@ # # Checks for libraries. # @@ -31,27 +30,19 @@ - [AC_MSG_ERROR( - [no relevant library found containing tgetent])]) - ]) - + AC_SEARCH_LIBS([gethostbyname], [nsl]) AC_SEARCH_LIBS([socket], -@@ -230,7 +229,6 @@ AC_CHECK_MEMBERS([struct sockaddr.sa_len - [], [], [$accheck_includes]) - AC_CHECK_TYPES([in_port_t, sa_family_t, socklen_t, struct addrinfo], - [], [], [$accheck_includes]) --AC_SYS_LARGEFILE - - # If IPv6 is enabled, check for necessary items. - # -@@ -346,7 +344,7 @@ exit(!res); +@@ -381,7 +380,7 @@ # Use local libedit if editcomplete is requested # AS_IF([test "$opt_editcomplete" = yes], - [AC_MSG_NOTICE([--enable-editcomplete; using internal libedit])], + [AC_MSG_NOTICE([--enable-editcomplete; using system libedit])], [CFLAGS="-DNO_EDITCOMPLETE $CFLAGS"]) - + # Replace sl_init() (et al) if it provides the older API. -@@ -385,8 +383,6 @@ AM_CONDITIONAL([USE_LIBEDIT], [test "$op +@@ -420,8 +419,6 @@ # AC_CONFIG_FILES([ Makefile @@ -60,48 +51,45 @@ libnetbsd/Makefile src/Makefile ]) -Index: src/Makefile.am -=================================================================== ---- src/Makefile.am.orig -+++ src/Makefile.am -@@ -28,10 +28,10 @@ tnftp_LDADD = \ - +diff -urN tnftp-20130505.old/libnetbsd/Makefile.am tnftp-20130505/libnetbsd/Makefile.am +--- tnftp-20130505.old/libnetbsd/Makefile.am 2014-10-30 10:55:11.375328347 +0100 ++++ tnftp-20130505/libnetbsd/Makefile.am 2014-10-30 10:55:40.171328344 +0100 +@@ -5,7 +5,7 @@ + libnetbsd_la_SOURCES = + + +-CPPFLAGS = \ ++AM_CPPFLAGS = \ + -I$(srcdir) \ + -I$(top_srcdir) \ + -I$(top_builddir) +diff -urN tnftp-20130505.old/Makefile.am tnftp-20130505/Makefile.am +--- tnftp-20130505.old/Makefile.am 2014-10-30 10:55:11.375328347 +0100 ++++ tnftp-20130505/Makefile.am 2014-10-30 10:55:40.171328344 +0100 +@@ -4,10 +4,6 @@ + + SUBDIRS = libnetbsd + +-if USE_LIBEDIT +-SUBDIRS += libedit +-endif +- + SUBDIRS += src + + EXTRA_DIST = \ +diff -urN tnftp-20130505.old/src/Makefile.am tnftp-20130505/src/Makefile.am +--- tnftp-20130505.old/src/Makefile.am 2014-10-30 10:55:11.380328347 +0100 ++++ tnftp-20130505/src/Makefile.am 2014-10-30 10:55:40.171328344 +0100 +@@ -28,10 +28,10 @@ + if USE_LIBEDIT tnftp_CPPFLAGS += \ - -I$(top_srcdir)/libedit + $(LIBEDIT_CFLAGS) - + tnftp_LDADD += \ - ../libedit/libedit.la + $(LIBEDIT_LIBS) endif - - -Index: Makefile.am -=================================================================== ---- Makefile.am.orig -+++ Makefile.am -@@ -2,10 +2,6 @@ - - SUBDIRS = libnetbsd - --if USE_LIBEDIT --SUBDIRS += libedit --endif -- - SUBDIRS += src - - EXTRA_DIST = \ -Index: libnetbsd/Makefile.am -=================================================================== ---- libnetbsd/Makefile.am.orig -+++ libnetbsd/Makefile.am -@@ -5,7 +5,7 @@ noinst_LTLIBRARIES = libnetbsd.la - libnetbsd_la_SOURCES = - - --CPPFLAGS = \ -+AM_CPPFLAGS = \ - -I$(srcdir) \ - -I$(top_srcdir) \ - -I$(top_builddir) + + ++++++ tnftp-20100108.tar.gz -> tnftp-20130505.tar.gz ++++++ ++++ 67160 lines of diff (skipped) ++++++ tnftp-cve-2014-8517.patch ++++++ diff -urN tnftp-20130505.old/src/fetch.c tnftp-20130505/src/fetch.c --- tnftp-20130505.old/src/fetch.c 2014-10-30 10:55:11.381328347 +0100 +++ tnftp-20130505/src/fetch.c 2014-10-30 13:57:04.404327045 +0100 @@ -571,7 +571,7 @@ url_decode(decodedpath); if (outfile) - savefile = ftp_strdup(outfile); + savefile = outfile; else { cp = strrchr(decodedpath, '/'); /* find savefile */ if (cp != NULL) @@ -595,8 +595,7 @@ rangestart = rangeend = entitylen = -1; mtime = -1; if (restartautofetch) { - if (strcmp(savefile, "-") != 0 && *savefile != '|' && - stat(savefile, &sb) == 0) + if (stat(savefile, &sb) == 0) restart_point = sb.st_size; } if (urltype == FILE_URL_T) { /* file:// URLs */ @@ -1139,19 +1138,26 @@ goto cleanup_fetch_url; } } /* end of ftp:// or http:// specific setup */ + /* Open the output file. */ - /* Open the output file. */ - if (strcmp(savefile, "-") == 0) { - fout = stdout; - } else if (*savefile == '|') { - oldintp = xsignal(SIGPIPE, SIG_IGN); - fout = popen(savefile + 1, "w"); - if (fout == NULL) { - warn("Can't execute `%s'", savefile + 1); - goto cleanup_fetch_url; + /* + * Only trust filenames with special meaning if they came from + * the command line + */ + if (outfile == savefile) { + if (strcmp(savefile, "-") == 0) { + fout = stdout; + } else if (*savefile == '|') { + oldintp = xsignal(SIGPIPE, SIG_IGN); + fout = popen(savefile + 1, "w"); + if (fout == NULL) { + warn("Can't execute `%s'", savefile + 1); + goto cleanup_fetch_url; + } + closefunc = pclose; } - closefunc = pclose; - } else { + } + if (fout == NULL) { if ((rangeend != -1 && rangeend <= restart_point) || (rangestart == -1 && filesize != -1 && filesize <= restart_point)) { /* already done */ @@ -1362,7 +1368,8 @@ (*closefunc)(fout); if (res0) freeaddrinfo(res0); - FREEPTR(savefile); + if (savefile != outfile) + FREEPTR(savefile); FREEPTR(uuser); if (pass != NULL) memset(pass, 0, strlen(pass)); -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org