From 0331fa55449e686d0ecba81fdd9d3a1248461a41 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Thu, 18 Mar 2010 16:02:01 +0800 Subject: dpkg: Upgrade to 1.14.29 to address a flaw in dpkg-source Addresses CVE-2010-0396. --- .../dpkg/dpkg-1.14.25/ignore_extra_fields.patch | 24 ---------------------- .../dpkg/dpkg-1.14.29/ignore_extra_fields.patch | 24 ++++++++++++++++++++++ recipes/dpkg/dpkg-native_1.14.25.bb | 3 --- recipes/dpkg/dpkg-native_1.14.29.bb | 6 ++++++ recipes/dpkg/dpkg.inc | 2 +- recipes/dpkg/dpkg_1.14.25.bb | 12 ----------- recipes/dpkg/dpkg_1.14.29.bb | 14 +++++++++++++ 7 files changed, 45 insertions(+), 40 deletions(-) delete mode 100644 recipes/dpkg/dpkg-1.14.25/ignore_extra_fields.patch create mode 100644 recipes/dpkg/dpkg-1.14.29/ignore_extra_fields.patch delete mode 100644 recipes/dpkg/dpkg-native_1.14.25.bb create mode 100644 recipes/dpkg/dpkg-native_1.14.29.bb delete mode 100644 recipes/dpkg/dpkg_1.14.25.bb create mode 100644 recipes/dpkg/dpkg_1.14.29.bb (limited to 'recipes') diff --git a/recipes/dpkg/dpkg-1.14.25/ignore_extra_fields.patch b/recipes/dpkg/dpkg-1.14.25/ignore_extra_fields.patch deleted file mode 100644 index e47af42bc6..0000000000 --- a/recipes/dpkg/dpkg-1.14.25/ignore_extra_fields.patch +++ /dev/null @@ -1,24 +0,0 @@ - dpkg-deb/build.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -Index: dpkg-1.14.23/dpkg-deb/build.c -=================================================================== ---- dpkg-1.14.23.orig/dpkg-deb/build.c 2008-11-18 10:57:33.000000000 +0000 -+++ dpkg-1.14.23/dpkg-deb/build.c 2008-12-15 11:27:08.000000000 +0000 -@@ -243,14 +243,14 @@ - controlfile, checkedinfo->otherpriority); - warns++; - } -- for (field= checkedinfo->available.arbs; field; field= field->next) { -+ /*for (field= checkedinfo->available.arbs; field; field= field->next) { - if (known_arbitrary_field(field)) - continue; - - fprintf(stderr, _("warning, `%s' contains user-defined field `%s'\n"), - controlfile, field->name); - warns++; -- } -+ }*/ - checkversion(checkedinfo->available.version.version,"(upstream) version",&errs); - checkversion(checkedinfo->available.version.revision,"Debian revision",&errs); - if (errs) ohshit(_("%d errors in control file"),errs); diff --git a/recipes/dpkg/dpkg-1.14.29/ignore_extra_fields.patch b/recipes/dpkg/dpkg-1.14.29/ignore_extra_fields.patch new file mode 100644 index 0000000000..e47af42bc6 --- /dev/null +++ b/recipes/dpkg/dpkg-1.14.29/ignore_extra_fields.patch @@ -0,0 +1,24 @@ + dpkg-deb/build.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: dpkg-1.14.23/dpkg-deb/build.c +=================================================================== +--- dpkg-1.14.23.orig/dpkg-deb/build.c 2008-11-18 10:57:33.000000000 +0000 ++++ dpkg-1.14.23/dpkg-deb/build.c 2008-12-15 11:27:08.000000000 +0000 +@@ -243,14 +243,14 @@ + controlfile, checkedinfo->otherpriority); + warns++; + } +- for (field= checkedinfo->available.arbs; field; field= field->next) { ++ /*for (field= checkedinfo->available.arbs; field; field= field->next) { + if (known_arbitrary_field(field)) + continue; + + fprintf(stderr, _("warning, `%s' contains user-defined field `%s'\n"), + controlfile, field->name); + warns++; +- } ++ }*/ + checkversion(checkedinfo->available.version.version,"(upstream) version",&errs); + checkversion(checkedinfo->available.version.revision,"Debian revision",&errs); + if (errs) ohshit(_("%d errors in control file"),errs); diff --git a/recipes/dpkg/dpkg-native_1.14.25.bb b/recipes/dpkg/dpkg-native_1.14.25.bb deleted file mode 100644 index 47c03424be..0000000000 --- a/recipes/dpkg/dpkg-native_1.14.25.bb +++ /dev/null @@ -1,3 +0,0 @@ -require dpkg-native.inc - -PR = "r1" diff --git a/recipes/dpkg/dpkg-native_1.14.29.bb b/recipes/dpkg/dpkg-native_1.14.29.bb new file mode 100644 index 0000000000..f04662caa9 --- /dev/null +++ b/recipes/dpkg/dpkg-native_1.14.29.bb @@ -0,0 +1,6 @@ +require dpkg-native.inc + +SRC_URI[src.md5sum] = "4326172a959b5b6484b4bc126e9f628d" +SRC_URI[src.sha256sum] = "ea7ec1c861af43ba534a0d7997774a5f1fd4e25a7eea4ff229c9c7bf89aed633" + +PR = "r1" diff --git a/recipes/dpkg/dpkg.inc b/recipes/dpkg/dpkg.inc index b15a6365b4..f665b4ba15 100644 --- a/recipes/dpkg/dpkg.inc +++ b/recipes/dpkg/dpkg.inc @@ -2,7 +2,7 @@ DESCRIPTION = "Package maintenance system for Debian." LICENSE = "GPL" SECTION = "base" -SRC_URI = "${DEBIAN_MIRROR}/main/d/dpkg/dpkg_${PV}.tar.gz \ +SRC_URI = "${DEBIAN_MIRROR}/main/d/dpkg/dpkg_${PV}.tar.gz;name=src \ file://ignore_extra_fields.patch;patch=1 \ file://noupdalt.patch;patch=1" diff --git a/recipes/dpkg/dpkg_1.14.25.bb b/recipes/dpkg/dpkg_1.14.25.bb deleted file mode 100644 index 0377ce10f1..0000000000 --- a/recipes/dpkg/dpkg_1.14.25.bb +++ /dev/null @@ -1,12 +0,0 @@ -require dpkg.inc -PR = "r1" -DEPENDS += "zlib bzip2" -#RDEPENDS_${PN} = "${VIRTUAL-RUNTIME_update-alternatives}" -SRC_URI += "file://noman.patch;patch=1" - -EXTRA_OECONF = "--without-static-progs \ - --without-dselect \ - --with-start-stop-daemon \ - --with-zlib \ - --with-bz2lib \ - --without-sgml-doc" diff --git a/recipes/dpkg/dpkg_1.14.29.bb b/recipes/dpkg/dpkg_1.14.29.bb new file mode 100644 index 0000000000..a5016e7ebd --- /dev/null +++ b/recipes/dpkg/dpkg_1.14.29.bb @@ -0,0 +1,14 @@ +require dpkg.inc +PR = "r1" +DEPENDS += "zlib bzip2" +#RDEPENDS_${PN} = "${VIRTUAL-RUNTIME_update-alternatives}" +SRC_URI += "file://noman.patch;patch=1" +SRC_URI[src.md5sum] = "4326172a959b5b6484b4bc126e9f628d" +SRC_URI[src.sha256sum] = "ea7ec1c861af43ba534a0d7997774a5f1fd4e25a7eea4ff229c9c7bf89aed633" + +EXTRA_OECONF = "--without-static-progs \ + --without-dselect \ + --with-start-stop-daemon \ + --with-zlib \ + --with-bz2lib \ + --without-sgml-doc" -- cgit v1.2.3