Update to 0.4.10 security issue

This commit is contained in:
Nicolas Chauvet 2012-10-17 00:47:26 +02:00
parent 562aa36d86
commit e7564412e6
7 changed files with 21 additions and 102 deletions

View File

@ -0,0 +1,12 @@
diff -up libproxy-0.4.10/libproxy/cmake/modules/pacrunner_mozjs.cmk.orig libproxy-0.4.10/libproxy/cmake/modules/pacrunner_mozjs.cmk
--- libproxy-0.4.10/libproxy/cmake/modules/pacrunner_mozjs.cmk.orig 2012-10-02 16:20:40.000000000 +0200
+++ libproxy-0.4.10/libproxy/cmake/modules/pacrunner_mozjs.cmk 2012-10-17 00:36:43.645579472 +0200
@@ -9,7 +9,7 @@ if(WIN32)
elseif(NOT APPLE)
option(WITH_MOZJS "Search for MOZJS package" ON)
if (WITH_MOZJS)
- pkg_search_module(MOZJS mozjs185>=1.8.5)
+ pkg_search_module(MOZJS mozjs185)
if(MOZJS_FOUND)
include_directories(${MOZJS_INCLUDE_DIRS})
link_directories(${MOZJS_LIBRARY_DIRS})

View File

@ -1,29 +0,0 @@
--- libproxy-0.4.7/libproxy/cmake/modules/pacrunner_mozjs.cmk.orig 2012-02-26 18:58:07.249934499 +0000
+++ libproxy-0.4.7/libproxy/cmake/modules/pacrunner_mozjs.cmk 2012-02-26 18:59:30.989922729 +0000
@@ -7,19 +7,15 @@
include_directories("${MOZJS_INCLUDE_DIR}")
endif()
elseif(NOT APPLE)
- set(MOZJS_SEARCH_ORDER "mozilla-js;xulrunner-js;firefox-js;seamonkey-js" CACHE STRING "MozJS search order")
option(WITH_MOZJS "Search for MOZJS package" ON)
if (WITH_MOZJS)
- foreach(MOZJSLIB ${MOZJS_SEARCH_ORDER})
- pkg_search_module(MOZJS ${MOZJSLIB}>=2.0b12)
- if(MOZJS_FOUND)
- include_directories(${MOZJS_INCLUDE_DIRS})
- link_directories(${MOZJS_LIBRARY_DIRS})
- break()
- else()
- set(MOZJS_FOUND 0)
- endif()
- endforeach()
+ pkg_search_module(MOZJS mozjs185)
+ if(MOZJS_FOUND)
+ include_directories(${MOZJS_INCLUDE_DIRS})
+ link_directories(${MOZJS_LIBRARY_DIRS})
+ else()
+ set(MOZJS_FOUND 0)
+ endif()
else()
set(MOZJS_FOUND 0)
endif()

View File

@ -1,40 +0,0 @@
--- libproxy-0.4.7/libproxy/url.cpp.orig 2012-02-28 21:05:15.572948027 +0000
+++ libproxy-0.4.7/libproxy/url.cpp 2012-02-28 21:05:45.635937474 +0000
@@ -27,6 +27,7 @@
#define close _close
#endif
#include <fcntl.h> // For ::open()
+#include <unistd.h> // For ::read() and ::close()
#include <cstring> // For memcpy()
#include <sstream> // For int/string conversion (using stringstream)
#include <cstdio> // For sscanf()
--- libproxy-0.4.7/libproxy/modules/config_sysconfig.cpp.orig 2012-02-28 21:06:01.552943358 +0000
+++ libproxy-0.4.7/libproxy/modules/config_sysconfig.cpp 2012-02-28 21:11:21.429953982 +0000
@@ -18,6 +18,7 @@
******************************************************************************/
#include <sys/stat.h>
+#include <unistd.h>
#include <cstdlib>
#include <map>
#include <fstream>
--- libproxy-0.4.7/libproxy/modules/pacrunner_mozjs.cpp.orig 2012-02-28 21:06:11.637943033 +0000
+++ libproxy-0.4.7/libproxy/modules/pacrunner_mozjs.cpp 2012-02-28 21:11:46.560961409 +0000
@@ -17,6 +17,7 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
******************************************************************************/
+#include <unistd.h> // for ::gethostname()
#include <cstring> // ?
#include "../extension_pacrunner.hpp"
--- libproxy-0.4.7/libproxy/modules/pacrunner_webkit.cpp.orig 2012-02-28 21:06:29.615943614 +0000
+++ libproxy-0.4.7/libproxy/modules/pacrunner_webkit.cpp 2012-02-28 21:12:35.530965553 +0000
@@ -17,6 +17,7 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
******************************************************************************/
+#include <unistd.h> // for ::gethostname()
#include "../extension_pacrunner.hpp"
using namespace libproxy;

View File

@ -1,11 +0,0 @@
--- libproxy-0.4.7/libproxy/url.cpp.orig 2012-02-26 19:04:10.670952501 +0000
+++ libproxy-0.4.7/libproxy/url.cpp 2012-02-26 19:04:54.474963813 +0000
@@ -446,7 +446,7 @@
/* Check for correct mime type and content length */
for (line = recvline(sock) ; line != "\r" && line != "" ; line = recvline(sock)) {
// Check for chunked encoding
- if (line.find("Content-Transfer-Encoding: chunked") == 0)
+ if (line.find("Content-Transfer-Encoding: chunked") == 0 || line.find("Transfer-Encoding: chunked") == 0)
chunked = true;
// Check for content length

View File

@ -1,11 +0,0 @@
--- libproxy-0.4.7/libproxy/cmake/modules/pacrunner_webkit.cmk.orig 2012-02-28 09:15:55.160816707 +0000
+++ libproxy-0.4.7/libproxy/cmake/modules/pacrunner_webkit.cmk 2012-02-28 09:16:25.314819274 +0000
@@ -13,7 +13,7 @@
endif()
else()
if(WITH_WEBKIT3)
- px_check_modules(WEBKIT webkitgtk-3.0)
+ px_check_modules(WEBKIT webkitgtk-3.0 javascriptcoregtk-3.0)
else()
px_check_modules(WEBKIT webkit-1.0)
endif()

View File

@ -11,8 +11,8 @@
%endif
Name: libproxy
Version: 0.4.7
Release: 5%{?svn}%{?dist}
Version: 0.4.10
Release: 1%{?svn}%{?dist}
Summary: A library handling all the details of proxy configuration
Group: System Environment/Libraries
@ -20,10 +20,7 @@ License: LGPLv2+
URL: http://code.google.com/p/libproxy/
Source0: http://libproxy.googlecode.com/files/libproxy-%{version}%{?svn}.tar.gz
Patch0: libproxy-0.4.7-js185.patch
Patch1: libproxy-0.4.7-url-pac.patch
Patch2: libproxy-0.4.7-webkit.patch
Patch3: libproxy-0.4.7-unistd.patch
Patch0: libproxy-0.4.10-mozjs.patch
BuildRequires: python-devel
BuildRequires: libmodman-devel >= 2.0.1
@ -175,10 +172,7 @@ developing applications that use %{name}.
%prep
%setup -q
%patch0 -p1 -b .js185
%patch1 -p1 -b .url-pac
%patch2 -p1 -b .webkit
%patch3 -p1 -b .unistd
%patch0 -p1 -b .orig
%build
%{cmake} \
@ -274,6 +268,10 @@ make test
%changelog
* Tue Oct 16 2012 Nicolas Chauvet <kwizart@gmail.com> - 0.4.10-1
- Update to 0.4.10
- Fix CVE-2012-4504
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

View File

@ -1 +1 @@
509e03a488a61cd62bfbaf3ab6a2a7a5 libproxy-0.4.7.tar.gz
af5d578df764996400eea8bd5b00af8d libproxy-0.4.10.tar.gz