From 830267e3bc9c5e655b122d7e8d02b74076d02dfc Mon Sep 17 00:00:00 2001 From: cvsdist Date: Thu, 9 Sep 2004 08:32:04 +0000 Subject: [PATCH] auto-import changelog data from minicom-1.83.1-8.src.rpm Thu May 03 2001 Mike A. Harris 1.83.1-8 - Changed minicom to disable SGID/SUID operation completely as it was never designed to be secure, and likely never will be. (#35613) - Updated the format string patch I made to fix more format string abuses. - Added Czeck cs_CZ locale translations. Thu Apr 12 2001 Mike A. Harris - Fixed format string vuln in usage of do_log() (bug #35613) - Fixed misc other format string abuse with werror(). - Changed main tarball to bzip2 compression - Corrected Buildroot to use _tmppath Tue Mar 27 2001 Crutcher Dunnavant - patch to drop mask for config file --- .cvsignore | 2 +- minicom.spec | 40 ++++++++++++++++++++++++++++++++++++---- sources | 2 +- 3 files changed, 38 insertions(+), 6 deletions(-) diff --git a/.cvsignore b/.cvsignore index 0d626aa..f5ef900 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -minicom-1.83.1.src.tar.gz +minicom-1.83.1.src.tar.bz2 diff --git a/minicom.spec b/minicom.spec index ad0e0c3..f6e4d90 100644 --- a/minicom.spec +++ b/minicom.spec @@ -1,15 +1,23 @@ Summary: A text-based modem control and terminal emulation program. Name: minicom Version: 1.83.1 -Release: 5 +Release: 8 Copyright: GPL Group: Applications/Communications -Source: ftp://metalab.unc.edu/pub/Linux/apps/serialcomm/dialout/minicom-%{PACKAGE_VERSION}.src.tar.gz +Source: ftp://metalab.unc.edu/pub/Linux/apps/serialcomm/dialout/minicom-%{PACKAGE_VERSION}.src.tar.bz2 + Patch0: minicom-1.81-config.patch Patch1: minicom-1.83.1-make.patch Patch2: minicom-drop-privs.patch Patch3: minicom-1.83.1-time.patch -Buildroot: /var/tmp/%{name}-root +Patch4: minicom-umask.patch +# Fixes many format string abuses in minicom. Even so, minicom is still +# not safe to run SUID or SGID due to the do_log function being exported +# to the scripting language. You have been warned. +Patch5: minicom-1.83.1-format-string-vuln.patch +Patch6: minicom-1.83.1-cs_CZ-translation.patch + +Buildroot: %{_tmppath}/%{name}-%{version}-root %description Minicom is a simple text-based modem control and terminal emulation @@ -26,14 +34,22 @@ or terminal emulator. %patch1 -p1 -b .make %patch2 -p1 -b .privs %patch3 -p1 -b .time +%patch4 -p1 -b .umask +%patch5 -p1 -b .format-string-vuln +%patch6 -p1 -b .cs_CZ-translation %build +# Remove precompiled binaries from sources. Why the hell is this stuff +# even there? +rm -rf linux make -C src %install rm -rf $RPM_BUILD_ROOT make -C src install R=$RPM_BUILD_ROOT MANDIR=%{_mandir}/man1 install -d $RPM_BUILD_ROOT/etc/X11/applnk/Internet + + cat > $RPM_BUILD_ROOT/etc/X11/applnk/Internet/minicom.desktop < 1.83.1-8 +- Changed minicom to disable SGID/SUID operation completely as it was + never designed to be secure, and likely never will be. (#35613) +- Updated the format string patch I made to fix more format string abuses. +- Added Czeck cs_CZ locale translations. + +* Thu Apr 12 2001 Mike A. Harris +- Fixed format string vuln in usage of do_log() (bug #35613) +- Fixed misc other format string abuse with werror(). +- Changed main tarball to bzip2 compression +- Corrected Buildroot to use _tmppath + +* Tue Mar 27 2001 Crutcher Dunnavant +- patch to drop mask for config file + * Fri Feb 23 2001 Jakub Jelinek - fix build under glibc 2.2.2 diff --git a/sources b/sources index 0b4fa01..1fc1702 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -54311e7ab398a87088eafbe5e7c09cad minicom-1.83.1.src.tar.gz +bf2691b2f83a4276d0ea265e1e9d155d minicom-1.83.1.src.tar.bz2