updated 7 packages

bison-3.6.4-1

libexif-0.6.22-2

libvncserver-0.9.13-1

nodejs-12.18.0-1

perl-5.26.2-3

php74-7.4.7-1

postfix-3.5.4-1

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@12417 ec354946-7b23-47d6-9f5a-488ba84defc7

b/bison/bison-vl.spec

@@ -1,26 +1,26 @@
 %bcond_without check
 
-Summary: A GNU general-purpose parser generator.
-Summary(ja): GNU 汎用構文解析器生成プログラム
-Name: bison
-Version: 3.4.2
-Release: 1%{?_dist_release}
-License: GPL
-Group: Development/Tools
-Source: https://ftp.gnu.org/gnu/bison/bison-%{version}.tar.xz
-URL: https://www.gnu.org/software/bison/
+Summary:        A GNU general-purpose parser generator.
+Summary(ja):    GNU 汎用構文解析器生成プログラム
+Name:           bison
+Version:        3.6.4
+Release:        1%{?_dist_release}
+Group:          Development/Tools
+Vendor:         Project Vine
+Distribution:   Vine Linux
 
-BuildRoot: %{_tmppath}/%{name}-%{version}-root
+License:        GPL
+Source:         https://ftp.gnu.org/gnu/bison/bison-%{version}.tar.xz
+URL:            https://www.gnu.org/software/bison/
 
-BuildRequires: flex
+BuildRoot:      %{_tmppath}/%{name}-%{version}-root
 
-Requires: m4 >= 1.4
+BuildRequires:  flex
+
+Requires:       m4 >= 1.4
 Requires(post): install-info
 Requires(preun): install-info
 
-Vendor:        Project Vine
-Distribution:  Vine Linux
-
 %description
 Bison is a general purpose parser generator which converts a grammar
 description for an LALR(1) context-free grammar into a C program to parse
@@ -85,6 +85,7 @@ rm -f pkgdoc/COPYING
 
 cat %{name}-gnulib.lang >> %{name}.lang
 
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
@@ -114,6 +115,9 @@ fi
 
 
 %changelog
+* Thu Jun 18 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.6.4-1
+- new upstream release.
+
 * Tue Nov 05 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.4.2-1
 - new upstream release.
 

lib/libe/libexif/libexif-vl.spec

@@ -2,7 +2,7 @@ Name: libexif
 Summary: EXIF tag library
 Summary(ja): EXIF タグライブラリ
 Version: 0.6.22
-Release: 1%{?_dist_release}
+Release: 2%{?_dist_release}
 Group: System Environment/Libraries
 Vendor: Project Vine
 Distribution: Vine Linux
@@ -11,6 +11,7 @@ License: LGPLv2+
 URL: https://libexif.github.io/
 %define altver %(echo %{version} | tr . _)
 Source: https://github.com/libexif/libexif/releases/download/libexif-%{altver}-release/%{name}-%{version}.tar.xz
+Patch1000: CVE-2020-0198.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: pkgconfig gettext doxygen
@@ -74,7 +75,11 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Tue Jun 16 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.6.22-2
+- added Patch1000 to fix CVE-2020-0198.
+
 * Fri May 22 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.6.22-1
+- new upstream release.
 - dropped Patch0-4: fixed in upstream.
 
 * Sun May 17 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.6.21-3

lib/libv/libvncserver/libvncserver-vl.spec

@@ -1,31 +1,42 @@
-%define system_minilzo 1
+Summary:        Library to make writing a vnc server easy
+Name:           libvncserver
+Version:        0.9.13
+Release:        1%{?_dist_release}
+Group:          System Environment/Libraries
+Vendor:         Project Vine
+Distribution:   Vine Linux
 
-Summary: Library to make writing a vnc server easy
-Name:    libvncserver
-Version: 0.9.9
-Release: 1%{?_dist_release}
 # NOTE: --with-tightvnc-filetransfer => GPLv2
-License: GPLv2+
-Group:   System Environment/Libraries
-URL:     http://libvncserver.sourceforge.net/
-Source0: http://downloads.sf.net/libvncserver/LibVNCServer-%{version}.tar.gz
-BuildRoot: %{_tmppath}/%{name}-%{version}-root
-
-# workaround there being no x11vnc/ dir in tarball
-Patch0: LibVNCServer-0.9.9-no_x11vnc.patch
-Patch1: LibVNCServer-0.9.9-system_minilzo.patch 
-Patch2: libvncserver-0.9.1-multilib.patch
-# pkgconfig love (upstreamable)
-Patch3: LibVNCServer-0.9.9-pkgconfig.patch
-
+License:        GPLv2+
+URL:            https://libvnc.github.io/
+Source0:        https://github.com/LibVNC/libvncserver/archive/LibVNCServer-%{version}.tar.gz
+
+BuildRoot:      %{_tmppath}/%{name}-%{version}-root
+BuildRequires:  cmake
+BuildRequires:  pkgconfig(gnutls)
+BuildRequires:  pkgconfig(sdl2)
+#BuildRequires:  pkgconfig(libsystemd)
+BuildRequires:  pkgconfig(avahi-client)
+BuildRequires:  pkgconfig(ice)
+BuildRequires:  pkgconfig(x11)
+BuildRequires:  pkgconfig(xdamage)
+BuildRequires:  pkgconfig(xext)
+BuildRequires:  pkgconfig(xfixes)
+BuildRequires:  pkgconfig(xi)
+BuildRequires:  pkgconfig(xinerama)
+BuildRequires:  pkgconfig(xrandr)
+BuildRequires:  pkgconfig(xtst)
+BuildRequires:  gettext-devel
+BuildRequires:  libgcrypt-devel
+BuildRequires:  libjpeg-devel
+BuildRequires:  libpng-devel
+BuildRequires:  lzo-devel
+BuildRequires:  lzo-minilzo
+BuildRequires:  openssl-devel
+BuildRequires:  zlib-devel
 # upstream name
-Obsoletes: LibVNCServer < %{version}-%{release}
-Provides:  LibVNCServer = %{version}-%{release}
-
-BuildRequires: findutils
-BuildRequires: libjpeg-devel
-BuildRequires: zlib-devel
-BuildRequires: lzo-minilzo lzo-devel
+Obsoletes:      LibVNCServer < %{version}-%{release}
+Provides:       LibVNCServer = %{version}-%{release}
 
 %description
 LibVNCServer makes writing a VNC server (or more correctly, a program
@@ -34,6 +45,7 @@ exporting a framebuffer via the Remote Frame Buffer protocol) easy.
 It hides the programmer from the tedious task of managing clients and
 compression schemata.
 
+
 %package devel
 Summary: Development files for %{name}
 Group: Development/Libraries
@@ -49,50 +61,29 @@ Provides:  LibVNCServer-devel = %{version}-%{release}
 
 
 %prep
-%setup -q -n LibVNCServer-%{version}
+%setup -q -n %{name}-LibVNCServer-%{version}
 
-%patch0 -p1 -b .no_x11vnc
-%if %{system_minilzo}
-%patch1 -p1 -b .system_minilzo
 #nuke bundled minilzo
 rm -f common/lzodefs.h common/lzoconf.h commmon/minilzo.h common/minilzo.c
-%endif
-%patch2 -p1 -b .multilib
-%patch3 -p1 -b .pkgconfig
 
 # fix encoding
 mv AUTHORS AUTHORS.OLD && \
 iconv -f ISO_8859-1 -t UTF8 AUTHORS.OLD > AUTHORS && \
 touch --reference AUTHORS.OLD AUTHORS
 
-# fix source perms
-find -name "*.c" -o -name "*.h" | xargs chmod 644
-
 
 %build
-autoreconf 
-%configure \
-  --disable-static \
-  --without-tightvnc-filetransfer
+mkdir -p build
+pushd build
+%cmake ..
+popd
 
-# hack to omit unused-direct-shlib-dependencies
-sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool
+%make_build -C build
 
-make \
-%if %{system_minilzo}
-CFLAGS="$RPM_OPT_FLAGS -I %{_includedir}/lzo" LDFLAGS="$LDFLAGS -lminilzo" \
-%endif
-%{?_smp_mflags} 
 
 %install
 rm -rf %{buildroot}
-
-make install DESTDIR=%{buildroot}
-
-# unpackaged files
-rm -f %{buildroot}%{_bindir}/LinuxVNC
-rm -f %{buildroot}%{_libdir}/lib*.a
-rm -f %{buildroot}%{_libdir}/lib*.la
+%make_install -C build
 
 
 %clean
@@ -106,14 +97,14 @@ rm -rf %{buildroot}
 
 %files
 %defattr(-,root,root,-)
-%doc AUTHORS ChangeLog COPYING NEWS README TODO
-%{_bindir}/linuxvnc
-%{_libdir}/libvncclient.so.0*
-%{_libdir}/libvncserver.so.0*
+%license COPYING
+%doc AUTHORS ChangeLog NEWS.md README.md TODO.md
+%{_libdir}/libvncclient.so.*
+%{_libdir}/libvncserver.so.*
 
 %files devel
 %defattr(-,root,root,-)
-%{_bindir}/*-config
+#{_bindir}/*-config
 %{_includedir}/rfb/
 %{_libdir}/libvncclient.so
 %{_libdir}/libvncserver.so
@@ -122,6 +113,11 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Fri Jun 19 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.9.13-1
+- new upstream release.
+- dropped Patch0, 1 and 3: fixed in upstream.
+- dropped Patch2.
+
 * Sat Jul 06 2013 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.9.9-1
 - update to 0.9.9
 - remove Patch50 (libvncserver-LINUX.patch)

n/nodejs/nodejs-vl.spec

@@ -14,29 +14,27 @@
 %define _unpackaged_files_terminate_build 1
 
 Name:           nodejs
-Version:        12.16.0
+Version:        12.18.0
 Release:        1%{?_dist_release}
 Summary:        JavaScript runtime
 Summary(ja):    JavaScript ランタイム
 Group:          Development/Languages
-
 Vendor:         Project Vine
 Distribution:   Vine Linux
 
 License:        MIT and ASL 2.0 and ISC and BSD
 URL:            https://nodejs.org/
+Source0:        https://nodejs.org/dist/v%{version}/node-v%{version}.tar.gz
+Source1:        macros.nodejs
+Source2:        nodejs.attr
+Source3:        nodejs.prov
+Source4:        nodejs.req
+Source5:        nodejs-symlink-deps
+Source6:        nodejs-fixdep
 
 # Exclusive archs must match v8
 ExclusiveArch: %{ix86} x86_64 %{arm}
 
-Source0: https://nodejs.org/dist/v%{version}/node-v%{version}.tar.gz
-Source1: macros.nodejs
-Source2: nodejs.attr
-Source3: nodejs.prov
-Source4: nodejs.req
-Source5: nodejs-symlink-deps
-Source6: nodejs-fixdep
-
 # V8 presently breaks ABI at least every x.y release while never bumping SONAME,
 # so we need to be more explicit until spot fixes that
 %global v8_ge 6.1.534.48
@@ -126,6 +124,10 @@ Group: Documentation
 %description docs
 The API documentation for the Node.js JavaScript runtime.
 
+
+%debug_package
+
+
 %prep
 %setup -q -n node-v%{version}
 
@@ -285,6 +287,9 @@ cp -p common.gypi %{buildroot}%{_datadir}/node
 %license LICENSE
 
 %changelog
+* Fri Jun 12 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 12.18.0-1
+- updated to 12.18.0.
+
 * Thu Feb 13 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 12.16.0-1
 - updated to 12.16.0.
 

p/perl/perl-vl.spec

@@ -11,7 +11,7 @@
 %endif
 
 %define perl_version 5.26.2
-%define perlrel 1
+%define perlrel 3
 %define perl_epoch 2
 
 Provides: perl(:WITH_PERLIO)
@@ -45,13 +45,16 @@ Summary:      The Perl programming language.
 Summary(ja):  Perl プログラミング 言語
 
 Name:         perl
+Epoch:        %{perl_epoch}
 Version:      %{perl_version}
 Release:      %{perlrel}%{?_dist_release}
-Epoch:        %{perl_epoch}
-License:      Artistic or GPL
 Group:        Development/Languages
+Vendor:       Project Vine
+Distribution: Vine Linux
+
+License:      Artistic or GPL
 URL:	      http://www.perl.org/
-Source0:      ftp://ftp.perl.org/pub/perl/CPAN/src/perl-%{perl_version}.tar.bz2
+Source0:      http://www.cpan.org/src/5.0/perl-%{perl_version}.tar.bz2
 Source10:     system-owned-directories
 Source11:     filter-depends.sh
 Source12:     perl-5.8.0-libnet.cfg
@@ -276,6 +279,7 @@ Patch86:        perl-5.29.0-Remove-ext-GDBM_File-t-fatal.t.patch
 
 # Fix an integer wrap when allocating memory for an environment variable,
 # RT#133204, in upstream after 5.29.0
+# CVE-2018-18311
 Patch87:        perl-5.26.2-Perl_my_setenv-handle-integer-wrap.patch
 
 # Fix printing a warning about a wide character when matching a regular
@@ -295,12 +299,20 @@ Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li
 # Link XS modules to libperl.so with EU::MM on Linux, bug #960048
 Patch201:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-MM-on-Linux.patch
 
+# patch from openSUSE
+Patch1000:      perl-fix2020.patch
+
 # Vine
 # (nothing)
 
 ## security
-# (nothing)
-
+Patch20000:     perl-archive-tar-dirtrav.diff
+Patch20001:     perl-extended-charclass-assert.diff
+Patch20002:     perl-regcomp-strchr-memchr.diff
+Patch20003:     perl-reg-node-overrun.diff
+Patch20004:     0001-CVE-2020-10543.patch
+Patch20005:     0002-CVE-2020-10878.patch
+Patch20006:     0003-CVE-2020-12723.patch
 
 Buildroot:    %{_tmppath}/%{name}-%{version}-root
 BuildRequires:  gawk, grep, tcsh, gdbm-devel, libdb-devel
@@ -313,9 +325,6 @@ BuildRequires:  libxcrypt-devel, libnsl2-devel, bzip2-devel
 # in Config.pm will be undefined. This BuildPreReq will fix it.
 BuildRequires:  man-db
 
-Vendor:       Project Vine
-Distribution: Vine Linux
-
 # The long line of Perl provides.
 
 # These provides are needed by the perl pkg itself with auto-generated perl.req
@@ -323,6 +332,7 @@ Provides: perl(VMS::Filespec)
 Provides: perl(VMS::Stdio)
 
 # Compat provides
+Provides: perl(:MODULE_COMPAT_5.26.3)
 Provides: perl(:MODULE_COMPAT_5.26.2)
 Provides: perl(:MODULE_COMPAT_5.26.1)
 Provides: perl(:MODULE_COMPAT_5.26.0)
@@ -415,6 +425,10 @@ Obsoletes:    perl < 5.10.0
 %description localdirs
 Perl library directories in /usr/local
 
+
+%debug_package
+
+
 %prep
 %setup -q
 
@@ -479,8 +493,17 @@ Perl library directories in /usr/local
 %patch200 -p1
 %patch201 -p1
 
+## patch from openSUSE
+%patch1000 -p1
+
 ## security patch(es)
-# (nothing)
+%patch20000 -p1
+%patch20001 -p1
+%patch20002 -p1
+%patch20003 -p1
+%patch20004 -p1
+%patch20005 -p1
+%patch20006 -p1
 
 #
 # Candidates for doc recoding (need case by case review):
@@ -753,9 +776,11 @@ chmod -R u+w $RPM_BUILD_ROOT/*
 # perl -x patchlevel.h 'Fedora Patch12: Update Module::Load::Conditional to 0.24'
 # perl -x patchlevel.h 'Fedora Patch13: Upgrade Module::CoreList to 2.14'
 
+
 %clean
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
 
+
 %check
 %{new_perl} -I./lib regen/lib_cleanup.pl
 pushd t
@@ -763,13 +788,16 @@ pushd t
 popd
 LC_ALL=C make test
 
+
 %post -p /sbin/ldconfig
 
 %postun -p /sbin/ldconfig
 
+
 %files
 %defattr(-,root,root)
-%doc Artistic AUTHORS Changes* Copying README
+%license Copying
+%doc Artistic AUTHORS Changes* README
 %{_mandir}/man1/*.1*
 %{_mandir}/man3/*.3*
 %{_bindir}/*
@@ -785,7 +813,16 @@ LC_ALL=C make test
 %dir %{_prefix}/local/lib/site_perl/%{perl_version}
 %dir %{_prefix}/local/lib/site_perl/%{perl_version}/%{_arch}-%{_os}%{thread_arch}
 
+
 %changelog
+* Wed Jun 10 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 5.26.2-3
+- added Patch20004-20006 to fix CVE-2020-{10543,10878,12723}.
+
+* Wed Jun 10 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 5.26.2-2
+- new upstream release.
+- imported Patch1000, 20000-20003 from openSUSE.
+  - CVE-2018-12015 and CVE-2018-1831{2,3,4}
+
 * Thu May 16 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 5.26.2-1
 - new upstream release.
 - added BR:libxcrypt-devel,libnsl2-devel,bzip2-devel.

p/php74/php74-vl.spec

@@ -51,7 +51,7 @@
 Name: php%{majorver}
 Summary: The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
 Summary(ja): HTML 埋め込み型スクリプト言語 PHP
-Version: 7.4.6
+Version: 7.4.7
 Release: 1%{_dist_release}%{?with_systemd:.systemd}
 Conflicts: php5 < 5.6.11
 
@@ -1051,6 +1051,9 @@ rm -f files.*
 
 #======================================================================
 %changelog
+* Thu Jun 11 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 7.4.7-1
+- new upstream release.
+
 * Thu May 14 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 7.4.6-1
 - new upstream release.
 

p/postfix/postfix-vl.spec

@@ -32,7 +32,7 @@
 Summary:        Postfix Mail Transport Agent
 Summary(ja):    Postfix メールトランスポートエージェント
 Name:           postfix
-Version:        3.5.2
+Version:        3.5.4
 Release:        1%{?_dist_release}%{?with_systemd:.systemd}
 Group:          System Environment/Daemons
 Vendor:         Project Vine
@@ -556,6 +556,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/postfix/postfix-files.d/pcre
 
 %changelog
+* Sun Jun 28 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.5.4-1
+- new upstream release.
+
 * Mon May 18 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.5.2-1
 - new upstream release.