rebuild package

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@8062 ec354946-7b23-47d6-9f5a-488ba84defc7

a/apache2/apache2-vl.spec

@@ -1,13 +1,12 @@
-%define contentdir %{_datadir}/apache2
-%define docroot /var/www/apache2
+%define contentdir /var/www
 %define suexec_caller apache
 %define mmn 20051115
 %define pkgname apache2
 
 Summary: Apache HTTP Server
 Name: %{pkgname}
-Version: 2.2.23
-Release: 2%{_dist_release}
+Version: 2.2.25
+Release: 1%{_dist_release}
 URL: http://httpd.apache.org/
 
 Vendor: Project Vine
@@ -39,6 +38,7 @@ Patch3: httpd-2.0.45-deplibs.patch
 Patch4: httpd-2.1.10-disablemods.patch
 # features/functional changes
 Patch21: httpd-2.0.40-xfsz.patch
+# Patch22: httpd-2.1.10-pod.patch
 Patch22: httpd-2.2.23-pod.patch
 Patch23: httpd-2.0.45-export.patch
 Patch24: httpd-2.0.48-corelimit.patch
@@ -48,17 +48,15 @@ Patch60: httpd-2.2.3-sslusername.patch
 
 # Security fixes
 
+
 License: Apache Software License
 Group: System Environment/Daemons
-
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: db4-devel, expat-devel
 BuildRequires: findutils, perl, openldap-devel, zlib-devel
 BuildRequires: apr-devel, apr-util-devel
 BuildRequires: pcre-devel, sqlite3-devel
-BuildRequires: www-common
 Requires: mailcap, gawk, file, findutils, apr, apr-util
-Requires(pre): www-common
 Requires(pre): chkconfig, mktemp, fileutils
 Requires(pre): sh-utils, textutils, shadow-utils
 Requires(post): alternatives
@@ -179,7 +177,7 @@ AP_CONFOPTS="\
 	--with-apr=%{_prefix} --with-apr-util=%{_prefix} \
 	--enable-suexec --with-suexec \
 	--with-suexec-caller=%{suexec_caller} \
-	--with-suexec-docroot=%{docroot} \
+	--with-suexec-docroot=%{contentdir} \
 	--with-suexec-logfile=%{_localstatedir}/log/apache2/suexec.log \
 	--with-suexec-bin=%{_libdir}/%{pkgname}/suexec \
 	--with-suexec-uidmin=500 --with-suexec-gidmin=500 \
@@ -248,8 +246,8 @@ mv $RPM_BUILD_ROOT%{_sbindir}/{ab,htdbm,logresolve,htpasswd,htdigest} \
 # Make the MMN accessible to module packages
 echo %{mmn} > $RPM_BUILD_ROOT%{_includedir}/apache2/.mmn
 
-# contentdir
-#mkdir $RPM_BUILD_ROOT%{contentdir}/html
+# docroot
+# mkdir $RPM_BUILD_ROOT%{contentdir}/html
 install -m 644 $RPM_SOURCE_DIR/index.html.ja \
 	$RPM_BUILD_ROOT%{contentdir}/error/noindex.html
 rm -r $RPM_BUILD_ROOT%{contentdir}/manual/style
@@ -257,9 +255,6 @@ rm -r $RPM_BUILD_ROOT%{contentdir}/manual/style
 install -m 644 $RPM_SOURCE_DIR/vine.png \
 	$RPM_BUILD_ROOT%{contentdir}/icons
 
-# docroot
-mkdir -p $RPM_BUILD_ROOT%{docroot}/html
-
 # logs
 # rmdir $RPM_BUILD_ROOT%{_sysconfdir}/apache2/logs
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/apache2
@@ -336,10 +331,14 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/apache2/conf/mime.types \
       $RPM_BUILD_ROOT%{_libdir}/apache2/modules/*.exp \
       $RPM_BUILD_ROOT%{_libdir}/apache2/build/config.nice \
       $RPM_BUILD_ROOT%{_sbindir}/{apache2,checkgid,dbmmanage,envvars*} \
-      $RPM_BUILD_ROOT%{docroot}/html/* \
       $RPM_BUILD_ROOT%{contentdir}/html/* \
       $RPM_BUILD_ROOT%{contentdir}/cgi-bin/*
 
+%pre
+# Add the "apache" user
+/usr/sbin/useradd -c "Apache" -u 48 \
+	-s /sbin/nologin -r -d %{contentdir} apache 2> /dev/null || :
+
 %triggerpostun -- apache < 2.0
 /sbin/chkconfig --add apache2
 
@@ -449,11 +448,9 @@ rm -rf $RPM_BUILD_ROOT
 %config(noreplace) %{contentdir}/error/*.var
 %config(noreplace) %{contentdir}/error/include/*.html
 
-%dir %{docroot}/html
-
 %attr(0700,root,root) %dir %{_localstatedir}/log/apache2
 
-%attr(0700,www-data,www-data) %dir %{_localstatedir}/lib/dav
+%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav
 
 %{_mandir}/man1/*
 
@@ -470,10 +467,10 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0700,root,root) %dir %{_sysconfdir}/apache2/conf/ssl.*
 %config %{_sysconfdir}/apache2/conf/Makefile
 %config %{_sysconfdir}/apache2/conf/ssl.*/*
-%attr(0700,www-data,root) %dir %{_localstatedir}/cache/mod_ssl
-%attr(0600,www-data,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.dir
-%attr(0600,www-data,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.pag
-%attr(0600,www-data,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.sem
+%attr(0700,apache,root) %dir %{_localstatedir}/cache/mod_ssl
+%attr(0600,apache,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.dir
+%attr(0600,apache,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.pag
+%attr(0600,apache,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.sem
 
 %files devel
 %defattr(-,root,root)
@@ -485,20 +482,27 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/apache2/build/*.sh
 
 %changelog
-* Wed Oct 24 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 2.2.23-2
-- rebuild with pcre-8.31
+* Sat Sep 28 2013 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.2.25-1
+- new upstream release with security fix (CVE-2013-1862,1896)
+- drop patch100 (is included in new release)
+
+* Fri May 17 2013 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.2.24-2
+- add patch100 for fix CVE-2013-1862 (mod_rewrite)
+
+* Wed Feb 27 2013 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.2.24-1
+- new upstream release with security fix (CVE-2012-3499, 4558)
 
-* Wed Mar 21 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 2.2.23-1
-- update to 2.2.23
-- add R(pre): www-common, BR: www-common
-- move apache contents to %{contentdir}
+* Sun Sep 16 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.2.23-1
+- new upstream release with security fix (CVE-2012-3502,CVE-2012-2687)
+- update patch22 to fit new release
+- update man filename convert list
 
 * Wed Mar 21 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 2.2.22-1
 - update to 2.2.22
   - CVE-2012-0021 (mod_log_config)
   - CVE-2012-0031
   - CVE-2012-0053
-  - remove upstreamed patches
+- remove upstreamed patches
 
 * Fri Dec  9 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.2.21-5
 - add patch120 for fix CVE-2011-4317 (mod_rewrite/mod_proxy)
@@ -608,7 +612,7 @@ rm -rf $RPM_BUILD_ROOT
 * Thu May 10 2007 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 2.2.3-0vl5
 - rebuilt with new toolchain and db4-4.3.x
 
-* Tue Feb  7 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 2.2.3-0vl4
+* Wed Feb  7 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 2.2.3-0vl4
 - added BuildRequires: pcre-devel, sqlite3-devel <BTS:VineLinux:474>
 
 * Mon Sep 11 2006 Kazutaka HARADA <kazutaka@dc4.so-net.ne.jp> 2.2.3-0vl3
@@ -684,11 +688,11 @@ rm -rf $RPM_BUILD_ROOT
 - update %%files section
 - rename httpd.8 manpage
 
-* Tue May 12 2003 Satoshi MACHINO <machino@vinelinux.org> 2.0.45-0vl1
+* Mon May 12 2003 Satoshi MACHINO <machino@vinelinux.org> 2.0.45-0vl1
 - new upstream version
 - used vine-config.layout in srclib
 
-* Tue May 12 2003 Satoshi MACHINO <machino@vinelinux.org> 2.0.44-0vl9
+* Mon May 12 2003 Satoshi MACHINO <machino@vinelinux.org> 2.0.44-0vl9
 - rebuild
 
 * Sun Apr  6 2003 Kazuhisa TAKEI <takei@vinelinux.org> 2.0.44-0vl8

a/apache2/httpd.conf

@@ -227,8 +227,8 @@ Include conf.d/*.conf
 #  when the value of (unsigned)Group is above 60000; 
 #  don't use Group #-1 on these systems!
 #
-User www-data
-Group www-data
+User apache
+Group apache
 
 ### Section 2: 'Main' server configuration
 #
@@ -277,8 +277,7 @@ UseCanonicalName Off
 # documents. By default, all requests are taken from this directory, but
 # symbolic links and aliases may be used to point to other locations.
 #
-#DocumentRoot "/var/www/html"
-DocumentRoot "/var/www/apache2/html"
+DocumentRoot "/var/www/html"
 
 #
 # Each directory to which Apache has access can be configured with respect
@@ -303,8 +302,7 @@ DocumentRoot "/var/www/apache2/html"
 #
 # This should be changed to whatever you set DocumentRoot to.
 #
-#<Directory "/var/www/html">
-<Directory "/var/www/apache2/html">
+<Directory "/var/www/html">
 
 #
 # Possible values for the Options directive are "None", "All",

c/cyrus-sasl/cyrus-sasl-vl.spec

@@ -10,7 +10,7 @@
 Summary: The Cyrus SASL library.
 Name: cyrus-sasl
 Version: 2.1.23
-Release: 10%{_dist_release}
+Release: 11%{_dist_release}
 License: BSD
 Group: System Environment/Libraries
 Source0: ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-%{version}.tar.gz
@@ -40,9 +40,11 @@ Patch28: cyrus-sasl-2.1.21-keytab.patch
 
 Patch100: cyrus-sasl-2.1.22-db4.patch
 Patch101: cyrus-sasl-2.1.23-gcc44.patch
-
 Patch102: configure.patch
 
+#security
+Patch200: cyrus-sasl-2.1.23_CVE-2013-4122.patch
+
 Buildroot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: autoconf, automake, libtool
 # Note: berkeley db for sasl2, gdbm for sasl1.
@@ -201,8 +203,6 @@ Summary: LDAP auxprop support for Cyrus SASL
 The %{name}-ldap package contains the Cyrus SASL plugin which supports using
 a directory server, accessed using LDAP, for storing shared secrets.
 
-
-
 %prep
 %setup -q -c -a 2
 %if %{includev1}
@@ -235,9 +235,10 @@ chmod -x include/*.h
 
 %patch100 -p1 -b .db48
 %patch101 -p1 -b .gcc44
-
 %patch102 -p0 -b .configure
 
+%patch200 -p1 -b .CVE-2013-4122
+
 # FIXME - we remove these files directly so that we can avoid using the -f
 # flag, which has a nasty habit of overwriting files like COPYING.
 rm -f config/config.guess config/config.sub 
@@ -561,6 +562,9 @@ fi
 
 
 %changelog
+* Mon Sep 16 2013 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.1.23-11
+- add patch200 for fix CVE-2013-4122 (NULL ptr. dereference)
+
 * Mon Aug 22 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 2.1.23-10
 - add Vendor/Distri Tags
 
@@ -761,7 +765,7 @@ fi
 - incorporated changes from Mads Kiilerich
 - release number is 1, not mk1
 
-* Tue Nov 10 1999 Mads Kiilerich <mads@kiilerich.com>
+* Wed Nov 10 1999 Mads Kiilerich <mads@kiilerich.com>
 - updated to sasl 1.5.11
 - configure --disable-krb4 --without-rc4 --disable-cram 
   because of missing libraries and pine having cram as default...

d/dhcp/dhcp-vl.spec

@@ -1,8 +1,8 @@
 # vendor string (e.g., Fedora, EL)
 %define vvendor Vine
 
-%define pversion 4.1.ESV.R4
-%define sversion 4.1-ESV-R4
+%define pversion 4.1.ESV.R6
+%define sversion 4.1-ESV-R6
 
 Summary:  DHCP (Dynamic Host Configuration Protocol) server and relay agent
 Summary(ja): DHCP (動的ホスト設定プロトコル) サーバおよびリレーエージェント
@@ -16,7 +16,7 @@ Name:     dhcp
 # --------------------------------------------------------------------------
 Epoch:    13
 Version:  %{pversion}
-Release:  1%{?_dist_release}
+Release:  2%{?_dist_release}
 
 License:  ISC
 Group:    System Environment/Daemons
@@ -49,7 +49,11 @@ Patch15:  %{name}-4.1.0-inherit-leases.patch
 Patch16:  %{name}-4.1.0-garbage-chars.patch
 Patch19:  %{name}-4.1.0-dhclient-option.patch
 
-# security
+# security patches
+# None..
+
+# Vine Patch
+Patch1000: %{name}-4.1-ESV-R6-openssl.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: autoconf
@@ -172,6 +176,9 @@ libdhcpctl and libomapi static libraries are also included in this package.
 
 %patch19 -p1
 
+# Vine Patch
+%patch1000 -p1
+
 # Copy in documentation and example scripts for LDAP patch to dhcpd
 %{__install} -p -m 0644 %{SOURCE5} .
 %{__install} -p -m 0644 %{SOURCE6} doc/
@@ -216,8 +223,6 @@ for page in server/dhcpd.conf.5 server/dhcpd.leases.5 server/dhcpd.8 ; do
                 -e 's|ETCDIR|%{_sysconfdir}/dhcp|g' $page
 done
 
-%{__sed} -i -e 's|-lldap|-lldap -lcrypto|' server/Makefile.am
-
 aclocal
 libtoolize --copy --force
 autoconf
@@ -393,13 +398,22 @@ fi
 %attr(0644,root,root) %{_mandir}/man3/omapi.3.gz
 
 %changelog
+* Tue Dec 24 2013 Yoji TOYODA <bsyamato@sea.plala.or.jp> 4.1.ESV.R6-2
+- rebuild with VineSeed environment
+- add Patch1000 (dhcp-4.1-ESV-R6-openssl.patch)
+
+* Mon Jul 30 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp>
+- 13:4.1.ESV.R6-1
+- update to Extended Support Version with security fixes (CVE-2012-3571,3954)
+- fix changelog typos
+
 * Thu Dec  8 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp>
 - 13:4.1.ESV.R4-1
-- update to Extended Support Version with security gix (CVE-2011-4539)
+- update to Extended Support Version with security fix (CVE-2011-4539)
 
 * Fri Aug 12 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp>
 - 13:4.1.ESV.R3-1
-- update to Extended Support Version with security gix (CVE-2011-2748,2749)
+- update to Extended Support Version with security fix (CVE-2011-2748,2749)
 - update patch1,3,8,10,11 to fit ESV.R3.......
 
 * Wed Apr 13 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 13:4.1.ESV.R2-1
@@ -888,7 +902,7 @@ fi
 * Mon Dec 05 2005 Jason Vas Dias <jvdias@redhat.com> - 11:3.0.3-16
 - fix gcc 4.1 compile warnings (-Werror)
 
-* Fri Nov 19 2005 Jason Vas Dias <jvdias@redhat.com> - 11:3.0.3-12
+* Sat Nov 19 2005 Jason Vas Dias <jvdias@redhat.com> - 11:3.0.3-12
 - fix bug 173619: dhclient-script should reconfig on RENEW if 
                   subnet-mask, broadcast-address, mtu, routers, etc.
                   have changed
@@ -972,7 +986,7 @@ fi
 * Fri Jul 08 2005 Jason Vas Dias <jvdias@redhat.com> 10:3.0.2-14.FC5
 - Allow package to compile with glibc-headers-2.3.5-11 (tr.c's use of __u16)
 
-* Fri May 10 2005 Jason Vas Dias <jvdias@redhat.com> 10:3.0.2-14
+* Tue May 10 2005 Jason Vas Dias <jvdias@redhat.com> 10:3.0.2-14
 - Fix bug 159929: prevent dhclient flooding network on repeated DHCPDECLINE
 - dhclient fast startup:
    remove dhclient's  random 1-5 second delay on startup if only
@@ -1031,7 +1045,7 @@ fi
 * Mon Feb 21 2005 Jason Vas Dias <jvdias@redhat.com> 10:3.0.2-1
 - Upgrade to ISC 3.0.2 Final Release (documentation change only).
 
-* Tue Feb 14 2005 Jason Vas Dias <jvdias@redhat.com> 8:3.0.2rc3-8
+* Mon Feb 14 2005 Jason Vas Dias <jvdias@redhat.com> 8:3.0.2rc3-8
 - Add better execshield security link options
 - fix dhcpd.init when no /etc/dhcpd.conf exists and -cf in DHCPDARGS
 
@@ -1166,7 +1180,7 @@ fi
 * Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1:3.0.1rc12-5
 - Add static routes patch to dhclient-script
 
-* Wed Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1:3.0.1rc12-4
+* Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1:3.0.1rc12-4
 - Fix init to check config during restart
 
 * Wed Mar 24 2004 Dan Walsh <dwalsh@redhat.com> 1:3.0.1rc12-3
@@ -1269,7 +1283,7 @@ fi
 * Mon Feb 3 2003 Dan Walsh <dwalsh@redhat.com> 3.0pl1-23
 - fix script to handle ntp.conf correctly
 
-* Thu Jan 29 2003 Dan Walsh <dwalsh@redhat.com> 3.0pl1-22
+* Wed Jan 29 2003 Dan Walsh <dwalsh@redhat.com> 3.0pl1-22
 - Increment release to add to 8.1
 
 * Wed Jan 29 2003 Dan Walsh <dwalsh@redhat.com> 3.0pl1-21
@@ -1335,10 +1349,10 @@ fi
 - No apparent reason for the dhclient -> dhcp dep mentioned in #68001,
   so removed it
 
-* Wed Jun 27 2002 David Sainty <saint@redhat.com> 3.0pl1-2
+* Thu Jun 27 2002 David Sainty <saint@redhat.com> 3.0pl1-2
 - Move dhclient.conf.sample from dhcp to dhclient
 
-* Mon Jun 25 2002 David Sainty <saint@redhat.com> 3.0pl1-1
+* Tue Jun 25 2002 David Sainty <saint@redhat.com> 3.0pl1-1
 - Change to dhclient, dhcp, dhcp-devel packaging
 - Move to 3.0pl1, do not strip binaries
 - Drop in sysconfig-enabled dhclient-script

g/ghostscript/ghostscript-vl.spec

@@ -5,7 +5,7 @@ Summary: A PostScript(TM) interpreter and renderer.
 Summary(ja): 日本語 PostScript(TM) インタプリタ/レンダラ/ビュア
 Name: ghostscript
 Version: %{gs_ver}
-Release: 5%{?_dist_release}
+Release: 6%{?_dist_release}
 
 License: GPLv2
 URL: http://www.ghostscript.com/
@@ -40,6 +40,10 @@ Patch1000: ghostscript-8.63-eplaser-fix.patch
 # cups-raster fix
 Patch2000: fix691203.patch
 
+# security fixes
+Patch3000: ghostscript-8.71_CVE-2012-4405.patch
+
+
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: libjpeg-devel, libXt-devel
 BuildRequires: zlib-devel, libpng-devel, unzip, gtk2-devel
@@ -65,6 +69,8 @@ Provides: ghostscript-shared = %{version}-%{release}
 Conflicts: cups < 1.3.9-1
 
 Packager: daisuke
+Vendor: Project Vine
+Distribution: Vine Linux
 
 %description
 Ghostscript is a set of software that provides a PostScript(TM)
@@ -167,6 +173,9 @@ rm -rf libpng zlib jpeg jasper
 # cups-raster fix
 %patch2000 -p1 -b .cups-raster
 
+# security fixes
+%patch3000 -p1 -b .CVE-2012-4405
+
 
 # Convert manual pages to UTF-8
 from8859_1() {
@@ -208,18 +217,22 @@ done
 cd ijs
 ./autogen.sh
 %configure --enable-shared --enable-static
-make
+make %{?_smp_mflags}
 cd ..
 
 %if %{build_with_freetype}
 FT_CFLAGS=$(pkg-config --cflags freetype2)
-make so RPM_OPT_FLAGS="$RPM_OPT_FLAGS $EXTRAFLAGS" prefix=%{_prefix} \
+make %{?_smp_mflags} \
+     so RPM_OPT_FLAGS="$RPM_OPT_FLAGS $EXTRAFLAGS" prefix=%{_prefix} \
 	FT_BRIDGE=1 FT_CFLAGS="$FT_CFLAGS" FT_LIB=freetype
-make RPM_OPT_FLAGS="$RPM_OPT_FLAGS $EXTRAFLAGS" prefix=%{_prefix} \
+make %{?_smp_mflags} \
+     RPM_OPT_FLAGS="$RPM_OPT_FLAGS $EXTRAFLAGS" prefix=%{_prefix} \
 	FT_BRIDGE=1 FT_CFLAGS="$FT_CFLAGS" FT_LIB=freetype
 %else
-make so RPM_OPT_FLAGS="$RPM_OPT_FLAGS $EXTRAFLAGS" prefix=%{_prefix}
-make RPM_OPT_FLAGS="$RPM_OPT_FLAGS $EXTRAFLAGS" prefix=%{_prefix}
+make %{?_smp_mflags} \
+     so RPM_OPT_FLAGS="$RPM_OPT_FLAGS $EXTRAFLAGS" prefix=%{_prefix}
+make %{?_smp_mflags} \
+     RPM_OPT_FLAGS="$RPM_OPT_FLAGS $EXTRAFLAGS" prefix=%{_prefix}
 %endif
 
 %install
@@ -358,6 +371,11 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libgs.so
 
 %changelog
+* Thu Sep 20 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 8.71-6
+- add patch3000 for fix CVE-2012-4405 (icc)
+- add Vendor/Distri tags
+- use smp_flag when make
+
 * Sat Apr 28 2012 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 8.71-5
 - added Patch2000 (to fix cups-raster driver).
 
@@ -1047,7 +1065,7 @@ rm -rf $RPM_BUILD_ROOT
 * Thu Aug  9 2001 Yukihiro Nakai <ynakai@redhat.com> 6.51-5
 - Add cjk resources
 
-* Thu Aug  1 2001 Crutcher Dunnavant <crutcher@redhat.com> 6.51-4
+* Wed Aug  1 2001 Crutcher Dunnavant <crutcher@redhat.com> 6.51-4
 - applied drepper@redhat.com's patch for #50300
 - fixed build deps on zlib-devel and libpng-devel, #49853
 - made gs_init.ps a config file; #25096

o/openjpeg/openjpeg-vl.spec

@@ -2,7 +2,7 @@ Name: openjpeg
 Summary: JPEG 2000 codec library
 Summary(ja): JPEG 2000 コーデックライブラリ
 Version: 1.4
-Release: 1%{?_dist_release}
+Release: 4%{?_dist_release}
 Group: System Environment/Libraries
 License: BSD
 URL: http://www.openjpeg.org/
@@ -17,10 +17,19 @@ Patch50: openjpeg-1.4-no_undefined.patch
 # http://groups.google.com/group/openjpeg/browse_thread/thread/6326363ebb969a99
 Patch52: openjpeg-1.4-autoconf.patch
 
+# Security
+Patch100: openjpeg-1.4_CVE-2012-3535.patch
+Patch110: openjpeg-cve-2009-5030.patch
+Patch120: openjpeg-1.4_CVE-2012-3358.patch
+
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: automake libtool 
 BuildRequires: libtiff-devel
 BuildRequires: lcms-devel
+BuildRequires: libjpeg-devel, libpng-devel
+
+Vendor: Project Vine
+Distribution: Vine Linux
 
 %description
 The OpenJPEG library is an open-source JPEG 2000 codec written in C language.
@@ -54,6 +63,11 @@ rm -rf libs
 
 %patch50 -p1 -b .no_undefined
 %patch52 -p1 -b .autoconf
+
+%patch110 -p1 -b .cve-2009-5030
+%patch120 -p1 -b .CVE-2012-3358
+%patch100 -p1 -b .CVE-2012-3535
+
 autoreconf -i -f
 
 %build
@@ -94,7 +108,7 @@ rm -rf %{buildroot}
 %{_libdir}/pkgconfig/lib*.pc
 # legacy/compat header locations
 %{_includedir}/openjpeg.h
-%{_includedir}/openjpeg/
+%{_includedir}/openjpeg
 
 %files tools
 %defattr(-,root,root,-)
@@ -102,6 +116,20 @@ rm -rf %{buildroot}
 %{_mandir}/man1/*
 
 %changelog
+* Tue Dec 24 2013 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.4-4
+- fix %%files devel
+
+* Tue Feb 26 2013 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.4-3
+- add patch110 for fix CVE-2009-5030 (Gray16 TIFF)
+- add patch120 for fix CVE-2012-3358 (j2k)
+  (Both patches are based on RHEL6, thanks)
+
+* Thu Sep 20 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.4-2
+- add patch100 for fix CVE-2012-3535 (sanity-check an image header)
+  (based on RHEL6, thanks)
+- add Vendor/Distri tags
+- add BR: libjpeg-devel, libpng-devel
+
 * Thu Apr 14 2011 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 1.4-1
 - updated to 1.4
 - built with current VineSeed