Home Explore Help
Register Sign In
vinelinux
/
specs
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

2015-02-06 Ryoichi INAGAKI <ryo1@toki.waseda.jp>

	* bind, ntp, procmail: security fix
	


git-svn-id: http://trac.vinelinux.org/repos/projects/specs@9333 ec354946-7b23-47d6-9f5a-488ba84defc7
inagaki 9 years ago
parent
4579348964
commit
cf6f1545a2
3 changed files with 61 additions and 22 deletions
Split View Show Diff Stats
  1. 25 18
      b/bind/bind-vl.spec
  2. 23 2
      n/ntp/ntp-vl.spec
  3. 13 2
      p/procmail/procmail-vl.spec

+ 25 - 18
b/bind/bind-vl.spec
View File 

@@ -2,8 +2,8 @@
 
 
 %define sname bind
 
 %define pname bind
 
-%define pversion 9.9.4
 
-%define sversion 9.9.4
 
+%define pversion 9.9.6.P1
 
+%define sversion 9.9.6-P1
 
 %define bind_epoch 1
 
 # fixed <BTS:VineLinux:1139>
 
 %define old_bind_version 1:9.9.2p2-1vl7
 
@@ -15,29 +15,30 @@ Summary: A DNS (Domain Name System) server.
 
 Summary(ja): DNS (Domain Name System) サーバ
 
 Name: %{pname}
 
 Version: %{pversion}
 
-Release: 1%{?_dist_release}
 
+Release: 3%{?_dist_release}
 
 Epoch: %{bind_epoch}
 
 License: distributable
 
 Group: System Environment/Daemons
 
+URL: http://www.isc.org/bind.html
 
+
 
 Source: ftp://ftp.isc.org/isc/bind9/%{version}/%{sname}-%{sversion}.tar.gz
 
 Source1: bind-manpages.tar.bz2
 
 Source2: named.sysconfig
 
 Source3: named.init
 
 Source4: named.logrotate
 
 Source5: keygen.c
 
-URL: http://www.isc.org/bind.html
 
 Patch1: bind-9.3.3rc2-rndckey.patch
 
 
-Buildroot: %{_tmppath}/%{name}-%{version}-root
 
+BuildRoot: %{_tmppath}/%{name}-%{version}-root
 
 BuildRequires: openssl-devel glibc-devel libtool
 
 BuildRequires: libxml2-devel
 
 BuildRequires: libcap-devel
 
-Requires: %{pname}-libs = %{bind_epoch}:%{version}-%{release}
 
+Requires(pre): %{pname}-utils = %{bind_epoch}:%{version}-%{release}
 
 Requires(pre): shadow-utils
 
+Requires: %{pname}-libs = %{bind_epoch}:%{version}-%{release}
 
 Requires(post): %{pname}-utils = %{bind_epoch}:%{version}-%{release}
 
 Requires(post): coreutils, chkconfig
 
 Requires(preun): initscripts, chkconfig
 
-#Requires(triggerpostun): chkconfig
 
 Conflicts: bind9 <= 9.2.1-0vl5, bind-current
 
 Obsoletes: bind9 <= 9.2.1-0vl5
 
 Obsoletes: bind-current < 1:9.9.4-1
 
@@ -65,6 +66,7 @@ the caching-nameserver package.
 
 
 %package libs
 
 Summary: Libraries used by various DNS packages
 
+Summary(ja): さまざまな DNS パッケージで使用されるライブラリ
 
 Group: System Environment/Libraries
 
 Obsoletes: bind-current-libs <= %{old_bind_version}
 
 
@@ -157,7 +159,13 @@ rm -f man5/named.conf.5.gz
 
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
 
 cp %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/named
 
 
-chmod +x %{buildroot}%{_libdir}/*.so.*
 
+chmod +x $RPM_BUILD_ROOT%{_libdir}/*.so.*
 
+
 
+rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
 
+
 
+%clean
 
+rm -rf $RPM_BUILD_ROOT ${RPM_BUILD_DIR}/%{name}-%{version}
 
+
 
 
 %pre
 
 if [ "$1" -eq 1 ]; then
 
@@ -195,7 +203,6 @@ if [ "$1" -eq 0 ]; then
 
 fi
 
 exit 0
 
 
-
 
 %postun
 
 if [ "$1" -ge 1 ]; then
 
         %{_sysconfdir}/rc.d/init.d/named condrestart >/dev/null 2>&1 || :
 
@@ -210,21 +217,15 @@ fi
 
 /sbin/chkconfig --add named
 
 /sbin/ldconfig
 
 
-%clean
 
-rm -rf ${RPM_BUILD_ROOT} ${RPM_BUILD_DIR}/%{name}-%{version}
 
-
 
+%post libs -p /sbin/ldconfig
 
 
-%post libs
 
-/sbin/ldconfig
 
-
 
-%postun libs
 
-/sbin/ldconfig
 
+%postun libs -p /sbin/ldconfig
 
 
 
 %files
 
 %defattr(-,root,root)
 
 %doc CHANGES README
 
-%doc doc/arm doc/draft doc/rfc doc/misc
 
+%doc doc/arm doc/misc
 
 %config(noreplace) %{_sysconfdir}/logrotate.d/named
 
 %config %{_sysconfdir}/rc.d/init.d/named
 
 %config(noreplace) %{_sysconfdir}/sysconfig/named
 
@@ -293,10 +294,16 @@ rm -rf ${RPM_BUILD_ROOT} ${RPM_BUILD_DIR}/%{name}-%{version}
 
 %{_libdir}/*.a
 
 %{_includedir}/*
 
 %{_mandir}/man3/*
 
+%{_mandir}/man1/bind9-config.1*
 
 %{_mandir}/man1/isc-config.sh.1*
 
+%{_bindir}/bind9-config
 
 %{_bindir}/isc-config.sh
 
 
 %changelog
 
+* Fri Feb  6 2015 Ryoichi INAGAKI <ryo1@toki.waseda.jp> 9.9.6.P1-3
 
+- new upstream release with secrity fix (CVE-2014-8500)  
+- used "3" as release number  because of being newer than Vine Linux/6 updates
 
+
 
 * Tue Oct 08 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 9.9.4-1
 
 - update to 9.9.4(ESV)

+ 23 - 2
n/ntp/ntp-vl.spec
View File 

@@ -1,9 +1,10 @@
 
 %define	_bindir	%{_prefix}/sbin
 
 
 Summary: Synchronizes system time using the Network Time Protocol (NTP).
 
+Summary(ja): Network Time Protocol (NTP) を用いたシステム時刻の同期
 
 Name: ntp
 
 Version: 4.2.6p5
 
-Release: 2%{?_dist_release}
 
+Release: 3%{?_dist_release}
 
 License: distributable
 
 Group: System Environment/Daemons
 
 URL: http://www.ntp.org/
 
@@ -72,6 +73,10 @@ Patch60: ntp-4.2.x_MOD_NANO.patch
 
 
 # security
 
 # Patch100: ntp-4.2.4_CVE-2009-0159.patch
 
+Patch100: ntp-4.2.6p5-cve-2014-9293.patch
 
+Patch110: ntp-4.2.6p5-cve-2014-9294.patch
 
+Patch120: ntp-4.2.6p3_CVE-2014-9295.patch
 
+Patch130: ntp-4.2.6p3_CVE-2014-9296.patch
 
 
 Requires(pre): /sbin/chkconfig
 
 # PreReq: /sbin/chkconfig
 
@@ -102,6 +107,7 @@ time synchronized via the NTP protocol.
 
 
 %package perl
 
 Summary: NTP utilities written in perl
 
+Summary(ja): perl で記述された NTP ユーティリティ
 
 Group: Applications/System
 
 Requires: %{name} = %{version}-%{release}
 
 
@@ -151,6 +157,10 @@ sed -i 's|/var/db/ntp-kod|%{_localstatedir}/lib/ntp/sntp-kod|' sntp/{sntp.1,main
 
 
 # security
 
 # %patch100 -p1 -b .CVE-2009-0159
 
+%patch100 -p1 -b .cve-2014-9293
 
+%patch110 -p1 -b .cve-2014-9294
 
+%patch120 -p1 -b .CVE-2014-9295
 
+%patch130 -p1 -b .CVE-2014-9296
 
 
 %build
 
 # autoconf
 
@@ -243,7 +253,8 @@ fi
 
 %{_sbindir}/tickadj
 
 
 %config				%{_sysconfdir}/rc.d/init.d/ntpd
 
-%config(noreplace)		%{_sysconfdir}/ntp.conf
 
+# %config(noreplace)		%{_sysconfdir}/ntp.conf
 
+%config				%{_sysconfdir}/ntp.conf
 
 %dir				%{_sysconfdir}/ntp/
 
 %ghost %config(missingok)	%{_sysconfdir}/ntp/drift
 
 %config(noreplace)		%{_sysconfdir}/ntp/keys
 
@@ -261,6 +272,16 @@ fi
 
 %{_mandir}/man8/ntptrace.8*
 
 
 %changelog
 
+* Fri Feb  6 2015 Ryoichi INAGAKI <ryo1@toki.waseda.jp> 4.2.6p5-3
 
+- added patch100-130 from Vine Linux/6
 
+  * Sun Dec 21 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 4.2.6p3-4
 
+  - add Patch100-130 for fix CVE-2014-9293,4,5,6
 
+    these patches are from rhel6, thanks.
 
+  * Sat Dec 13 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 4.2.6p3-3
 
+  - update default ntp.conf
 
+  - remove "noreplace" of ntp.conf in files section
 
+- added Japanese summary
 
+  
 * Sat Nov  3 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 4.2.6p5-1
 
 - new upstream release
 
 - update patches from fc18

+ 13 - 2
p/procmail/procmail-vl.spec
View File 

@@ -2,9 +2,9 @@ Summary: The procmail mail processing program.
 
 Summary(ja): procmail メール処理プログラム
 
 Name: procmail
 
 Version: 3.22
 
-Release: 4%{?_dist_release}
 
+Release: 5%{?_dist_release}
 
 License: GPL or artistic
 
-Group: System Environment/Daemons
 
+Group: Applications/Internet
 
 Source: ftp://ftp.procmail.org/pub/procmail/procmail-%{version}.tar.gz
 
 URL: http://www.procmail.org
 
 Patch0: procmail-3.22-rhconfig.patch
 
@@ -16,6 +16,9 @@ Patch6: procmail-3.22-getline.patch
 
 
 # patches added by Vine
 
 Patch10: procmail-3.14-OLD_PREFIX.patch
 
+# security fix
 
+Patch100: CVE-2014-3618.patch
 
+
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 
 
 Vendor: Project Vine
 
@@ -41,6 +44,9 @@ procmail プログラムはローカルメール配送のためのメール配
 
 %patch5 -p1 -b .ipv6
 
 %patch6 -p1 -b .getline
 
 %patch10 -p1 -b .OLD_PREFIX
 
+# security fix
 
+%patch100 -p1 -b .CVE-2014-3618
 
+
 
 find . -type d -exec chmod 755 {} \;
 
 
 %build
 
@@ -73,6 +79,11 @@ rm -rf ${RPM_BUILD_ROOT}
 
 
 
 %changelog
 
+* Fri Feb  6 2015 Ryoichi INAGAKI <ryo1@toki.waseda.jp> 3.22-5
 
+- added patch100 from Vine Linux/6
 
+  * Sun Sep  7 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 3.22-4
 
+  - add patch100 for fix CVE-2014-3618 (formail)
 
+
 
 * Fri May 16 2014 Daisuke SUZUKI <daisuke@linux.or.jp> 3.22-4
 
 - rebuild on current environment