new linux-f10-expat due to CVE-2009-3720 ?

Herbert J. Skuhra hskuhra at eumx.net
Sun Apr 27 21:29:11 UTC 2014 

On Wed, 23 Apr 2014 09:19:02 -0700
Ludwig Pummer wrote:

> portaudit started complaining to me about:
> 
> Affected package: linux-f10-expat-2.0.1
> Type of problem: expat2 -- Parser crash with specially formatted UTF-8
> sequences.
> Reference:
> http://portaudit.FreeBSD.org/5f030587-e39a-11de-881e-001aa0166822.html
> 
> Affects:
>     expat2 <2.0.1_1
>     linux-f10-expat <2.0.1_1
> 
> However, this port hasn't been touched in 2 months and is still at
> version 2.0.1:
> 
> http://svnweb.freebsd.org/ports/head/textproc/linux-f10-expat/
> 
> What are my options for clearing this security warning?

You can try:

-------------- next part --------------
Index: Makefile
===================================================================
--- Makefile	(revision 352452)
+++ Makefile	(working copy)
@@ -3,8 +3,10 @@
 
 PORTNAME=	expat
 PORTVERSION=	2.0.1
+PORTREVISION=	1
 CATEGORIES=	textproc linux
-MASTER_SITES=	CRITICAL/rpm/${LINUX_RPM_ARCH}/fedora/${LINUX_DIST_VER}
+MASTER_SITES=	http://archives.fedoraproject.org/pub/archive/fedora/linux/updates/10/i386/ \
+		http://archive.fedoraproject.org/pub/archive/fedora/linux/updates/10/SRPMS/
 PKGNAMEPREFIX=	linux-f10-
 DISTNAME=	${PORTNAME}-${PORTVERSION}-${RPMVERSION}
 
@@ -16,7 +18,7 @@
 ONLY_FOR_ARCHS=	i386 amd64
 USE_LINUX_RPM=	yes
 LINUX_DIST_VER=	10
-RPMVERSION=	5
+RPMVERSION=	8.fc10
 BRANDELF_FILES=	usr/bin/xmlwf
 USE_LDCONFIG=	yes
 
Index: distinfo.i386
===================================================================
--- distinfo.i386	(revision 352452)
+++ distinfo.i386	(working copy)
@@ -1,4 +1,4 @@
-SHA256 (rpm/i386/fedora/10/expat-2.0.1-5.i386.rpm) = 1a583a21620e9590cc2287fb69d5d9df6e6d5ca4305161be621caba6a8302eb4
-SIZE (rpm/i386/fedora/10/expat-2.0.1-5.i386.rpm) = 84975
-SHA256 (rpm/i386/fedora/10/expat-2.0.1-5.src.rpm) = 26eff74d146417c668cc7229e2db338291bdcff8365fe7d8e6447a73099e2679
-SIZE (rpm/i386/fedora/10/expat-2.0.1-5.src.rpm) = 453519
+SHA256 (rpm/i386/fedora/10/expat-2.0.1-8.fc10.i386.rpm) = e242a5ede9751dd7b6b584c630b58fbac5b01ec938f8c64d6700620816652c45
+SIZE (rpm/i386/fedora/10/expat-2.0.1-8.fc10.i386.rpm) = 84981
+SHA256 (rpm/i386/fedora/10/expat-2.0.1-8.fc10.src.rpm) = 7ea0ba634f6142237803ecc7fd4a2b73136a9393033b4ef0875511729fbc6c97
+SIZE (rpm/i386/fedora/10/expat-2.0.1-8.fc10.src.rpm) = 455074
-------------- next part --------------

But Fedora 10 reached EOL on December, 27th 2009!

Or try: https://github.com/xmj/linux-ports/

-- 
Herbert

More information about the freebsd-emulation mailing list