Re: pkg/50082 (suse131 packages are outdated)

[Rin Okuyama <okuyama%flex.phys.tohoku.ac.jp@localhost>]

The following reply was made to PR pkg/50082; it has been noted by GNATS.

From: Rin Okuyama <okuyama%flex.phys.tohoku.ac.jp@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: pkg/50082 (suse131 packages are outdated)
Date: Sun, 16 Aug 2015 23:02:49 +0900

 Sorry, the attached files in the previous mail were encoded by base64.
 I'm sending them inline this time.
 
 I'm afraid that my mailer breaks some special characters. In that case,
 please fetch them from web:
   http://flex.phys.tohoku.ac.jp/~okuyama/suse131.patch
   http://flex.phys.tohoku.ac.jp/~okuyama/pkg-vulnerabilities.patch
 
 ====
 
 --- ./suse131_base/Makefile.orig	2015-08-16 21:30:01.000000000 +0900
 +++ ./suse131_base/Makefile	2015-08-16 21:31:58.000000000 +0900
 @@ -1,13 +1,13 @@
  # $NetBSD: Makefile,v 1.15 2015/07/28 08:49:14 wiz Exp $
 
  PKGNAME=	suse_base-${SUSE_VERSION}
 -PKGREVISION=	9
 +PKGREVISION=	10
  CATEGORIES=	emulators
  RPMUPDPKGS+=	aaa_base-${SUSE_VERSION}-16.46.1.${SUSE_ARCH}
  RPMUPDPKGS+=	bash-4.2-68.12.1.${SUSE_ARCH}
  RPMUPDPKGS+=	coreutils-8.21-7.16.1.${SUSE_ARCH}
  RPMPKGS+=	findutils-4.5.12-1.1.${SUSE_ARCH}
 -RPMUPDPKGS+=	glibc-2.18-4.35.1.${SUSE_ARCH}
 +RPMUPDPKGS+=	glibc-2.18-4.38.1.${SUSE_ARCH}
  RPMPKGS+=	keyutils-1.5.5-6.1.3.${SUSE_ARCH}
  RPMPKGS+=	libacl1-2.2.52-2.1.2.${SUSE_ARCH}
  RPMPKGS+=	libattr1-2.4.47-2.1.2.${SUSE_ARCH}
 --- ./suse131_base/distinfo.orig	2015-08-16 21:31:22.000000000 +0900
 +++ ./suse131_base/distinfo	2015-08-16 21:32:44.000000000 +0900
 @@ -1,4 +1,4 @@
 -$NetBSD: distinfo,v 1.11 2015/07/28 08:49:14 wiz Exp $
 +$NetBSD$
 
  SHA1 (suse131/aaa_base-13.1-16.46.1.i586.rpm) =
 52de484fef32fec98ba8613267c8ce17ea675843
  RMD160 (suse131/aaa_base-13.1-16.46.1.i586.rpm) =
 28d9c8d3fef0ef60cbcc189bc66502ae6a991a34
 @@ -24,12 +24,12 @@
  SHA1 (suse131/findutils-4.5.12-1.1.x86_64.rpm) =
 b2b179c789e2b782532483cbbc7641cf3533836e
  RMD160 (suse131/findutils-4.5.12-1.1.x86_64.rpm) =
 4956722a0c9bdeff3647d63d9c1382a0b9f21d40
  Size (suse131/findutils-4.5.12-1.1.x86_64.rpm) = 286084 bytes
 -SHA1 (suse131/glibc-2.18-4.35.1.i586.rpm) =
 4e1b9355926701eed1e1bf37e4ac2e35265d4ddd
 -RMD160 (suse131/glibc-2.18-4.35.1.i586.rpm) =
 e707472bd6a74d05254b9978093157e66cb77d2a
 -Size (suse131/glibc-2.18-4.35.1.i586.rpm) = 1521034 bytes
 -SHA1 (suse131/glibc-2.18-4.35.1.x86_64.rpm) =
 788ee2bf331ca06a0dcadeb0dc28784831f5723e
 -RMD160 (suse131/glibc-2.18-4.35.1.x86_64.rpm) =
 cc739af9294794db7a709c44a64300c1b7e0f7a5
 -Size (suse131/glibc-2.18-4.35.1.x86_64.rpm) = 1728030 bytes
 +SHA1 (suse131/glibc-2.18-4.38.1.i586.rpm) =
 88aef03df69ea7899d9c2ffffafd8551c89c84a3
 +RMD160 (suse131/glibc-2.18-4.38.1.i586.rpm) =
 75cb4e4a59504fa724fb7deb281abfdfc666ddac
 +Size (suse131/glibc-2.18-4.38.1.i586.rpm) = 1520570 bytes
 +SHA1 (suse131/glibc-2.18-4.38.1.x86_64.rpm) =
 517aaabe77115ae9771a1bf687fee1764e7dd018
 +RMD160 (suse131/glibc-2.18-4.38.1.x86_64.rpm) =
 bc2f3badbc67dc9f5a54764d834d3043b9c98988
 +Size (suse131/glibc-2.18-4.38.1.x86_64.rpm) = 1728048 bytes
  SHA1 (suse131/keyutils-1.5.5-6.1.3.i586.rpm) =
 913db0152c69ce422bbc9d12ccc6582da655d70a
  RMD160 (suse131/keyutils-1.5.5-6.1.3.i586.rpm) =
 b09f26c235dbcdf6ed7f58f62160b44a46be6e59
  Size (suse131/keyutils-1.5.5-6.1.3.i586.rpm) = 66726 bytes
 --- ./suse131_locale/Makefile.orig	2015-08-16 21:43:43.000000000 +0900
 +++ ./suse131_locale/Makefile	2015-08-16 21:43:58.000000000 +0900
 @@ -1,9 +1,9 @@
  # $NetBSD: Makefile,v 1.5 2015/07/28 08:49:15 wiz Exp $
 
  PKGNAME=	suse_locale-${SUSE_VERSION}
 -PKGREVISION=	1
 +PKGREVISION=	2
  CATEGORIES=	emulators
 -RPMUPDPKGS+=	glibc-locale-2.18-4.35.1.${SUSE_ARCH}
 +RPMUPDPKGS+=	glibc-locale-2.18-4.38.1.${SUSE_ARCH}
 
  CONFLICTS=	linux-locale-[0-9]*
 
 --- ./suse131_locale/distinfo.orig	2015-08-16 21:43:47.000000000 +0900
 +++ ./suse131_locale/distinfo	2015-08-16 21:44:23.000000000 +0900
 @@ -1,8 +1,8 @@
 -$NetBSD: distinfo,v 1.2 2015/07/28 08:49:15 wiz Exp $
 +$NetBSD$
 
 -SHA1 (suse131/glibc-locale-2.18-4.35.1.i586.rpm) =
 8e80e90cb75f1b133d76cc0b641995d3211d8bd6
 -RMD160 (suse131/glibc-locale-2.18-4.35.1.i586.rpm) =
 90b5c71e52da2911931e9103b083714a4e06ec2a
 -Size (suse131/glibc-locale-2.18-4.35.1.i586.rpm) = 6218339 bytes
 -SHA1 (suse131/glibc-locale-2.18-4.35.1.x86_64.rpm) =
 6a853add43aa7eda537a1b94243b67690eb7d1b4
 -RMD160 (suse131/glibc-locale-2.18-4.35.1.x86_64.rpm) =
 30992779f7d807460a6f206399945831434cbcb6
 -Size (suse131/glibc-locale-2.18-4.35.1.x86_64.rpm) = 6216767 bytes
 +SHA1 (suse131/glibc-locale-2.18-4.38.1.i586.rpm) =
 5f760184456e91c1b56df2df463f570aecfc8130
 +RMD160 (suse131/glibc-locale-2.18-4.38.1.i586.rpm) =
 358e237d70d56994a0782533a0f15387c1e92df0
 +Size (suse131/glibc-locale-2.18-4.38.1.i586.rpm) = 6190241 bytes
 +SHA1 (suse131/glibc-locale-2.18-4.38.1.x86_64.rpm) =
 7c3ea8c81d8fd40223ce6ad05265ce666430c1a5
 +RMD160 (suse131/glibc-locale-2.18-4.38.1.x86_64.rpm) =
 97b77ca4df8469ae524d3d973eac9321614530e1
 +Size (suse131/glibc-locale-2.18-4.38.1.x86_64.rpm) = 6285638 bytes
 --- ./suse131_openldap/Makefile.orig	2015-08-16 21:45:52.000000000 +0900
 +++ ./suse131_openldap/Makefile	2015-08-16 21:48:28.000000000 +0900
 @@ -1,8 +1,9 @@
  # $NetBSD: Makefile,v 1.4 2015/02/16 10:15:49 jperkin Exp $
 
  PKGNAME=	suse_openldap-${SUSE_VERSION}
 +PKGREVISION=	1
  CATEGORIES=	emulators
 -RPMPKGS+=	libldap-2_4-2-2.4.33-8.1.2.${SUSE_ARCH}
 +RPMUPDPKGS+=	libldap-2_4-2-2.4.33-8.3.1.${SUSE_ARCH}
 
  MAINTAINER=	pkgsrc-users%NetBSD.org@localhost
  COMMENT=	Linux compatibility package for OpenLDAP
 --- ./suse131_openldap/distinfo.orig	2015-08-16 21:45:57.000000000 +0900
 +++ ./suse131_openldap/distinfo	2015-08-16 21:48:34.000000000 +0900
 @@ -1,8 +1,8 @@
 -$NetBSD: distinfo,v 1.1 2013/12/05 11:42:16 obache Exp $
 +$NetBSD$
 
 -SHA1 (suse131/libldap-2_4-2-2.4.33-8.1.2.i586.rpm) =
 6c004dabed8c7c4beefa79f90a7e76f2d6d91382
 -RMD160 (suse131/libldap-2_4-2-2.4.33-8.1.2.i586.rpm) =
 9bfa190aedbe00df1d8834ec6e44ffbf1660b5d4
 -Size (suse131/libldap-2_4-2-2.4.33-8.1.2.i586.rpm) = 203746 bytes
 -SHA1 (suse131/libldap-2_4-2-2.4.33-8.1.2.x86_64.rpm) =
 d88f0b683b4fd6d230701bfb15a18e725b48f52c
 -RMD160 (suse131/libldap-2_4-2-2.4.33-8.1.2.x86_64.rpm) =
 59d1b7b396b81b497b1486356a366863b35219b3
 -Size (suse131/libldap-2_4-2-2.4.33-8.1.2.x86_64.rpm) = 208044 bytes
 +SHA1 (suse131/libldap-2_4-2-2.4.33-8.3.1.i586.rpm) =
 7f5c98c21ed742d6fe53fbf94b5e9d115c9081e0
 +RMD160 (suse131/libldap-2_4-2-2.4.33-8.3.1.i586.rpm) =
 3d2cb4ca8c602e00f3e69a267ac461e9e5b5a3c7
 +Size (suse131/libldap-2_4-2-2.4.33-8.3.1.i586.rpm) = 203781 bytes
 +SHA1 (suse131/libldap-2_4-2-2.4.33-8.3.1.x86_64.rpm) =
 fcfbeadec8ac536e88b6bb88bed2d8c705a253aa
 +RMD160 (suse131/libldap-2_4-2-2.4.33-8.3.1.x86_64.rpm) =
 40145cfbf9926b5e892dfccd25f37ab76cd36086
 +Size (suse131/libldap-2_4-2-2.4.33-8.3.1.x86_64.rpm) = 207635 bytes
 
 ====
 
 --- pkg-vulnerabilities.orig	2015-08-16 21:35:58.000000000 +0900
 +++ pkg-vulnerabilities	2015-08-16 21:54:26.000000000 +0900
 @@ -7914,7 +7914,7 @@
  wireshark>=1.10.0<1.10.8	denial-of-service
 http://www.wireshark.org/security/wnpa-sec-2014-07.html
  ap{22,24}-py{33,32,27,26}-wsgi<3.5	arbitrary-code-execution
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0240
  ap{22,24}-py{33,32,27,26}-wsgi<3.5	arbitrary-code-execution
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0242
 -suse{,32}_base-[0-9]*	denial-of-service
 http://support.novell.com/security/cve/CVE-2014-4043.html
 +suse{,32}_base<13.1nb10		denial-of-service
 http://support.novell.com/security/cve/CVE-2014-4043.html
  xalan-j>=2.7.0<2.7.2	security-bypass
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107
  gnutls>=3.0<3.1.20		denial-of-service
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465
  gnutls>=3.2<3.2.10		denial-of-service
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465
 @@ -8841,12 +8841,8 @@
  python34<3.4.0 			denial-of-service	
 http://seclists.org/oss-sec/2013/q4/558
  drupal>=6<6.35 			spoofing-attacks		https://www.drupal.org/SA-CORE-2015-001
  drupal>=7<7.35 			spoofing-attacks		https://www.drupal.org/SA-CORE-2015-001
 -suse{,32}_base>=10.0 		invalid-file-descriptor-reuse
 http://www.openwall.com/lists/oss-security/2015/01/28/20
 -suse{,32}_base>=12.1 		invalid-file-descriptor-reuse
 http://www.openwall.com/lists/oss-security/2015/01/28/20
 -suse{,32}_base>=13.1<13.1nb9	invalid-file-descriptor-reuse
 http://www.openwall.com/lists/oss-security/2015/01/28/20
 -suse{,32}_base>=10.0 		buffer-overrun		
 http://www.openwall.com/lists/oss-security/2015/02/04/1
 -suse{,32}_base>=12.1 		buffer-overrun		
 http://www.openwall.com/lists/oss-security/2015/02/04/1
 -suse{,32}_base>=13.1<13.1nb9	buffer-overrun		
 http://www.openwall.com/lists/oss-security/2015/02/04/1
 +suse{,32}_base>=10.0<13.1nb9	invalid-file-descriptor-reuse
 http://www.openwall.com/lists/oss-security/2015/01/28/20
 +suse{,32}_base>=10.0<13.1nb9	buffer-overrun		
 http://www.openwall.com/lists/oss-security/2015/02/04/1
  libzip<0.11.2nb1 		integer-overflow	
 http://www.openwall.com/lists/oss-security/2015/03/18/1
  py{26,27}-mercurial<3.2.4		command-injection	
 http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
  php>5.5<5.5.22 			use-after-free			https://bugs.php.net/bug.php?id=68901
 @@ -9208,6 +9204,7 @@
  openssh-[0-9]*		authentication-bypass	
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5352
  wordpress<4.1.2		cross-site-scripting	
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438
  php{54,55,56}-ja-wordpress<4.1.2	cross-site-scripting
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438
 +suse_openldap<13.1nb1	denial-of-service	
 https://www.suse.com/security/cve/CVE-2015-1546.html
  #CHECKSUM SHA1 974ecf9f646abd34a265b36e5ff9be3b80a292a8
  #CHECKSUM SHA512
 fef72258242d9740e7c325f0b7376f19ed99a5cefb2ba27dbf16df3ccf43cf7458f680984fb3d61cc58e20080b750bf4cb2c10ae0025616cb7596cbb634e082d
  -----BEGIN PGP SIGNATURE-----