Created attachment 34897 [details, diff]
opera-7.52.ebuild.patch

Just changed the OPERAVER and OPERAFTPDIR. This workes on my box.

I added a warning message, because the new version will overwrite existing
search.ini's (see changelog).

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) 2004-07-07 04:12:06 UTC

Heinrich could you have a look and bump accordingly?

Comment 3 Heinrich Wendel (RETIRED) 2004-07-07 09:05:00 UTC

add 7.52 to portage and marked stable on x86

Comment 4 Jeremy Huddleston (RETIRED) 2004-07-07 10:11:10 UTC

stable sparc and amd64.

ppc might need to remove the shared version like sparc did as it uses gcc-2.95

Comment 5 Thierry Carrez (RETIRED) 2004-07-07 13:49:19 UTC

Note that we don't really need ppc stable on this one since it has never been stable on ppc anyway. This is ready for a GLSA.

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) 2004-07-07 13:53:41 UTC

GLSA drafted: security please review

Heinrich please remove older vulnerable versions if they are not needed.

Comment 7 Sune Kloppenborg Jeppesen (RETIRED) 2004-07-08 13:21:36 UTC

From FD http://lists.netsys.com/pipermail/full-disclosure/2004-July/023601.html

A vulnerability is found in the Opera browser version 7.52 , which 
potentially
can be exploited by malicious people to conduct phishing attacks against a 
user.

The issue may be caused due to a race condition and will sometimes
make it possible to display spoofed information in the address bar
via a specially crafted HTML document.

Tested on WindowsXP SP1.

---

Just tested on:

Version	7.52 Final 	
Build	727 	
Platform	Linux

And it is vulnerable.

Comment 8 Jeremy Huddleston (RETIRED) 2004-07-08 14:04:38 UTC

I jsut noticed... portage 2.0.50 does not like the arch? ( static? ( ) ) in SRC_URI.. .51 is fine with it.

>>> Downloading http://distro.ibiblio.org/pub/Linux/distrib
--14:00:16--  http://distro.ibiblio.org/pub/Linux/distribut
           => `/mnt/raid0/gentoo/distfiles/!static'
Resolving distro.ibiblio.org... 152.2.210.109
Connecting to distro.ibiblio.org[152.2.210.109]:80... conne
HTTP request sent, awaiting response... 404 Not Found
14:00:19 ERROR 404: Not Found.

Comment 9 SpanKY 2004-07-08 20:53:10 UTC

eradicator: get rid of cvs in FEATURES

Comment 10 Thierry Carrez (RETIRED) 2004-07-12 07:00:52 UTC

Filed a bug upstream to be sure they are aware of this and try to get a release date : bug-147177@bugs.opera.com

Comment 11 Thierry Carrez (RETIRED) 2004-07-13 04:53:30 UTC

Answer from opera :
"We are aware of it and have a fix internally. It is going through QA and will be released farily soon."
GLSA will be delayed until Opera 7.53 (?) is out.

Just an FYI Opera 7.53 has been released to the FTPs, although it hasn't been mentioned on the website. Changing the version info in the 7.52 eBuild is all that is needed to get it to merge without problem.

Comment 13 Thierry Carrez (RETIRED) 2004-07-20 00:30:44 UTC

Lanius : could you bump the ebuild in CVS ? Thanks in advance :)

Comment 14 Heinrich Wendel (RETIRED) 2004-07-20 10:24:21 UTC

bumped to 7.53 and marked stable

Comment 15 Sune Kloppenborg Jeppesen (RETIRED) 2004-07-20 12:50:31 UTC

GLSA 200407-15