Hello community, here is the log from the commit of package libapr-util1 for openSUSE:11.4 checked in at Tue Jul 26 17:23:00 CEST 2011.
-------- --- old-versions/11.4/all/libapr-util1/libapr-util1.changes 2009-12-15 13:40:12.000000000 +0100 +++ 11.4/libapr-util1/libapr-util1.changes 2011-07-26 15:47:16.000000000 +0200 @@ -1,0 +2,7 @@ +Tue Jul 26 15:35:58 CEST 2011 - [email protected] + +- apr-utils_memleak-CVE-2010-1623-bnc653510-693778.patch fixes + memory leak in buckets/apr_brigade.c CVE-2010-1623, [bnc#653510], + [bnc#693778] + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/libapr-util1 Destination is old-versions/11.4/UPDATES/all/libapr-util1 calling whatdependson for 11.4-i586 New: ---- apr-utils_memleak-CVE-2010-1623-bnc653510-693778.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libapr-util1.spec ++++++ --- /var/tmp/diff_new_pack.9NChn6/_old 2011-07-26 17:22:25.000000000 +0200 +++ /var/tmp/diff_new_pack.9NChn6/_new 2011-07-26 17:22:25.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package libapr-util1 (Version 1.3.9) +# spec file for package libapr-util1 # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -87,10 +87,11 @@ Group: Development/Libraries/Other AutoReqProv: on Version: 1.3.9 -Release: 2 +Release: 10.<RELEASE11> Summary: Apache Portable Runtime (APR) Library Source: http://www.apache.org/dist/apr/apr-util-%{version}.tar.bz2 Source2: baselibs.conf +Patch: apr-utils_memleak-CVE-2010-1623-bnc653510-693778.patch # BuildRoot: %{_tmppath}/%{name}-%{version}-build Obsoletes: libapr_memcache0 @@ -207,6 +208,7 @@ %prep %setup -q -n apr-util-%{version} +%patch -p0 %build export CFLAGS="$RPM_OPT_FLAGS" ++++++ apr-utils_memleak-CVE-2010-1623-bnc653510-693778.patch ++++++ diff -ruN ../apr-util-1.3.4.orig/buckets/apr_brigade.c ./buckets/apr_brigade.c --- ../apr-util-1.3.4.orig/buckets/apr_brigade.c 2008-05-28 23:15:35.000000000 +0200 +++ ./buckets/apr_brigade.c 2011-06-24 23:02:19.000000000 +0200 @@ -331,7 +331,18 @@ return APR_SUCCESS; } APR_BUCKET_REMOVE(e); - APR_BRIGADE_INSERT_TAIL(bbOut, e); + if (APR_BUCKET_IS_METADATA(e) || len > APR_BUCKET_BUFF_SIZE/4) { + APR_BRIGADE_INSERT_TAIL(bbOut, e); + } + else { + if (len > 0) { + rv = apr_brigade_write(bbOut, NULL, NULL, str, len); + if (rv != APR_SUCCESS) { + return rv; + } + } + apr_bucket_destroy(e); + } readbytes += len; /* We didn't find an APR_ASCII_LF within the maximum line length. */ if (readbytes >= maxbytes) { ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
