Hello community, here is the log from the commit of package openslp for openSUSE:Factory checked in at 2016-10-14 09:27:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openslp (Old) and /work/SRC/openSUSE:Factory/.openslp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openslp" Changes: -------- --- /work/SRC/openSUSE:Factory/openslp/openslp.changes 2016-09-17 14:36:51.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openslp.new/openslp.changes 2016-10-14 09:27:35.000000000 +0200 @@ -1,0 +2,7 @@ +Wed Oct 12 13:53:08 CEST 2016 - [email protected] + +- Fix bounds check in SLPFoldWhiteSpace + [bnc#1001600] [CVE-2016-7567] + new patch: openslp.foldws.diff + +------------------------------------------------------------------- New: ---- openslp.foldws.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openslp.spec ++++++ --- /var/tmp/diff_new_pack.tyHvLR/_old 2016-10-14 09:27:36.000000000 +0200 +++ /var/tmp/diff_new_pack.tyHvLR/_new 2016-10-14 09:27:36.000000000 +0200 @@ -61,6 +61,7 @@ Patch14: openslp.doubleequal.diff Patch15: openslp.noconvenience.diff Patch16: openslp.xrealloc.diff +Patch17: openslp.foldws.diff %description Service Location Protocol is an IETF standards track protocol that @@ -129,6 +130,7 @@ %patch14 %patch15 %patch16 +%patch17 %build autoreconf -fiv ++++++ openslp.foldws.diff ++++++ --- ./common/slp_compare.c.orig 2016-10-12 11:44:17.925163946 +0000 +++ ./common/slp_compare.c 2016-10-12 11:50:22.658115399 +0000 @@ -204,7 +204,7 @@ static int SLPFoldWhiteSpace(size_t len, if (isspace(*p)) { char * ws2p = ++p; /* Point ws2p to the second ws char. */ - while (isspace(*p)) /* Scan till we hit a non-ws char. */ + while (p < ep && isspace(*p)) /* Scan till we hit a non-ws char. */ p++; len -= p - ws2p; /* Reduce the length by extra ws. */ memmove(ws2p, p, ep - p); /* Overwrite the extra white space. */
