Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2012-02-14 13:05:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cvs", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2011-12-08 11:27:41.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2012-02-14 13:05:15.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Jan 30 14:35:57 CET 2012 - [email protected] + +- Fix the way CVS reads proxy connection HTTP responses + (bnc#744059, CVE-2012-0804). + +------------------------------------------------------------------- New: ---- cvs-CVE-2012-0804.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cvs.spec ++++++ --- /var/tmp/diff_new_pack.LdfTgo/_old 2012-02-14 13:05:17.000000000 +0100 +++ /var/tmp/diff_new_pack.LdfTgo/_new 2012-02-14 13:05:17.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package cvs # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,16 +15,17 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: cvs BuildRequires: automake BuildRequires: gdbm-devel BuildRequires: zlib-devel -License: GPL-2.0+ ; LGPL-2.1+ -Group: Development/Tools/Version Control Url: http://www.nongnu.org/cvs/ Version: 1.12.12 Release: 0 Summary: Concurrent Versions System +License: GPL-2.0+ ; LGPL-2.1+ +Group: Development/Tools/Version Control Requires: /bin/mktemp, /usr/bin/csh Source: %name-%version.tar.bz2 # http://www.does-not-exist.org/roessler/cvslock-0.2.tar.gz @@ -56,6 +57,7 @@ Patch26: cvs-request_rcs_installation.diff Patch27: cvs-fix_printf_format.diff Patch28: cvs-gnulib.diff +Patch29: cvs-CVE-2012-0804.patch PreReq: %install_info_prereq BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -66,6 +68,7 @@ %package doc Summary: Info pages and Open Source Development with CVS, 2nd Edition Book +Group: Development/Tools/Version Control %if 0%{?suse_version} >= 1120 BuildArch: noarch %endif @@ -98,6 +101,7 @@ %patch26 %patch27 %patch28 +%patch29 %build autoreconf -fi ++++++ cvs-CVE-2012-0804.patch ++++++ Index: src/client.c =================================================================== --- src/client.c.orig 2012-01-30 14:32:50.000000000 +0100 +++ src/client.c 2012-01-30 14:34:59.644866100 +0100 @@ -3491,9 +3491,9 @@ connect_to_pserver (cvsroot_t *root, str * code. */ read_line_via (from_server, to_server, &read_buf); - sscanf (read_buf, "%s %d", write_buf, &codenum); + count = sscanf (read_buf, "%s %d", write_buf, &codenum); - if ((codenum / 100) != 2) + if (count != 1 || (codenum / 100) != 2) error (1, 0, "proxy server %s:%d does not support http tunnelling", root->proxy_hostname, proxy_port_number); free (read_buf); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
