Hello community, here is the log from the commit of package usbmuxd for openSUSE:12.1:Update:Test checked in at 2012-02-23 10:42:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/usbmuxd (Old) and /work/SRC/openSUSE:12.1:Update:Test/.usbmuxd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "usbmuxd", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/usbmuxd/usbmuxd.changes 2012-02-23 10:42:51.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.usbmuxd.new/usbmuxd.changes 2012-02-23 10:42:51.000000000 +0100 @@ -1,0 +2,7 @@ +Tue Feb 21 18:48:59 UTC 2012 - [email protected] + +- CVE-2012-0065.patch fixes recieve_packet() + Buffer overflow vulnerability CVE-2012-0065 + (bnc#742546) + +------------------------------------------------------------------- Old: ---- _service:download_url:usbmuxd-1.0.7.tar.bz2 New: ---- CVE-2012-0065.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ usbmuxd.spec ++++++ --- /var/tmp/diff_new_pack.FgkmmQ/_old 2012-02-23 10:42:51.000000000 +0100 +++ /var/tmp/diff_new_pack.FgkmmQ/_new 2012-02-23 10:42:52.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package usbmuxd # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,16 +16,17 @@ # - Name: usbmuxd %define _libname libusbmuxd Version: 1.0.7 -Release: 4 -License: LGPL v2.1 or GPL v2 +Release: 0 Summary: Socket daemon for the usbmux protocol of iPhone/iPod Touch devices -Url: http://git.marcansoft.com/?p=usbmuxd.git +License: LGPL-2.1 or GPL-2.0 Group: System/Libraries +Url: http://git.marcansoft.com/?p=usbmuxd.git Source: %{name}-%{version}.tar.bz2 +# PATCH-FIX-UPSTREAM bnc742546 CVE-2012-0065.patch [email protected] -- Taken from usbmuxd.git +Patch0: CVE-2012-0065.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: libplist-devel @@ -44,8 +45,6 @@ %package -n %{_libname}1 - -License: LGPL v2.1 or GPL v2 Summary: A library to abstract socket/protocol communication to the usbmuxd daemon Group: System/Libraries Requires: %{name} @@ -58,7 +57,6 @@ %package -n %{_libname}-devel - Summary: Development files for %{_libname} Group: Development/Libraries/C and C++ Requires: %{_libname} = %{version} @@ -69,7 +67,6 @@ developing applications that use %{_libname}. %package -n iproxy -License: LGPL v2.1 or GPL v2 Summary: Proxy enabling TCP tunneling to iPhone/iPod Touch via USB cable Group: System/Libraries Requires: %{_libname} = %{version} @@ -86,6 +83,7 @@ %prep %setup -q +%patch0 -p1 %build mkdir build ++++++ CVE-2012-0065.patch ++++++ Index: usbmuxd-1.0.7/libusbmuxd/libusbmuxd.c =================================================================== --- usbmuxd-1.0.7.orig/libusbmuxd/libusbmuxd.c +++ usbmuxd-1.0.7/libusbmuxd/libusbmuxd.c @@ -189,7 +189,7 @@ static int receive_packet(int sfd, struc char *strval = NULL; plist_get_string_val(n, &strval); if (strval) { - strcpy(dev->serial_number, strval); + strncpy(dev->serial_number, strval, 255); free(strval); } n = plist_dict_get_item(props, "LocationID"); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
