Hello community, here is the log from the commit of package smugbatch for openSUSE:Factory checked in at 2012-03-26 11:08:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/smugbatch (Old) and /work/SRC/openSUSE:Factory/.smugbatch.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "smugbatch", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/smugbatch/smugbatch.changes 2011-09-23 12:46:31.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.smugbatch.new/smugbatch.changes 2012-03-26 11:08:05.000000000 +0200 @@ -1,0 +2,5 @@ +Sun Mar 25 19:17:05 UTC 2012 - [email protected] + +- Fix buffer overflow during login (bnc#753945). + +------------------------------------------------------------------- New: ---- smugbatch-Avoid-buffer-overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ smugbatch.spec ++++++ --- /var/tmp/diff_new_pack.L4Ib5K/_old 2012-03-26 11:08:06.000000000 +0200 +++ /var/tmp/diff_new_pack.L4Ib5K/_new 2012-03-26 11:08:06.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package smugbatch # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,20 +16,20 @@ # - Name: smugbatch -Group: Productivity/Graphics/Other %if 0%{?suse_version} > 1020 BuildRequires: libcurl-devel %else BuildRequires: curl-devel %endif Version: 006 -Release: 1 -License: GPL-2.0 +Release: 0 Summary: Tools for smugmug.com +License: GPL-2.0 +Group: Productivity/Graphics/Other Url: http://github.com/gregkh/smugbatch/tree/master Source: http://www.kernel.org/pub/linux/kernel/people/gregkh/smugbatch/%{name}-%{version}.tar.bz2 +Patch1: smugbatch-Avoid-buffer-overflow.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -41,6 +41,7 @@ %prep %setup -q +%patch1 -p1 %build make V=1 CFLAGS="%{optflags}" ++++++ smugbatch-Avoid-buffer-overflow.patch ++++++ >From 29b63b58c77fad4eee7c8c8bde42f4727d470dc2 Mon Sep 17 00:00:00 2001 From: Andreas Jaeger <[email protected]> Date: Sun, 25 Mar 2012 20:43:59 +0200 Subject: [PATCH 2/2] smugbatch: Avoid buffer overflow get_su_cookie: Avoid buffer overflow in get_cookie and increase the cookie buffer since it actually did overflow. Fix a warning about shadowing the variable res. this was noticed when compiling with -fstack-protector -D_FORTIFY_SOURCE=2 --- smug_core.c | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/smug_core.c b/smug_core.c index 1fc2702..cad47bf 100644 --- a/smug_core.c +++ b/smug_core.c @@ -104,15 +104,15 @@ static char *get_su_cookie(CURL *curl) } nc = cookies; while (nc) { - char domain[50], p1[50], p2[50], p3[50], name[50], value[50]; + char domain[50], p1[50], p2[50], p3[50], name[50], value[100]; long unsigned int t; - int res; + int res2; /* #HttpOnly_.smugmug.com\tTRUE\t/\tFALSE\t0\tSMSESS\t99363be4c3ceb3f153f875216539524a */ - res = - sscanf(nc->data, "%s\t%s\t%s\t%s\t%lu\t%s\t%s", domain, p1, + res2 = + sscanf(nc->data, "%49s\t%49s\t%49s\t%49s\t%lu\t%49s\t%99s", domain, p1, p2, p3, &t, name, value); - if (res == 7 && strcmp(name, "_su") == 0) { + if (res2 == 7 && strcmp(name, "_su") == 0) { cookie = valloc(strlen(value) + 1 + 4); sprintf(cookie, "_su=%s", value); } -- 1.7.7 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
