Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xmlrpc-c for openSUSE:Factory checked in at 2022-11-02 12:46:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xmlrpc-c (Old) and /work/SRC/openSUSE:Factory/.xmlrpc-c.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xmlrpc-c" Wed Nov 2 12:46:41 2022 rev:9 rq:1032645 version:1.54.06 Changes: -------- --- /work/SRC/openSUSE:Factory/xmlrpc-c/xmlrpc-c.changes 2022-08-12 17:46:19.498066474 +0200 +++ /work/SRC/openSUSE:Factory/.xmlrpc-c.new.2275/xmlrpc-c.changes 2022-11-02 12:47:06.189556344 +0100 @@ -1,0 +2,7 @@ +Sat Oct 29 12:46:08 UTC 2022 - Dirk M??ller <[email protected]> + +- update to 1.54.06: + * Abyss HTTP server: Fix memory corruption in processing of "authorization" + header field. Broken in Xmlrpc-c 1.41 + +------------------------------------------------------------------- Old: ---- xmlrpc-c-1.54.05.tgz New: ---- xmlrpc-c-1.54.06.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xmlrpc-c.spec ++++++ --- /var/tmp/diff_new_pack.IJsTTn/_old 2022-11-02 12:47:08.185566477 +0100 +++ /var/tmp/diff_new_pack.IJsTTn/_new 2022-11-02 12:47:08.189566497 +0100 @@ -19,12 +19,12 @@ %define soname 3 %define soname_cpp 8 Name: xmlrpc-c -Version: 1.54.05 +Version: 1.54.06 Release: 0 Summary: Library implementing XML-based Remote Procedure Calls License: BSD-3-Clause AND MIT Group: Development/Libraries/C and C++ -URL: http://xmlrpc-c.sourceforge.net/ +URL: https://xmlrpc-c.sourceforge.net/ Source: https://sourceforge.net/projects/xmlrpc-c/files/Xmlrpc-c%{20}Super%{20}Stable/%{version}/xmlrpc-c-%{version}.tgz BuildRequires: autoconf BuildRequires: automake ++++++ xmlrpc-c-1.54.05.tgz -> xmlrpc-c-1.54.06.tgz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlrpc-c-1.54.05/lib/abyss/src/http.c new/xmlrpc-c-1.54.06/lib/abyss/src/http.c --- old/xmlrpc-c-1.54.05/lib/abyss/src/http.c 2022-03-28 04:39:14.000000000 +0200 +++ new/xmlrpc-c-1.54.06/lib/abyss/src/http.c 2022-09-24 22:31:49.000000000 +0200 @@ -135,7 +135,7 @@ authValue = RequestHeaderValue(sessionP, "authorization"); if (authValue) { - char * const valueBuffer = malloc(strlen(authValue)); + char * const valueBuffer = malloc(strlen(authValue) + 1); /* A buffer we can mangle as we parse the authorization: value */ if (!authValue) @@ -145,7 +145,7 @@ const char * authType; char * authHdrPtr; - strcpy(valueBuffer, authValue); + strcpy(valueBuffer, authValue); /* initial value */ authHdrPtr = &valueBuffer[0]; NextToken((const char **)&authHdrPtr); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xmlrpc-c-1.54.05/version.mk new/xmlrpc-c-1.54.06/version.mk --- old/xmlrpc-c-1.54.05/version.mk 2022-03-28 04:39:14.000000000 +0200 +++ new/xmlrpc-c-1.54.06/version.mk 2022-09-24 22:31:49.000000000 +0200 @@ -8,4 +8,4 @@ ############################################################################### XMLRPC_MAJOR_RELEASE = 1 XMLRPC_MINOR_RELEASE = 54 -XMLRPC_POINT_RELEASE = 5 +XMLRPC_POINT_RELEASE = 6
