Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=355c158bf852500229595533fbd64af2f5fd00ec
commit 355c158bf852500229595533fbd64af2f5fd00ec
Author: VMiklos <[EMAIL PROTECTED]>
Date: Thu Sep 13 18:12:01 2007 +0200
gftp-2.0.18-3-i686
added CVE-2007-3961-3962.patch
closes #2368
diff --git a/source/xapps/gftp/CVE-2007-3961-3962.patch
b/source/xapps/gftp/CVE-2007-3961-3962.patch
new file mode 100644
index 0000000..36afc04
--- /dev/null
+++ b/source/xapps/gftp/CVE-2007-3961-3962.patch
@@ -0,0 +1,59 @@
+--- lib/fsplib/fsplib.h
++++ lib/fsplib/fsplib.h
+@@ -1,6 +1,7 @@
+ #ifndef _FSPLIB_H
+ #define _FSPLIB_H 1
+ #include <time.h>
++#include <stddef.h>
+ /* The FSP v2 protocol support library - public interface */
+
+ /*
+@@ -138,6 +139,12 @@
+ unsigned int pos; /* position of next packet */
+ } FSP_FILE;
+
++
++typedef union dirent_workaround {
++ struct dirent dirent;
++ char fill[offsetof (struct dirent, d_name) + MAXNAMLEN + 1];
++} dirent_workaround;
++
+ /* function prototypes */
+
+ /* session management */
+
+--- lib/fsplib/fsplib.c
++++ lib/fsplib/fsplib.c
+@@ -612,7 +612,7 @@
+ entry->d_reclen = fentry.reclen;
+ strncpy(entry->d_name,fentry.name,MAXNAMLEN);
+
+- if (fentry.namlen > MAXNAMLEN)
++ if (fentry.namlen >= MAXNAMLEN)
+ {
+ entry->d_name[MAXNAMLEN + 1 ] = '\0';
+ #ifdef HAVE_NAMLEN
+@@ -681,7 +681,7 @@
+ dir->dirpos += 9;
+ /* read file name */
+ entry->name[255 + 1] = '\0';
+- strncpy(entry->name,(char *)( dir->data + dir->dirpos ),MAXNAMLEN);
++ strncpy(entry->name,(char *)( dir->data + dir->dirpos ),255);
+ namelen = strlen( (char *) dir->data+dir->dirpos);
+ /* skip over file name */
+ dir->dirpos += namelen +1;
+@@ -709,12 +709,12 @@
+
+ struct dirent * fsp_readdir(FSP_DIR *dirp)
+ {
+- static struct dirent entry;
++ static dirent_workaround entry;
+ struct dirent *result;
+
+
+ if (dirp == NULL) return NULL;
+- if ( fsp_readdir_r(dirp,&entry,&result) )
++ if ( fsp_readdir_r(dirp,&entry.dirent,&result) )
+ return NULL;
+ else
+ return result;
diff --git a/source/xapps/gftp/FrugalBuild b/source/xapps/gftp/FrugalBuild
index f220228..fb2fd41 100644
--- a/source/xapps/gftp/FrugalBuild
+++ b/source/xapps/gftp/FrugalBuild
@@ -4,7 +4,7 @@
pkgname=gftp
pkgver=2.0.18
-pkgrel=2
+pkgrel=3
pkgdesc="A multithreaded ftp client for X"
url="http://gftp.seul.org/";
depends=('gtk+2' 'atk' 'libsm' 'openssl' 'readline' 'freetype2' 'pango' 'cairo')
@@ -14,15 +14,15 @@ options=('scriptlet')
up2date="lynx -dump http://gftp.seul.org/|grep 'Stable.*bz'|sed
's/.*-\(.*\)\.t.*/\1/'"
source=(http://gftp.seul.org/$pkgname-$pkgver.tar.bz2 \
00-$pkgname-$pkgver-menu-file.patch \
- 01-$pkgname-$pkgver-hu.patch)
+ 01-$pkgname-$pkgver-hu.patch \
+ CVE-2007-3961-3962.patch)
sha1sums=('c2468f1ff1fe978a5fab3a198e513558f3b48f5a' \
'0946b8bd33186959652b1d1df3e79c657e33dc69' \
- '667a81f4c0cc8c4092b74b5b1a05a5e682911ee7')
+ '667a81f4c0cc8c4092b74b5b1a05a5e682911ee7' \
+ 'b09a6505107afe4e0f9153a01d33741bbbb53d4e')
build() {
- Fcd
- Fpatch 00-$pkgname-$pkgver-menu-file.patch || return 1
- Fpatch 01-$pkgname-$pkgver-hu.patch || return 1
+ Fpatchall
# Generate updated gmo from po.
cd po
msgfmt -o hu.gmo hu.po
@@ -31,5 +31,4 @@ build() {
Fmakeinstall
}
-
# optimization OK
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git
