[CVS] OpenPKG: OPENPKG_2_0_SOLID: openpkg-src/subversion/ subversion.p...

Fri, 11 Jun 2004 05:07:54 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Thomas Lotterer
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   11-Jun-2004 14:08:01
  Branch: OPENPKG_2_0_SOLID                Handle: -NONE-

  Modified files:           (Branch: OPENPKG_2_0_SOLID)
    openpkg-src/subversion  subversion.patch subversion.spec

  Log:
    SA-2004.028-subversion; CAN-2004-0413

  Summary:
    Revision    Changes     Path
    1.2.2.4     +0  -0      openpkg-src/subversion/subversion.patch
    1.42.2.5    +0  -0      openpkg-src/subversion/subversion.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/subversion/subversion.patch
  ============================================================================
  $ cvs diff -u -r1.2.2.3 -r1.2.2.4 subversion.patch
  --- openpkg-src/subversion/subversion.patch   19 May 2004 19:26:04 -0000      1.2.2.3
  +++ openpkg-src/subversion/subversion.patch   11 Jun 2004 12:08:01 -0000      1.2.2.4
  @@ -138,3 +138,100 @@
        n = sscanf(date, ASCTIME_FORMAT,
                wkday, mon, &gmt.tm_mday, 
                &gmt.tm_hour, &gmt.tm_min, &gmt.tm_sec,
  +
  +-----------------------------------------------------------------------------
  +
  +Security Fix
  +OpenPKG-SA-2004.028-subversion, CAN-2004-0413
  +
  +Index: subversion/libsvn_ra_svn/marshal.c
  +--- subversion/libsvn_ra_svn/marshal.c       2004-04-14 20:59:28 +0200
  ++++ subversion/libsvn_ra_svn/marshal.c       2004-06-10 19:45:07 +0200
  +@@ -479,13 +479,49 @@
  + 
  + /* --- READING DATA ITEMS --- */
  + 
  ++/* Read LEN bytes from CONN into already-allocated structure ITEM.
  ++ * Afterwards, *ITEM is of type 'SVN_RA_SVN_STRING', and its string
  ++ * data is allocated in POOL. */
  ++static svn_error_t *read_string(svn_ra_svn_conn_t *conn, apr_pool_t *pool,
  ++                                svn_ra_svn_item_t *item, apr_uint64_t len)
  ++{
  ++  char readbuf[4096];
  ++  apr_size_t readbuf_len;
  ++  svn_stringbuf_t *stringbuf = svn_stringbuf_create ("", pool);
  ++
  ++  /* We can't store strings longer than the maximum size of apr_size_t,
  ++   * so check for wrapping */
  ++  if (((apr_size_t) len) < len) 
  ++    return svn_error_create(SVN_ERR_RA_SVN_MALFORMED_DATA, NULL,
  ++                            "String length larger than maximum");
  ++
  ++  while (len)
  ++    {
  ++      readbuf_len = len > sizeof(readbuf) ? sizeof(readbuf) : len;
  ++
  ++      SVN_ERR(readbuf_read(conn, pool, readbuf, readbuf_len));
  ++      /* Read into a stringbuf_t to so we don't allow the sender to allocate
  ++       * an arbitrary amount of memory without actually sending us that much
  ++       * data */
  ++      svn_stringbuf_appendbytes(stringbuf, readbuf, readbuf_len);
  ++      len -= readbuf_len;
  ++    }
  ++  
  ++  item->kind = SVN_RA_SVN_STRING;
  ++  item->u.string = apr_palloc(pool, sizeof(*item->u.string));
  ++  item->u.string->data = stringbuf->data;
  ++  item->u.string->len = stringbuf->len;
  ++
  ++  return SVN_NO_ERROR; 
  ++}
  ++
  + /* Given the first non-whitespace character FIRST_CHAR, read an item
  +  * into the already allocated structure ITEM. */
  + static svn_error_t *read_item(svn_ra_svn_conn_t *conn, apr_pool_t *pool,
  +                               svn_ra_svn_item_t *item, char first_char)
  + {
  +-  char c = first_char, *strdata;
  +-  apr_uint64_t val;
  ++  char c = first_char;
  ++  apr_uint64_t val, prev_val=0;
  +   svn_stringbuf_t *str;
  +   svn_ra_svn_item_t *listitem;
  + 
  +@@ -498,21 +534,19 @@
  +       val = c - '0';
  +       while (1)
  +         {
  ++          prev_val = val;
  +           SVN_ERR(readbuf_getchar(conn, pool, &c));
  +           if (!apr_isdigit(c))
  +             break;
  +           val = val * 10 + (c - '0');
  ++          if ((val / 10) != prev_val) /* val wrapped past maximum value */
  ++            return svn_error_create(SVN_ERR_RA_SVN_MALFORMED_DATA, NULL,
  ++                                    "Number is larger than maximum"); 
  +         }
  +       if (c == ':')
  +         {
  +           /* It's a string. */
  +-          strdata = apr_palloc(pool, val + 1);
  +-          SVN_ERR(readbuf_read(conn, pool, strdata, val));
  +-          strdata[val] = '\0';
  +-          item->kind = SVN_RA_SVN_STRING;
  +-          item->u.string = apr_palloc(pool, sizeof(*item->u.string));
  +-          item->u.string->data = strdata;
  +-          item->u.string->len = val;
  ++          SVN_ERR(read_string(conn, pool, item, val));
  +           SVN_ERR(readbuf_getchar(conn, pool, &c));
  +         }
  +       else
  +@@ -521,7 +555,6 @@
  +           item->kind = SVN_RA_SVN_NUMBER;
  +           item->u.number = val;
  +         }
  +-      return SVN_NO_ERROR;
  +     }
  +   else if (apr_isalpha(c))
  +     {
  +
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/subversion/subversion.spec
  ============================================================================
  $ cvs diff -u -r1.42.2.4 -r1.42.2.5 subversion.spec
  --- openpkg-src/subversion/subversion.spec    19 May 2004 19:19:16 -0000      
1.42.2.4
  +++ openpkg-src/subversion/subversion.spec    11 Jun 2004 12:08:01 -0000      
1.42.2.5
  @@ -34,7 +34,7 @@
   Group:        SCM
   License:      Apache/BSD
   Version:      1.0.0
  -Release:      2.0.2
  +Release:      2.0.3
   
   #   package options
   %option       with_cvs2svn  no
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to