OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 05-Sep-2005 16:45:22
Branch: HEAD Handle: 2005090515452200
Added files:
openpkg-src/lmtp2nntp lmtp2nntp.patch
Modified files:
openpkg-src/lmtp2nntp lmtp2nntp.spec
Log:
apply Security Fix (CAN-2005-2491)
Summary:
Revision Changes Path
1.3 +79 -0 openpkg-src/lmtp2nntp/lmtp2nntp.patch
1.68 +3 -1 openpkg-src/lmtp2nntp/lmtp2nntp.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/lmtp2nntp/lmtp2nntp.patch
============================================================================
$ cvs diff -u -r0 -r1.3 lmtp2nntp.patch
--- /dev/null 2005-09-05 16:45:20 +0200
+++ lmtp2nntp.patch 2005-09-05 16:45:22 +0200
@@ -0,0 +1,79 @@
+Security Fix (CAN-2005-2491, partially only)
+
+Index: lib_pcre/pcre.c
+--- lib_pcre/pcre.c.orig 2004-04-22 10:52:11 +0200
++++ lib_pcre/pcre.c 2005-09-05 15:38:37 +0200
+@@ -716,12 +716,23 @@
+
+ while ((cd->ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
+
++if (min < 0 || min > 65535)
++ {
++ *errorptr = ERR5;
++ return p;
++ }
++
+ if (*p == '}') max = min; else
+ {
+ if (*(++p) != '}')
+ {
+ max = 0;
+ while((cd->ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
++ if (max < 0 || max > 65535)
++ {
++ *errorptr = ERR5;
++ return p;
++ }
+ if (max < min)
+ {
+ *errorptr = ERR4;
+Index: lib_l2/l2_ut_pcre.c
+--- lib_l2/l2_ut_pcre.c.orig 2003-01-28 10:10:39 +0100
++++ lib_l2/l2_ut_pcre.c 2005-09-05 16:22:43 +0200
+@@ -674,6 +674,10 @@
+
+ while ((cd->ctypes[*p] & ctype_digit) != 0)
+ min = min * 10 + *p++ - '0';
++ if (min < 0 || min > 65535) {
++ *errorptr = ERR5;
++ return p;
++ }
+
+ if (*p == '}')
+ max = min;
+@@ -682,6 +686,10 @@
+ max = 0;
+ while ((cd->ctypes[*p] & ctype_digit) != 0)
+ max = max * 10 + *p++ - '0';
++ if (max < 0 || max > 65535) {
++ *errorptr = ERR5;
++ return p;
++ }
+ if (max < min) {
+ *errorptr = ERR4;
+ return p;
+Index: lib_str/str_pcre.c
+--- lib_str/str_pcre.c.orig 2003-01-28 10:10:39 +0100
++++ lib_str/str_pcre.c 2005-09-05 16:22:43 +0200
+@@ -674,6 +674,10 @@
+
+ while ((cd->ctypes[*p] & ctype_digit) != 0)
+ min = min * 10 + *p++ - '0';
++ if (min < 0 || min > 65535) {
++ *errorptr = ERR5;
++ return p;
++ }
+
+ if (*p == '}')
+ max = min;
+@@ -682,6 +686,10 @@
+ max = 0;
+ while ((cd->ctypes[*p] & ctype_digit) != 0)
+ max = max * 10 + *p++ - '0';
++ if (max < 0 || max > 65535) {
++ *errorptr = ERR5;
++ return p;
++ }
+ if (max < min) {
+ *errorptr = ERR4;
+ return p;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/lmtp2nntp/lmtp2nntp.spec
============================================================================
$ cvs diff -u -r1.67 -r1.68 lmtp2nntp.spec
--- openpkg-src/lmtp2nntp/lmtp2nntp.spec 15 Jun 2005 14:01:18 -0000
1.67
+++ openpkg-src/lmtp2nntp/lmtp2nntp.spec 5 Sep 2005 14:45:22 -0000
1.68
@@ -33,12 +33,13 @@
Group: Mail
License: GPL
Version: 1.3.0
-Release: 20050615
+Release: 20050905
# list of sources
Source0:
ftp://ftp.ossp.org/pkg/tool/lmtp2nntp/lmtp2nntp-%{version}.tar.gz
Source1: rc.lmtp2nntp
Source2: lmtp2nntp.conf
+Patch0: lmtp2nntp.patch
# build information
Prefix: %{l_prefix}
@@ -69,6 +70,7 @@
%prep
%setup -q
+ %patch -p0
for i in . ./lib_ex/shtool ./lib_l2/shtool ./lib_pcre/shtool
./lib_popt/shtool ./lib_sa/shtool ./lib_str/shtool ./lib_tai/shtool
./lib_val/shtool ./lib_var/shtool; do cp %{l_shtool} $i; done
%build
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
