[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/str/ str.patch str.spec

Mon, 05 Sep 2005 08:06:10 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   05-Sep-2005 17:06:05
  Branch: OPENPKG_2_3_SOLID                Handle: 2005090516060500

  Added files:              (Branch: OPENPKG_2_3_SOLID)
    openpkg-src/str         str.patch
  Modified files:           (Branch: OPENPKG_2_3_SOLID)
    openpkg-src/str         str.spec

  Log:
    apply Security Fix (CAN-2005-2491, partially)

  Summary:
    Revision    Changes     Path
    1.1.4.1     +27 -0      openpkg-src/str/str.patch
    1.30.2.3    +3  -1      openpkg-src/str/str.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/str/str.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1.4.1 str.patch
  --- /dev/null 2005-09-05 17:06:02 +0200
  +++ str.patch 2005-09-05 17:06:05 +0200
  @@ -0,0 +1,27 @@
  +Security Fix (CAN-2005-2491, partially only)
  +
  +Index: str_pcre.c
  +--- str_pcre.c.orig  2003-01-28 10:10:39 +0100
  ++++ str_pcre.c       2005-09-05 16:22:43 +0200
  +@@ -674,6 +674,10 @@
  + 
  +     while ((cd->ctypes[*p] & ctype_digit) != 0)
  +             min = min * 10 + *p++ - '0';
  ++    if (min < 0 || min > 65535) {
  ++        *errorptr = ERR5;
  ++        return p;
  ++    }
  + 
  +     if (*p == '}')
  +             max = min;
  +@@ -682,6 +686,10 @@
  +                     max = 0;
  +                     while ((cd->ctypes[*p] & ctype_digit) != 0)
  +                             max = max * 10 + *p++ - '0';
  ++                    if (max < 0 || max > 65535) {
  ++                        *errorptr = ERR5;
  ++                        return p;
  ++                    }
  +                     if (max < min) {
  +                             *errorptr = ERR4;
  +                             return p;
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/str/str.spec
  ============================================================================
  $ cvs diff -u -r1.30.2.2 -r1.30.2.3 str.spec
  --- openpkg-src/str/str.spec  23 Jun 2005 13:58:34 -0000      1.30.2.2
  +++ openpkg-src/str/str.spec  5 Sep 2005 15:06:05 -0000       1.30.2.3
  @@ -34,10 +34,11 @@
   Group:        Text
   License:      MIT/BSD-style
   Version:      0.9.10
  -Release:      2.3.1
  +Release:      2.3.2
   
   #   list of sources
   Source0:      ftp://ftp.ossp.org/pkg/lib/str/str-%{version}.tar.gz
  +Patch0:       str.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -63,6 +64,7 @@
   
   %prep
       %setup -q
  +    %patch -p0
       cp %{l_shtool} .
   
   %build
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org

Reply via email to