[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/wget/ wget.patch wget.sp...

Tue, 18 Oct 2005 01:36:00 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   18-Oct-2005 10:35:58
  Branch: OPENPKG_2_4_SOLID                Handle: 2005101809355800

  Added files:              (Branch: OPENPKG_2_4_SOLID)
    openpkg-src/wget        wget.patch
  Modified files:           (Branch: OPENPKG_2_4_SOLID)
    openpkg-src/wget        wget.spec

  Log:
    apply security fix (CAN-2005-3185)

  Summary:
    Revision    Changes     Path
    1.3.10.1    +17 -0      openpkg-src/wget/wget.patch
    1.41.2.2    +3  -1      openpkg-src/wget/wget.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/wget/wget.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.3.10.1 wget.patch
  --- /dev/null 2005-10-18 10:35:54 +0200
  +++ wget.patch        2005-10-18 10:35:58 +0200
  @@ -0,0 +1,17 @@
  +Security Fix (CAN-2005-3185)
  +
  +Index: src/http-ntlm.c
  +--- src/http-ntlm.c  2005-05-10 23:16:53 +0200
  ++++ src/http-ntlm.c  2005-10-13 10:52:21 +0200
  +@@ -526,6 +526,11 @@
  +     size=64;
  +     ntlmbuf[62]=ntlmbuf[63]=0;
  + 
  ++    /* Make sure that the user and domain strings fit in the target buffer
  ++       before we copy them there. */
  ++    if(size + userlen + domlen >= sizeof(ntlmbuf))
  ++      return NULL;
  ++    
  +     memcpy(&ntlmbuf[size], domain, domlen);
  +     size += domlen;
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/wget/wget.spec
  ============================================================================
  $ cvs diff -u -r1.41.2.1 -r1.41.2.2 wget.spec
  --- openpkg-src/wget/wget.spec        15 Jun 2005 19:07:56 -0000      1.41.2.1
  +++ openpkg-src/wget/wget.spec        18 Oct 2005 08:35:58 -0000      1.41.2.2
  @@ -33,10 +33,11 @@
   Group:        Web
   License:      GPL
   Version:      1.10
  -Release:      2.4.0
  +Release:      2.4.1
   
   #   list of sources
   Source0:      ftp://ftp.gnu.org/gnu/wget/wget-%{version}.tar.gz
  +Patch0:       wget.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -63,6 +64,7 @@
   
   %prep
       %setup -q
  +    %patch -p0
       %{l_shtool} subst \
           -e 's;/usr/local/etc;%{l_prefix}/etc/wget;g' \
           doc/sample.wgetrc \
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org

Reply via email to