OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 12-Nov-2003 20:08:23
Branch: HEAD Handle: 2003111219082102
Modified files:
openpkg-src/mpg123 mpg123.patch mpg123.spec
openpkg-web news.txt
Log:
include bugfix for CAN-2003-0865
Summary:
Revision Changes Path
1.2 +31 -0 openpkg-src/mpg123/mpg123.patch
1.26 +1 -1 openpkg-src/mpg123/mpg123.spec
1.7377 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/mpg123/mpg123.patch
============================================================================
$ cvs diff -u -r1.1 -r1.2 mpg123.patch
--- openpkg-src/mpg123/mpg123.patch 25 Aug 2003 07:18:13 -0000 1.1
+++ openpkg-src/mpg123/mpg123.patch 12 Nov 2003 19:08:23 -0000 1.2
@@ -12,3 +12,34 @@
return FALSE;
if( ((head>>10)&0x3) == 0x3 )
return FALSE;
+
+Security Bugfix:
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0865
+
+--- httpget.c.orig Fri May 28 08:10:44 1999
++++ httpget.c Tue Nov 11 13:50:17 2003
+@@ -53,11 +53,11 @@ void readstring (char *string, int maxle
+ #if 0
+ char *result;
+ #endif
+ int pos = 0;
+
+- while(1) {
++ while(pos < maxlen) {
+ if( read(fileno(f),string+pos,1) == 1) {
+ pos++;
+ if(string[pos-1] == '\n') {
+ string[pos] = 0;
+ break;
+@@ -66,10 +66,11 @@ void readstring (char *string, int maxle
+ else if(errno != EINTR) {
+ fprintf (stderr, "Error reading from socket or unexpected
EOF.\n");
+ exit(1);
+ }
+ }
++ string[pos] = 0;
+ #if 0
+ do {
+ result = fgets(string, maxlen, f);
+ } while (!result && errno == EINTR);
+ if (!result) {
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/mpg123/mpg123.spec
============================================================================
$ cvs diff -u -r1.25 -r1.26 mpg123.spec
--- openpkg-src/mpg123/mpg123.spec 18 Sep 2003 15:45:12 -0000 1.25
+++ openpkg-src/mpg123/mpg123.spec 12 Nov 2003 19:08:23 -0000 1.26
@@ -33,7 +33,7 @@
Group: Audio
License: GPL
Version: 0.59r
-Release: 20030918
+Release: 20031112
# list of sources
Source0: http://www.mpg123.de/mpg123/mpg123-%{version}-pl1.tar.gz
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.7376 -r1.7377 news.txt
--- openpkg-web/news.txt 12 Nov 2003 16:12:55 -0000 1.7376
+++ openpkg-web/news.txt 12 Nov 2003 19:08:21 -0000 1.7377
@@ -1,3 +1,4 @@
+12-Nov-2003: Upgraded package: P<mpg123-0.59r-20031112>
12-Nov-2003: Upgraded package: P<findutils-4.1.20-20031112>
12-Nov-2003: Upgraded package: P<abiword-2.0.1.2-20031112>
12-Nov-2003: New package: P<kolab-1.0.14-20031112>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
