OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 08-Jan-2004 09:29:30
Branch: OPENPKG_1_3_SOLID HEAD Handle: 2004010808292802
Modified files:
openpkg-web news.txt
Modified files: (Branch: OPENPKG_1_3_SOLID)
openpkg-src/inn inn.patch inn.spec
Log:
SA-2004.001-inn
Summary:
Revision Changes Path
1.1.2.1.2.1 +30 -0 openpkg-src/inn/inn.patch
1.54.2.2.2.2+1 -1 openpkg-src/inn/inn.spec
1.8004 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/inn/inn.patch
============================================================================
$ cvs diff -u -r1.1.2.1 -r1.1.2.1.2.1 inn.patch
--- openpkg-src/inn/inn.patch 24 Jul 2003 20:44:15 -0000 1.1.2.1
+++ openpkg-src/inn/inn.patch 8 Jan 2004 08:29:30 -0000 1.1.2.1.2.1
@@ -15,3 +15,33 @@
## If news.daily is running, idle: we don't want to change the
+From: Russ Allbery <[EMAIL PROTECTED]>
+To: [EMAIL PROTECTED], [EMAIL PROTECTED]
+Subject: [SECURITY] INN: Buffer overflow in control message handling
+Date: Wed, 07 Jan 2004 18:16:38 -0800
+
+--- innd/art.c.orig 2003-05-04 15:10:14.000000000 -0700
++++ innd/art.c 2004-01-07 15:25:08.000000000 -0800
+@@ -1773,7 +1773,7 @@
+ bool
+ ARTpost(CHANNEL *cp)
+ {
+- char *p, **groups, ControlWord[SMBUF], tmpbuff[32], **hops;
++ char *p, **groups, ControlWord[SMBUF], **hops, *controlgroup;
+ int i, j, *isp, hopcount, oerrno, canpost;
+ NEWSGROUP *ngp, **ngptr;
+ SITE *sp;
+@@ -2185,9 +2185,10 @@
+ * or control. */
+ if (IsControl && Accepted && !ToGroup) {
+ ControlStore = true;
+- FileGlue(tmpbuff, "control", '.', ControlWord);
+- if ((ngp = NGfind(tmpbuff)) == NULL)
++ controlgroup = concat("control.", ControlWord, (char *) 0);
++ if ((ngp = NGfind(controlgroup)) == NULL)
+ ngp = NGfind(ARTctl);
++ free(controlgroup);
+ ngp->PostCount = 0;
+ ngptr = GroupPointers;
+ *ngptr++ = ngp;
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/inn/inn.spec
============================================================================
$ cvs diff -u -r1.54.2.2.2.1 -r1.54.2.2.2.2 inn.spec
--- openpkg-src/inn/inn.spec 29 Jul 2003 14:59:22 -0000 1.54.2.2.2.1
+++ openpkg-src/inn/inn.spec 8 Jan 2004 08:29:30 -0000 1.54.2.2.2.2
@@ -33,7 +33,7 @@
Group: News
License: ISC
Version: 2.4.0
-Release: 1.3.0
+Release: 1.3.1
# package options
%option with_fsl yes
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.8003 -r1.8004 news.txt
--- openpkg-web/news.txt 8 Jan 2004 06:17:59 -0000 1.8003
+++ openpkg-web/news.txt 8 Jan 2004 08:29:28 -0000 1.8004
@@ -1,3 +1,4 @@
+08-Jan-2004: Upgraded package: P<inn-2.4.0-1.3.1>
08-Jan-2004: Upgraded package: P<gcc34-3.4s20040107-20040108>
07-Jan-2004: Upgraded package: P<perl-gfx-20040107-20040107>
07-Jan-2004: Upgraded package: P<tar-1.13.92-20040107>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
