[CVS] OpenPKG: openpkg-src/subversion/ subversion.patch subversion.spe...

Fri, 16 Apr 2004 09:16:01 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   16-Apr-2004 18:16:06
  Branch: HEAD                             Handle: 2004041617160600

  Added files:
    openpkg-src/subversion  subversion.patch
  Modified files:
    openpkg-src/subversion  subversion.spec

  Log:
    apply security fix (OpenPKG-SA-2004.016-neon; CAN-2004-0179)

  Summary:
    Revision    Changes     Path
    1.3         +75 -0      openpkg-src/subversion/subversion.patch
    1.47        +3  -1      openpkg-src/subversion/subversion.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/subversion/subversion.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.3 subversion.patch
  --- /dev/null 2004-04-16 18:16:06.000000000 +0200
  +++ subversion.patch  2004-04-16 18:16:06.000000000 +0200
  @@ -0,0 +1,75 @@
  +Index: neon/src/ne_207.c
  +--- neon/src/ne_207.c.orig   1970-03-04 07:27:31.000000000 +0100
  ++++ neon/src/ne_207.c        2004-04-16 18:10:50.000000000 +0200
  +@@ -320,12 +320,12 @@
  +     if (ne_get_status(req)->code == 207) {
  +         if (!ne_xml_valid(p)) { 
  +             /* The parse was invalid */
  +-            ne_set_error(sess, ne_xml_get_error(p));
  ++            ne_set_error(sess, "%s", ne_xml_get_error(p));
  +             ret = NE_ERROR;
  +         } else if (ctx.is_error) {
  +             /* If we've actually got any error information
  +              * from the 207, then set that as the error */
  +-            ne_set_error(sess, ctx.buf->data);
  ++            ne_set_error(sess, "%s", ctx.buf->data);
  +             ret = NE_ERROR;
  +         }
  +     } else if (ne_get_status(req)->klass != 2) {
  +Index: neon/src/ne_auth.c
  +--- neon/src/ne_auth.c.orig  1970-03-04 07:27:31.000000000 +0100
  ++++ neon/src/ne_auth.c       2004-04-16 18:10:50.000000000 +0200
  +@@ -1080,7 +1080,7 @@
  +     if (areq->auth_info_hdr != NULL && 
  +     verify_response(areq, sess, areq->auth_info_hdr)) {
  +     NE_DEBUG(NE_DBG_HTTPAUTH, "Response authentication invalid.\n");
  +-    ne_set_error(sess->sess, _(sess->spec->fail_msg));
  ++    ne_set_error(sess->sess, "%s", _(sess->spec->fail_msg));
  +     ret = NE_ERROR;
  +     } else if (status->code == sess->spec->status_code && 
  +            areq->auth_hdr != NULL) {
  +Index: neon/src/ne_locks.c
  +--- neon/src/ne_locks.c.orig 1970-03-04 07:27:31.000000000 +0100
  ++++ neon/src/ne_locks.c      2004-04-16 18:10:50.000000000 +0200
  +@@ -734,7 +734,7 @@
  +     }
  +     else if (parse_failed) {
  +         ret = NE_ERROR;
  +-        ne_set_error(sess, ne_xml_get_error(parser));
  ++        ne_set_error(sess, "%s", ne_xml_get_error(parser));
  +     }
  +     else if (ne_get_status(req)->code == 207) {
  +         ret = NE_ERROR;
  +@@ -802,7 +802,7 @@
  +     if (ret == NE_OK && ne_get_status(req)->klass == 2) {
  +     if (parse_failed) {
  +         ret = NE_ERROR;
  +-        ne_set_error(sess, ne_xml_get_error(parser));
  ++        ne_set_error(sess, "%s", ne_xml_get_error(parser));
  +     }
  +     else if (ne_get_status(req)->code == 207) {
  +         ret = NE_ERROR;
  +Index: neon/src/ne_props.c
  +--- neon/src/ne_props.c.orig 1970-03-04 07:27:31.000000000 +0100
  ++++ neon/src/ne_props.c      2004-04-16 18:10:50.000000000 +0200
  +@@ -142,7 +142,7 @@
  +     if (ret == NE_OK && ne_get_status(req)->klass != 2) {
  +     ret = NE_ERROR;
  +     } else if (!ne_xml_valid(handler->parser)) {
  +-    ne_set_error(handler->sess, ne_xml_get_error(handler->parser));
  ++    ne_set_error(handler->sess, "%s", ne_xml_get_error(handler->parser));
  +     ret = NE_ERROR;
  +     }
  + 
  +Index: neon/src/ne_xml.c
  +--- neon/src/ne_xml.c.orig   1970-03-04 07:27:31.000000000 +0100
  ++++ neon/src/ne_xml.c        2004-04-16 18:10:50.000000000 +0200
  +@@ -539,7 +539,7 @@
  + 
  + void ne_xml_set_error(ne_xml_parser *p, const char *msg)
  + {
  +-    ne_snprintf(p->error, ERR_SIZE, msg);
  ++    ne_snprintf(p->error, ERR_SIZE, "%s", msg);
  + }
  + 
  + #ifdef HAVE_LIBXML
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/subversion/subversion.spec
  ============================================================================
  $ cvs diff -u -r1.46 -r1.47 subversion.spec
  --- openpkg-src/subversion/subversion.spec    13 Mar 2004 07:33:09 -0000      1.46
  +++ openpkg-src/subversion/subversion.spec    16 Apr 2004 16:16:06 -0000      1.47
  @@ -38,7 +38,7 @@
   Group:        SCM
   License:      Apache/BSD
   Version:      %{V_opkg}
  -Release:      20040313
  +Release:      20040416
   
   #   package options
   %option       with_cvs2svn  no
  @@ -49,6 +49,7 @@
   Source1:      http://svnbook.red-bean.com/book.pdf
   Source2:      
http://svn2cvs.tigris.org/nonav/source/browse/*checkout*/svn2cvs/src/svn2cvs.pl
   Source3:      rc.subversion
  +Patch0:       subversion.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -81,6 +82,7 @@
   
   %prep
       %setup -q -n subversion-%{V_dist}
  +    %patch -p0
   
   %build
       #   configure package
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to