Hello community, here is the log from the commit of package xorg-x11 for openSUSE:11.2 checked in at Wed Apr 6 01:12:28 CEST 2011.
-------- --- old-versions/11.2/all/xorg-x11/xorg-x11.changes 2009-10-08 13:08:53.000000000 +0200 +++ 11.2/xorg-x11/xorg-x11.changes 2011-04-05 19:04:17.000000000 +0200 @@ -1,0 +2,6 @@ +Wed Mar 16 17:25:25 UTC 2011 - mh...@novell.com + +- xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch + * Fix CVE-2011-0465 (bnc #674733). + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.2/all/xorg-x11 Destination is old-versions/11.2/UPDATES/all/xorg-x11 calling whatdependson for 11.2-i586 New: ---- xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xorg-x11.spec ++++++ --- /var/tmp/diff_new_pack.MjLuZO/_old 2011-04-06 01:11:49.000000000 +0200 +++ /var/tmp/diff_new_pack.MjLuZO/_new 2011-04-06 01:11:49.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package xorg-x11 (Version 7.4) +# spec file for package xorg-x11 # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ %endif Url: http://xorg.freedesktop.org/ Version: 7.4 -Release: 34 +Release: 35.<RELEASE5> License: MIT License (or similar) BuildRoot: %{_tmppath}/%{name}-%{version}-build Group: System/X11/Utilities @@ -170,6 +170,7 @@ Patch55: xset-spurious-xprint.patch Patch56: xdm-consolekit.diff Patch57: xbacklight_5512e16_Use-Backlight-RandR-property-fall-back-to-legacy.patch +Patch674733: xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch %description This package contains the X.Org core and sample applications. @@ -304,6 +305,7 @@ patch -d mkfontscale-* -p1 -s < %PATCH48 patch -d xdm-* -p1 -s < %PATCH56 patch -d xbacklight-* -p1 -s < %PATCH57 +patch -d xrdb-* -p1 -s <%PATCH674733 %build ++++++ xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch ++++++ >From 3d0c8e2cacf69723e7e8faf7ce441b9802e2d9a0 Mon Sep 17 00:00:00 2001 From: Matthias Hopf <mh...@suse.de> Date: Tue, 1 Mar 2011 19:37:34 +0100 Subject: [PATCH] Create shell-escape-safe cpp options in the non-pathetic-cpp case. Fixes CVE-2011-0465. Signed-off-by: Matthias Hopf <mh...@suse.de> Reviewed-by: Adam Jackson <a...@redhat.com> --- xrdb.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++------------- 1 files changed, 63 insertions(+), 16 deletions(-) diff --git a/xrdb.c b/xrdb.c index c3ef0fd..ea698b9 100644 --- a/xrdb.c +++ b/xrdb.c @@ -142,6 +142,8 @@ static Entries newDB; static void fatal(char *, ...); static void addstring ( String *arg, const char *s ); +static void addescapedstring ( String *arg, const char *s ); +static void addtokstring ( String *arg, const char *s ); static void FormatEntries ( Buffer *buffer, Entries *entries ); static void StoreProperty ( Display *dpy, Window root, Atom res_prop ); static void Process ( int scrno, Bool doScreen, Bool execute ); @@ -433,14 +435,20 @@ AddDef(String *buff, char *title, char *value) addstring(buff, " -D"); } else addstring(buff, "-D"); - addstring(buff, title); + addtokstring(buff, title); if (value && (value[0] != '\0')) { addstring(buff, "="); - addstring(buff, value); + addescapedstring(buff, value); } } static void +AddSimpleDef(String *buff, char *title) +{ + AddDef(buff, title, (char *)NULL); +} + +static void AddDefQ(String *buff, char *title, char *value) { #ifdef PATHETICCPP @@ -449,8 +457,9 @@ AddDefQ(String *buff, char *title, char *value) else #endif if (value && (value[0] != '\0')) { - AddDef(buff, title, "\""); - addstring(buff, value); + AddSimpleDef(buff, title); + addstring(buff, "=\""); + addescapedstring(buff, value); addstring(buff, "\""); } else AddDef(buff, title, NULL); @@ -465,24 +474,28 @@ AddNum(String *buff, char *title, int value) } static void -AddSimpleDef(String *buff, char *title) +AddDefTok(String *buff, char *prefix, char *title) { - AddDef(buff, title, (char *)NULL); + char name[512]; + + snprintf(name, sizeof(name), "%s%s", prefix, title); + AddSimpleDef(buff, name); } static void -AddDefTok(String *buff, char *prefix, char *title) +AddDefHostname(String *buff, char *title, char *value) { char *s; char name[512]; char c; - snprintf(name, sizeof(name), "%s%s", prefix, title); + strncpy (name, value, sizeof(name)-1); + name[sizeof(name)-1] = '\0'; for (s = name; (c = *s); s++) { - if (!isalpha(c) && !isdigit(c) && c != '_') + if (!isalpha(c) && !isdigit(c) && c != '_' && c != '.' && c != ':' && c != '-') *s = '_'; } - AddSimpleDef(buff, name); + AddDef(buff, title, name); } static void @@ -502,7 +515,7 @@ AddUndef(String *buff, char *title) addstring(buff, " -U"); } else addstring(buff, "-U"); - addstring(buff, title); + addtokstring(buff, title); } static void @@ -565,11 +578,11 @@ DoDisplayDefines(Display *display, String *defs, char *host) } if (!*server || !strcmp(server, "unix") || !strcmp(server, "localhost")) strcpy(server, client); - AddDef(defs, "HOST", server); /* R3 compatibility */ - AddDef(defs, "SERVERHOST", server); + AddDefHostname(defs, "HOST", server); /* R3 compatibility */ + AddDefHostname(defs, "SERVERHOST", server); AddDefTok(defs, "SRVR_", server); AddNum(defs, "DISPLAY_NUM", n); - AddDef(defs, "CLIENTHOST", client); + AddDefHostname(defs, "CLIENTHOST", client); AddDefTok(defs, "CLNT_", client); AddNum(defs, "VERSION", ProtocolVersion(display)); AddNum(defs, "REVISION", ProtocolRevision(display)); @@ -612,7 +625,7 @@ DoScreenDefines(Display *display, int scrno, String *defs) AddNum(defs, "Y_RESOLUTION", Resolution(screen->height,screen->mheight)); AddNum(defs, "PLANES", DisplayPlanes(display, scrno)); AddNum(defs, "BITS_PER_RGB", visual->bits_per_rgb); - AddDef(defs, "CLASS", ClassNames[visual->class]); + AddDefQ(defs, "CLASS", ClassNames[visual->class]); snprintf(name, sizeof(name), "CLASS_%s", ClassNames[visual->class]); AddNum(defs, name, (int)visual->visualid); switch(visual->class) { @@ -780,6 +793,40 @@ addstring(String *arg, const char *s) arg->used += strlen(s); } +static void +addescapedstring(String *arg, const char *s) +{ + char copy[512], *c; + + for (c = copy; *s && c < ©[sizeof(copy)-1]; s++) { + switch (*s) { + case '"': case '\'': case '`': + case '$': case '\\': + *c++ = '_'; + break; + default: + *c++ = *s; + } + } + *c = 0; + addstring (arg, copy); +} + +static void +addtokstring(String *arg, const char *s) +{ + char copy[512], *c; + + for (c = copy; *s && c < ©[sizeof(copy)-1]; s++) { + if (!isalpha(*s) && !isdigit(*s) && *s != '_') + *c++ = '_'; + else + *c++ = *s; + } + *c = 0; + addstring (arg, copy); +} + int main(int argc, char *argv[]) @@ -892,7 +939,7 @@ main(int argc, char *argv[]) continue; } else if (arg[1] == 'I') { addstring(&includes, " "); - addstring(&includes, arg); + addescapedstring(&includes, arg); continue; } else if (arg[1] == 'U' || arg[1] == 'D') { if (num_cmd_defines < MAX_CMD_DEFINES) { -- 1.7.1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org