Hello community, here is the log from the commit of package xorg-x11 for openSUSE:Factory checked in at Wed Apr 6 11:31:04 CEST 2011.
-------- --- xorg-x11/xorg-x11.changes 2011-03-28 18:15:52.000000000 +0200 +++ /mounts/work_src_done/STABLE/xorg-x11/xorg-x11.changes 2011-04-05 19:03:40.000000000 +0200 @@ -1,0 +2,6 @@ +Tue Apr 5 17:02:53 UTC 2011 - mh...@novell.com + +- xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch + * Fix CVE-2011-0465 (bnc #674733). + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xorg-x11.spec ++++++ --- /var/tmp/diff_new_pack.ajwKOh/_old 2011-04-06 11:28:19.000000000 +0200 +++ /var/tmp/diff_new_pack.ajwKOh/_new 2011-04-06 11:28:19.000000000 +0200 @@ -23,7 +23,7 @@ BuildRequires: bison Url: http://xorg.freedesktop.org/ Version: 7.6 -Release: 46 +Release: 49 License: MIT License (or similar) BuildRoot: %{_tmppath}/%{name}-%{version}-build Group: System/X11/Utilities @@ -159,6 +159,7 @@ Patch67: xinit-tolerant-hostname-changes.diff Patch68: xrdb.diff Patch69: xrdb-traditional-cpp.diff +Patch674733: xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch %description This package contains the X.Org core and sample applications. @@ -289,6 +290,7 @@ pushd xrdb-* %patch68 -p2 %patch69 -p0 +%patch674733 -p1 popd %build ++++++ xrdb-Create-shell-escape-safe-cpp-options-in-the-non-path-bnc674733.patch ++++++ >From 3d0c8e2cacf69723e7e8faf7ce441b9802e2d9a0 Mon Sep 17 00:00:00 2001 From: Matthias Hopf <mh...@suse.de> Date: Tue, 1 Mar 2011 19:37:34 +0100 Subject: [PATCH] Create shell-escape-safe cpp options in the non-pathetic-cpp case. Fixes CVE-2011-0465. Signed-off-by: Matthias Hopf <mh...@suse.de> Reviewed-by: Adam Jackson <a...@redhat.com> --- xrdb.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++------------- 1 files changed, 63 insertions(+), 16 deletions(-) diff --git a/xrdb.c b/xrdb.c index c3ef0fd..ea698b9 100644 --- a/xrdb.c +++ b/xrdb.c @@ -142,6 +142,8 @@ static Entries newDB; static void fatal(char *, ...); static void addstring ( String *arg, const char *s ); +static void addescapedstring ( String *arg, const char *s ); +static void addtokstring ( String *arg, const char *s ); static void FormatEntries ( Buffer *buffer, Entries *entries ); static void StoreProperty ( Display *dpy, Window root, Atom res_prop ); static void Process ( int scrno, Bool doScreen, Bool execute ); @@ -433,14 +435,20 @@ AddDef(String *buff, char *title, char *value) addstring(buff, " -D"); } else addstring(buff, "-D"); - addstring(buff, title); + addtokstring(buff, title); if (value && (value[0] != '\0')) { addstring(buff, "="); - addstring(buff, value); + addescapedstring(buff, value); } } static void +AddSimpleDef(String *buff, char *title) +{ + AddDef(buff, title, (char *)NULL); +} + +static void AddDefQ(String *buff, char *title, char *value) { #ifdef PATHETICCPP @@ -449,8 +457,9 @@ AddDefQ(String *buff, char *title, char *value) else #endif if (value && (value[0] != '\0')) { - AddDef(buff, title, "\""); - addstring(buff, value); + AddSimpleDef(buff, title); + addstring(buff, "=\""); + addescapedstring(buff, value); addstring(buff, "\""); } else AddDef(buff, title, NULL); @@ -465,24 +474,28 @@ AddNum(String *buff, char *title, int value) } static void -AddSimpleDef(String *buff, char *title) +AddDefTok(String *buff, char *prefix, char *title) { - AddDef(buff, title, (char *)NULL); + char name[512]; + + snprintf(name, sizeof(name), "%s%s", prefix, title); + AddSimpleDef(buff, name); } static void -AddDefTok(String *buff, char *prefix, char *title) +AddDefHostname(String *buff, char *title, char *value) { char *s; char name[512]; char c; - snprintf(name, sizeof(name), "%s%s", prefix, title); + strncpy (name, value, sizeof(name)-1); + name[sizeof(name)-1] = '\0'; for (s = name; (c = *s); s++) { - if (!isalpha(c) && !isdigit(c) && c != '_') + if (!isalpha(c) && !isdigit(c) && c != '_' && c != '.' && c != ':' && c != '-') *s = '_'; } - AddSimpleDef(buff, name); + AddDef(buff, title, name); } static void @@ -502,7 +515,7 @@ AddUndef(String *buff, char *title) addstring(buff, " -U"); } else addstring(buff, "-U"); - addstring(buff, title); + addtokstring(buff, title); } static void @@ -565,11 +578,11 @@ DoDisplayDefines(Display *display, String *defs, char *host) } if (!*server || !strcmp(server, "unix") || !strcmp(server, "localhost")) strcpy(server, client); - AddDef(defs, "HOST", server); /* R3 compatibility */ - AddDef(defs, "SERVERHOST", server); + AddDefHostname(defs, "HOST", server); /* R3 compatibility */ + AddDefHostname(defs, "SERVERHOST", server); AddDefTok(defs, "SRVR_", server); AddNum(defs, "DISPLAY_NUM", n); - AddDef(defs, "CLIENTHOST", client); + AddDefHostname(defs, "CLIENTHOST", client); AddDefTok(defs, "CLNT_", client); AddNum(defs, "VERSION", ProtocolVersion(display)); AddNum(defs, "REVISION", ProtocolRevision(display)); @@ -612,7 +625,7 @@ DoScreenDefines(Display *display, int scrno, String *defs) AddNum(defs, "Y_RESOLUTION", Resolution(screen->height,screen->mheight)); AddNum(defs, "PLANES", DisplayPlanes(display, scrno)); AddNum(defs, "BITS_PER_RGB", visual->bits_per_rgb); - AddDef(defs, "CLASS", ClassNames[visual->class]); + AddDefQ(defs, "CLASS", ClassNames[visual->class]); snprintf(name, sizeof(name), "CLASS_%s", ClassNames[visual->class]); AddNum(defs, name, (int)visual->visualid); switch(visual->class) { @@ -780,6 +793,40 @@ addstring(String *arg, const char *s) arg->used += strlen(s); } +static void +addescapedstring(String *arg, const char *s) +{ + char copy[512], *c; + + for (c = copy; *s && c < ©[sizeof(copy)-1]; s++) { + switch (*s) { + case '"': case '\'': case '`': + case '$': case '\\': + *c++ = '_'; + break; + default: + *c++ = *s; + } + } + *c = 0; + addstring (arg, copy); +} + +static void +addtokstring(String *arg, const char *s) +{ + char copy[512], *c; + + for (c = copy; *s && c < ©[sizeof(copy)-1]; s++) { + if (!isalpha(*s) && !isdigit(*s) && *s != '_') + *c++ = '_'; + else + *c++ = *s; + } + *c = 0; + addstring (arg, copy); +} + int main(int argc, char *argv[]) @@ -892,7 +939,7 @@ main(int argc, char *argv[]) continue; } else if (arg[1] == 'I') { addstring(&includes, " "); - addstring(&includes, arg); + addescapedstring(&includes, arg); continue; } else if (arg[1] == 'U' || arg[1] == 'D') { if (num_cmd_defines < MAX_CMD_DEFINES) { -- 1.7.1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org