Author: psz Date: Fri Feb 17 23:33:54 2006 GMT Module: SOURCES Tag: HEAD ---- Log message: - security fix: CVE-2005-4667 - rel 3; STBR
---- Files affected: SOURCES: unzip-cve-2005-4667.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/unzip-cve-2005-4667.patch diff -u /dev/null SOURCES/unzip-cve-2005-4667.patch:1.1 --- /dev/null Sat Feb 18 00:33:54 2006 +++ SOURCES/unzip-cve-2005-4667.patch Sat Feb 18 00:33:49 2006 @@ -0,0 +1,24 @@ +--- unzip-5.52.orig/unzpriv.h 2006-02-18 00:17:52.000000000 +0100 ++++ unzip-5.52/unzpriv.h 2006-02-18 00:01:42.000000000 +0100 +@@ -2274,17 +2274,18 @@ + * (char *)(sprintf sprf_arg, (buf))) == EOF) + */ + #ifndef Info /* may already have been defined for redirection */ ++# define wsizesnprintf(buf, ...) snprintf (buf, WSIZE-1, __VA_ARGS__) + # ifdef FUNZIP + # define Info(buf,flag,sprf_arg) \ +- fprintf((flag)&1? stderr : stdout, (char *)(sprintf sprf_arg, (buf))) ++ fputs((char *)(wsizesnprintf sprf_arg, (buf)), (flag)&1? stderr : stdout) + # else + # ifdef INT_SPRINTF /* optimized version for "int sprintf()" flavour */ + # define Info(buf,flag,sprf_arg) \ +- (*G.message)((zvoid *)&G, (uch *)(buf), (ulg)sprintf sprf_arg, (flag)) ++ (*G.message)((zvoid *)&G, (uch *)(buf), (ulg)wsizesnprintf sprf_arg, (flag)) + # else /* generic version, does not use sprintf() return value */ + # define Info(buf,flag,sprf_arg) \ + (*G.message)((zvoid *)&G, (uch *)(buf), \ +- (ulg)(sprintf sprf_arg, strlen((char *)(buf))), (flag)) ++ (ulg)(wsizesnprintf sprf_arg, strlen((char *)(buf))), (flag)) + # endif + # endif + #endif /* !Info */ ================================================================ _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
