OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 05-Apr-2004 14:35:26 Branch: OPENPKG_2_0_SOLID Handle: 2004040513352600 Added files: (Branch: OPENPKG_2_0_SOLID) openpkg-src/mc mc.patch Modified files: (Branch: OPENPKG_2_0_SOLID) openpkg-src/mc mc.spec Log: MFC: SA-2004.009-mc; CAN-2003-1023 Summary: Revision Changes Path 1.1.2.1 +27 -0 openpkg-src/mc/mc.patch 1.31.2.2 +3 -1 openpkg-src/mc/mc.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/mc/mc.patch ============================================================================ $ cvs diff -u -r0 -r1.1.2.1 mc.patch --- /dev/null 2004-04-05 14:35:26.000000000 +0200 +++ mc.patch 2004-04-05 14:35:26.000000000 +0200 @@ -0,0 +1,27 @@ +from mc-4.6.0-7.9.src.rpm mentioned in RHSA-2004:034-01 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023 + Stack-based buffer overflow in vfs_s_resolve_symlink of + vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, + and possibly later versions, allows remote attackers to execute + arbitrary code during symlink conversion. + +diff -ru mc-4.5.55/vfs/direntry.c mc-4.5.55.new/vfs/direntry.c +--- vfs/direntry.c.orig 2001-08-16 15:23:05.000000000 -0700 ++++ vfs/direntry.c 2004-01-06 16:36:00.000000000 -0800 +@@ -374,6 +374,7 @@ + } + } + ++#if 0 + /* Convert absolute paths to relative ones */ + if (*linkname == PATH_SEP) { + char *p, *q; +@@ -391,6 +392,7 @@ + } + linkname = buf; + } ++#endif + + return (MEDATA->find_entry) (me, entry->dir, linkname, follow - 1, 0); + } + @@ . patch -p0 <<'@@ .' Index: openpkg-src/mc/mc.spec ============================================================================ $ cvs diff -u -r1.31.2.1 -r1.31.2.2 mc.spec --- openpkg-src/mc/mc.spec 18 Feb 2004 14:50:11 -0000 1.31.2.1 +++ openpkg-src/mc/mc.spec 5 Apr 2004 12:35:26 -0000 1.31.2.2 @@ -34,10 +34,11 @@ Group: Terminal License: GPL Version: 4.6.0 -Release: 2.0.0 +Release: 2.0.1 # list of sources Source0: http://www.ibiblio.org/pub/Linux/utils/file/managers/mc/mc-%{version}.tar.gz +Patch0: mc.patch # build information Prefix: %{l_prefix} @@ -64,6 +65,7 @@ %prep %setup -q + %patch %build CC="%{l_cc}" \ @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]