[CVS] OpenPKG: OPENPKG_2_0_SOLID: openpkg-src/mc/ mc.patch mc.spec

[Thomas Lotterer]

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Thomas Lotterer
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   05-Apr-2004 14:35:26
  Branch: OPENPKG_2_0_SOLID                Handle: 2004040513352600

  Added files:              (Branch: OPENPKG_2_0_SOLID)
    openpkg-src/mc          mc.patch
  Modified files:           (Branch: OPENPKG_2_0_SOLID)
    openpkg-src/mc          mc.spec

  Log:
    MFC: SA-2004.009-mc; CAN-2003-1023

  Summary:
    Revision    Changes     Path
    1.1.2.1     +27 -0      openpkg-src/mc/mc.patch
    1.31.2.2    +3  -1      openpkg-src/mc/mc.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/mc/mc.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1.2.1 mc.patch
  --- /dev/null 2004-04-05 14:35:26.000000000 +0200
  +++ mc.patch  2004-04-05 14:35:26.000000000 +0200
  @@ -0,0 +1,27 @@
  +from mc-4.6.0-7.9.src.rpm mentioned in RHSA-2004:034-01
  +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023
  +    Stack-based buffer overflow in vfs_s_resolve_symlink of
  +    vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier,
  +    and possibly later versions, allows remote attackers to execute
  +    arbitrary code during symlink conversion.
  +
  +diff -ru mc-4.5.55/vfs/direntry.c mc-4.5.55.new/vfs/direntry.c
  +--- vfs/direntry.c.orig      2001-08-16 15:23:05.000000000 -0700
  ++++ vfs/direntry.c   2004-01-06 16:36:00.000000000 -0800
  +@@ -374,6 +374,7 @@
  +     }
  +     }
  + 
  ++#if 0
  +     /* Convert absolute paths to relative ones */
  +     if (*linkname == PATH_SEP) {
  +     char *p, *q;
  +@@ -391,6 +392,7 @@
  +     }
  +     linkname = buf;
  +     }
  ++#endif
  + 
  +     return (MEDATA->find_entry) (me, entry->dir, linkname, follow - 1, 0);
  + }
  +
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/mc/mc.spec
  ============================================================================
  $ cvs diff -u -r1.31.2.1 -r1.31.2.2 mc.spec
  --- openpkg-src/mc/mc.spec    18 Feb 2004 14:50:11 -0000      1.31.2.1
  +++ openpkg-src/mc/mc.spec    5 Apr 2004 12:35:26 -0000       1.31.2.2
  @@ -34,10 +34,11 @@
   Group:        Terminal
   License:      GPL
   Version:      4.6.0
  -Release:      2.0.0
  +Release:      2.0.1
   
   #   list of sources
   Source0:      
http://www.ibiblio.org/pub/Linux/utils/file/managers/mc/mc-%{version}.tar.gz
  +Patch0:       mc.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -64,6 +65,7 @@
   
   %prep
       %setup -q
  +    %patch
   
   %build
       CC="%{l_cc}" \
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]