Hello community, here is the log from the commit of package usbmuxd for openSUSE:11.4 checked in at Thu Feb 23 12:11:24 CET 2012.
-------- --- old-versions/11.4/UPDATES/all/usbmuxd/usbmuxd.changes 2011-03-24 17:51:17.000000000 +0100 +++ 11.4/usbmuxd/usbmuxd.changes 2012-02-21 20:48:42.000000000 +0100 @@ -1,0 +2,7 @@ +Tue Feb 21 18:48:59 UTC 2012 - sts...@suse.com + +- CVE-2012-0065.patch fixes recieve_packet() + Buffer overflow vulnerability CVE-2012-0065 + (bnc#742546) + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 New: ---- CVE-2012-0065.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ usbmuxd.spec ++++++ --- /var/tmp/diff_new_pack.5pEsBs/_old 2012-02-23 12:10:44.000000000 +0100 +++ /var/tmp/diff_new_pack.5pEsBs/_new 2012-02-23 12:10:44.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package usbmuxd # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,12 +20,14 @@ Name: usbmuxd %define _libname libusbmuxd Version: 1.0.7 -Release: 3.<RELEASE2> -License: LGPL v2.1 or GPL v2 +Release: 3.<RELEASE5> Summary: Socket daemon for the usbmux protocol of iPhone/iPod Touch devices -Url: http://git.marcansoft.com/?p=usbmuxd.git +License: LGPL-2.1 or GPL-2.0 Group: System/Libraries +Url: http://git.marcansoft.com/?p=usbmuxd.git Source: %{name}-%{version}.tar.bz2 +# PATCH-FIX-UPSTREAM bnc742546 CVE-2012-0065.patch sts...@suse.com -- Taken from usbmuxd.git +Patch0: CVE-2012-0065.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: libplist-devel @@ -45,7 +47,6 @@ %package -n %{_libname}1 -License: LGPL v2.1 or GPL v2 Summary: A library to abstract socket/protocol communication to the usbmuxd daemon Group: System/Libraries Requires: %{name} @@ -69,7 +70,7 @@ developing applications that use %{_libname}. %package -n iproxy -License: LGPL v2.1 or GPL v2 + Summary: Proxy enabling TCP tunneling to iPhone/iPod Touch via USB cable Group: System/Libraries Requires: %{_libname} = %{version} @@ -86,6 +87,7 @@ %prep %setup -q +%patch0 -p1 %build mkdir build ++++++ CVE-2012-0065.patch ++++++ Index: usbmuxd-1.0.7/libusbmuxd/libusbmuxd.c =================================================================== --- usbmuxd-1.0.7.orig/libusbmuxd/libusbmuxd.c +++ usbmuxd-1.0.7/libusbmuxd/libusbmuxd.c @@ -189,7 +189,7 @@ static int receive_packet(int sfd, struc char *strval = NULL; plist_get_string_val(n, &strval); if (strval) { - strcpy(dev->serial_number, strval); + strncpy(dev->serial_number, strval, 255); free(strval); } n = plist_dict_get_item(props, "LocationID"); continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org