Hello community,
here is the log from the commit of package cvs for openSUSE:12.1:Update:Test
checked in at 2012-02-13 17:30:27
Comparing /work/SRC/openSUSE:12.1:Update:Test/cvs (Old)
and /work/SRC/openSUSE:12.1:Update:Test/.cvs.new (New)
Package is "cvs", Maintainer is "p...@suse.com"
Changes:
--- /work/SRC/openSUSE:12.1:Update:Test/cvs/cvs.changes 2012-02-13
17:30:34.0 +0100
+++ /work/SRC/openSUSE:12.1:Update:Test/.cvs.new/cvs.changes2012-02-13
17:30:35.0 +0100
@@ -1,0 +2,6 @@
+Mon Jan 30 14:35:57 CET 2012 - p...@suse.de
+
+- Fix the way CVS reads proxy connection HTTP responses
+ (bnc#744059, CVE-2012-0804).
+
+---
New:
cvs-CVE-2012-0804.patch
Other differences:
--
++ cvs.spec ++
--- /var/tmp/diff_new_pack.TkeMYL/_old 2012-02-13 17:30:35.0 +0100
+++ /var/tmp/diff_new_pack.TkeMYL/_new 2012-02-13 17:30:35.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package cvs
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,15 +16,15 @@
#
-
Name: cvs
-BuildRequires: gdbm-devel zlib-devel
-License:GPLv2+ ; LGPLv2.1+
-Group: Development/Tools/Version Control
+BuildRequires: gdbm-devel
+BuildRequires: zlib-devel
Url:http://www.nongnu.org/cvs/
Version:1.12.12
-Release:164
+Release:0
Summary:Concurrent Versions System
+License:GPL-2.0+ ; LGPL-2.1+
+Group: Development/Tools/Version Control
Requires: /bin/mktemp, /usr/bin/csh
Source: %name-%version.tar.bz2
# http://www.does-not-exist.org/roessler/cvslock-0.2.tar.gz
@@ -56,6 +56,7 @@
Patch26:cvs-request_rcs_installation.diff
Patch27:cvs-fix_printf_format.diff
Patch28:cvs-gnulib.diff
+Patch29:cvs-CVE-2012-0804.patch
PreReq: %install_info_prereq
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -65,7 +66,6 @@
CVS, is also included.
%package doc
-License:GPLv2+ ; LGPLv2.1+
Summary:Info pages and Open Source Development with CVS, 2nd Edition
Book
Group: Development/Tools/Version Control
%if 0%{?suse_version} >= 1120
@@ -100,6 +100,7 @@
%patch26
%patch27
%patch28
+%patch29
%build
autoreconf -fi
++ cvs-CVE-2012-0804.patch ++
Index: src/client.c
===
--- src/client.c.orig 2012-02-13 14:44:03.028698930 +0100
+++ src/client.c2012-02-13 14:44:03.273692998 +0100
@@ -3504,9 +3504,9 @@ connect_to_pserver (cvsroot_t *root, str
* code.
*/
read_line_via (from_server, to_server, &read_buf);
- sscanf (read_buf, "%s %d", write_buf, &codenum);
+ count = sscanf (read_buf, "%s %d", write_buf, &codenum);
- if ((codenum / 100) != 2)
+ if (count != 1 || (codenum / 100) != 2)
error (1, 0, "proxy server %s:%d does not support http tunnelling",
root->proxy_hostname, proxy_port_number);
free (read_buf);
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org