I'm not a developer, but I'd love to get a standard git patch against latest SVN trunk.
Many thanks. 2013/2/5 Aris Adamantiadis <a...@badcode.be>: > Hi, > > When speaking with the rest of the team, we agreed that is was better to > wait until we finish another kannel-related task (back-porting the > ParlayX to our current patchset and testing it) before posting the > patches, in order not to miss anything. > You will hear from me before the end of the week. > Which format is the better ? A big .patch with all differences ? Is it > ok if I get that diff from kannel release 1.5.0 ? > > Kr, > > Aris > Le 5/02/13 14:18, spameden a écrit : >> Interesting find.. Would love to see what actually you've changed and >> what's considered to be insecure. I think you can post your diff to >> this devel list. >> >> Many thanks for your work. >> >> 2013/2/5 Aris Adamantiadis <a...@badcode.be>: >>> Dear Kannel developers, >>> >>> During a security audit of Kannel, we identified several weaknesses in >>> the code, mostly unsafe C functions or data copying used without bound >>> checkings. These patches currently run in production on our site, but >>> we'd prefer to give them out to the community (and this makes our update >>> process easier as well). >>> >>> What is the best way to provide you with these patches ? Currently, they >>> are being tracked in a local git repository. I can make the work of >>> porting them to the latest subversion repository, but you would still >>> need someone to review and publish them on your svn. >>> >>> How can we proceed ? >>> >>> Kind regards, >>> >>> Aris Adamantiadis >>> >>> output of "git diff old_prod..new_prod --stat": >>> >>> addons/opensmppbox/gw/opensmppbox.c | 2 +- >>> gw/smsbox.c | 6 +- >>> gw/smsc/smsc.c | 2 +- >>> gw/smsc/smsc_at.c | 6 +- >>> gw/smsc/smsc_cgw.c | 2 +- >>> gw/smsc/smsc_cimd.c | 47 ++++++------ >>> gw/smsc/smsc_cimd2.c | 4 +- >>> gw/smsc/smsc_emi_x25.c | 74 +++++++++--------- >>> gw/smsc/smsc_ois.c | 140 >>> +++++++++++++++++------------------ >>> gw/smsc/smsc_sema.c | 66 ++++++++++------- >>> gw/smsc/smsc_sema.h | 2 +- >>> gw/smsc/smsc_soap.c | 27 ++++--- >>> gw/wap-appl.c | 10 ++- >>> gw/wap_push_ppg.c | 10 ++- >>> gwlib/accesslog.c | 6 +- >>> gwlib/conn.c | 2 +- >>> gwlib/date.c | 2 +- >>> gwlib/gw_uuid.c | 6 +- >>> gwlib/gwthread-pthread.c | 2 +- >>> gwlib/log.c | 33 +++++---- >>> gwlib/octstr.c | 4 +- >>> gwlib/utils.c | 13 ---- >>> gwlib/utils.h | 6 -- >>> test/fakewap.c | 8 +- >>> utils/run_kannel_box.c | 2 +- >>> utils/seewbmp.c | 8 +- >>> utils/start-stop-daemon.c | 26 ++++--- >>> wap/cookies.c | 8 +- >>> wap/wsp_session.c | 4 +- >>> wmlscript/wsstream_data.c | 12 +-- >>> wmlscript/wsstream_file.c | 6 +- >>> 31 files changed, 288 insertions(+), 258 deletions(-) >>> >> >
