[CVS] OpenPKG: openpkg-src/tin/ tin.patch tin.spec

[Ralf S. Engelschall]

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   05-Sep-2005 16:48:03
  Branch: HEAD                             Handle: 2005090515480200

  Modified files:
    openpkg-src/tin         tin.patch tin.spec

  Log:
    apply Security Fix (CAN-2005-2491)

  Summary:
    Revision    Changes     Path
    1.2         +111 -0     openpkg-src/tin/tin.patch
    1.45        +1  -1      openpkg-src/tin/tin.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/tin/tin.patch
  ============================================================================
  $ cvs diff -u -r1.1 -r1.2 tin.patch
  --- openpkg-src/tin/tin.patch 4 Jul 2002 08:41:01 -0000       1.1
  +++ openpkg-src/tin/tin.patch 5 Sep 2005 14:48:02 -0000       1.2
  @@ -10,3 +10,114 @@
    /*
     * defines to control GNKSA-checks behaviour:
     * - ENFORCE_RFC1034
  +
  
+------------------------------------------------------------------------------
  +
  +Security Fix (CAN-2005-2491)
  +
  +Index: pcre/pcre.c
  +--- pcre/pcre.c.orig 2003-08-10 15:27:36 +0200
  ++++ pcre/pcre.c      2005-09-05 16:43:29 +0200
  +@@ -908,7 +908,18 @@
  + int min = 0;
  + int max = -1;
  + 
  ++/* Read the minimum value and do a paranoid check: a negative value 
indicates
  ++an integer overflow. */
  ++
  + while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
  ++if (min < 0 || min > 65535)
  ++  {
  ++  *errorptr = ERR5;
  ++  return p;
  ++  }
  ++
  ++/* Read the maximum value if there is one, and again do a paranoid on its 
size.
  ++Also, max must not be less than min. */
  + 
  + if (*p == '}') max = min; else
  +   {
  +@@ -916,6 +927,11 @@
  +     {
  +     max = 0;
  +     while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
  ++    if (max < 0 || max > 65535)
  ++      {
  ++      *errorptr = ERR5;
  ++      return p;
  ++      }
  +     if (max < min)
  +       {
  +       *errorptr = ERR4;
  +@@ -3765,6 +3781,7 @@
  + BOOL class_utf8;
  + #endif
  + BOOL inescq = FALSE;
  ++BOOL capturing;
  + unsigned int brastackptr = 0;
  + size_t size;
  + uschar *code;
  +@@ -4169,6 +4186,7 @@
  +     case '(':
  +     branch_newextra = 0;
  +     bracket_length = 1 + LINK_SIZE;
  ++    capturing = FALSE;
  + 
  +     /* Handle special forms of bracket, which all start (? */
  + 
  +@@ -4256,6 +4274,9 @@
  + 
  +         case 'P':
  +         ptr += 3;
  ++
  ++        /* Handle the definition of a named subpattern */
  ++
  +         if (*ptr == '<')
  +           {
  +           const uschar *p;    /* Don't amalgamate; some compilers */
  +@@ -4268,9 +4289,12 @@
  +             }
  +           name_count++;
  +           if (ptr - p > max_name_size) max_name_size = (ptr - p);
  ++          capturing = TRUE;   /* Named parentheses are always capturing */
  +           break;
  +           }
  + 
  ++        /* Handle back references and recursive calls to named subpatterns 
*/
  ++
  +         if (*ptr == '=' || *ptr == '>')
  +           {
  +           while ((compile_block.ctypes[*(++ptr)] & ctype_word) != 0);
  +@@ -4445,18 +4469,24 @@
  +           continue;
  +           }
  + 
  +-        /* If options were terminated by ':' control comes here. Fall 
through
  +-        to handle the group below. */
  ++        /* If options were terminated by ':' control comes here. This is a
  ++        non-capturing group with an options change. There is nothing more 
that
  ++        needs to be done because "capturing" is already set FALSE by 
default;
  ++        we can just fall through. */
  ++
  +         }
  +       }
  + 
  +-    /* Extracting brackets must be counted so we can process escapes in a
  +-    Perlish way. If the number exceeds EXTRACT_BASIC_MAX we are going to
  +-    need an additional 3 bytes of store per extracting bracket. However, if
  +-    PCRE_NO_AUTO)CAPTURE is set, unadorned brackets become non-capturing, 
so we
  +-    must leave the count alone (it will aways be zero). */
  ++    /* Ordinary parentheses, not followed by '?', are capturing unless
  ++    PCRE_NO_AUTO_CAPTURE is set. */
  ++
  ++    else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0;
  ++
  ++    /* Capturing brackets must be counted so we can process escapes in a
  ++    Perlish way. If the number exceeds EXTRACT_BASIC_MAX we are going to 
need
  ++    an additional 3 bytes of memory per capturing bracket. */
  + 
  +-    else if ((options & PCRE_NO_AUTO_CAPTURE) == 0)
  ++    if (capturing)
  +       {
  +       bracount++;
  +       if (bracount > EXTRACT_BASIC_MAX) bracket_length += 3;
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/tin/tin.spec
  ============================================================================
  $ cvs diff -u -r1.44 -r1.45 tin.spec
  --- openpkg-src/tin/tin.spec  24 Mar 2005 11:20:30 -0000      1.44
  +++ openpkg-src/tin/tin.spec  5 Sep 2005 14:48:02 -0000       1.45
  @@ -37,7 +37,7 @@
   Group:        News
   License:      GPL
   Version:      %{V_major}.%{V_minor}
  -Release:      20040207
  +Release:      20050905
   
   #   list of sources
   Source0:      
ftp://ftp.tin.org/pub/news/clients/tin/v%{V_major}/tin-%{version}.tar.bz2
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org