OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 03-Oct-2005 13:45:55 Branch: HEAD Handle: 2005100312455500 Modified files: openpkg-src/lmtp2nntp lmtp2nntp.patch lmtp2nntp.spec Log: upgrading package: lmtp2nntp 1.3.0 -> 1.4.0 Summary: Revision Changes Path 1.5 +3 -120 openpkg-src/lmtp2nntp/lmtp2nntp.patch 1.70 +2 -3 openpkg-src/lmtp2nntp/lmtp2nntp.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/lmtp2nntp/lmtp2nntp.patch ============================================================================ $ cvs diff -u -r1.4 -r1.5 lmtp2nntp.patch --- openpkg-src/lmtp2nntp/lmtp2nntp.patch 23 Sep 2005 14:42:40 -0000 1.4 +++ openpkg-src/lmtp2nntp/lmtp2nntp.patch 3 Oct 2005 11:45:55 -0000 1.5 @@ -1,126 +1,9 @@ -Security Fix (CAN-2005-2491, partially only) - -Index: lib_pcre/pcre.c ---- lib_pcre/pcre.c.orig 2004-04-22 10:52:11 +0200 -+++ lib_pcre/pcre.c 2005-09-05 15:38:37 +0200 -@@ -716,12 +716,23 @@ - - while ((cd->ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; - -+if (min < 0 || min > 65535) -+ { -+ *errorptr = ERR5; -+ return p; -+ } -+ - if (*p == '}') max = min; else - { - if (*(++p) != '}') - { - max = 0; - while((cd->ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; -+ if (max < 0 || max > 65535) -+ { -+ *errorptr = ERR5; -+ return p; -+ } - if (max < min) - { - *errorptr = ERR4; -Index: lib_l2/l2_ut_pcre.c ---- lib_l2/l2_ut_pcre.c.orig 2003-01-28 10:10:39 +0100 -+++ lib_l2/l2_ut_pcre.c 2005-09-05 16:22:43 +0200 -@@ -674,6 +674,10 @@ - - while ((cd->ctypes[*p] & ctype_digit) != 0) - min = min * 10 + *p++ - '0'; -+ if (min < 0 || min > 65535) { -+ *errorptr = ERR5; -+ return p; -+ } - - if (*p == '}') - max = min; -@@ -682,6 +686,10 @@ - max = 0; - while ((cd->ctypes[*p] & ctype_digit) != 0) - max = max * 10 + *p++ - '0'; -+ if (max < 0 || max > 65535) { -+ *errorptr = ERR5; -+ return p; -+ } - if (max < min) { - *errorptr = ERR4; - return p; -Index: lib_str/str_pcre.c ---- lib_str/str_pcre.c.orig 2003-01-28 10:10:39 +0100 -+++ lib_str/str_pcre.c 2005-09-05 16:22:43 +0200 -@@ -674,6 +674,10 @@ - - while ((cd->ctypes[*p] & ctype_digit) != 0) - min = min * 10 + *p++ - '0'; -+ if (min < 0 || min > 65535) { -+ *errorptr = ERR5; -+ return p; -+ } - - if (*p == '}') - max = min; -@@ -682,6 +686,10 @@ - max = 0; - while ((cd->ctypes[*p] & ctype_digit) != 0) - max = max * 10 + *p++ - '0'; -+ if (max < 0 || max > 65535) { -+ *errorptr = ERR5; -+ return p; -+ } - if (max < min) { - *errorptr = ERR4; - return p; - -use va_copy for va_list copying for better portability. -Index: str_basic.c ---- lib_str/str_basic.c.orig 2003-01-06 20:13:47 +0100 -+++ lib_str/str_basic.c 2005-09-23 15:35:49 +0200 -@@ -133,7 +133,7 @@ - return NULL; - - /* determine required target string length */ -- ap_safe = ap; -+ va_copy(ap_safe, ap); - n = str_len(s); - while ((cp = va_arg(ap, char *)) != NULL) - n += str_len(cp); -Index: ts.c ---- lib_str/ts.c.orig 2003-02-11 09:39:47 +0100 -+++ lib_str/ts.c 2005-09-23 15:36:28 +0200 -@@ -206,7 +206,7 @@ - - if (format == NULL) - return NULL; -- ap2 = ap; -+ va_copy(ap2, ap); - if ((n = ts_suite_mvxprintf(NULL, 0, format, ap)) == -1) - return NULL; - if ((buffer = (char *)malloc(n+1)) == NULL) -Index: lib_l2/l2_ut_format.c ---- lib_l2/l2_ut_format.c.orig 2004-04-22 12:27:58 +0200 -+++ lib_l2/l2_ut_format.c 2005-09-23 15:51:17 +0200 -@@ -1151,7 +1151,7 @@ - char *s; - int rv; - -- apbak = ap; -+ va_copy(apbak, ap); - if ((rv = l2_util_vsprintf(NULL, -1, fmt, ap)) == -1) - return NULL; - if ((s = malloc(rv+1)) == NULL) Index: lib_tai/ts.c ---- lib_tai/ts.c.orig 2004-04-02 16:02:59 +0200 -+++ lib_tai/ts.c 2005-09-23 16:33:56 +0200 +--- lib_tai/ts.c.orig 2005-10-03 12:54:16 +0200 ++++ lib_tai/ts.c 2005-10-03 13:41:31 +0200 @@ -202,7 +202,7 @@ - if (format == NULL) + if (format == NULL || ap == NULL) return NULL; - ap2 = ap; + va_copy(ap2, ap); @@ . patch -p0 <<'@@ .' Index: openpkg-src/lmtp2nntp/lmtp2nntp.spec ============================================================================ $ cvs diff -u -r1.69 -r1.70 lmtp2nntp.spec --- openpkg-src/lmtp2nntp/lmtp2nntp.spec 23 Sep 2005 14:42:40 -0000 1.69 +++ openpkg-src/lmtp2nntp/lmtp2nntp.spec 3 Oct 2005 11:45:55 -0000 1.70 @@ -32,8 +32,8 @@ Class: BASE Group: Mail License: GPL -Version: 1.3.0 -Release: 20050923 +Version: 1.4.0 +Release: 20051003 # list of sources Source0: ftp://ftp.ossp.org/pkg/tool/lmtp2nntp/lmtp2nntp-%{version}.tar.gz @@ -71,7 +71,6 @@ %prep %setup -q %patch -p0 - for i in . ./lib_ex/shtool ./lib_l2/shtool ./lib_pcre/shtool ./lib_popt/shtool ./lib_sa/shtool ./lib_str/shtool ./lib_tai/shtool ./lib_val/shtool ./lib_var/shtool; do cp %{l_shtool} $i; done %build CC="%{l_cc}" \ @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org