openser.patch openser.spec

Ralf S. Engelschall Fri, 13 Apr 2007 12:23:17 -0700

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________


  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   13-Apr-2007 21:23:51
  Branch: HEAD                             Handle: 2007041320235100

  Modified files:
    openpkg-src/openser     openser.patch openser.spec

  Log:
    MFE:
    Security Fix (OpenPKG-SA-2006.042, OpenPKG-TT-E1#29)

  Summary:
    Revision    Changes     Path
    1.7         +32 -0      openpkg-src/openser/openser.patch
    1.32        +1  -1      openpkg-src/openser/openser.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/openser/openser.patch
  ============================================================================
  $ cvs diff -u -r1.6 -r1.7 openser.patch
  --- openpkg-src/openser/openser.patch 13 Mar 2007 07:16:28 -0000      1.6
  +++ openpkg-src/openser/openser.patch 13 Apr 2007 19:23:51 -0000      1.7
  @@ -108,3 +108,35 @@
    #define err(exitcode, format, args...) \
      errx(exitcode, format ": %s", ## args, strerror(errno))
    #define errx(exitcode, format, args...) \
  +
  +-----------------------------------------------------------------------------
  +
  +Security Fix (OpenPKG-SA-2006.042, OpenPKG-TT-E1#29)
  +
  +Index: modules/permissions/parse_config.c
  +--- modules/permissions/parse_config.c.orig  2005-06-13 18:47:43 +0200
  ++++ modules/permissions/parse_config.c       2006-12-26 11:15:25 +0100
  +@@ -111,8 +111,11 @@
  +     except = strstr(str, " EXCEPT ");
  +     if (except) {
  +             /* exception found */
  +-            strncpy(str2, str, except-str);
  +-            str2[except-str] = '\0';
  ++            int l = except - str;
  ++            if (l > sizeof(str2) - 1)
  ++                    l = sizeof(str2) - 1;
  ++            strncpy(str2, str, l);
  ++            str2[l] = '\0';
  +             /* except+8 points to the exception */
  +             if (parse_expression_list(except+8, e_exceptions)) {
  +                     /* error */
  +@@ -121,7 +124,8 @@
  +             }
  +     } else {
  +             /* no exception */
  +-            strcpy(str2, str);
  ++            strncpy(str2, str, sizeof(str2)-1);
  ++            str2[sizeof(str2)-1] = '\0';
  +             *e_exceptions = NULL;
  +     }
  +     
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/openser/openser.spec
  ============================================================================
  $ cvs diff -u -r1.31 -r1.32 openser.spec
  --- openpkg-src/openser/openser.spec  13 Mar 2007 07:16:28 -0000      1.31
  +++ openpkg-src/openser/openser.spec  13 Apr 2007 19:23:51 -0000      1.32
  @@ -37,7 +37,7 @@
   Group:        VoIP
   License:      GPL
   Version:      %{V_openser}
  -Release:      20070313
  +Release:      20070413
   
   #   package options
   %option       with_fsl  yes
  @@ .
______________________________________________________________________
OpenPKG                                             http://openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

[CVS] OpenPKG: openpkg-src/openser/ openser.patch openser.spec

Reply via email to