[CVS] OpenPKG: openpkg-src/mc/ mc.patch mc.spec

Mon, 05 Apr 2004 05:33:22 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Thomas Lotterer
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   05-Apr-2004 14:33:27
  Branch: HEAD                             Handle: 2004040513332600

  Added files:
    openpkg-src/mc          mc.patch
  Modified files:
    openpkg-src/mc          mc.spec

  Log:
    SA-2004.009-mc; CAN-2003-1023

  Summary:
    Revision    Changes     Path
    1.1         +27 -0      openpkg-src/mc/mc.patch
    1.32        +3  -1      openpkg-src/mc/mc.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/mc/mc.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1 mc.patch
  --- /dev/null 2004-04-05 14:33:26.000000000 +0200
  +++ mc.patch  2004-04-05 14:33:27.000000000 +0200
  @@ -0,0 +1,27 @@
  +from mc-4.6.0-7.9.src.rpm mentioned in RHSA-2004:034-01
  +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1023
  +    Stack-based buffer overflow in vfs_s_resolve_symlink of
  +    vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier,
  +    and possibly later versions, allows remote attackers to execute
  +    arbitrary code during symlink conversion.
  +
  +diff -ru mc-4.5.55/vfs/direntry.c mc-4.5.55.new/vfs/direntry.c
  +--- vfs/direntry.c.orig      2001-08-16 15:23:05.000000000 -0700
  ++++ vfs/direntry.c   2004-01-06 16:36:00.000000000 -0800
  +@@ -374,6 +374,7 @@
  +     }
  +     }
  + 
  ++#if 0
  +     /* Convert absolute paths to relative ones */
  +     if (*linkname == PATH_SEP) {
  +     char *p, *q;
  +@@ -391,6 +392,7 @@
  +     }
  +     linkname = buf;
  +     }
  ++#endif
  + 
  +     return (MEDATA->find_entry) (me, entry->dir, linkname, follow - 1, 0);
  + }
  +
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/mc/mc.spec
  ============================================================================
  $ cvs diff -u -r1.31 -r1.32 mc.spec
  --- openpkg-src/mc/mc.spec    7 Feb 2004 17:56:35 -0000       1.31
  +++ openpkg-src/mc/mc.spec    5 Apr 2004 12:33:26 -0000       1.32
  @@ -34,10 +34,11 @@
   Group:        Terminal
   License:      GPL
   Version:      4.6.0
  -Release:      20040207
  +Release:      20040405
   
   #   list of sources
   Source0:      
http://www.ibiblio.org/pub/Linux/utils/file/managers/mc/mc-%{version}.tar.gz
  +Patch0:       mc.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -64,6 +65,7 @@
   
   %prep
       %setup -q
  +    %patch
   
   %build
       CC="%{l_cc}" \
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to