OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 16-Apr-2004 18:40:52 Branch: HEAD Handle: 2004041617405200 Added files: openpkg-src/tla tla.patch Modified files: openpkg-src/tla tla.spec Log: apply security fix (OpenPKG-SA-2004.016-neon; CAN-2004-0179) Summary: Revision Changes Path 1.1 +75 -0 openpkg-src/tla/tla.patch 1.14 +3 -1 openpkg-src/tla/tla.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/tla/tla.patch ============================================================================ $ cvs diff -u -r0 -r1.1 tla.patch --- /dev/null 2004-04-16 18:40:52.000000000 +0200 +++ tla.patch 2004-04-16 18:40:52.000000000 +0200 @@ -0,0 +1,75 @@ +Index: src/tla/libneon/ne_207.c +--- src/tla/libneon/ne_207.c.orig 2003-12-06 20:35:28.000000000 +0100 ++++ src/tla/libneon/ne_207.c 2004-04-16 18:38:39.000000000 +0200 +@@ -320,12 +320,12 @@ + if (ne_get_status(req)->code == 207) { + if (!ne_xml_valid(p)) { + /* The parse was invalid */ +- ne_set_error(sess, ne_xml_get_error(p)); ++ ne_set_error(sess, "%s", ne_xml_get_error(p)); + ret = NE_ERROR; + } else if (ctx.is_error) { + /* If we've actually got any error information + * from the 207, then set that as the error */ +- ne_set_error(sess, ctx.buf->data); ++ ne_set_error(sess, "%s", ctx.buf->data); + ret = NE_ERROR; + } + } else if (ne_get_status(req)->klass != 2) { +Index: src/tla/libneon/ne_auth.c +--- src/tla/libneon/ne_auth.c.orig 2003-12-06 20:35:28.000000000 +0100 ++++ src/tla/libneon/ne_auth.c 2004-04-16 18:38:39.000000000 +0200 +@@ -950,7 +950,7 @@ + if (areq->auth_info_hdr != NULL && + verify_response(areq, sess, areq->auth_info_hdr)) { + NE_DEBUG(NE_DBG_HTTPAUTH, "Response authentication invalid.\n"); +- ne_set_error(sess->sess, _(sess->spec->fail_msg)); ++ ne_set_error(sess->sess, "%s", _(sess->spec->fail_msg)); + ret = NE_ERROR; + } else if (status->code == sess->spec->status_code && + areq->auth_hdr != NULL) { +Index: src/tla/libneon/ne_locks.c +--- src/tla/libneon/ne_locks.c.orig 2003-12-06 20:35:28.000000000 +0100 ++++ src/tla/libneon/ne_locks.c 2004-04-16 18:38:39.000000000 +0200 +@@ -734,7 +734,7 @@ + } + else if (parse_failed) { + ret = NE_ERROR; +- ne_set_error(sess, ne_xml_get_error(parser)); ++ ne_set_error(sess, "%s", ne_xml_get_error(parser)); + } + else if (ne_get_status(req)->code == 207) { + ret = NE_ERROR; +@@ -802,7 +802,7 @@ + if (ret == NE_OK && ne_get_status(req)->klass == 2) { + if (parse_failed) { + ret = NE_ERROR; +- ne_set_error(sess, ne_xml_get_error(parser)); ++ ne_set_error(sess, "%s", ne_xml_get_error(parser)); + } + else if (ne_get_status(req)->code == 207) { + ret = NE_ERROR; +Index: src/tla/libneon/ne_props.c +--- src/tla/libneon/ne_props.c.orig 2003-12-06 20:35:28.000000000 +0100 ++++ src/tla/libneon/ne_props.c 2004-04-16 18:38:39.000000000 +0200 +@@ -142,7 +142,7 @@ + if (ret == NE_OK && ne_get_status(req)->klass != 2) { + ret = NE_ERROR; + } else if (!ne_xml_valid(handler->parser)) { +- ne_set_error(handler->sess, ne_xml_get_error(handler->parser)); ++ ne_set_error(handler->sess, "%s", ne_xml_get_error(handler->parser)); + ret = NE_ERROR; + } + +Index: src/tla/libneon/ne_xml.c +--- src/tla/libneon/ne_xml.c.orig 2003-12-06 20:35:29.000000000 +0100 ++++ src/tla/libneon/ne_xml.c 2004-04-16 18:38:39.000000000 +0200 +@@ -538,7 +538,7 @@ + + void ne_xml_set_error(ne_xml_parser *p, const char *msg) + { +- ne_snprintf(p->error, ERR_SIZE, msg); ++ ne_snprintf(p->error, ERR_SIZE, "%s", msg); + } + + #ifdef HAVE_LIBXML @@ . patch -p0 <<'@@ .' Index: openpkg-src/tla/tla.spec ============================================================================ $ cvs diff -u -r1.13 -r1.14 tla.spec --- openpkg-src/tla/tla.spec 27 Feb 2004 07:40:25 -0000 1.13 +++ openpkg-src/tla/tla.spec 16 Apr 2004 16:40:52 -0000 1.14 @@ -34,10 +34,11 @@ Group: SCM License: GPL Version: 1.2 -Release: 20040227 +Release: 20040416 # list of sources Source0: ftp://ftp.gnu.org/gnu/gnu-arch/tla-%{version}.tar.gz +Patch0: tla.patch # build information Prefix: %{l_prefix} @@ -67,6 +68,7 @@ %prep %setup -q + %patch -p0 %build ( cd src/ @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]