[CVS] OpenPKG: openpkg-src/tla/ tla.patch tla.spec

Fri, 16 Apr 2004 09:40:46 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   16-Apr-2004 18:40:52
  Branch: HEAD                             Handle: 2004041617405200

  Added files:
    openpkg-src/tla         tla.patch
  Modified files:
    openpkg-src/tla         tla.spec

  Log:
    apply security fix (OpenPKG-SA-2004.016-neon; CAN-2004-0179)

  Summary:
    Revision    Changes     Path
    1.1         +75 -0      openpkg-src/tla/tla.patch
    1.14        +3  -1      openpkg-src/tla/tla.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/tla/tla.patch
  ============================================================================
  $ cvs diff -u -r0 -r1.1 tla.patch
  --- /dev/null 2004-04-16 18:40:52.000000000 +0200
  +++ tla.patch 2004-04-16 18:40:52.000000000 +0200
  @@ -0,0 +1,75 @@
  +Index: src/tla/libneon/ne_207.c
  +--- src/tla/libneon/ne_207.c.orig    2003-12-06 20:35:28.000000000 +0100
  ++++ src/tla/libneon/ne_207.c 2004-04-16 18:38:39.000000000 +0200
  +@@ -320,12 +320,12 @@
  +     if (ne_get_status(req)->code == 207) {
  +         if (!ne_xml_valid(p)) { 
  +             /* The parse was invalid */
  +-            ne_set_error(sess, ne_xml_get_error(p));
  ++            ne_set_error(sess, "%s", ne_xml_get_error(p));
  +             ret = NE_ERROR;
  +         } else if (ctx.is_error) {
  +             /* If we've actually got any error information
  +              * from the 207, then set that as the error */
  +-            ne_set_error(sess, ctx.buf->data);
  ++            ne_set_error(sess, "%s", ctx.buf->data);
  +             ret = NE_ERROR;
  +         }
  +     } else if (ne_get_status(req)->klass != 2) {
  +Index: src/tla/libneon/ne_auth.c
  +--- src/tla/libneon/ne_auth.c.orig   2003-12-06 20:35:28.000000000 +0100
  ++++ src/tla/libneon/ne_auth.c        2004-04-16 18:38:39.000000000 +0200
  +@@ -950,7 +950,7 @@
  +     if (areq->auth_info_hdr != NULL && 
  +     verify_response(areq, sess, areq->auth_info_hdr)) {
  +     NE_DEBUG(NE_DBG_HTTPAUTH, "Response authentication invalid.\n");
  +-    ne_set_error(sess->sess, _(sess->spec->fail_msg));
  ++    ne_set_error(sess->sess, "%s", _(sess->spec->fail_msg));
  +     ret = NE_ERROR;
  +     } else if (status->code == sess->spec->status_code && 
  +            areq->auth_hdr != NULL) {
  +Index: src/tla/libneon/ne_locks.c
  +--- src/tla/libneon/ne_locks.c.orig  2003-12-06 20:35:28.000000000 +0100
  ++++ src/tla/libneon/ne_locks.c       2004-04-16 18:38:39.000000000 +0200
  +@@ -734,7 +734,7 @@
  +     }
  +     else if (parse_failed) {
  +         ret = NE_ERROR;
  +-        ne_set_error(sess, ne_xml_get_error(parser));
  ++        ne_set_error(sess, "%s", ne_xml_get_error(parser));
  +     }
  +     else if (ne_get_status(req)->code == 207) {
  +         ret = NE_ERROR;
  +@@ -802,7 +802,7 @@
  +     if (ret == NE_OK && ne_get_status(req)->klass == 2) {
  +     if (parse_failed) {
  +         ret = NE_ERROR;
  +-        ne_set_error(sess, ne_xml_get_error(parser));
  ++        ne_set_error(sess, "%s", ne_xml_get_error(parser));
  +     }
  +     else if (ne_get_status(req)->code == 207) {
  +         ret = NE_ERROR;
  +Index: src/tla/libneon/ne_props.c
  +--- src/tla/libneon/ne_props.c.orig  2003-12-06 20:35:28.000000000 +0100
  ++++ src/tla/libneon/ne_props.c       2004-04-16 18:38:39.000000000 +0200
  +@@ -142,7 +142,7 @@
  +     if (ret == NE_OK && ne_get_status(req)->klass != 2) {
  +     ret = NE_ERROR;
  +     } else if (!ne_xml_valid(handler->parser)) {
  +-    ne_set_error(handler->sess, ne_xml_get_error(handler->parser));
  ++    ne_set_error(handler->sess, "%s", ne_xml_get_error(handler->parser));
  +     ret = NE_ERROR;
  +     }
  + 
  +Index: src/tla/libneon/ne_xml.c
  +--- src/tla/libneon/ne_xml.c.orig    2003-12-06 20:35:29.000000000 +0100
  ++++ src/tla/libneon/ne_xml.c 2004-04-16 18:38:39.000000000 +0200
  +@@ -538,7 +538,7 @@
  + 
  + void ne_xml_set_error(ne_xml_parser *p, const char *msg)
  + {
  +-    ne_snprintf(p->error, ERR_SIZE, msg);
  ++    ne_snprintf(p->error, ERR_SIZE, "%s", msg);
  + }
  + 
  + #ifdef HAVE_LIBXML
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/tla/tla.spec
  ============================================================================
  $ cvs diff -u -r1.13 -r1.14 tla.spec
  --- openpkg-src/tla/tla.spec  27 Feb 2004 07:40:25 -0000      1.13
  +++ openpkg-src/tla/tla.spec  16 Apr 2004 16:40:52 -0000      1.14
  @@ -34,10 +34,11 @@
   Group:        SCM
   License:      GPL
   Version:      1.2
  -Release:      20040227
  +Release:      20040416
   
   #   list of sources
   Source0:      ftp://ftp.gnu.org/gnu/gnu-arch/tla-%{version}.tar.gz
  +Patch0:       tla.patch
   
   #   build information
   Prefix:       %{l_prefix}
  @@ -67,6 +68,7 @@
   
   %prep
       %setup -q
  +    %patch -p0
   
   %build
       ( cd src/
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to