fedora-cvs-commits@redhat.com
[Top] [All Lists]

rpms/cvs/FC-1 cvs-1.11.17-CAN-2005-0753.patch, NONE, 1.1 cvs.spec, 1.21,

Subject: rpms/cvs/FC-1 cvs-1.11.17-CAN-2005-0753.patch, NONE, 1.1 cvs.spec, 1.21, 1.22
From:
Date: Mon, 18 Apr 2005 08:44:12 -0400
Update of /cvs/dist/rpms/cvs/FC-1
In directory cvs.devel.redhat.com:/tmp/cvs-serv5571

Modified Files:
        cvs.spec 
Added Files:
        cvs-1.11.17-CAN-2005-0753.patch 
Log Message:
fix CAN-2005-0753

cvs-1.11.17-CAN-2005-0753.patch:
 ChangeLog |   11 +++++++++++
 login.c   |    2 +-
 patch.c   |    7 ++++---
 rcs.c     |   11 ++++++-----
 4 files changed, 22 insertions(+), 9 deletions(-)

--- NEW FILE cvs-1.11.17-CAN-2005-0753.patch ---
--- cvs-1.11.17/src/rcs.c.old   2005-04-18 11:13:00.000000000 +0200
+++ cvs-1.11.17/src/rcs.c       2005-04-18 11:48:51.000000000 +0200
@@ -3024,8 +3024,7 @@
     if (retval != NULL)
        return (retval);
 
-    if (!force_tag_match ||
-       (vers != NULL && RCS_datecmp (vers->date, date) <= 0))
+    if (vers != NULL && (!force_tag_match || RCS_datecmp (vers->date, date) <= 
0))
        return xstrdup (vers->version);
     else
        return NULL;
@@ -4103,7 +4102,7 @@
     size_t len;
     int free_value = 0;
     char *log = NULL;
-    size_t loglen;
+    size_t loglen = 0;
     Node *vp = NULL;
 #ifdef PRESERVE_PERMISSIONS_SUPPORT
     uid_t rcs_owner = (uid_t) -1;
@@ -7421,7 +7420,7 @@
 
                for (ln = 0; ln < headlines.nlines; ++ln)
                {
-                   char buf[80];
+                   char *buf = NULL;
                    /* Period which separates year from month in date.  */
                    char *ym;
                    /* Period which separates month from day in date.  */
@@ -7431,11 +7430,13 @@
                    prvers = headlines.vector[ln]->vers;
                    if (prvers == NULL)
                        prvers = vers;
-
+                    buf = xmalloc (strlen (prvers->version) + 24);
                    sprintf (buf, "%-12s (%-8.8s ",
                             prvers->version,
                             prvers->author);
                    cvs_output (buf, 0);
+                    free (buf);
+                    buf = NULL;
 
                    /* Now output the date.  */
                    ym = strchr (prvers->date, '.');
--- cvs-1.11.17/src/login.c.old 2005-04-18 11:13:00.000000000 +0200
+++ cvs-1.11.17/src/login.c     2005-04-18 11:32:55.000000000 +0200
@@ -114,7 +114,7 @@
 
        if (isspace(*(linebuf + 1)))
            /* special case since strtoul ignores leading white space */
-           entry_version = 0;
+            q = linebuf + 1;
        else
            entry_version = strtoul (linebuf + 1, &q, 10);
 
--- cvs-1.11.17/src/ChangeLog.old       2004-06-09 16:34:54.000000000 +0200
+++ cvs-1.11.17/src/ChangeLog   2005-04-18 11:50:22.000000000 +0200
@@ -0,0 +1,11 @@
+2005-03-17  Derek Price  <derek@xxxxxxxxxxx>
+
+       * login.c (password_entry_parseline): Avoid using uninitialized
+       variable.
+       * rcs.c (RCS_deltas): Avoid buffer overflow.
+       (RCS_checkout): Avoid using uninitialized loglen.
+       * patch.c (patch_fileproc): Free original pointer, not one that may
+       have been incremented.
+       (Thanks to report from Alen Zukich <alen.zukich@xxxxxxxxxxxx>.)
+
+
--- cvs-1.11.17/src/patch.c.old 2005-04-18 11:13:00.000000000 +0200
+++ cvs-1.11.17/src/patch.c     2005-04-18 11:25:52.000000000 +0200
@@ -385,6 +385,7 @@
     struct utimbuf t;
     char *vers_tag, *vers_head;
     char *rcs = NULL;
+    char *rcs_orig = NULL;
     RCSNode *rcsfile;
     FILE *fp1, *fp2, *fp3;
     int ret = 0;
@@ -415,7 +416,7 @@
     if ((rcsfile->flags & VALID) && (rcsfile->flags & INATTIC))
        isattic = 1;
 
-    rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
+    rcs_orig = rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
     (void) sprintf (rcs, "%s%s", finfo->file, RCSEXT);
 
     /* if vers_head is NULL, may have been removed from the release */
@@ -757,8 +758,8 @@
        free (vers_tag);
     if (vers_head != NULL)
        free (vers_head);
-    if (rcs != NULL)
-       free (rcs);
+    if (rcs_orig != NULL)
+       free (rcs_orig);
     return ret;
 }
 


Index: cvs.spec
===================================================================
RCS file: /cvs/dist/rpms/cvs/FC-1/cvs.spec,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- cvs.spec    9 Sep 2004 04:10:25 -0000       1.21
+++ cvs.spec    18 Apr 2005 12:44:10 -0000      1.22
@@ -1,7 +1,7 @@
 Summary: A version control system.
 Name: cvs
 Version: 1.11.17
-Release: 1
+Release: 2.FC1
 License: GPL
 Group: Development/Tools
 Source0: https://ccvs.cvshome.org/files/documents/19/192/cvs-%{version}.tar.bz2
@@ -13,6 +13,7 @@
 Patch3: cvs-1.11.2-abortabort.patch
 Patch4: cvs-1.11.1p1-bs.patch
 Patch5: cvs-1.11.17-extzlib2.patch
+Patch6: cvs-1.11.17-CAN-2005-0753.patch
 Prereq: /sbin/install-info
 Prefix: %{_prefix}
 Buildroot: %{_tmppath}/%{name}-root
@@ -44,6 +45,7 @@
 # Apply a patch to the generated files, OR
 # run autoreconf and require autoconf >= 2.58, automake >= 1.7.9
 %patch5 -p1 -b .extzlib2
+%patch6 -p1 -b .sec
 
 %build
 %{!?nokerberos:k5prefix=`krb5-config --prefix`}
@@ -90,6 +92,9 @@
 %{_datadir}/%{name}
 
 %changelog
+* Mon Apr 18 2005 Martin Stransky <stransky@xxxxxxxxxx> 1.11.17-2.FC1
+- add security fix CAN-2005-0753 (Derek Price)
+
 * Thu Jun 10 2004 Nalin Dahyabhai <nalin@xxxxxxxxxx> 1.11.17-1
 - update to 1.11.17, which includes those last few fixes
 

--
fedora-cvs-commits mailing list
fedora-cvs-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-cvs-commits

<Prev in Thread] Current Thread [Next in Thread>
  • rpms/cvs/FC-1 cvs-1.11.17-CAN-2005-0753.patch, NONE, 1.1 cvs.spec, 1.21, 1.22, fedora-cvs-commits <=