rpms/cfengine/F-8 cfengine-2.2.3-var_expansion_overflow.patch, NONE, 1.1 cfengine.spec, 1.30, 1.31
Jeff Sheltren (sheltren)
fedora-extras-commits at redhat.com
Mon Feb 25 15:21:13 UTC 2008
- Previous message (by thread): rpms/jd/devel .cvsignore, 1.207, 1.208 jd.spec, 1.241, 1.242 sources, 1.208, 1.209
- Next message (by thread): rpms/ipsec-tools/devel ipsec-tools-0.7-newcookie-alen.patch, NONE, 1.1 ipsec-tools.spec, 1.51, 1.52
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: sheltren
Update of /cvs/extras/rpms/cfengine/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30764
Modified Files:
cfengine.spec
Added Files:
cfengine-2.2.3-var_expansion_overflow.patch
Log Message:
Patch for buffer overflow during variable expansion
cfengine-2.2.3-var_expansion_overflow.patch:
--- NEW FILE cfengine-2.2.3-var_expansion_overflow.patch ---
--- cfengine-2.2.3/src/2Dlist.c.overflow 2008-02-23 08:13:29.000000000 -0800
+++ cfengine-2.2.3/src/2Dlist.c 2008-02-23 08:17:04.000000000 -0800
@@ -69,7 +69,7 @@
/* return a path string in static data, like getent in NIS */
-{ static char entry[CF_BUFSIZE];
+{ static char entry[CF_EXPANDSIZE];
struct TwoDimList *tp;
char seps[2];
@@ -86,7 +86,14 @@
{
if (tp->current != NULL)
{
- strcat(entry,(tp->current)->name);
+ if (strlen(entry)+strlen((tp->current)->name) < CF_EXPANDSIZE - CF_BUFFERMARGIN)
+ {
+ strcat(entry,(tp->current)->name);
+ }
+ else
+ {
+ FatalError("Buffer overflow during variable expansion");
+ }
}
}
Index: cfengine.spec
===================================================================
RCS file: /cvs/extras/rpms/cfengine/F-8/cfengine.spec,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- cfengine.spec 2 Dec 2007 16:46:29 -0000 1.30
+++ cfengine.spec 25 Feb 2008 15:20:36 -0000 1.31
@@ -1,7 +1,7 @@
Summary: A systems administration tool for networks
Name: cfengine
Version: 2.2.3
-Release: 2%{?dist}
+Release: 5%{?dist}
License: GPLv2+
Group: Applications/System
Source0: ftp://ftp.iu.hio.no/pub/cfengine/cfengine-2.2.3.tar.gz
@@ -9,6 +9,7 @@
Source2: cfservd
Source3: cfenvd
URL: http://www.cfengine.org/
+Patch0: cfengine-2.2.3-var_expansion_overflow.patch
BuildRequires: db4-devel,openssl-devel,texinfo,tetex,tetex-dvips,bison,flex,m4,libacl-devel
BuildRequires: libselinux-devel
Requires(post): /sbin/chkconfig, /sbin/install-info
@@ -28,6 +29,7 @@
%prep
%setup -q
+%patch0 -p1 -b .overflow
%build
@@ -128,6 +130,15 @@
%changelog
+* Sat Feb 23 2008 Jeff Sheltren <jeff at osuosl.org> 2.2.3-5
+- Patch for buffer overflow during variable expantion (SVN r526)
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 2.2.3-4
+- Autorebuild for GCC 4.3
+
+* Wed Dec 5 2007 Jeff Sheltren <jeff at osuosl.org> 2.2.3-3
+- Rebuild in devel for new openssl
+
* Sun Dec 2 2007 Jeff Sheltren <jeff at osuosl.org> 2.2.3-2
- fix libdir regex in files section, don't include debug files (#407881)
- Previous message (by thread): rpms/jd/devel .cvsignore, 1.207, 1.208 jd.spec, 1.241, 1.242 sources, 1.208, 1.209
- Next message (by thread): rpms/ipsec-tools/devel ipsec-tools-0.7-newcookie-alen.patch, NONE, 1.1 ipsec-tools.spec, 1.51, 1.52
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list