rpms/tog-pegasus/F-7 pegasus-2.6.1-cve-2008-0003.patch, NONE, 1.1 tog-pegasus.spec, 1.48, 1.49
Vitezslav Crhonek (vcrhonek)
fedora-extras-commits at redhat.com
Thu Jan 10 09:20:45 UTC 2008
- Previous message (by thread): rpms/skencil/devel skencil.spec,1.20,1.21
- Next message (by thread): rpms/vim/F-8 7.1.136, NONE, 1.1 7.1.137, NONE, 1.1 7.1.138, NONE, 1.1 7.1.139, NONE, 1.1 7.1.140, NONE, 1.1 7.1.141, NONE, 1.1 7.1.142, NONE, 1.1 7.1.143, NONE, 1.1 7.1.144, NONE, 1.1 7.1.145, NONE, 1.1 7.1.146, NONE, 1.1 7.1.147, NONE, 1.1 7.1.148, NONE, 1.1 7.1.149, NONE, 1.1 7.1.150, NONE, 1.1 7.1.151, NONE, 1.1 7.1.152, NONE, 1.1 7.1.153, NONE, 1.1 7.1.154, NONE, 1.1 7.1.155, NONE, 1.1 7.1.156, NONE, 1.1 7.1.157, NONE, 1.1 7.1.158, NONE, 1.1 7.1.159, NONE, 1.1 7.1.160, NONE, 1.1 7.1.161, NONE, 1.1 7.1.162, NONE, 1.1 7.1.163, NONE, 1.1 7.1.164, NONE, 1.1 7.1.165, NONE, 1.1 7.1.166, NONE, 1.1 7.1.167, NONE, 1.1 7.1.168, NONE, 1.1 7.1.169, NONE, 1.1 7.1.170, NONE, 1.1 7.1.171, NONE, 1.1 7.1.172, NONE, 1.1 7.1.173, NONE, 1.1 7.1.174, NONE, 1.1 7.1.175, NONE, 1.1 7.1.176, NONE, 1.1 7.1.177, NONE, 1.1 7.1.178, NONE, 1.1 7.1.179, NONE, 1.1 7.1.180, NONE, 1.1 7.1.181, NONE, 1.1 7.1.182, NONE, 1.1 7.1.183, NONE, 1.1 7.1.184, NONE, 1.1 7.1.185, NONE, 1.1 7.1.186, NONE, 1.1 7.1.187, NONE, 1.1 7.1.188, NONE, 1.1 7.1.189, NONE, 1.1 7.1.190, NONE, 1.1 7.1.191, NONE, 1.1 7.1.192, NONE, 1.1 7.1.193, NONE, 1.1 7.1.194, NONE, 1.1 7.1.195, NONE, 1.1 7.1.196, NONE, 1.1 7.1.197, NONE, 1.1 7.1.198, NONE, 1.1 7.1.199, NONE, 1.1 7.1.200, NONE, 1.1 7.1.201, NONE, 1.1 7.1.202, NONE, 1.1 7.1.203, NONE, 1.1 7.1.204, NONE, 1.1 7.1.205, NONE, 1.1 7.1.206, NONE, 1.1 7.1.207, NONE, 1.1 7.1.208, NONE, 1.1 7.1.209, NONE, 1.1 7.1.210, NONE, 1.1 7.1.211, NONE, 1.1 README.patches, 1.87, 1.88 gvim.desktop, 1.4, 1.5 vim.spec, 1.179, 1.180
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: vcrhonek
Update of /cvs/extras/rpms/tog-pegasus/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25997
Modified Files:
tog-pegasus.spec
Added Files:
pegasus-2.6.1-cve-2008-0003.patch
Log Message:
Fix PAM authentication buffer overflow (CVE-2008-0003)
pegasus-2.6.1-cve-2008-0003.patch:
--- NEW FILE pegasus-2.6.1-cve-2008-0003.patch ---
Index: pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp
===================================================================
RCS file: /cvs/MSB/pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp,v
retrieving revision 1.34.4.1
diff -u -r1.34.4.1 PAMBasicAuthenticatorUnix.cpp
--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp 4 Apr 2007 11:04:52 -0000 1.34.4.1
+++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp 31 Dec 2007 18:31:24 -0000
@@ -38,6 +38,8 @@
//
//%/////////////////////////////////////////////////////////////////////////////
+// NOCHKSRC
+
#include <Pegasus/Common/System.h>
#include <Pegasus/Common/Tracer.h>
#include <Pegasus/Config/ConfigManager.h>
@@ -387,7 +389,8 @@
// copy the user password
//
resp[i]->resp = (char *)malloc(PAM_MAX_MSG_SIZE);
- strcpy(resp[i]->resp, mydata->userPassword);
+ strncpy(resp[i]->resp, mydata->userPassword, PAM_MAX_MSG_SIZE);
+ resp[i]->resp[PAM_MAX_MSG_SIZE - 1] = 0;
resp[i]->resp_retcode = 0;
break;
Index: pegasus/src/Pegasus/Security/Cimservera/cimservera.cpp
===================================================================
RCS file: /cvs/MSB/pegasus/src/Pegasus/Security/Cimservera/Attic/cimservera.cpp,v
retrieving revision 1.6
diff -u -r1.6 cimservera.cpp
--- pegasus/src/Pegasus/Security/Cimservera/cimservera.cpp 30 Jan 2006 16:18:29 -0000 1.6
+++ pegasus/src/Pegasus/Security/Cimservera/cimservera.cpp 31 Dec 2007 18:31:24 -0000
@@ -29,14 +29,10 @@
//
//==============================================================================
//
-// Author: Ben Heilbronn, Hewlett-Packard Company(ben_heilbronn at hp.com)
-//
-// Parts of this code originated within PAMBasicAuthenticator.
-//
-// Modified By: Sushma Fernandes, Hewlett-Packard Company(sushma_fernandes at hp.com)
-//
//%/////////////////////////////////////////////////////////////////////////////
+// NOCHKSRC
+
#include <Pegasus/Common/System.h>
#include <Pegasus/Common/String.h>
#include <Pegasus/Common/FileSystem.h>
@@ -185,7 +181,8 @@
// copy the user password
//
resp[i]->resp = (char *)malloc(PAM_MAX_MSG_SIZE);
- strcpy(resp[i]->resp, mydata->userPassword);
+ strncpy(resp[i]->resp, mydata->userPassword, PAM_MAX_MSG_SIZE);
+ resp[i]->resp[PAM_MAX_MSG_SIZE - 1] = 0;
resp[i]->resp_retcode = 0;
break;
Index: tog-pegasus.spec
===================================================================
RCS file: /cvs/extras/rpms/tog-pegasus/F-7/tog-pegasus.spec,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- tog-pegasus.spec 28 Mar 2007 18:01:34 -0000 1.48
+++ tog-pegasus.spec 10 Jan 2008 09:20:08 -0000 1.49
@@ -41,7 +41,7 @@
%endif
Version: 2.6.0
-Release: 2%{?dist}
+Release: 3%{?dist}
Epoch: 2
#
Summary: OpenPegasus WBEM Services for Linux
@@ -77,6 +77,7 @@
Patch11: pegasus-2.5.1-fix_tests.patch
#
Patch39: pegasus-2.6.0-cimuser.patch
+Patch40: pegasus-2.6.1-cve-2008-0003.patch
#
Conflicts: openwbem
Provides: tog-pegasus-cimserver
@@ -138,6 +139,7 @@
%patch8 -p1 -b .pam-wbem
%patch11 -p1 -b .fix-tests
%patch39 -p1 -b .cimuser
+%patch40 -p1 -b .cve-2008-0003
find . -name 'CVS' -exec /bin/rm -rf '{}' ';' >/dev/null 2>&1 ||:;
%build
@@ -422,6 +424,10 @@
%changelog
+* Thu Jan 10 2008 Vitezslav Crhonek <vcrhonek at redhat.com> - 2.6.0-3
+- Fix PAM authentication buffer overflow (CVE-2008-0003)
+ Resolves: #427828
+
* Wed Mar 28 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 2.6.0-2
- Update changelog
- Build with Open Pegasus' Makefiles, istall with RedHats (Mark Hamzy)
- Previous message (by thread): rpms/skencil/devel skencil.spec,1.20,1.21
- Next message (by thread): rpms/vim/F-8 7.1.136, NONE, 1.1 7.1.137, NONE, 1.1 7.1.138, NONE, 1.1 7.1.139, NONE, 1.1 7.1.140, NONE, 1.1 7.1.141, NONE, 1.1 7.1.142, NONE, 1.1 7.1.143, NONE, 1.1 7.1.144, NONE, 1.1 7.1.145, NONE, 1.1 7.1.146, NONE, 1.1 7.1.147, NONE, 1.1 7.1.148, NONE, 1.1 7.1.149, NONE, 1.1 7.1.150, NONE, 1.1 7.1.151, NONE, 1.1 7.1.152, NONE, 1.1 7.1.153, NONE, 1.1 7.1.154, NONE, 1.1 7.1.155, NONE, 1.1 7.1.156, NONE, 1.1 7.1.157, NONE, 1.1 7.1.158, NONE, 1.1 7.1.159, NONE, 1.1 7.1.160, NONE, 1.1 7.1.161, NONE, 1.1 7.1.162, NONE, 1.1 7.1.163, NONE, 1.1 7.1.164, NONE, 1.1 7.1.165, NONE, 1.1 7.1.166, NONE, 1.1 7.1.167, NONE, 1.1 7.1.168, NONE, 1.1 7.1.169, NONE, 1.1 7.1.170, NONE, 1.1 7.1.171, NONE, 1.1 7.1.172, NONE, 1.1 7.1.173, NONE, 1.1 7.1.174, NONE, 1.1 7.1.175, NONE, 1.1 7.1.176, NONE, 1.1 7.1.177, NONE, 1.1 7.1.178, NONE, 1.1 7.1.179, NONE, 1.1 7.1.180, NONE, 1.1 7.1.181, NONE, 1.1 7.1.182, NONE, 1.1 7.1.183, NONE, 1.1 7.1.184, NONE, 1.1 7.1.185, NONE, 1.1 7.1.186, NONE, 1.1 7.1.187, NONE, 1.1 7.1.188, NONE, 1.1 7.1.189, NONE, 1.1 7.1.190, NONE, 1.1 7.1.191, NONE, 1.1 7.1.192, NONE, 1.1 7.1.193, NONE, 1.1 7.1.194, NONE, 1.1 7.1.195, NONE, 1.1 7.1.196, NONE, 1.1 7.1.197, NONE, 1.1 7.1.198, NONE, 1.1 7.1.199, NONE, 1.1 7.1.200, NONE, 1.1 7.1.201, NONE, 1.1 7.1.202, NONE, 1.1 7.1.203, NONE, 1.1 7.1.204, NONE, 1.1 7.1.205, NONE, 1.1 7.1.206, NONE, 1.1 7.1.207, NONE, 1.1 7.1.208, NONE, 1.1 7.1.209, NONE, 1.1 7.1.210, NONE, 1.1 7.1.211, NONE, 1.1 README.patches, 1.87, 1.88 gvim.desktop, 1.4, 1.5 vim.spec, 1.179, 1.180
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list