rpms/cvs/FC-2 cvs-1.11.17-CAN-2005-0753.patch, NONE, 1.1 cvs.spec, 1.23, 1.24

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Mon Apr 18 12:41:09 UTC 2005


Update of /cvs/dist/rpms/cvs/FC-2
In directory cvs.devel.redhat.com:/tmp/cvs-serv5446

Modified Files:
	cvs.spec 
Added Files:
	cvs-1.11.17-CAN-2005-0753.patch 
Log Message:
fix CAN-2005-0753

cvs-1.11.17-CAN-2005-0753.patch:
 ChangeLog |   11 +++++++++++
 login.c   |    2 +-
 patch.c   |    7 ++++---
 rcs.c     |   11 ++++++-----
 4 files changed, 22 insertions(+), 9 deletions(-)

--- NEW FILE cvs-1.11.17-CAN-2005-0753.patch ---
--- cvs-1.11.17/src/rcs.c.old	2005-04-18 11:13:00.000000000 +0200
+++ cvs-1.11.17/src/rcs.c	2005-04-18 11:48:51.000000000 +0200
@@ -3024,8 +3024,7 @@
     if (retval != NULL)
 	return (retval);
 
-    if (!force_tag_match ||
-	(vers != NULL && RCS_datecmp (vers->date, date) <= 0))
+    if (vers != NULL && (!force_tag_match || RCS_datecmp (vers->date, date) <= 0))
 	return xstrdup (vers->version);
     else
 	return NULL;
@@ -4103,7 +4102,7 @@
     size_t len;
     int free_value = 0;
     char *log = NULL;
-    size_t loglen;
+    size_t loglen = 0;
     Node *vp = NULL;
 #ifdef PRESERVE_PERMISSIONS_SUPPORT
     uid_t rcs_owner = (uid_t) -1;
@@ -7421,7 +7420,7 @@
 
 		for (ln = 0; ln < headlines.nlines; ++ln)
 		{
-		    char buf[80];
+		    char *buf = NULL;
 		    /* Period which separates year from month in date.  */
 		    char *ym;
 		    /* Period which separates month from day in date.  */
@@ -7431,11 +7430,13 @@
 		    prvers = headlines.vector[ln]->vers;
 		    if (prvers == NULL)
 			prvers = vers;
-
+                    buf = xmalloc (strlen (prvers->version) + 24);
 		    sprintf (buf, "%-12s (%-8.8s ",
 			     prvers->version,
 			     prvers->author);
 		    cvs_output (buf, 0);
+                    free (buf);
+                    buf = NULL;
 
 		    /* Now output the date.  */
 		    ym = strchr (prvers->date, '.');
--- cvs-1.11.17/src/login.c.old	2005-04-18 11:13:00.000000000 +0200
+++ cvs-1.11.17/src/login.c	2005-04-18 11:32:55.000000000 +0200
@@ -114,7 +114,7 @@
 
 	if (isspace(*(linebuf + 1)))
 	    /* special case since strtoul ignores leading white space */
-	    entry_version = 0;
+            q = linebuf + 1;
 	else
 	    entry_version = strtoul (linebuf + 1, &q, 10);
 
--- cvs-1.11.17/src/ChangeLog.old	2004-06-09 16:34:54.000000000 +0200
+++ cvs-1.11.17/src/ChangeLog	2005-04-18 11:50:22.000000000 +0200
@@ -0,0 +1,11 @@
+2005-03-17  Derek Price  <derek at ximbiot.com>
+
+	* login.c (password_entry_parseline): Avoid using uninitialized
+	variable.
+	* rcs.c (RCS_deltas): Avoid buffer overflow.
+	(RCS_checkout): Avoid using uninitialized loglen.
+	* patch.c (patch_fileproc): Free original pointer, not one that may
+	have been incremented.
+	(Thanks to report from Alen Zukich <alen.zukich at klocwork.com>.)
+
+
--- cvs-1.11.17/src/patch.c.old	2005-04-18 11:13:00.000000000 +0200
+++ cvs-1.11.17/src/patch.c	2005-04-18 11:25:52.000000000 +0200
@@ -385,6 +385,7 @@
     struct utimbuf t;
     char *vers_tag, *vers_head;
     char *rcs = NULL;
+    char *rcs_orig = NULL;
     RCSNode *rcsfile;
     FILE *fp1, *fp2, *fp3;
     int ret = 0;
@@ -415,7 +416,7 @@
     if ((rcsfile->flags & VALID) && (rcsfile->flags & INATTIC))
 	isattic = 1;
 
-    rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
+    rcs_orig = rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
     (void) sprintf (rcs, "%s%s", finfo->file, RCSEXT);
 
     /* if vers_head is NULL, may have been removed from the release */
@@ -757,8 +758,8 @@
 	free (vers_tag);
     if (vers_head != NULL)
 	free (vers_head);
-    if (rcs != NULL)
-	free (rcs);
+    if (rcs_orig != NULL)
+	free (rcs_orig);
     return ret;
 }
 


Index: cvs.spec
===================================================================
RCS file: /cvs/dist/rpms/cvs/FC-2/cvs.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- cvs.spec	9 Sep 2004 04:10:32 -0000	1.23
+++ cvs.spec	18 Apr 2005 12:41:07 -0000	1.24
@@ -1,7 +1,7 @@
 Summary: A version control system.
 Name: cvs
 Version: 1.11.17
-Release: 2
+Release: 3
 License: GPL
 Group: Development/Tools
 Source0: https://ccvs.cvshome.org/files/documents/19/192/cvs-%{version}.tar.bz2
@@ -13,6 +13,7 @@
 Patch3: cvs-1.11.2-abortabort.patch
 Patch4: cvs-1.11.1p1-bs.patch
 Patch5: cvs-1.11.17-extzlib2.patch
+Patch6: cvs-1.11.17-CAN-2005-0753.patch 
 Prereq: /sbin/install-info
 Prefix: %{_prefix}
 Buildroot: %{_tmppath}/%{name}-root
@@ -44,6 +45,7 @@
 # Apply a patch to the generated files, OR
 # run autoreconf and require autoconf >= 2.58, automake >= 1.7.9
 %patch5 -p1 -b .extzlib2
+%patch6 -p1 -b .sec
 
 %build
 %{!?nokerberos:k5prefix=`krb5-config --prefix`}
@@ -90,6 +92,9 @@
 %{_datadir}/%{name}
 
 %changelog
+* Mon Apr 18 2005 Martin Stransky <stransky at redhat.com> 1.11.17-3
+- add security fix CAN-2005-0753 (Derek Price)
+
 * Thu Jun 10 2004 Nalin Dahyabhai <nalin at redhat.com> 1.11.17-2
 - rebuild
 




More information about the fedora-cvs-commits mailing list