rpms/gv/devel gv-3.6.2-CVE-2006-5864.patch, NONE, 1.1 gv.spec, 1.9, 1.10

Orion Poplawski (orion) fedora-extras-commits at redhat.com
Tue Dec 5 19:32:34 UTC 2006 

Author: orion

Update of /cvs/extras/rpms/gv/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13509/devel

Modified Files:
	gv.spec 
Added Files:
	gv-3.6.2-CVE-2006-5864.patch 
Log Message:
Apply patch from Mandriva to fix CVE-2006-5864/bug 215136


gv-3.6.2-CVE-2006-5864.patch:

--- NEW FILE gv-3.6.2-CVE-2006-5864.patch ---
--- gv-3.6.1/src/ps.c.cve-2006-5864	2004-12-07 16:55:59.000000000 -0700
+++ gv-3.6.1/src/ps.c	2006-11-16 05:53:28.000000000 -0700
@@ -1433,6 +1433,8 @@ gettext(line, next_char)
 	quoted=1;
 	line++;
 	while (*line && !(*line == ')' && level == 0 )) {
+	    if (cp - text >= PSLINELENGTH - 1)
+		break;
 	    if (*line == '\\') {
 		if (*(line+1) == 'n') {
 		    *cp++ = '\n';
@@ -1487,9 +1489,12 @@ gettext(line, next_char)
 	    }
 	}
     } else {
-	while (*line && !(*line == ' ' || *line == '\t' || *line == '\n'))
+	while (*line && !(*line == ' ' || *line == '\t' || *line == '\n')) {
+	    if (cp - text >= PSLINELENGTH - 2)
+		break;
 	    *cp++ = *line++;
+	}
     }
     *cp = '\0';
     if (next_char) *next_char = line;
     if (!quoted && strlen(text) == 0) {ENDMESSAGE(gettext) return NULL;}


Index: gv.spec
===================================================================
RCS file: /cvs/extras/rpms/gv/devel/gv.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- gv.spec	11 Oct 2006 16:00:39 -0000	1.9
+++ gv.spec	5 Dec 2006 19:32:04 -0000	1.10
@@ -1,7 +1,7 @@
 Summary: A X front-end for the Ghostscript PostScript(TM) interpreter
 Name: gv
 Version: 3.6.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPL
 Group: Applications/Publishing
 Requires: ghostscript
@@ -9,6 +9,7 @@
 Source0: ftp://ftp.gnu.org/gnu/gv/gv-%{version}.tar.gz
 Patch0: gv-3.5.8-buffer.patch
 Patch1: gv-3.6.1-pkglibdir.patch
+Patch2: gv-3.6.2-CVE-2006-5864.patch
 BuildRequires: /usr/bin/makeinfo
 BuildRequires: Xaw3d-devel, /usr/bin/desktop-file-install
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -28,6 +29,7 @@
 %setup -q
 %patch0 -p1 -b .buffer
 %patch1 -p1 -b .pkglibdir
+%patch2 -p1 -b .CVE-2006-5864
 
 
 %build
@@ -101,6 +103,9 @@
 %{_mandir}/man1/gv.*
 
 %changelog
+* Tue Dec  5 2006 Orion Poplawski <orion at cora.nwra.com> 3.6.2-2
+- Apply patch from Mandriva to fix CVE-2006-5864/bug 215136
+
 * Wed Oct 11 2006 Orion Poplawski <orion at cora.nwra.com> 3.6.2-1
 - Update to 3.6.2

More information about the fedora-extras-commits mailing list