rpms/gv/devel gv-3.6.2-CVE-2006-5864.patch, NONE, 1.1 gv.spec, 1.9, 1.10
Orion Poplawski (orion)
fedora-extras-commits at redhat.com
Tue Dec 5 19:32:34 UTC 2006
Author: orion
Update of /cvs/extras/rpms/gv/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13509/devel
Modified Files:
gv.spec
Added Files:
gv-3.6.2-CVE-2006-5864.patch
Log Message:
Apply patch from Mandriva to fix CVE-2006-5864/bug 215136
gv-3.6.2-CVE-2006-5864.patch:
--- NEW FILE gv-3.6.2-CVE-2006-5864.patch ---
--- gv-3.6.1/src/ps.c.cve-2006-5864 2004-12-07 16:55:59.000000000 -0700
+++ gv-3.6.1/src/ps.c 2006-11-16 05:53:28.000000000 -0700
@@ -1433,6 +1433,8 @@ gettext(line, next_char)
quoted=1;
line++;
while (*line && !(*line == ')' && level == 0 )) {
+ if (cp - text >= PSLINELENGTH - 1)
+ break;
if (*line == '\\') {
if (*(line+1) == 'n') {
*cp++ = '\n';
@@ -1487,9 +1489,12 @@ gettext(line, next_char)
}
}
} else {
- while (*line && !(*line == ' ' || *line == '\t' || *line == '\n'))
+ while (*line && !(*line == ' ' || *line == '\t' || *line == '\n')) {
+ if (cp - text >= PSLINELENGTH - 2)
+ break;
*cp++ = *line++;
+ }
}
*cp = '\0';
if (next_char) *next_char = line;
if (!quoted && strlen(text) == 0) {ENDMESSAGE(gettext) return NULL;}
Index: gv.spec
===================================================================
RCS file: /cvs/extras/rpms/gv/devel/gv.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- gv.spec 11 Oct 2006 16:00:39 -0000 1.9
+++ gv.spec 5 Dec 2006 19:32:04 -0000 1.10
@@ -1,7 +1,7 @@
Summary: A X front-end for the Ghostscript PostScript(TM) interpreter
Name: gv
Version: 3.6.2
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPL
Group: Applications/Publishing
Requires: ghostscript
@@ -9,6 +9,7 @@
Source0: ftp://ftp.gnu.org/gnu/gv/gv-%{version}.tar.gz
Patch0: gv-3.5.8-buffer.patch
Patch1: gv-3.6.1-pkglibdir.patch
+Patch2: gv-3.6.2-CVE-2006-5864.patch
BuildRequires: /usr/bin/makeinfo
BuildRequires: Xaw3d-devel, /usr/bin/desktop-file-install
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -28,6 +29,7 @@
%setup -q
%patch0 -p1 -b .buffer
%patch1 -p1 -b .pkglibdir
+%patch2 -p1 -b .CVE-2006-5864
%build
@@ -101,6 +103,9 @@
%{_mandir}/man1/gv.*
%changelog
+* Tue Dec 5 2006 Orion Poplawski <orion at cora.nwra.com> 3.6.2-2
+- Apply patch from Mandriva to fix CVE-2006-5864/bug 215136
+
* Wed Oct 11 2006 Orion Poplawski <orion at cora.nwra.com> 3.6.2-1
- Update to 3.6.2
More information about the fedora-extras-commits
mailing list