rpms/enscript/devel enscript-CVE-2008-3863+CVE-2008-4306.patch, NONE, 1.1 enscript.spec, 1.39, 1.40
Adam Tkac
atkac at fedoraproject.org
Mon Nov 3 13:40:57 UTC 2008
- Previous message (by thread): rpms/perl-Net-SSH-Perl/devel 14964AC8.asc, NONE, 1.1 perl-Net-SSH-Perl.spec, 1.8, 1.9
- Next message (by thread): rpms/cfdg-fe/devel cfdg-fe-pixmap-path.patch, NONE, 1.1 cfdg-fe.desktop, NONE, 1.1 cfdg-fe.spec, NONE, 1.1 cfdg-fe.tgz_, NONE, 1.1 import.log, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: atkac
Update of /cvs/pkgs/rpms/enscript/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19343
Modified Files:
enscript.spec
Added Files:
enscript-CVE-2008-3863+CVE-2008-4306.patch
Log Message:
- fixed various buffer overflows (CVE-2008-3863, CVE-2008-4306)
enscript-CVE-2008-3863+CVE-2008-4306.patch:
--- NEW FILE enscript-CVE-2008-3863+CVE-2008-4306.patch ---
--- src/psgen.c
+++ src/psgen.c 2008-10-29 10:43:08.512598143 +0100
@@ -24,6 +24,7 @@
* Boston, MA 02111-1307, USA.
*/
+#include <limits.h>
#include "gsint.h"
/*
@@ -124,7 +125,7 @@ struct gs_token_st
double xscale;
double yscale;
int llx, lly, urx, ury; /* Bounding box. */
- char filename[512];
+ char filename[PATH_MAX];
char *skipbuf;
unsigned int skipbuf_len;
unsigned int skipbuf_pos;
@@ -135,11 +136,11 @@ struct gs_token_st
Color bgcolor;
struct
{
- char name[512];
+ char name[PATH_MAX];
FontPoint size;
InputEncoding encoding;
} font;
- char filename[512];
+ char filename[PATH_MAX];
} u;
};
@@ -248,7 +249,7 @@ static int do_print = 1;
static int user_fontp = 0;
/* The user ^@font{}-defined font. */
-static char user_font_name[256];
+static char user_font_name[PATH_MAX];
static FontPoint user_font_pt;
static InputEncoding user_font_encoding;
@@ -978,7 +979,8 @@ large for page\n"),
FATAL ((stderr,
_("user font encoding can be only the system's default or `ps'")));
- strcpy (user_font_name, token.u.font.name);
+ memset (user_font_name, 0, sizeof(user_font_name));
+ strncpy (user_font_name, token.u.font.name, sizeof(user_font_name) - 1);
user_font_pt.w = token.u.font.size.w;
user_font_pt.h = token.u.font.size.h;
user_font_encoding = token.u.font.encoding;
@@ -1444,7 +1446,7 @@ read_special_escape (InputStream *is, To
buf[i] = ch;
if (i + 1 >= sizeof (buf))
FATAL ((stderr, _("too long argument for %s escape:\n%.*s"),
- escapes[i].name, i, buf));
+ escapes[e].name, i, buf));
}
buf[i] = '\0';
@@ -1452,7 +1454,8 @@ read_special_escape (InputStream *is, To
switch (escapes[e].escape)
{
case ESC_FONT:
- strcpy (token->u.font.name, buf);
+ memset (token->u.font.name, 0, sizeof(token->u.font.name));
+ strncpy (token->u.font.name, buf, sizeof(token->u.font.name) - 1);
/* Check for the default font. */
if (strcmp (token->u.font.name, "default") == 0)
@@ -1465,7 +1468,8 @@ read_special_escape (InputStream *is, To
FATAL ((stderr, _("malformed font spec for ^@font escape: %s"),
token->u.font.name));
- strcpy (token->u.font.name, cp);
+ memset (token->u.font.name, 0, sizeof(token->u.font.name));
+ strncpy (token->u.font.name, cp, sizeof(token->u.font.name) - 1);
xfree (cp);
}
token->type = tFONT;
@@ -1544,7 +1548,8 @@ read_special_escape (InputStream *is, To
break;
case ESC_SETFILENAME:
- strcpy (token->u.filename, buf);
+ memset (token->u.filename, 0, sizeof(token->u.font.name));
+ strncpy (token->u.filename, buf, sizeof(token->u.filename) - 1);
token->type = tSETFILENAME;
break;
Index: enscript.spec
===================================================================
RCS file: /cvs/pkgs/rpms/enscript/devel/enscript.spec,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- enscript.spec 8 Aug 2008 11:31:07 -0000 1.39
+++ enscript.spec 3 Nov 2008 13:40:26 -0000 1.40
@@ -1,7 +1,7 @@
Summary: A plain ASCII to PostScript converter.
Name: enscript
Version: 1.6.4
-Release: 10%{?dist}
+Release: 11%{?dist}
License: GPLv2
Group: Applications/Publishing
Source0: http://www.iki.fi/mtr/genscript/enscript-%{version}.tar.gz
@@ -18,6 +18,7 @@
Patch8: enscript-wrap_header.patch
Patch9: enscript-1.6.4-rh457719.patch
Patch10:enscript-1.6.4-rh457720.patch
+Patch11:enscript-CVE-2008-3863+CVE-2008-4306.patch
URL: http://www.codento.com/people/mtr/genscript/
Prereq: /sbin/install-info
BuildRoot: %{_tmppath}/%{name}-%{version}-root
@@ -41,6 +42,7 @@
%patch8 -p1 -b .wrap_header
%patch9 -p1 -b .rh457719
%patch10 -p1 -b .rh457720
+%patch11 -p0 -b .CVE-2008-3863+CVE-2008-4306
%{__tar} -C states/hl -zxf %{SOURCE1} ruby.st
install -pm 644 %{SOURCE2} states/hl/php.st
@@ -94,6 +96,9 @@
%changelog
+* Mon Nov 03 2008 Adam Tkac <atkac redhat com> 1.6.4-11
+- fixed various buffer overflows (CVE-2008-3863, CVE-2008-4306)
+
* Fri Aug 08 2008 Adam Tkac <atkac redhat com> 1.6.4-10
- updated patches due rpm 4.6
- enscript -w is handled well (#457719)
- Previous message (by thread): rpms/perl-Net-SSH-Perl/devel 14964AC8.asc, NONE, 1.1 perl-Net-SSH-Perl.spec, 1.8, 1.9
- Next message (by thread): rpms/cfdg-fe/devel cfdg-fe-pixmap-path.patch, NONE, 1.1 cfdg-fe.desktop, NONE, 1.1 cfdg-fe.spec, NONE, 1.1 cfdg-fe.tgz_, NONE, 1.1 import.log, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list