rpms/newt/F-11 newt-0.52.10-reflowbuffer.patch, NONE, 1.1 newt.spec, 1.59, 1.60
Miroslav Lichvar
mlichvar at fedoraproject.org
Thu Sep 24 14:20:07 UTC 2009
Author: mlichvar
Update of /cvs/pkgs/rpms/newt/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20017
Modified Files:
newt.spec
Added Files:
newt-0.52.10-reflowbuffer.patch
Log Message:
- fix buffer overflow in textbox when reflowing (#523955, CVE-2009-2905)
newt-0.52.10-reflowbuffer.patch:
textbox.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE newt-0.52.10-reflowbuffer.patch ---
diff -up newt-0.52.10/textbox.c.orig newt-0.52.10/textbox.c
--- newt-0.52.10/textbox.c.orig 2008-07-30 14:42:55.000000000 +0200
+++ newt-0.52.10/textbox.c 2009-09-21 14:59:24.000000000 +0200
@@ -179,7 +179,7 @@ static void doReflow(const char * text,
if (resultPtr) {
/* XXX I think this will work */
- result = malloc(strlen(text) + (strlen(text) / width) + 2);
+ result = malloc(strlen(text) + (strlen(text) / (width - 1)) + 2);
*result = '\0';
}
Index: newt.spec
===================================================================
RCS file: /cvs/pkgs/rpms/newt/F-11/newt.spec,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -p -r1.59 -r1.60
--- newt.spec 26 Feb 2009 05:28:32 -0000 1.59
+++ newt.spec 24 Sep 2009 14:20:07 -0000 1.60
@@ -2,7 +2,7 @@
Summary: A library for text mode user interfaces
Name: newt
Version: 0.52.10
-Release: 3%{?dist}
+Release: 4%{?dist}
License: LGPLv2
Group: System Environment/Libraries
URL: https://fedorahosted.org/newt/
@@ -10,6 +10,7 @@ Source: https://fedorahosted.org/release
BuildRequires: popt-devel python-devel slang-devel
Provides: snack = %{version}-%{release}
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Patch1: newt-0.52.10-reflowbuffer.patch
%package devel
Summary: Newt windowing toolkit development files
@@ -56,6 +57,7 @@ providing a python API for creating text
%prep
%setup -q
+%patch1 -p1 -b .reflowbuffer
%build
# gpm support seems to smash the stack w/ we use help in anaconda??
@@ -101,6 +103,9 @@ rm -rf $RPM_BUILD_ROOT
%{python_sitearch}/*.py*
%changelog
+* Thu Sep 24 2009 Miroslav Lichvar <mlichvar at redhat.com> - 0.52.10-4
+- fix buffer overflow in textbox when reflowing (#523955, CVE-2009-2905)
+
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.52.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
More information about the fedora-extras-commits
mailing list