From f762ac49449efe7aad761df0680e9845d7afa3a6 Mon Sep 17 00:00:00 2001 From: Michel Alexandre Salim Date: Mar 18 2011 15:27:32 +0000 Subject: Merge branch 'master' into el5 --- diff --git a/cvsps-2.2b1-bufferoverflow.patch b/cvsps-2.2b1-bufferoverflow.patch new file mode 100644 index 0000000..2a82cd4 --- /dev/null +++ b/cvsps-2.2b1-bufferoverflow.patch @@ -0,0 +1,65 @@ +--- cvsps-2.2b1/cvsps.c 2010-09-07 18:13:42.760727491 +0200 ++++ cvsps-2.2b1_/cvsps.c 2010-09-07 18:05:11.083729441 +0200 +@@ -1065,17 +1065,16 @@ static CvsFile * parse_file(const char * + { + CvsFile * retval; + char fn[PATH_MAX]; +- int len = strlen(buff + 10); ++ size_t len = strlen(buff + 10); + char * p; + + /* once a single file has been parsed ok we set this */ + static int path_ok; +- ++ + /* chop the ",v" string and the "LF" */ + len -= 3; + memcpy(fn, buff + 10, len); + fn[len] = 0; +- + if (strncmp(fn, strip_path, strip_path_len) != 0) + { + /* if the very first file fails the strip path, +@@ -1096,10 +1095,10 @@ static CvsFile * parse_file(const char * + + while ((p = strstr(p, repository_path))) + lastp = p++; +- ++ + if (lastp) + { +- int len = strlen(repository_path); ++ size_t len = strlen(repository_path); + memcpy(strip_path, fn, lastp - fn + len + 1); + strip_path_len = lastp - fn + len + 1; + strip_path[strip_path_len] = 0; +@@ -1114,16 +1113,26 @@ static CvsFile * parse_file(const char * + * + * For now just ignore such files + */ +- debug(DEBUG_APPMSG1, "WARNING: file %s doesn't match strip_path %s. ignoring", ++ debug(DEBUG_APPMSG1, "WARNING: file %s doesn't match strip_path %s. ignoring", + fn, strip_path); + return NULL; + } + + ok: +- path_ok = 1; +- ++ /* ++ fix for rhbz#576076 ++ ./cvsps --norc -q --cvs-direct -u -A --root :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot NSS ++ */ ++ if(len <= strip_path_len) ++ { ++ debug(DEBUG_APPMSG1, "WARNING: file %s doesn't match strip_path %s. ignoring", ++ fn, strip_path); ++ return NULL; ++ } + /* remove from beginning the 'strip_path' string */ + len -= strip_path_len; ++ path_ok = 1; ++ + memmove(fn, fn + strip_path_len, len); + fn[len] = 0; + diff --git a/cvsps.spec b/cvsps.spec index b5fb3f7..092ea3a 100644 --- a/cvsps.spec +++ b/cvsps.spec @@ -2,7 +2,7 @@ Name: cvsps Version: 2.2 -Release: 0.6.%{prever}%{?dist} +Release: 0.8.%{prever}%{?dist} Summary: Patchset tool for CVS Group: Development/Tools @@ -12,13 +12,14 @@ Source0: http://www.cobite.com/cvsps/%{name}-%{version}%{prever}.tar.gz # https://bugzilla.redhat.com/516083 Patch0: %{name}-2.2b1-dynamic-logbuf.patch Patch1: %{name}-2.2b1-man.patch +Patch2: %{name}-2.2b1-bufferoverflow.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: zlib-devel # Strictly speaking, requires cvs only with --no-cvs-direct (which is # the default as of 2.2b1), but this shouldn't be a problem on systems # where cvsps will be installed. -Requires(hint): cvs +Requires: cvs %description CVSps is a program for generating 'patchset' information from a CVS @@ -34,6 +35,7 @@ changes were committed 'atomically' to the repository. %setup -q -n %{name}-%{version}%{prever} %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build @@ -57,6 +59,13 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon Feb 14 2011 Honza Horak - 2.2-0.8.b1 +- Patch to fix buffer overflow. +- https://bugzilla.redhat.com/show_bug.cgi?id=576076 + +* Tue Feb 08 2011 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + * Tue May 18 2010 Ville Skyttä - 2.2-0.6.b1 - Patch to fix man page formatting errors.