Hello community, here is the log from the commit of package wwwoffle checked in at Fri Aug 11 15:54:43 CEST 2006. -------- --- wwwoffle/wwwoffle.changes 2006-08-10 22:24:39.000000000 +0200 +++ wwwoffle/wwwoffle.changes 2006-08-11 00:42:10.000000000 +0200 @@ -1,0 +2,5 @@ +Fri Aug 11 00:35:24 CEST 2006 - seife@suse.de + +- fix buffer overflow on "wwwoffle -fetch" + +------------------------------------------------------------------- New: ---- wwwoffle-2.9-fetch-overflow-fix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wwwoffle.spec ++++++ --- /var/tmp/diff_new_pack.aX4FSd/_old 2006-08-11 15:54:28.000000000 +0200 +++ /var/tmp/diff_new_pack.aX4FSd/_new 2006-08-11 15:54:28.000000000 +0200 @@ -18,7 +18,7 @@ Summary: World Wide Web Offline Proxy URL: http://www.gedanken.demon.co.uk/wwwoffle/ Version: 2.9 -Release: 3 +Release: 4 Source0: http://www.gedanken.freeserve.co.uk/download-wwwoffle/%name-%version.tar.bz2 Source1: rc.%name Source3: ip-up.%name @@ -27,6 +27,7 @@ Patch0: %name-2.8d-IndexProtocol.diff Patch1: %name-2.9-overflow.patch Patch2: %name-2.9-ssize_t.patch +Patch3: %name-2.9-fetch-overflow-fix.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %insserv_prereq %fillup_prereq @@ -65,6 +66,7 @@ %patch0 -b _orig %patch1 -p1 %patch2 -p1 +%patch3 -p0 %build export LC_ALL=C @@ -180,6 +182,8 @@ /etc/ppp/ip-down.d/%name %changelog -n wwwoffle +* Fri Aug 11 2006 - seife@suse.de +- fix buffer overflow on "wwwoffle -fetch" * Thu Aug 10 2006 - seife@suse.de - fix ip-up.wwwoffle: /sbin is not in the path * Wed Jul 19 2006 - kssingvo@suse.de ++++++ wwwoffle-2.9-fetch-overflow-fix.patch ++++++ --- src/spool.c +++ src/spool.c @@ -1314,7 +1314,7 @@ if(*ent->d_name=='U' || *ent->d_name=='O') { - char newname[12+CACHE_HASHED_NAME_LEN]; + char newname[11+1+CACHE_HASHED_NAME_LEN+1+1]; /* ../lastout/ +prefix+hash+postfix+terminator */ strcpy(newname,"../lastout/"); strcat(newname,ent->d_name); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun...