Hello community, here is the log from the commit of package man checked in at Tue Apr 17 12:54:21 CEST 2007. -------- --- man/man.changes 2007-03-26 11:38:39.000000000 +0200 +++ /mounts/work_src_done/STABLE/man/man.changes 2007-04-17 10:44:50.421059000 +0200 @@ -1,0 +2,5 @@ +Tue Apr 17 10:44:44 CEST 2007 - werner@suse.de + +- Fix heap buffer overflow (CVE-2006-4250, bug #262747) + +------------------------------------------------------------------- New: ---- man-db-2.4.3-CVE-2006-4250.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ man.spec ++++++ --- /var/tmp/diff_new_pack.o11859/_old 2007-04-17 12:53:34.000000000 +0200 +++ /var/tmp/diff_new_pack.o11859/_new 2007-04-17 12:53:34.000000000 +0200 @@ -13,7 +13,7 @@ Name: man BuildRequires: flex gdbm-devel groff less libbz2-devel libzio-devel zlib-devel Version: 2.4.3 -Release: 46 +Release: 48 Summary: A Program for Displaying man Pages License: GNU General Public License (GPL) Group: System/Base @@ -32,6 +32,7 @@ Patch4: man-db-%{version}-section.dif Patch5: man-db-2.4.1-security2.dif Patch6: man-db-2.4.1-security4.dif +Patch7: man-db-2.4.3-CVE-2006-4250.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -52,6 +53,7 @@ %patch4 -p0 -b .sect %patch5 -p0 -b .secu2 %patch6 -p0 -b .secu4 +%patch7 -p0 -b .064250 %patch -p0 %build @@ -147,6 +149,8 @@ /var/adm/fillup-templates/sysconfig.cron-man %changelog +* Tue Apr 17 2007 - werner@suse.de +- Fix heap buffer overflow (CVE-2006-4250, bug #262747) * Mon Mar 26 2007 - rguenther@suse.de - Add libbz2-devel and libzio-devel BuildRequires * Wed Mar 21 2007 - rguenther@suse.de ++++++ man-db-2.4.3-CVE-2006-4250.dif ++++++ --- src/man.c +++ src/man.c 2007-04-16 17:24:18.424390534 +0200 @@ -1795,32 +1795,35 @@ static pipeline *make_browser (const cha { pipeline *p; char *browser; - int command_len = strlen (command) * 2 + strlen (file) + 1; int found_percent_s = 0; char *percent; char *esc_file; - browser = xmalloc (command_len + 1); + browser = xmalloc (1); *browser = '\0'; percent = strchr (command, '%'); while (percent) { + size_t len = strlen (browser); + browser = xrealloc (browser, len + 1 + (percent - command)); strncat (browser, command, percent - command); switch (*(percent + 1)) { case '\0': case '%': - strcat (browser, "%"); + browser = strappend (browser, "%", NULL); break; case 'c': - strcat (browser, ":"); + browser = strappend (browser, ":", NULL); break; case 's': esc_file = escape_shell (file); - strcat (browser, esc_file); + browser = strappend (browser, esc_file, NULL); free (esc_file); found_percent_s = 1; break; default: + len = strlen (browser); /* cannot be NULL */ + browser = xrealloc (browser, len + 3); strncat (browser, percent, 2); break; } @@ -1830,11 +1833,10 @@ static pipeline *make_browser (const cha command = percent + 1; percent = strchr (command, '%'); } - strcat (browser, command); + browser = strappend (browser, command, NULL); if (!found_percent_s) { - strcat (browser, " "); esc_file = escape_shell (file); - strcat (browser, esc_file); + browser = strappend (browser, " ", esc_file, NULL); free (esc_file); } ++++++ man-db-2.4.3.dif ++++++ --- /var/tmp/diff_new_pack.o11859/_old 2007-04-17 12:53:34.000000000 +0200 +++ /var/tmp/diff_new_pack.o11859/_new 2007-04-17 12:53:34.000000000 +0200 @@ -1,12 +1,13 @@ --- .pkgextract +++ .pkgextract 2007-02-15 00:00:00.000000000 +0100 -@@ -0,0 +1,6 @@ +@@ -0,0 +1,7 @@ +bzcat ../man-db-2.4.3-3.diff.bz2 | patch -p1 -s --suffix=.debian +patch -p0 -s --suffix=.groff < ../man-db-2.3.19deb4.0-groff.dif +patch -p0 -s --suffix=.err < ../man-db-2.4.1-error.dif +patch -p0 -s --suffix=.sect < ../man-db-2.4.3-section.dif +patch -p0 -s --suffix=.secu2 < ../man-db-2.4.1-security2.dif +patch -p0 -s --suffix=.secu4 < ../man-db-2.4.1-security4.dif ++patch -p0 -s --suffix=.064250 < ../man-db-2.4.3-CVE-2006-4250.dif --- GNUmakefile.in +++ GNUmakefile.in 2007-02-15 00:00:00.000000000 +0100 @@ -35,7 +35,7 @@ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org