Mailinglist Archive: opensuse-commit (1945 mails)
| < Previous | Next > |
commit enscript
- From: root@xxxxxxxxxxxxxxx (h_root)
- Date: Mon, 03 Nov 2008 12:03:07 +0100
- Message-id: <20081103110307.726BC6780AA@xxxxxxxxxxxxxxx>
Hello community,
here is the log from the commit of package enscript
checked in at Mon Nov 3 12:03:07 CET 2008.
--------
--- enscript/enscript.changes 2008-10-14 14:48:26.000000000 +0200
+++ /mounts/work_src_done/STABLE/enscript/enscript.changes 2008-10-29
14:48:15.585778000 +0100
@@ -1,0 +2,5 @@
+Wed Oct 29 10:47:13 CET 2008 - werner@xxxxxxx
+
+- Fix more overflows for bnc#433756, CVE-2008-3863, CVE-2008-4306
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ enscript.spec ++++++
--- /var/tmp/diff_new_pack.Ab6759/_old 2008-11-03 12:01:12.000000000 +0100
+++ /var/tmp/diff_new_pack.Ab6759/_new 2008-11-03 12:01:12.000000000 +0100
@@ -27,7 +27,7 @@
PreReq: %install_info_prereq
AutoReqProv: on
Version: 1.6.4
-Release: 151
+Release: 152
Summary: An ASCII to PostScript(tm) Converter
Source: enscript-%{version}.tar.bz2
Source1: enscript-gs-font.map
@@ -124,6 +124,8 @@
%doc %{_infodir}/%{name}.info.gz
%changelog
+* Wed Oct 29 2008 werner@xxxxxxx
+- Fix more overflows for bnc#433756, CVE-2008-3863, CVE-2008-4306
* Tue Oct 14 2008 werner@xxxxxxx
- Avoid buffer overflow in setfilename (bnc#433756, CVE-2008-3863)
* Tue Jul 15 2008 werner@xxxxxxx
++++++ enscript-1.6.4-CVE-2008-3863.patch ++++++
--- /var/tmp/diff_new_pack.Ab6759/_old 2008-11-03 12:01:12.000000000 +0100
+++ /var/tmp/diff_new_pack.Ab6759/_new 2008-11-03 12:01:12.000000000 +0100
@@ -1,5 +1,5 @@
--- src/psgen.c
-+++ src/psgen.c 2008-10-09 17:01:49.438440979 +0200
++++ src/psgen.c 2008-10-29 10:43:08.512598143 +0100
@@ -24,6 +24,7 @@
* Boston, MA 02111-1307, USA.
*/
@@ -31,7 +31,35 @@
} u;
};
-@@ -1452,7 +1453,8 @@ read_special_escape (InputStream *is, To
+@@ -248,7 +249,7 @@ static int do_print = 1;
+ static int user_fontp = 0;
+
+ /* The user ^@font{}-defined font. */
+-static char user_font_name[256];
++static char user_font_name[PATH_MAX];
+ static FontPoint user_font_pt;
+ static InputEncoding user_font_encoding;
+
+@@ -978,7 +979,8 @@ large for page\n"),
+ FATAL ((stderr,
+ _("user font encoding can be only the system's
default or `ps'")));
+
+- strcpy (user_font_name, token.u.font.name);
++ memset (user_font_name, 0, sizeof(user_font_name));
++ strncpy (user_font_name, token.u.font.name,
sizeof(user_font_name) - 1);
+ user_font_pt.w = token.u.font.size.w;
+ user_font_pt.h = token.u.font.size.h;
+ user_font_encoding = token.u.font.encoding;
+@@ -1444,7 +1446,7 @@ read_special_escape (InputStream *is, To
+ buf[i] = ch;
+ if (i + 1 >= sizeof (buf))
+ FATAL ((stderr, _("too long argument for %s escape:\n%.*s"),
+- escapes[i].name, i, buf));
++ escapes[e].name, i, buf));
+ }
+ buf[i] = '\0';
+
+@@ -1452,7 +1454,8 @@ read_special_escape (InputStream *is, To
switch (escapes[e].escape)
{
case ESC_FONT:
@@ -41,7 +69,7 @@
/* Check for the default font. */
if (strcmp (token->u.font.name, "default") == 0)
-@@ -1465,7 +1467,8 @@ read_special_escape (InputStream *is, To
+@@ -1465,7 +1468,8 @@ read_special_escape (InputStream *is, To
FATAL ((stderr, _("malformed font spec for ^@font escape: %s"),
token->u.font.name));
@@ -51,7 +79,7 @@
xfree (cp);
}
token->type = tFONT;
-@@ -1544,7 +1547,8 @@ read_special_escape (InputStream *is, To
+@@ -1544,7 +1548,8 @@ read_special_escape (InputStream *is, To
break;
case ESC_SETFILENAME:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx
| < Previous | Next > |