Hello community, here is the log from the commit of package enscript checked in at Mon Nov 3 12:03:07 CET 2008. -------- --- enscript/enscript.changes 2008-10-14 14:48:26.000000000 +0200 +++ /mounts/work_src_done/STABLE/enscript/enscript.changes 2008-10-29 14:48:15.585778000 +0100 @@ -1,0 +2,5 @@ +Wed Oct 29 10:47:13 CET 2008 - werner@suse.de + +- Fix more overflows for bnc#433756, CVE-2008-3863, CVE-2008-4306 + +------------------------------------------------------------------- calling whatdependson for head-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ enscript.spec ++++++ --- /var/tmp/diff_new_pack.Ab6759/_old 2008-11-03 12:01:12.000000000 +0100 +++ /var/tmp/diff_new_pack.Ab6759/_new 2008-11-03 12:01:12.000000000 +0100 @@ -27,7 +27,7 @@ PreReq: %install_info_prereq AutoReqProv: on Version: 1.6.4 -Release: 151 +Release: 152 Summary: An ASCII to PostScript(tm) Converter Source: enscript-%{version}.tar.bz2 Source1: enscript-gs-font.map @@ -124,6 +124,8 @@ %doc %{_infodir}/%{name}.info.gz %changelog +* Wed Oct 29 2008 werner@suse.de +- Fix more overflows for bnc#433756, CVE-2008-3863, CVE-2008-4306 * Tue Oct 14 2008 werner@suse.de - Avoid buffer overflow in setfilename (bnc#433756, CVE-2008-3863) * Tue Jul 15 2008 werner@suse.de ++++++ enscript-1.6.4-CVE-2008-3863.patch ++++++ --- /var/tmp/diff_new_pack.Ab6759/_old 2008-11-03 12:01:12.000000000 +0100 +++ /var/tmp/diff_new_pack.Ab6759/_new 2008-11-03 12:01:12.000000000 +0100 @@ -1,5 +1,5 @@ --- src/psgen.c -+++ src/psgen.c 2008-10-09 17:01:49.438440979 +0200 ++++ src/psgen.c 2008-10-29 10:43:08.512598143 +0100 @@ -24,6 +24,7 @@ * Boston, MA 02111-1307, USA. */ @@ -31,7 +31,35 @@ } u; }; -@@ -1452,7 +1453,8 @@ read_special_escape (InputStream *is, To +@@ -248,7 +249,7 @@ static int do_print = 1; + static int user_fontp = 0; + + /* The user ^@font{}-defined font. */ +-static char user_font_name[256]; ++static char user_font_name[PATH_MAX]; + static FontPoint user_font_pt; + static InputEncoding user_font_encoding; + +@@ -978,7 +979,8 @@ large for page\n"), + FATAL ((stderr, + _("user font encoding can be only the system's default or `ps'"))); + +- strcpy (user_font_name, token.u.font.name); ++ memset (user_font_name, 0, sizeof(user_font_name)); ++ strncpy (user_font_name, token.u.font.name, sizeof(user_font_name) - 1); + user_font_pt.w = token.u.font.size.w; + user_font_pt.h = token.u.font.size.h; + user_font_encoding = token.u.font.encoding; +@@ -1444,7 +1446,7 @@ read_special_escape (InputStream *is, To + buf[i] = ch; + if (i + 1 >= sizeof (buf)) + FATAL ((stderr, _("too long argument for %s escape:\n%.*s"), +- escapes[i].name, i, buf)); ++ escapes[e].name, i, buf)); + } + buf[i] = '\0'; + +@@ -1452,7 +1454,8 @@ read_special_escape (InputStream *is, To switch (escapes[e].escape) { case ESC_FONT: @@ -41,7 +69,7 @@ /* Check for the default font. */ if (strcmp (token->u.font.name, "default") == 0) -@@ -1465,7 +1467,8 @@ read_special_escape (InputStream *is, To +@@ -1465,7 +1468,8 @@ read_special_escape (InputStream *is, To FATAL ((stderr, _("malformed font spec for ^@font escape: %s"), token->u.font.name)); @@ -51,7 +79,7 @@ xfree (cp); } token->type = tFONT; -@@ -1544,7 +1547,8 @@ read_special_escape (InputStream *is, To +@@ -1544,7 +1548,8 @@ read_special_escape (InputStream *is, To break; case ESC_SETFILENAME: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org