Mailinglist Archive: opensuse-commit (1945 mails)

[root@xxxxxxxxxxxxxxx (h_root)]

Hello community,

here is the log from the commit of package libgadu
checked in at Mon Nov 3 12:22:22 CET 2008.


--------
--- libgadu/libgadu.changes     2008-08-19 13:29:28.000000000 +0200
+++ /mounts/work_src_done/STABLE/libgadu/libgadu.changes        2008-10-29 
14:49:07.375844000 +0100
@@ -1,0 +2,7 @@
+Wed Oct 29 14:10:02 CET 2008 - sbrabec@xxxxxxx
+
+- Updated to version 1.8.2:
+  * fixes remote denial of service via contact description
+    (CVE-2008-4776, bnc#439770)
+
+-------------------------------------------------------------------

calling whatdependson for head-i586


Old:
----
  libgadu-1.8.1.tar.bz2

New:
----
  libgadu-1.8.2.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libgadu.spec ++++++
--- /var/tmp/diff_new_pack.Kk9440/_old  2008-11-03 12:22:09.000000000 +0100
+++ /var/tmp/diff_new_pack.Kk9440/_new  2008-11-03 12:22:09.000000000 +0100
@@ -1,5 +1,5 @@
 #
-# spec file for package libgadu (Version 1.8.1)
+# spec file for package libgadu (Version 1.8.2)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -20,7 +20,7 @@
 
 Name:           libgadu
 Summary:        Library for Handling of Gadu-Gadu Instant Messaging
-Version:        1.8.1
+Version:        1.8.2
 Release:        1
 License:        LGPL v2.1 or later
 Group:          System/Libraries
@@ -85,6 +85,10 @@
 %{_libdir}/pkgconfig/*.pc
 
 %changelog
+* Wed Oct 29 2008 sbrabec@xxxxxxx
+- Updated to version 1.8.2:
+  * fixes remote denial of service via contact description
+  (CVE-2008-4776, bnc#439770)
 * Tue Aug 19 2008 sbrabec@xxxxxxx
 - Updated to version 1.8.1:
   * fixed memory corruption in gg_dcc7_send_file()

++++++ libgadu-1.8.1.tar.bz2 -> libgadu-1.8.2.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn 
--exclude=.svnignore old/libgadu-1.8.1/configure new/libgadu-1.8.2/configure
--- old/libgadu-1.8.1/configure 2008-06-17 22:30:29.000000000 +0200
+++ new/libgadu-1.8.2/configure 2008-10-24 00:27:19.000000000 +0200
@@ -2269,7 +2269,7 @@
 
 # Define the identity of the package.
  PACKAGE=libgadu
- VERSION=1.8.1
+ VERSION=1.8.2
 
 
 cat >>confdefs.h <<_ACEOF
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn 
--exclude=.svnignore old/libgadu-1.8.1/configure.ac 
new/libgadu-1.8.2/configure.ac
--- old/libgadu-1.8.1/configure.ac      2008-06-17 22:29:55.000000000 +0200
+++ new/libgadu-1.8.2/configure.ac      2008-10-24 00:25:39.000000000 +0200
@@ -1,7 +1,7 @@
-dnl $Id: configure.ac 614 2008-06-02 21:16:59Z wojtekka $
+dnl $Id: configure.ac 640 2008-10-23 22:25:36Z wojtekka $
 
 AC_INIT(src/libgadu.c)
-AM_INIT_AUTOMAKE(libgadu, 1.8.1)
+AM_INIT_AUTOMAKE(libgadu, 1.8.2)
 
 AC_PREREQ(2.50)
 AC_CANONICAL_HOST
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn 
--exclude=.svnignore old/libgadu-1.8.1/README new/libgadu-1.8.2/README
--- old/libgadu-1.8.1/README    2008-06-17 22:29:55.000000000 +0200
+++ new/libgadu-1.8.2/README    2008-10-23 23:57:15.000000000 +0200
@@ -1,4 +1,4 @@
-libgadu 1.8.1
+libgadu 1.8.2
 (C) Copyright 2001-2008 Autorzy (pełna lista w pliku AUTHORS)
 
 libgadu jest biblioteką przeznaczoną do obsługi protokołu komunikatora
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn 
--exclude=.svnignore old/libgadu-1.8.1/src/events.c 
new/libgadu-1.8.2/src/events.c
--- old/libgadu-1.8.1/src/events.c      2008-06-17 22:29:54.000000000 +0200
+++ new/libgadu-1.8.2/src/events.c      2008-10-24 00:24:04.000000000 +0200
@@ -1,4 +1,4 @@
-/* $Id: events.c 610 2008-05-31 22:18:03Z wojtekka $ */
+/* $Id: events.c 639 2008-10-23 22:24:01Z wojtekka $ */
 
 /*
  *  (C) Copyright 2001-2006 Wojtek Kaniewski <wojtekka@xxxxxx>
@@ -621,7 +621,7 @@
                                if (GG_S_D(n->status)) {
                                        unsigned char descr_len = *((char*) n + 
sizeof(struct gg_notify_reply77));
 
-                                       if (descr_len < length) {
+                                       if (sizeof(struct gg_notify_reply77) + 
descr_len <= length) {
                                                if 
(!(e->event.notify60[i].descr = malloc(descr_len + 1))) {
                                                        gg_debug_session(sess, 
GG_DEBUG_MISC, "// gg_watch_fd_connected() not enough memory for notify 
data\n");
                                                        goto fail;
@@ -744,7 +744,7 @@
                                if (GG_S_D(n->status)) {
                                        unsigned char descr_len = *((char*) n + 
sizeof(struct gg_notify_reply60));
 
-                                       if (descr_len < length) {
+                                       if (sizeof(struct gg_notify_reply60) + 
descr_len <= length) {
                                                if 
(!(e->event.notify60[i].descr = malloc(descr_len + 1))) {
                                                        gg_debug_session(sess, 
GG_DEBUG_MISC, "// gg_watch_fd_connected() not enough memory for notify 
data\n");
                                                        goto fail;


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx