Hello community, here is the log from the commit of package squidGuard for openSUSE:Factory checked in at Thu Oct 14 16:44:43 CEST 2010. -------- --- squidGuard/squidGuard.changes 2010-07-14 11:44:01.000000000 +0200 +++ squidGuard/squidGuard.changes 2010-10-14 15:15:07.000000000 +0200 @@ -1,0 +2,11 @@ +Thu Oct 14 13:14:50 UTC 2010 - puzel@novell.com + +- fix squidGuard-CVE-2009-3826.patch patch + +------------------------------------------------------------------- +Thu Jul 29 12:42:25 UTC 2010 - puzel@novell.com + +- add squidGuard-CVE-2009-3700.patch, + squidGuard-CVE-2009-3826.patch (bnc#550930) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- squidGuard-CVE-2009-3700.patch squidGuard-CVE-2009-3826.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ squidGuard.spec ++++++ --- /var/tmp/diff_new_pack.fVY4i7/_old 2010-10-14 16:44:19.000000000 +0200 +++ /var/tmp/diff_new_pack.fVY4i7/_new 2010-10-14 16:44:19.000000000 +0200 @@ -26,7 +26,7 @@ Name: squidGuard Summary: Filter plugin for squid Version: 1.4 -Release: 3 +Release: 10 License: GPLv2+ Group: Productivity/Networking/Web/Proxy Url: http://www.squidguard.org/ @@ -39,6 +39,8 @@ Patch2: squidGuard-config.patch Patch3: squidGuard-trailing_dot.patch Patch4: squidGuard-unusual_url_end.patch +Patch5: squidGuard-CVE-2009-3700.patch +Patch6: squidGuard-CVE-2009-3826.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: http_proxy BuildRequires: bison db-devel flex openldap2-devel @@ -92,6 +94,8 @@ %patch2 -p0 %patch3 -p0 %patch4 -p0 +%patch5 -p1 +%patch6 -p1 find -type d | xargs chmod 755 cp %{SOURCE1} . # patch the test configs ++++++ squidGuard-CVE-2009-3700.patch ++++++ Index: squidGuard-1.4/src/sgLog.c =================================================================== --- squidGuard-1.4.orig/src/sgLog.c 2007-11-16 17:58:32.000000000 +0100 +++ squidGuard-1.4/src/sgLog.c 2010-07-29 13:47:50.000000000 +0200 @@ -2,7 +2,7 @@ By accepting this notice, you agree to be bound by the following agreements: - This software product, squidGuard, is copyrighted (C) 1998-2007 + This software product, squidGuard, is copyrighted (C) 1998-2009 by Christine Kronberg, Shalla Secure Services. All rights reserved. This program is free software; you can redistribute it and/or modify it @@ -55,8 +55,8 @@ void sgLog(log, format, va_alist) char msg[MAX_BUF]; va_list ap; VA_START(ap, format); - if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) - fprintf(stderr,"overflow in vsprintf (sgLog): %s",strerror(errno)); + if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) + fprintf(stderr,"overflow in vsnprintf (sgLog): %s",strerror(errno)); va_end(ap); date = niso(0); if(globalDebug || log == NULL) { @@ -87,8 +87,8 @@ void sgLogError(format, va_alist) char msg[MAX_BUF]; va_list ap; VA_START(ap, format); - if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) - sgLogFatalError("overflow in vsprintf (sgLogError): %s",strerror(errno)); + if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) + sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno)); va_end(ap); sgLog(globalErrorLog,"%s",msg); } @@ -104,8 +104,8 @@ void sgLogFatalError(format, va_alist) char msg[MAX_BUF]; va_list ap; VA_START(ap, format); - if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) - return; + if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) + sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno)); va_end(ap); sgLog(globalErrorLog,"%s",msg); sgEmergency(); ++++++ squidGuard-CVE-2009-3826.patch ++++++ Index: squidGuard-1.4/src/sg.h.in =================================================================== --- squidGuard-1.4.orig/src/sg.h.in +++ squidGuard-1.4/src/sg.h.in @@ -73,7 +73,7 @@ int tolower(); #define REQUEST_TYPE_REDIRECT 2 #define REQUEST_TYPE_PASS 3 -#define MAX_BUF 4096 +#define MAX_BUF 12288 #define DEFAULT_LOGFILE "squidGuard.log" #define WARNING_LOGFILE "squidGuard.log" Index: squidGuard-1.4/src/sgDiv.c.in =================================================================== --- squidGuard-1.4.orig/src/sgDiv.c.in +++ squidGuard-1.4/src/sgDiv.c.in @@ -745,7 +745,7 @@ char *sgParseRedirect(redirect, req, acl p++; break; case 'u': /* Requested URL */ - strcat(buf, req->orig); + strncat(buf, req->orig, 2048); p++; break; default: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org