Hello community, here is the log from the commit of package nvu checked in at Wed Apr 30 11:59:39 CEST 2008. -------- --- nvu/nvu.changes 2007-06-07 16:04:48.000000000 +0200 +++ /mounts/work_src_done/STABLE/nvu/nvu.changes 2008-04-30 11:09:42.000000000 +0200 @@ -1,0 +2,5 @@ +Wed Apr 30 11:09:23 CEST 2008 - sbrabec@suse.cz + +- Set MAXPATHLEN correctly to prevent buffer overflow crash. + +------------------------------------------------------------------- New: ---- nvu-overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nvu.spec ++++++ --- /var/tmp/diff_new_pack.r30773/_old 2008-04-30 11:59:29.000000000 +0200 +++ /var/tmp/diff_new_pack.r30773/_new 2008-04-30 11:59:29.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package nvu (Version 1.0) # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -10,14 +10,15 @@ # norootforbuild + Name: nvu BuildRequires: gcc-c++ gtk2-devel krb5-devel libgnome-devel libidl-devel mozilla-nspr-devel orbit-devel tcsh unzip update-desktop-files zip %define NVU 1 -License: GNU General Public License (GPL), GNU Library General Public License v. 2.0 and 2.1 (LGPL) +License: GPL v2 or later; LGPL v2.1 or later; MOZILLA PUBLIC LICENSE (MPL/NPL) Version: 1.0 -Release: 60 +Release: 137 Summary: Web Authoring System -URL: http://www.nvu.com/ +Url: http://www.nvu.com/ Group: Productivity/Publishing/HTML/Editors Source: %{name}-%{version}-sources.tar.bz2 Source1: nvu.desktop @@ -32,6 +33,7 @@ Patch7: dumpstack.patch Patch8: nvu-undefined-operation.patch Patch9: nvu-uninitialized-variable.patch +Patch10: nvu-overflow.patch %define _use_internal_dependency_generator 0 %define my_provides %{_builddir}/%{?buildsubdir}/my-provides %define my_requires %{_builddir}/%{?buildsubdir}/my-requires @@ -47,24 +49,21 @@ Nvu Features -- WYSIWYG editing of pages, making Web creation as easy as typing a +* WYSIWYG editing of pages, making Web creation as easy as typing a letter with your word processor. -- Integrated file management via FTP. Simply log in to your Web +* Integrated file management via FTP. Simply log in to your Web site and navigate through your files, editing Web pages on the fly, directly from your site. -- Reliable HTML code creation that works with today's most popular +* Reliable HTML code creation that works with today's most popular browsers. -- Jump between WYSIWYG editing mode and HTML using tabs. - -- Tabbed editing to make working on multiple pages a snap. +* Jump between WYSIWYG editing mode and HTML using tabs. -- Powerful support for frames, forms, tables, and templates. +* Tabbed editing to make working on multiple pages a snap. -- The easiest-to-use, most powerful Web authoring system available for -desktop Linux users. +* Powerful support for frames, forms, tables, and templates. @@ -85,6 +84,7 @@ %patch7 %patch8 %patch9 +%patch10 cp composer/config/mozconfig.linux .mozconfig echo "ac_add_options --with-system-nspr" >>.mozconfig echo "export CFLAGS=\"$RPM_OPT_FLAGS -fno-strict-aliasing\"" >>.mozconfig @@ -147,60 +147,62 @@ /usr/share/*/nvu.* %changelog -* Thu Jun 07 2007 - sbrabec@suse.cz +* Wed Apr 30 2008 sbrabec@suse.cz +- Set MAXPATHLEN correctly to prevent buffer overflow crash. +* Thu Jun 07 2007 sbrabec@suse.cz - Removed invalid desktop Category "Application" (#254654). -* Thu May 31 2007 - sbrabec@suse.cz +* Thu May 31 2007 sbrabec@suse.cz - Fixed undefined behavior of code and undefined variables. - Build everything with RPM_OPT_FLAGS. -* Thu May 10 2007 - ro@suse.de +* Fri May 11 2007 ro@suse.de - added unzip to buildrequires -* Mon Nov 13 2006 - sbrabec@suse.cz +* Mon Nov 13 2006 sbrabec@suse.cz - Fixed Requires/Provides correctly (#216100#c14). -* Fri Nov 03 2006 - sbrabec@suse.cz +* Fri Nov 03 2006 sbrabec@suse.cz - Do not provide and require internal libraries (#216100). -* Sat Sep 30 2006 - aj@suse.de +* Sat Sep 30 2006 aj@suse.de - Cleanup BuildRequires. -* Wed Feb 15 2006 - stbinner@suse.de +* Wed Feb 15 2006 stbinner@suse.de - fix GenericName in .desktop file -* Wed Jan 25 2006 - mls@suse.de +* Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires -* Tue Jan 24 2006 - mmarek@suse.cz +* Tue Jan 24 2006 mmarek@suse.cz - fix parallel build -* Thu Jan 19 2006 - sbrabec@suse.cz +* Thu Jan 19 2006 sbrabec@suse.cz - Fixed build error (added dumpstack.patch from MozillaFirefox). -* Tue Sep 27 2005 - ro@suse.de +* Tue Sep 27 2005 ro@suse.de - fix inplicit function declaration -* Fri Aug 19 2005 - sbrabec@suse.cz +* Fri Aug 19 2005 sbrabec@suse.cz - Added gtk.patch from mozilla. -* Tue Aug 02 2005 - sbrabec@suse.cz +* Tue Aug 02 2005 sbrabec@suse.cz - Updated nss-opt.patch from mozilla. -* Thu Jun 30 2005 - sbrabec@suse.cz +* Thu Jun 30 2005 sbrabec@suse.cz - Updated to version 1.0. -* Wed May 11 2005 - sbrabec@suse.cz +* Wed May 11 2005 sbrabec@suse.cz - Build with system nspr (#78320). -* Tue May 10 2005 - sbrabec@suse.cz +* Tue May 10 2005 sbrabec@suse.cz - Do not require self-provided libraries (#78320). -* Fri Apr 22 2005 - ro@suse.de +* Fri Apr 22 2005 ro@suse.de - apply mozilla-gcc4.patch -* Sat Mar 19 2005 - ro@suse.de +* Sat Mar 19 2005 ro@suse.de - try to fix build -* Fri Mar 18 2005 - sbrabec@suse.cz +* Fri Mar 18 2005 sbrabec@suse.cz - Do not provide mozilla libraries (#73619). -* Thu Feb 03 2005 - sbrabec@suse.cz +* Thu Feb 03 2005 sbrabec@suse.cz - Build as separate package. - Updated to version 0.80. -* Thu Nov 18 2004 - ro@suse.de +* Thu Nov 18 2004 ro@suse.de - use kerberos-devel-packages -* Fri Sep 24 2004 - stark@suse.de +* Fri Sep 24 2004 stark@suse.de - enabled logging for non-debug builds to be able to get some logfiles for debugging -* Thu Sep 23 2004 - sbrabec@suse.cz +* Thu Sep 23 2004 sbrabec@suse.cz - Fixed desktop file and icon. -* Fri Sep 17 2004 - stark@suse.de +* Sat Sep 18 2004 stark@suse.de - added security-fix to mozilla source (doesn't affect NVU) -* Fri Sep 17 2004 - ro@suse.de +* Fri Sep 17 2004 ro@suse.de - one lib64 in path is enough, change progdir -* Wed Sep 15 2004 - ro@suse.de +* Wed Sep 15 2004 ro@suse.de - use version number directly -* Wed Sep 15 2004 - sbrabec@suse.cz +* Wed Sep 15 2004 sbrabec@suse.cz - New SuSE package, version 0.41. ++++++ nvu-overflow.patch ++++++ --- toolkit/xre/nsAppRunner.h +++ toolkit/xre/nsAppRunner.h @@ -38,15 +38,7 @@ #ifndef nsAppRunner_h__ #define nsAppRunner_h__ -#ifndef MAXPATHLEN -#ifdef _MAX_PATH -#define MAXPATHLEN _MAX_PATH -#elif defined(CCHMAXPATH) -#define MAXPATHLEN CCHMAXPATH -#else -#define MAXPATHLEN 1024 -#endif -#endif +#define MAXPATHLEN 4096 #include "nscore.h" ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org