Hello community,
here is the log from the commit of package gftp
checked in at Fri Aug 3 01:52:59 CEST 2007.
--------
--- GNOME/gftp/gftp.changes 2007-05-30 19:01:38.000000000 +0200
+++ /mounts/work_src_done/STABLE/gftp/gftp.changes 2007-08-01 18:40:02.000000000 +0200
@@ -1,0 +2,6 @@
+Wed Aug 1 18:38:58 CEST 2007 - sbrabec@suse.cz
+
+- Fixed FSP buffer overflows (#295068,
+ CVE-2007-3961, CVE-2007-3962).
+
+-------------------------------------------------------------------
New:
----
gftp-fsplib.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gftp.spec ++++++
--- /var/tmp/diff_new_pack.R20819/_old 2007-08-03 01:52:52.000000000 +0200
+++ /var/tmp/diff_new_pack.R20819/_new 2007-08-03 01:52:52.000000000 +0200
@@ -12,11 +12,11 @@
Name: gftp
BuildRequires: docbook-toys gtk2-devel indent jadetex openssl-devel readline-devel texlive update-desktop-files
-License: GNU General Public License (GPL)
+License: GPL v2 or later
Group: Productivity/Networking/Ftp/Clients
Autoreqprov: on
Version: 2.0.18
-Release: 82
+Release: 99
Source0: %{name}-%{version}.tar.bz2
URL: http://gftp.seul.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -25,6 +25,7 @@
Patch2: %{name}-%{version}-overflow.patch
Patch3: gedit-tmp-file-deletion.patch
Patch4: strncat.patch
+Patch5: gftp-fsplib.patch
%description
GFTP is a multithreaded FTP client for X11 written using Gtk. It has
@@ -46,6 +47,7 @@
%patch2
%patch3
%patch4
+%patch5
rename no nb po/no.*
sed -i "s/\(ALL_LINGUAS.*\) no /\1 nb /" configure
@@ -77,6 +79,9 @@
%doc %{_mandir}/man?/*.*
%changelog
+* Wed Aug 01 2007 - sbrabec@suse.cz
+- Fixed FSP buffer overflows (#295068,
+ CVE-2007-3961, CVE-2007-3962).
* Wed May 30 2007 - sbrabec@suse.cz
- Require jadetex for build.
* Thu Apr 26 2007 - ro@suse.de
++++++ gftp-fsplib.patch ++++++
CVE-2007-3961 CVE-2007-3962
================================================================================
--- lib/fsplib/fsplib.c
+++ lib/fsplib/fsplib.c
@@ -612,7 +612,7 @@
entry->d_reclen = fentry.reclen;
strncpy(entry->d_name,fentry.name,MAXNAMLEN);
- if (fentry.namlen > MAXNAMLEN)
+ if (fentry.namlen >= MAXNAMLEN)
{
entry->d_name[MAXNAMLEN] = '\0';
#ifdef HAVE_NAMLEN
@@ -681,7 +681,7 @@
dir->dirpos += 9;
/* read file name */
entry->name[255] = '\0';
- strncpy(entry->name,(char *)( dir->data + dir->dirpos ),MAXNAMLEN);
+ strncpy(entry->name,(char *)( dir->data + dir->dirpos ),255);
namelen = strlen( (char *) dir->data+dir->dirpos);
/* skip over file name */
dir->dirpos += namelen +1;
@@ -709,12 +709,12 @@
struct dirent * fsp_readdir(FSP_DIR *dirp)
{
- static struct dirent entry;
+ static dirent_workaround entry;
struct dirent *result;
if (dirp == NULL) return NULL;
- if ( fsp_readdir_r(dirp,&entry,&result) )
+ if ( fsp_readdir_r(dirp,&entry.dirent,&result) )
return NULL;
else
return result;
--- lib/fsplib/fsplib.h
+++ lib/fsplib/fsplib.h
@@ -1,6 +1,7 @@
#ifndef _FSPLIB_H
#define _FSPLIB_H 1
#include
participants (1)
-
root@Hilbert.suse.de