Hello community, here is the log from the commit of package android-tools for openSUSE:Factory checked in at 2014-05-05 21:09:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/android-tools (Old) and /work/SRC/openSUSE:Factory/.android-tools.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "android-tools" Changes: -------- --- /work/SRC/openSUSE:Factory/android-tools/android-tools.changes 2013-03-08 09:07:20.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.android-tools.new/android-tools.changes 2014-05-05 21:09:31.000000000 +0200 @@ -1,0 +2,6 @@ +Fri May 2 20:12:27 UTC 2014 - dmitry_r@opensuse.org + +- Fix overflow in adb CVE-2014-1909 [bnc#863074] + * fix-overflow-in-adb_client.patch + +------------------------------------------------------------------- New: ---- fix-overflow-in-adb_client.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ android-tools.spec ++++++ --- /var/tmp/diff_new_pack.Nom37r/_old 2014-05-05 21:09:32.000000000 +0200 +++ /var/tmp/diff_new_pack.Nom37r/_new 2014-05-05 21:09:32.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package android-tools # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -35,6 +35,7 @@ Source4: fastboot-Makefile Source5: 51-android.rules Patch0: android-tools-ppc64-types.patch +Patch1: fix-overflow-in-adb_client.patch BuildRequires: libselinux-devel BuildRequires: openssl-devel @@ -60,6 +61,7 @@ cp -p %{SOURCE2} Makefile cp -p %{SOURCE3} adb/Makefile cp -p %{SOURCE4} fastboot/Makefile +%patch1 -p1 %build make %{?_smp_mflags} ++++++ fix-overflow-in-adb_client.patch ++++++

From 75e0645921cb6c3e9d33672733372f519bf57f38 Mon Sep 17 00:00:00 2001 From: Nick Kralevich <nnk@google.com> Date: Tue, 10 Dec 2013 10:18:10 -0800 Subject: [PATCH] Fix overflow in adb_client

Credit: Joshua Drake Bug: 12060953 (cherry picked from commit e89e09dd2b9b42184973e3ade291186a2737bced) Change-Id: I8a9b2592a5e4f7527c607abfe4ea6df6eb550aa8 --- adb/adb_client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/adb/adb_client.c b/adb/adb_client.c index f7823a8..586cd7b 100644 --- a/adb/adb_client.c +++ b/adb/adb_client.c @@ -241,7 +241,7 @@ int adb_connect(const char *service) } else { // if server was running, check its version to make sure it is not out of date char buf[100]; - int n; + size_t n; int version = ADB_SERVER_VERSION - 1; // if we have a file descriptor, then parse version result @@ -250,7 +250,7 @@ int adb_connect(const char *service) buf[4] = 0; n = strtoul(buf, 0, 16); - if(n > (int)sizeof(buf)) goto error; + if(n > sizeof(buf)) goto error; if(readx(fd, buf, n)) goto error; adb_close(fd); -- 1.8.4.5 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org