Hello community, here is the log from the commit of package cscope checked in at Thu Oct 19 13:18:40 CEST 2006. -------- --- cscope/cscope.changes 2006-08-30 09:56:44.000000000 +0200 +++ /mounts/work_src_done/STABLE/cscope/cscope.changes 2006-10-18 18:37:07.000000000 +0200 @@ -1,0 +2,7 @@ +Wed Oct 18 18:33:22 CEST 2006 - anosek@suse.cz + +- updated to version 15.6 + * fixed various security issues +- dropped obsolete CVE-2006-4262.patch, tmpfile.patch + +------------------------------------------------------------------- Old: ---- cscope-15.5-CVE-2006-4262.patch cscope-15.5-gcc-warnings.patch cscope-15.5-sprintf.patch cscope-15.5-vpath.patch cscope-15.5.tar.bz2 cscope-tmpfile.patch New: ---- cscope-15.6-gcc-warnings.patch cscope-15.6-sprintf.patch cscope-15.6-vpath.patch cscope-15.6.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cscope.spec ++++++ --- /var/tmp/diff_new_pack.GfASUe/_old 2006-10-19 13:16:29.000000000 +0200 +++ /var/tmp/diff_new_pack.GfASUe/_new 2006-10-19 13:16:29.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package cscope (Version 15.5) +# spec file for package cscope (Version 15.6) # # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -11,19 +11,17 @@ # norootforbuild Name: cscope -License: BSD +License: BSD License and BSD-like Group: Development/Tools/Navigators Autoreqprov: on -Version: 15.5 -Release: 95 +Version: 15.6 +Release: 1 Summary: Interactive Tool for Browsing C Source Code Source: cscope-%{version}.tar.bz2 -Patch: cscope-tmpfile.patch Patch1: cscope-null.patch Patch2: cscope-%{version}-gcc-warnings.patch Patch3: cscope-%{version}-vpath.patch Patch4: cscope-%{version}-sprintf.patch -Patch5: cscope-15.5-CVE-2006-4262.patch URL: http://cscope.sourceforge.net/ BuildRoot: %{_tmppath}/%{name}-%{version}-build %define _prefix /usr @@ -44,12 +42,10 @@ %prep %setup -q -%patch %patch1 -p1 %patch2 %patch3 %patch4 -%patch5 %build %{?suse_update_config:%{suse_update_config}} @@ -74,6 +70,10 @@ %{_prefix}/bin/cscope %changelog -n cscope +* Wed Oct 18 2006 - anosek@suse.cz +- updated to version 15.6 + * fixed various security issues +- dropped obsolete CVE-2006-4262.patch, tmpfile.patch * Wed Aug 30 2006 - anosek@suse.cz - fixed previous change * Tue Aug 29 2006 - anosek@suse.de ++++++ cscope-15.5-gcc-warnings.patch -> cscope-15.6-gcc-warnings.patch ++++++ ++++++ cscope-15.5-sprintf.patch -> cscope-15.6-sprintf.patch ++++++ --- cscope/cscope-15.5-sprintf.patch 2006-05-29 16:42:50.000000000 +0200 +++ /mounts/work_src_done/STABLE/cscope/cscope-15.6-sprintf.patch 2006-10-18 18:02:51.000000000 +0200 @@ -1,55 +1,55 @@ --- src/build.c +++ src/build.c -@@ -215,7 +215,7 @@ - (void) strcpy(newdir, "$HOME"); +@@ -223,7 +223,7 @@ + if (strcmp(currentdir, home) == 0) { + strcpy(newdir, "$HOME"); + } else if (strncmp(currentdir, home, strlen(home)) == 0) { +- sprintf(newdir, "$HOME%s", currentdir + strlen(home)); ++ snprintf(newdir, sizeof(newdir), "$HOME%s", currentdir + strlen(home)); + } + /* sort the source file names (needed for rebuilding) */ + qsort(srcfiles, nsrcfiles, sizeof(char *), compare); +@@ -454,7 +454,7 @@ } - else if (strncmp(currentdir, home, strlen(home)) == 0) { -- (void) sprintf(newdir, "$HOME%s", currentdir + strlen(home)); -+ (void) snprintf(newdir, sizeof(newdir), "$HOME%s", currentdir + strlen(home)); - } - /* sort the source file names (needed for rebuilding) */ - qsort(srcfiles, (unsigned) nsrcfiles, sizeof(char *), compare); -@@ -443,7 +443,7 @@ - } - (void) fstat(fileno(postings), &statstruct); - (void) fclose(postings); -- (void) sprintf(sortcommand, "env LC_ALL=C sort -T %s %s", tmpdir, temp1); -+ (void) snprintf(sortcommand, sizeof(sortcommand), "env LC_ALL=C sort -T %s %s", tmpdir, temp1); - if ((postings = mypopen(sortcommand, "r")) == NULL) { - (void) fprintf(stderr, "cscope: cannot open pipe to sort command\n"); - cannotindex(); + fstat(fileno(postings), &statstruct); + fclose(postings); +- sprintf(sortcommand, "env LC_ALL=C sort -T %s %s", tmpdir, temp1); ++ snprintf(sortcommand, sizeof(sortcommand), "env LC_ALL=C sort -T %s %s", tmpdir, temp1); + if ((postings = mypopen(sortcommand, "r")) == NULL) { + fprintf(stderr, "cscope: cannot open pipe to sort command\n"); + cannotindex(); --- src/command.c +++ src/command.c -@@ -718,7 +718,7 @@ +@@ -739,7 +739,7 @@ - /* make sure it can be changed */ - if (access(newfile, WRITE) != 0) { -- (void) sprintf(msg, "Cannot write to file %s", newfile); -+ (void) snprintf(msg, sizeof(msg), "Cannot write to file %s", newfile); - postmsg(msg); - anymarked = NO; - break; + /* make sure it can be changed */ + if (access(newfile, WRITE) != 0) { +- sprintf(msg, "Cannot write to file %s", newfile); ++ snprintf(msg, sizeof(msg), "Cannot write to file %s", newfile); + postmsg(msg); + anymarked = NO; + break; --- src/dir.c +++ src/dir.c -@@ -138,7 +138,7 @@ +@@ -139,7 +139,7 @@ - /* compute its path from higher view path source dirs */ - for (i = 1; i < nvpsrcdirs; ++i) { -- (void) sprintf(path, "%.*s/%s", -+ (void) snprintf(path, sizeof(path), "%.*s/%s", - PATHLEN - 2 - dir_len, - srcdirs[i], dir); - addsrcdir(path); -@@ -206,7 +206,7 @@ + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- sprintf(path, "%.*s/%s", ++ snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - dir_len, + srcdirs[i], dir); + addsrcdir(path); +@@ -207,7 +207,7 @@ - /* compute its path from higher view path source dirs */ - for (i = 1; i < nvpsrcdirs; ++i) { -- (void) sprintf(path, "%.*s/%s", -+ (void) snprintf(path, sizeof(path), "%.*s/%s", - PATHLEN - 2 - dir_len, - srcdirs[i], dir); - addincdir(dir, path); -@@ -474,8 +474,6 @@ + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- sprintf(path, "%.*s/%s", ++ snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - dir_len, + srcdirs[i], dir); + addincdir(dir, path); +@@ -482,8 +482,6 @@ DIR *dirfile; int adir_len = strlen(adir); @@ -58,7 +58,7 @@ if ((dirfile = opendir(adir)) != NULL) { struct dirent *entry; char path[PATHLEN + 1]; -@@ -486,7 +484,7 @@ +@@ -494,7 +492,7 @@ && (strcmp("..",entry->d_name) != 0)) { struct stat buf; @@ -67,65 +67,61 @@ PATHLEN - 2 - adir_len, entry->d_name); -@@ -603,14 +601,14 @@ - for (i = 0; i < nincdirs; ++i) { - - /* don't include the file from two directories */ -- (void) sprintf(name, "%.*s/%s", -+ (void) snprintf(name, sizeof(name), "%.*s/%s", - PATHLEN - 2 - file_len, incnames[i], - file); - if (infilelist(name) == YES) { - break; - } - /* make sure it exists and is readable */ -- (void) sprintf(path, "%.*s/%s", -+ (void) snprintf(path, sizeof(path), "%.*s/%s", - PATHLEN - 2 - file_len, incdirs[i], - file); - if (access(compath(path), READ) == 0) { -@@ -654,7 +652,7 @@ +@@ -604,14 +602,14 @@ + /* search for the file in the #include directory list */ + for (i = 0; i < nincdirs; ++i) { + /* don't include the file from two directories */ +- sprintf(name, "%.*s/%s", ++ snprintf(name, sizeof(name), "%.*s/%s", + PATHLEN - 2 - file_len, incnames[i], + file); + if (infilelist(name) == YES) { + break; + } + /* make sure it exists and is readable */ +- sprintf(path, "%.*s/%s", ++ snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - file_len, incdirs[i], + file); + if (access(compath(path), READ) == 0) { +@@ -659,7 +657,7 @@ - /* compute its path from higher view path source dirs */ - for (i = 1; i < nvpsrcdirs; ++i) { -- (void) sprintf(path, "%.*s/%s", -+ (void) snprintf(path, sizeof(path), "%.*s/%s", - PATHLEN - 2 - file_len, srcdirs[i], - file); - if (access(compath(path), READ) == 0) { + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- sprintf(path, "%.*s/%s", ++ snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - file_len, srcdirs[i], + file); + if (access(compath(path), READ) == 0) { --- src/display.c +++ src/display.c -@@ -473,24 +473,24 @@ +@@ -478,20 +478,20 @@ /* see if it is empty */ if ((c = getc(refsfound)) == EOF) { if (findresult != NULL) { - (void) sprintf(lastmsg, "Egrep %s in this pattern: %s", -+ (void) snprintf(lastmsg, sizeof(lastmsg), "Egrep %s in this pattern: %s", - findresult, pattern); - } - else if (rc == NOTSYMBOL) { ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Egrep %s in this pattern: %s", + findresult, Pattern); + } else if (rc == NOTSYMBOL) { - (void) sprintf(lastmsg, "This is not a C symbol: %s", -+ (void) snprintf(lastmsg, sizeof(lastmsg), "This is not a C symbol: %s", - pattern); - } - else if (rc == REGCMPERROR) { ++ (void) snprintf(lastmsg, sizeof(lastmsg), "This is not a C symbol: %s", + Pattern); + } else if (rc == REGCMPERROR) { - (void) sprintf(lastmsg, "Error in this regcomp(3) regular expression: %s", -+ (void) snprintf(lastmsg, sizeof(lastmsg), "Error in this regcomp(3) regular expression: %s", - pattern); ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Error in this regcomp(3) regular expression: %s", + Pattern); - } - else if (funcexist == NO) { + } else if (funcexist == NO) { - (void) sprintf(lastmsg, "Function definition does not exist: %s", -+ (void) snprintf(lastmsg, sizeof(lastmsg), "Function definition does not exist: %s", - pattern); - } - else { ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Function definition does not exist: %s", + Pattern); + } else { - (void) sprintf(lastmsg, "Could not find the %s: %s", -+ (void) snprintf(lastmsg, sizeof(lastmsg), "Could not find the %s: %s", - fields[field].text2, pattern); ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Could not find the %s: %s", + fields[field].text2, Pattern); } return(NO); -@@ -555,17 +555,17 @@ +@@ -527,17 +527,17 @@ move(MSGLINE, 0); clrtoeol(); addstr(what); @@ -146,7 +142,7 @@ } start = now; -@@ -603,7 +603,7 @@ +@@ -575,7 +575,7 @@ s = sys_errlist[errno]; } #endif @@ -180,18 +176,18 @@ return(file); --- src/exec.c +++ src/exec.c -@@ -124,7 +124,7 @@ +@@ -123,7 +123,7 @@ - /* execute the program or shell script */ - (void) execvp(a, args); /* returns only on failure */ -- (void) sprintf(msg, "\nCannot exec %s", a); -+ (void) snprintf(msg, sizeof(msg), "\nCannot exec %s", a); - perror(msg); /* display the reason */ - askforreturn(); /* wait until the user sees the message */ - myexit(1); /* exit the child */ + /* execute the program or shell script */ + execvp(a, args); /* returns only on failure */ +- sprintf(msg, "\nCannot exec %s", a); ++ snprintf(msg, sizeof(msg), "\nCannot exec %s", a); + perror(msg); /* display the reason */ + askforreturn(); /* wait until the user sees the message */ + myexit(1); /* exit the child */ --- src/find.c +++ src/find.c -@@ -666,7 +666,7 @@ +@@ -673,7 +673,7 @@ /* must be an exact match */ /* note: regcomp doesn't recognize ^*keypad$ as a syntax error unless it is given as a single arg */ @@ -202,31 +198,31 @@ } --- src/main.c +++ src/main.c -@@ -375,12 +375,12 @@ - * used instead of failing to open a non-existant database in - * the home directory - */ -- (void) sprintf(path, "%s/%s", home, reffile); -+ (void) snprintf(path, sizeof(path), "%s/%s", home, reffile); - if (isuptodate == NO || access(path, READ) == 0) { - reffile = stralloc(path); -- (void) sprintf(path, "%s/%s", home, invname); -+ (void) snprintf(path, sizeof(path), "%s/%s", home, invname); - invname = stralloc(path); -- (void) sprintf(path, "%s/%s", home, invpost); -+ (void) snprintf(path, sizeof(path), "%s/%s", home, invpost); - invpost = stralloc(path); - } +@@ -389,12 +389,12 @@ + * used instead of failing to open a non-existant database in + * the home directory + */ +- sprintf(path, "%s/%s", home, reffile); ++ snprintf(path, sizeof(path), "%s/%s", home, reffile); + if (isuptodate == NO || access(path, READ) == 0) { + reffile = my_strdup(path); +- sprintf(path, "%s/%s", home, invname); ++ snprintf(path, sizeof(path), "%s/%s", home, invname); + invname = my_strdup(path); +- sprintf(path, "%s/%s", home, invpost); ++ snprintf(path, sizeof(path), "%s/%s", home, invpost); + invpost = my_strdup(path); } -@@ -715,7 +715,7 @@ + } +@@ -735,7 +735,7 @@ #else - char *msg = mymalloc(50+strlen(file)); + char *msg = mymalloc(50 + strlen(file)); -- (void) sprintf(msg, "Removed file %s because write failed", file); -+ (void) snprintf(msg, sizeof(msg), "Removed file %s because write failed", file); +- sprintf(msg, "Removed file %s because write failed", file); ++ snprintf(msg, sizeof(msg), "Removed file %s because write failed", file); #endif - myperror(msg); /* display the reason */ + myperror(msg); /* display the reason */ --- src/vpaccess.c +++ src/vpaccess.c @@ -49,7 +49,7 @@ ++++++ cscope-15.5-vpath.patch -> cscope-15.6-vpath.patch ++++++ ++++++ cscope-15.5.tar.bz2 -> cscope-15.6.tar.bz2 ++++++ ++++ 37122 lines of diff (skipped) ++++++ cscope-null.patch ++++++ --- /var/tmp/diff_new_pack.GfASUe/_old 2006-10-19 13:16:30.000000000 +0200 +++ /var/tmp/diff_new_pack.GfASUe/_new 2006-10-19 13:16:30.000000000 +0200 @@ -1,11 +1,11 @@ ---- cscope-15.5/src/mypopen.c.xx 2005-01-29 17:13:31.974965626 +0100 -+++ cscope-15.5/src/mypopen.c 2005-01-29 17:14:05.860938625 +0100 -@@ -156,7 +156,7 @@ - (void) fcntl(yourside, F_DUPFD, stdio); +--- cscope-15.6/src/mypopen.c ++++ cscope-15.6/src/mypopen.c +@@ -160,7 +160,7 @@ + fcntl(yourside, F_DUPFD, stdio); #endif - (void) close(yourside); -- (void) execlp(shell, mybasename(shell), "-c", cmd, 0); -+ (void) execlp(shell, mybasename(shell), "-c", cmd, NULL); + close(yourside); +- execlp(shell, mybasename(shell), "-c", cmd, (void *)0); ++ execlp(shell, mybasename(shell), "-c", cmd, NULL); _exit(1); } else if (pid > 0) tstat = signal(SIGTSTP, SIG_DFL); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@suse.de