Hello community, here is the log from the commit of package apache2-mod_fcgid for openSUSE:11.3 checked in at Thu Jul 28 00:21:44 CEST 2011. -------- --- old-versions/11.3/all/apache2-mod_fcgid/apache2-mod_fcgid.changes 2008-03-07 17:09:32.000000000 +0100 +++ 11.3/apache2-mod_fcgid/apache2-mod_fcgid.changes 2011-07-26 16:20:47.000000000 +0200 @@ -1,0 +2,7 @@ +Tue Jul 26 16:10:03 CEST 2011 - draht@suse.de + +- heap corruption/overwrite error by incorrect pointer arithmetics. + CVE-2010-3872, https://issues.apache.org/bugzilla/show_bug.cgi?id=49406 + (bnc#656092) + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.3/all/apache2-mod_fcgid Destination is old-versions/11.3/UPDATES/all/apache2-mod_fcgid calling whatdependson for 11.3-i586 New: ---- apache2-mod_fcgid-bucket.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache2-mod_fcgid.spec ++++++ --- /var/tmp/diff_new_pack.SXVs8E/_old 2011-07-28 00:18:58.000000000 +0200 +++ /var/tmp/diff_new_pack.SXVs8E/_new 2011-07-28 00:18:58.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package apache2-mod_fcgid (Version 2.2) +# spec file for package apache2-mod_fcgid # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,7 +25,7 @@ %define apache_mmn %(MMN=$(%{apxs} -q LIBEXECDIR)_MMN; test -x $MMN && $MMN) # Version: 2.2 -Release: 95 +Release: 101.<RELEASE2> # Group: Productivity/Networking/Web/Servers License: GPL v2 or later @@ -43,6 +43,7 @@ Source2: apache2-mod_fcgid.conf Patch0: mod_fcgid.2.1-warnings.patch Patch1: mod_fcgid.2.0-suse_paths.patch +Patch2: apache2-mod_fcgid-bucket.patch # Summary: Alternative FastCGI module for Apache2 @@ -70,6 +71,7 @@ %setup -n mod_fcgid.%{version} -a 1 %patch0 %patch1 +%patch2 -p0 %build # we dont need to pass the CFLAGS. apxs2 will do that. ++++++ apache2-mod_fcgid-bucket.patch ++++++ diff -ruN ../mod_fcgid.2.2-o/fcgid_bucket.c ./fcgid_bucket.c --- ../mod_fcgid.2.2-o/fcgid_bucket.c 2007-07-31 11:09:20.000000000 +0200 +++ ./fcgid_bucket.c 2011-07-26 16:07:08.000000000 +0200 @@ -83,7 +83,7 @@ /* Initialize header */ putsize = fcgid_min(bufferlen, sizeof(header) - hasread); - memcpy(&header + hasread, buffer, putsize); + memcpy((char*)(&header) + hasread, buffer, putsize); hasread += putsize; /* Ignore the bytes that have read */ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org