Hello community, here is the log from the commit of package obex-data-server checked in at Tue Jul 15 20:52:04 CEST 2008. -------- --- obex-data-server/obex-data-server.changes 2008-05-27 18:57:50.000000000 +0200 +++ obex-data-server/obex-data-server.changes 2008-07-03 10:15:50.000000000 +0200 @@ -1,0 +2,26 @@ +Thu Jul 3 10:14:11 CEST 2008 - tpatzig@suse.de + +- update to v0.3.2 + * Reduce compiler warnings + * Fix ServerSession Accept/Reject + * Use different FTP UUID for some Nokia devices + * Don't try to remove service record when it is not registered + * Check OBEX Target header for FTP sessions + * Disable FTP specific commands when OPP is used + * Use UTF-8 filenames in folder listing objects + * Improve OBEX error reporting + * Fix crashers on exit + * Portability fixes + * Check connection ID for FTP session + * Send empty Name header when using ChangeCurrentFolderToRoot + * Don't try to access memory regions that were already freed + Also fixes a long-standing segfault issue + + +------------------------------------------------------------------- +Wed Jul 2 21:23:34 CEST 2008 - seife@suse.de + +- added patch to adopt to API change in bluez libs caused by + CVE-2008-2374 (bnc #404963) + +------------------------------------------------------------------- Old: ---- obex-data-server-0.3.tar.bz2 New: ---- obex-data-server-0.3.2.tar.bz2 obex-server-bluez-libs-CVE-2008-2374.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ obex-data-server.spec ++++++ --- /var/tmp/diff_new_pack.H10353/_old 2008-07-15 20:51:43.000000000 +0200 +++ /var/tmp/diff_new_pack.H10353/_new 2008-07-15 20:51:43.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package obex-data-server (Version 0.3) +# spec file for package obex-data-server (Version 0.3.2) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -14,14 +14,15 @@ Name: obex-data-server BuildRequires: dbus-1-glib-devel openobex-devel Url: http://www.bluez.org -Version: 0.3 -Release: 22 +Version: 0.3.2 +Release: 1 Summary: Obex DBus API License: GPL v2 or later Group: Hardware/Mobile AutoReqProv: on # PATCH-FIX-UPSTREAM obex-data-server-unbreak-file-uris.patch bnc391820 rodrigo@novell.com Patch: obex-data-server-unbreak-file-uris.patch +Patch2: obex-server-bluez-libs-CVE-2008-2374.diff Source: %{name}-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build %define prefix /usr @@ -39,6 +40,7 @@ %prep %setup -q %patch -p1 +%patch2 -p1 %build CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" ./configure --prefix=%_prefix --with-dbus-dir=/usr/share/dbus-1 @@ -61,6 +63,25 @@ %doc AUTHORS COPYING INSTALL ChangeLog dbus-api.txt NEWS README %changelog +* Thu Jul 03 2008 tpatzig@suse.de +- update to v0.3.2 + * Reduce compiler warnings + * Fix ServerSession Accept/Reject + * Use different FTP UUID for some Nokia devices + * Don't try to remove service record when it is not registered + * Check OBEX Target header for FTP sessions + * Disable FTP specific commands when OPP is used + * Use UTF-8 filenames in folder listing objects + * Improve OBEX error reporting + * Fix crashers on exit + * Portability fixes + * Check connection ID for FTP session + * Send empty Name header when using ChangeCurrentFolderToRoot + * Don't try to access memory regions that were already freed + Also fixes a long-standing segfault issue +* Wed Jul 02 2008 seife@suse.de +- added patch to adopt to API change in bluez libs caused by + CVE-2008-2374 (bnc #404963) * Tue May 27 2008 rodrigo@suse.de - Added obex-data-server-unbreak-file-uris.patch to remove the file:// prefix from URIs, since those are not supported (bnc#391820) ++++++ obex-data-server-0.3.tar.bz2 -> obex-data-server-0.3.2.tar.bz2 ++++++ ++++ 2461 lines of diff (skipped) ++++++ obex-server-bluez-libs-CVE-2008-2374.diff ++++++ Index: obex-data-server-0.3/src/ods-bluez.c =================================================================== --- obex-data-server-0.3.orig/src/ods-bluez.c +++ obex-data-server-0.3/src/ods-bluez.c @@ -310,11 +310,11 @@ get_remote_service_record_cb (DBusGProxy g_set_error (&error, ODS_ERROR, ODS_ERROR_NOT_SUPPORTED, "Remote device does not provide requested service"); goto err; } - sdp_record = sdp_extract_pdu ((uint8_t *)record_array->data, &scanned); + sdp_record = sdp_extract_pdu_safe((uint8_t *)record_array->data, record_array->len, &scanned); /* get channel for this service */ if (sdp_get_access_protos (sdp_record, &protos) != 0) { g_set_error (&error, ODS_ERROR, ODS_ERROR_FAILED, "Could not get service channel"); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de