Hello community, here is the log from the commit of package rpm checked in at Fri Nov 28 16:19:34 CET 2008. -------- --- rpm/rpm.changes 2008-11-28 14:47:17.000000000 +0100 +++ rpm/rpm.changes 2008-11-28 15:24:07.000000000 +0100 @@ -1,0 +2,7 @@ +Fri Nov 28 15:15:10 CET 2008 - dmueller@suse.de + +- fix build +- fix stack based buffer overflow in filelist parsing (bnc#397006) +- add macros for update messages and update scripts + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- rpm-filelist-bufferoverflow.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rpm-python.spec ++++++ --- /var/tmp/diff_new_pack.e28663/_old 2008-11-28 16:19:04.000000000 +0100 +++ /var/tmp/diff_new_pack.e28663/_new 2008-11-28 16:19:04.000000000 +0100 @@ -24,7 +24,7 @@ Group: System/Packages Summary: Python Bindings for Manipulating RPM Packages Version: 4.4.2.3 -Release: 18 +Release: 19 Requires: rpm = %{version} %py_requires Source99: rpm.spec ++++++ rpm.spec ++++++ --- /var/tmp/diff_new_pack.e28663/_old 2008-11-28 16:19:04.000000000 +0100 +++ /var/tmp/diff_new_pack.e28663/_new 2008-11-28 16:19:04.000000000 +0100 @@ -27,7 +27,7 @@ AutoReqProv: on Summary: The RPM Package Manager Version: 4.4.2.3 -Release: 18 +Release: 19 Source: rpm-%{version}.tar.bz2 Source1: RPM-HOWTO.tar.bz2 Source2: RPM-Tips.html.tar.bz2 @@ -96,6 +96,7 @@ Patch63: finddebuginfo-absolute-links.diff Patch64: firmware.diff Patch65: specfilemacro.diff +Patch66: rpm-filelist-bufferoverflow.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build # # avoid bootstrapping problem @@ -179,7 +180,7 @@ %patch -P 30 -P 31 -P 32 -P 33 -P 34 -P 35 -P 36 -P 37 -P 38 -P 39 %patch -P 40 -P 41 -P 42 -P 43 -P 44 -P 45 -P 46 -P 47 -P 48 -P 49 %patch -P 50 -P 51 -P 52 -P 53 -P 54 -P 55 -P 56 -P 57 -P 58 -P 59 -%patch -P 60 -P 61 -P 62 -P 63 -P 64 -P 65 +%patch -P 60 -P 61 -P 62 -P 63 -P 64 -P 65 -P 66 chmod 755 scripts/find-supplements{,.ksyms} chmod 755 scripts/find-provides.ksyms scripts/find-requires.ksyms chmod 755 scripts/firmware.prov @@ -329,7 +330,7 @@ License: LGPL v2.1 or later Group: System/Libraries Version: 1.7 -Release: 466 +Release: 467 # %description -n popt @@ -352,7 +353,7 @@ License: LGPL v2.1 or later Group: System/Libraries Version: 1.7 -Release: 466 +Release: 467 Requires: popt = 1.7 Requires: glibc-devel @@ -387,6 +388,10 @@ %doc %{_mandir}/man3/popt.3* %changelog +* Fri Nov 28 2008 dmueller@suse.de +- fix build +- fix stack based buffer overflow in filelist parsing (bnc#397006) +- add macros for update messages and update scripts * Fri Nov 28 2008 mls@suse.de - disable debug package requires for now, they cause more harm than benefits ++++++ finddebuginfo-absolute-links.diff ++++++ --- /var/tmp/diff_new_pack.e28663/_old 2008-11-28 16:19:04.000000000 +0100 +++ /var/tmp/diff_new_pack.e28663/_new 2008-11-28 16:19:04.000000000 +0100 @@ -12,8 +12,8 @@ Index: b/scripts/find-debuginfo.sh =================================================================== ---- a/scripts/find-debuginfo.sh -+++ b/scripts/find-debuginfo.sh +--- scripts/find-debuginfo.sh ++++ scripts/find-debuginfo.sh @@ -123,7 +123,17 @@ debug_link() local l="/usr/lib/debug$2" local t="$1" ++++++ rpm-filelist-bufferoverflow.diff ++++++ --- build/files.c +++ build/files.c @@ -2053,7 +2053,8 @@ static int processPackageFiles(Spec spec, Package pkg, continue; fileName = NULL; /*@-nullpass@*/ /* LCL: buf is NULL ?!? */ - strcpy(buf, s); + strncpy(buf, s, sizeof(buf)-1); + buf[sizeof(buf)-1] = '\0'; /*@=nullpass@*/ /* Reset for a new line in %files */ ++++++ rpm-suse_macros ++++++ --- /var/tmp/diff_new_pack.e28663/_old 2008-11-28 16:19:06.000000000 +0100 +++ /var/tmp/diff_new_pack.e28663/_new 2008-11-28 16:19:06.000000000 +0100 @@ -366,6 +366,11 @@ %cflags_profile_generate -fprofile-generate %cflags_profile_feedback -fprofile-use +%suse_install_update_message() \ + install -D -m 644 %1 %buildroot/var/adm/update-messages/%{name}-%{version}-%{release}-%(basename %1).txt +%suse_install_update_script() \ + install -D -m 755 %1 %buildroot/var/adm/update-scripts/%{name}-%{version}-%{release}-%(basename %1).txt + # Template for lang sub-package. %lang_package(n:) \ %package %{-n:-n %{-n*}-}lang \ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org