![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package rekall checked in at Tue Jan 15 08:58:57 CET 2008. -------- --- KDE/rekall/rekall.changes 2007-12-11 11:21:16.000000000 +0100 +++ /mounts/work_src_done/STABLE/rekall/rekall.changes 2008-01-14 13:36:32.000000000 +0100 @@ -1,0 +2,5 @@ +Mon Jan 14 13:36:19 CET 2008 - dmueller@suse.de + +- fix possible overflows in strcat() + +------------------------------------------------------------------- New: ---- rekall-xbsql-overflows.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rekall.spec ++++++ --- /var/tmp/diff_new_pack.p25729/_old 2008-01-15 08:58:28.000000000 +0100 +++ /var/tmp/diff_new_pack.p25729/_new 2008-01-15 08:58:28.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package rekall (Version 2.4.6) # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -18,7 +18,7 @@ Group: Productivity/Databases/Clients Summary: Universal Database Application Version: 2.4.6 -Release: 1 +Release: 10 %define rversion %version Requires: kdelibs3 >= %( echo `rpm -q --queryformat '%{VERSION}' kdelibs3`) Requires: %name-database-backend = %version @@ -38,6 +38,7 @@ Patch6: fix-desktop-file-location.diff Patch7: libsuffix-support.diff Patch9: rekall-flex-glibc27.diff +Patch10: rekall-xbsql-overflows.diff %description Rekall is a programmable personal database management system (DBMS). It @@ -138,6 +139,7 @@ %patch5 %patch7 %patch9 +%patch10 %build . /etc/opt/kde3/common_options @@ -266,6 +268,8 @@ /opt/kde3/share/apps/rekall/examples %changelog +* Mon Jan 14 2008 - dmueller@suse.de +- fix possible overflows in strcat() * Tue Dec 11 2007 - dmueller@suse.de - update to 2.4.6: * various patches upstreamed ++++++ rekall-xbsql-overflows.diff ++++++ --- support/xbsql/xb_fieldset.cpp +++ support/xbsql/xb_fieldset.cpp @@ -72,8 +72,8 @@ XBSQL::Index char buff[255] ; strncpy (buff, tabname, sizeof(buff)) ; - strncat (buff, "_", sizeof(buff)) ; - strncat (buff, getFieldName(fldno), sizeof(buff)) ; + strncat (buff, "_", sizeof(buff)-strlen(buff)-1) ; + strncat (buff, getFieldName(fldno), sizeof(buff)-strlen(buff)-1) ; const char *path = xbase->getPath (buff, "ndx") ; int fd = open (path, O_RDONLY) ; --- support/xbsql/xbsql.cpp +++ support/xbsql/xbsql.cpp @@ -379,8 +379,8 @@ bool XBaseSQL::createTable xbNdx ndxFile (&dbfFile) ; strncpy (name, table, sizeof(name)) ; - strncat (name, "_", sizeof(name)) ; - strncat (name, schema[idx].FieldName, sizeof(name)) ; + strncat (name, "_", sizeof(name)-strlen(name)-1) ; + strncat (name, schema[idx].FieldName, sizeof(name)-strlen(name)-1) ; path = getPath (name, "ndx") ; idxflag = index[idx] == XBSQL::IndexUnique ? @@ -482,8 +482,8 @@ XBSQLTable *XBaseSQL::openTable char name[256] ; strncpy (name, table, sizeof(name)) ; - strncat (name, "_", sizeof(name)) ; - strncat (name, fSet.getFieldName (idx), sizeof(name)) ; + strncat (name, "_", sizeof(name)-strlen(name)-1) ; + strncat (name, fSet.getFieldName (idx), sizeof(name)-strlen(name)-1) ; path = getPath (name, "ndx") ; if (access(path, R_OK) == 0) @@ -880,11 +880,11 @@ bool XBaseSQL::renameTable const char *fname = fSet.getFieldName (idx) ; strncpy (_oldName, oldName, sizeof(_oldName)) ; - strncat (_oldName, "_", sizeof(_oldName)) ; - strncat (_oldName, fname, sizeof(_oldName)) ; + strncat (_oldName, "_", sizeof(_oldName)-strlen(_oldName)-1) ; + strncat (_oldName, fname, sizeof(_oldName)-strlen(_oldName)-1) ; strncpy (_newName, newName, sizeof(_newName)) ; - strncat (_newName, "_", sizeof(_newName)) ; - strncat (_newName, fname, sizeof(_newName)) ; + strncat (_newName, "_", sizeof(_newName)-strlen(_newName)-1) ; + strncat (_newName, fname, sizeof(_newName)-strlen(_newName)-1) ; oldAnon = getPath (_oldName, "ndx") ; newAnon = getPath (_newName, "ndx") ; @@ -959,8 +959,8 @@ bool XBaseSQL::dropTable const char *fname = fSet.getFieldName (idx) ; strncpy (_idxName, table, sizeof(_idxName)) ; - strncat (_idxName, "_", sizeof(_idxName)) ; - strncat (_idxName, fname, sizeof(_idxName)) ; + strncat (_idxName, "_", sizeof(_idxName)-strlen(_idxName)-1) ; + strncat (_idxName, fname, sizeof(_idxName)-strlen(_idxName)-1) ; tabAnon = getPath (_idxName, "ndx") ; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de