Hello community, here is the log from the commit of package sarg checked in at Tue Sep 9 22:20:47 CEST 2008. -------- --- sarg/sarg.changes 2008-04-24 16:11:01.000000000 +0200 +++ /mounts/work_src_done/STABLE/sarg/sarg.changes 2008-09-09 11:47:34.528476000 +0200 @@ -1,0 +2,5 @@ +Tue Sep 9 11:46:57 CEST 2008 - kssingvo@suse.de + +- fix for buffer check assertion in make_index (bnc#416077) + +------------------------------------------------------------------- New: ---- sarg-2.2.5-year_assertion.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sarg.spec ++++++ --- /var/tmp/diff_new_pack.lJ8487/_old 2008-09-09 22:19:59.000000000 +0200 +++ /var/tmp/diff_new_pack.lJ8487/_new 2008-09-09 22:19:59.000000000 +0200 @@ -2,9 +2,16 @@ # spec file for package sarg (Version 2.2.5) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -14,7 +21,7 @@ Name: sarg Summary: Squid Analysis Report Generator Version: 2.2.5 -Release: 17 +Release: 43 License: GPL v2 or later Url: http://sarg.sourceforge.net/sarg.php Group: Productivity/Networking/Web/Utilities @@ -41,6 +48,7 @@ Patch5: sarg-2.2.5-enlarge_log_buffer.patch Patch6: sarg-2.2.5-limit_sprintf.patch Patch7: sarg-2.2.5-limit_useragent_sprintf.patch +Patch8: sarg-2.2.5-year_assertion.patch %description Sarg -- Squid Analysis Report Generator is a tool that allows you to @@ -105,6 +113,7 @@ %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 %build %{?suse_update_config:%{suse_update_config -f cfgaux}} @@ -174,6 +183,8 @@ %doc CONTRIBUTORS COPYING ChangeLog DONATIONS LICENSE README %changelog +* Tue Sep 09 2008 kssingvo@suse.de +- fix for buffer check assertion in make_index (bnc#416077) * Thu Apr 24 2008 kssingvo@suse.de - fix for buffer size in log.c: fun[] CVE-2008-??? - fix for sprintf() calls through use of snprintf() calls CVE-2008-??? ++++++ sarg-2.2.5-year_assertion.patch ++++++ --- sarg-2.2.5/index.c.orig 2008-09-08 20:12:37.000000000 +0200 +++ sarg-2.2.5/index.c 2008-09-09 11:36:24.000000000 +0200 @@ -167,6 +167,7 @@ void make_index() dirp = opendir(outdir); while ((direntp = readdir( dirp )) != NULL) { + char *p; if(strcmp(IndexTree,"date") == 0) { if(strlen(direntp->d_name) > 4 || !isdigit(direntp->d_name[0]) && !isdigit(direntp->d_name[1])) continue; fprintf(fp_tmp,"%s %s\n",direntp->d_name,get_size(outdir,direntp->d_name)); @@ -194,8 +195,9 @@ void make_index() getword(mon,sizeof(mon),html,' '); getword(day,sizeof(day),html,' '); getword(hour,sizeof(hour),html,' '); - getword(year,sizeof(year),html,' '); - getword(year,sizeof(year),html,' '); + p = strchr(html, ' '); + if (!p) p = html; + getword(year,sizeof(year),p,' '); strcpy(html,hour); getword(h,sizeof(h),html,':'); getword(m,sizeof(m),html,':'); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org