Hello community, here is the log from the commit of package obex-data-server checked in at Wed Sep 17 01:44:23 CEST 2008. -------- --- obex-data-server/obex-data-server.changes 2008-07-03 10:15:50.000000000 +0200 +++ /mounts/work_users/ro/STABLE/obex-data-server/obex-data-server.changes 2008-09-17 01:36:00.787894000 +0200 @@ -1,0 +2,6 @@ +Wed Sep 17 01:35:18 CEST 2008 - ro@suse.de + +- adapt CVE diff to bluez-4: function name back to original + len paramer now also in sdp_extract_pdu + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ obex-data-server.spec ++++++ --- /var/tmp/diff_new_pack.As2331/_old 2008-09-17 01:44:13.000000000 +0200 +++ /var/tmp/diff_new_pack.As2331/_new 2008-09-17 01:44:13.000000000 +0200 @@ -2,9 +2,16 @@ # spec file for package obex-data-server (Version 0.3.2) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -15,7 +22,7 @@ BuildRequires: dbus-1-glib-devel openobex-devel Url: http://www.bluez.org Version: 0.3.2 -Release: 1 +Release: 26 Summary: Obex DBus API License: GPL v2 or later Group: Hardware/Mobile @@ -63,6 +70,9 @@ %doc AUTHORS COPYING INSTALL ChangeLog dbus-api.txt NEWS README %changelog +* Wed Sep 17 2008 ro@suse.de +- adapt CVE diff to bluez-4: function name back to original + len paramer now also in sdp_extract_pdu * Thu Jul 03 2008 tpatzig@suse.de - update to v0.3.2 * Reduce compiler warnings ++++++ obex-server-bluez-libs-CVE-2008-2374.diff ++++++ --- /var/tmp/diff_new_pack.As2331/_old 2008-09-17 01:44:13.000000000 +0200 +++ /var/tmp/diff_new_pack.As2331/_new 2008-09-17 01:44:13.000000000 +0200 @@ -9,7 +9,7 @@ } - sdp_record = sdp_extract_pdu ((uint8_t *)record_array->data, &scanned); -+ sdp_record = sdp_extract_pdu_safe((uint8_t *)record_array->data, record_array->len, &scanned); ++ sdp_record = sdp_extract_pdu ((uint8_t *)record_array->data, record_array->len, &scanned); /* get channel for this service */ if (sdp_get_access_protos (sdp_record, &protos) != 0) { ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org