Hello community,
here is the log from the commit of package pcp
checked in at Wed Oct 8 12:06:24 CEST 2008.
--------
--- pcp/pcp.changes 2008-08-29 00:19:32.000000000 +0200
+++ /mounts/work_src_done/STABLE/pcp/pcp.changes 2008-10-07 16:42:32.000000000 +0200
@@ -1,0 +2,5 @@
+Tue Oct 7 16:42:23 CEST 2008 - kukuk@suse.de
+
+- Fix possible buffer overflow
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
pcp-2.5.0-buffer-overflow.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pcp.spec ++++++
--- /var/tmp/diff_new_pack.W29877/_old 2008-10-08 12:00:23.000000000 +0200
+++ /var/tmp/diff_new_pack.W29877/_new 2008-10-08 12:00:23.000000000 +0200
@@ -21,7 +21,7 @@
Name: pcp
BuildRequires: bison flex gcc-c++ ncurses-devel procps
Version: 2.5.0
-Release: 116
+Release: 125
Summary: Performance Co-Pilot (system-level performance monitoring)
License: GPL v2 or later
Url: http://oss.sgi.com/projects/pcp
@@ -32,6 +32,7 @@
Patch2: pcp-%{version}-rpmlint.diff
Patch3: pcp-gcc43.patch
Patch4: pcp-init.patch
+Patch5: pcp-2.5.0-buffer-overflow.diff
PreReq: %insserv_prereq %fillup_prereq permissions
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -68,6 +69,7 @@
%patch2 -p1
%patch3
%patch4
+%patch5
%build
%{suse_update_config -f}
@@ -257,6 +259,8 @@
exit 0
%changelog
+* Tue Oct 07 2008 kukuk@suse.de
+- Fix possible buffer overflow
* Fri Aug 29 2008 cthiel@suse.de
- fix init scripts
* Wed Dec 05 2007 ro@suse.de
++++++ pcp-2.5.0-buffer-overflow.diff ++++++
--- src/pmdas/linux/proc_pid.c
+++ src/pmdas/linux/proc_pid.c 2008/10/07 14:37:46
@@ -153,7 +153,7 @@
sprintf(buf, "/proc/%d/cmdline", pidlist[i]);
if ((fd = open(buf, O_RDONLY)) >= 0) {
sprintf(buf, "%06d ", pidlist[i]);
- if ((k = read(fd, buf+7, sizeof(buf))) > 0) {
+ if ((k = read(fd, buf+7, sizeof(buf)-7)) > 0) {
/* Remove NULL terminators from cmdline string array */
/* Added by Mike Mason