Hello community,
here is the log from the commit of package enscript
checked in at Fri Oct 24 15:43:40 CEST 2008.
--------
--- enscript/enscript.changes 2008-07-15 18:26:03.000000000 +0200
+++ /mounts/work_src_done/STABLE/enscript/enscript.changes 2008-10-14 14:48:26.596193000 +0200
@@ -1,0 +2,5 @@
+Tue Oct 14 14:47:37 CEST 2008 - werner@suse.de
+
+- Avoid buffer overflow in setfilename (bnc#433756, CVE-2008-3863)
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
enscript-1.6.4-CVE-2008-3863.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ enscript.spec ++++++
--- /var/tmp/diff_new_pack.h31405/_old 2008-10-24 15:43:02.000000000 +0200
+++ /var/tmp/diff_new_pack.h31405/_new 2008-10-24 15:43:02.000000000 +0200
@@ -2,9 +2,16 @@
# spec file for package enscript (Version 1.6.4)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
@@ -20,7 +27,7 @@
PreReq: %install_info_prereq
AutoReqProv: on
Version: 1.6.4
-Release: 129
+Release: 151
Summary: An ASCII to PostScript(tm) Converter
Source: enscript-%{version}.tar.bz2
Source1: enscript-gs-font.map
@@ -29,6 +36,7 @@
Patch1: enscript-1.6.4-CAN-2004-1184.patch
Patch2: enscript-1.6.4-CAN-2004-1185.patch
Patch3: enscript-1.6.4-CAN-2004-1186.patch
+Patch4: enscript-1.6.4-CVE-2008-3863.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -37,6 +45,10 @@
The Enscript configuration file is in /etc/enscript.cfg.
+Warning: enscript is not able to convert complex unicode (UTF-8) text
+to PostScript. Only language text which can be converted from UTF-8 to
+latin encodings are supported with the help of a wrapper script. ~ ~
+
Authors:
@@ -48,6 +60,7 @@
%patch -P 1 -p 1 -b .CAN-2004-1184
%patch -P 2 -p 1 -b .CAN-2004-1185
%patch -P 3 -p 1 -b .CAN-2004-1186
+%patch -P 4 -p 0 -b .CVE-2008-3863
%patch
%build
@@ -111,6 +124,8 @@
%doc %{_infodir}/%{name}.info.gz
%changelog
+* Tue Oct 14 2008 werner@suse.de
+- Avoid buffer overflow in setfilename (bnc#433756, CVE-2008-3863)
* Tue Jul 15 2008 werner@suse.de
- Better workaround for UTF-8 files
* Sun Feb 24 2008 crrodriguez@suse.de
++++++ enscript-1.6.4-CVE-2008-3863.patch ++++++
--- src/psgen.c
+++ src/psgen.c 2008-10-09 17:01:49.438440979 +0200
@@ -24,6 +24,7 @@
* Boston, MA 02111-1307, USA.
*/
+#include