pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/time/pcal Security fix for CAN-2004-1289.
details: https://anonhg.NetBSD.org/pkgsrc/rev/9c93aea1579f
branches: trunk
changeset: 490819:9c93aea1579f
user: salo <salo%pkgsrc.org@localhost>
date: Sun Mar 20 21:34:17 2005 +0000
description:
Security fix for CAN-2004-1289.
"Multiple buffer overflows in the getline function in pcalutil.c and the
get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers
to execute arbitrary code via a crafted calendar file."
Partial patch from Debian. Bump PKGREVISION.
diffstat:
time/pcal/Makefile | 3 ++-
time/pcal/distinfo | 4 +++-
time/pcal/patches/patch-af | 13 +++++++++++++
time/pcal/patches/patch-ag | 15 +++++++++++++++
4 files changed, 33 insertions(+), 2 deletions(-)
diffs (64 lines):
diff -r 46a305d7c0a8 -r 9c93aea1579f time/pcal/Makefile
--- a/time/pcal/Makefile Sun Mar 20 21:29:05 2005 +0000
+++ b/time/pcal/Makefile Sun Mar 20 21:34:17 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.6 2004/12/03 15:15:11 wiz Exp $
+# $NetBSD: Makefile,v 1.7 2005/03/20 21:34:17 salo Exp $
#
DISTNAME= pcal-4.7
+PKGREVISION= 1
CATEGORIES= time
MASTER_SITES= http://membled.com/work/mirror/pcal/
EXTRACT_SUFX= .tar.bz2
diff -r 46a305d7c0a8 -r 9c93aea1579f time/pcal/distinfo
--- a/time/pcal/distinfo Sun Mar 20 21:29:05 2005 +0000
+++ b/time/pcal/distinfo Sun Mar 20 21:34:17 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2005/02/23 19:14:55 wiz Exp $
+$NetBSD: distinfo,v 1.5 2005/03/20 21:34:17 salo Exp $
SHA1 (pcal-4.7.tar.bz2) = 4604067da16b7674630eb4d8894406b885e85d89
RMD160 (pcal-4.7.tar.bz2) = d0b5380da2bbf94c5c5824f3355b583abba593bc
@@ -8,3 +8,5 @@
SHA1 (patch-ac) = ab1eee4e3441268255d4bbc2d043db74d3eac2ae
SHA1 (patch-ad) = ffd8b00dbb716df55be4a7e17f4637dad86bcd1f
SHA1 (patch-ae) = 34ae04ae56d096b1b2294114428dc1f29af83701
+SHA1 (patch-af) = 59f064df3fa9441c22be91c1e6dd12c7ffef3a08
+SHA1 (patch-ag) = 34c442b33d47f51e4f6e82f966446a717ceb64a1
diff -r 46a305d7c0a8 -r 9c93aea1579f time/pcal/patches/patch-af
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/time/pcal/patches/patch-af Sun Mar 20 21:34:17 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-af,v 1.1 2005/03/20 21:34:17 salo Exp $
+
+--- pcalutil.c.orig 2000-02-09 17:06:23.000000000 +0100
++++ pcalutil.c 2005-03-20 22:26:14.000000000 +0100
+@@ -1111,6 +1111,8 @@
+ else
+ ungetc(c2, fp);
+ }
++ /* Don't overflow the buffer */
++ if ( (cp - tmpbuf) < (LINSIZ -1))
+ *cp++ = c;
+ }
+
diff -r 46a305d7c0a8 -r 9c93aea1579f time/pcal/patches/patch-ag
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/time/pcal/patches/patch-ag Sun Mar 20 21:34:17 2005 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ag,v 1.1 2005/03/20 21:34:17 salo Exp $
+
+--- readfile.c.orig 2000-02-09 17:06:23.000000000 +0100
++++ readfile.c 2005-03-20 22:18:17.000000000 +0100
+@@ -1300,8 +1300,9 @@
+ {
+ KWD_H *p;
+ char tmp[STRSIZ];
++ memset(tmp,'\0',sizeof(tmp));
+
+- strcpy(tmp, cp); /* make copy without any trailing '*' */
++ strncpy(tmp, cp,sizeof(tmp)-1); /* make copy without any trailing '*' */
+ if (LASTCHAR(tmp) == '*')
+ LASTCHAR(tmp) = '\0';
+
Home |
Main Index |
Thread Index |
Old Index