From ade6f519dc9ca5b69beb9798266c9b6db2b46c224bfff3b54d54cd4742de6f18 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Sat, 26 Sep 2009 22:11:58 +0000 Subject: [PATCH] Accepting request 1895 from home:maw:branches:GNOME:Factory Copy from IBS home:lrupp:branches:SUSE:Factory:Head/newt based on submit request 1895 from user lrupp OBS-URL: https://build.opensuse.org/request/show/1895 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/newt?expand=0&rev=14 --- newt-CVE-2009-2905.patch | 13 +++ newt.changes | 6 ++ newt.spec | 178 ++------------------------------------- 3 files changed, 24 insertions(+), 173 deletions(-) create mode 100644 newt-CVE-2009-2905.patch diff --git a/newt-CVE-2009-2905.patch b/newt-CVE-2009-2905.patch new file mode 100644 index 0000000..27505b5 --- /dev/null +++ b/newt-CVE-2009-2905.patch @@ -0,0 +1,13 @@ +Index: textbox.c +=================================================================== +--- textbox.c.orig ++++ textbox.c +@@ -179,7 +179,7 @@ static void doReflow(const char * text, + + if (resultPtr) { + /* XXX I think this will work */ +- result = malloc(strlen(text) + (strlen(text) / width) + 2); ++ result = malloc(strlen(text) + (strlen(text) / ( width - 1 )) + 2); + *result = '\0'; + } + diff --git a/newt.changes b/newt.changes index 573d2a7..5b7105b 100644 --- a/newt.changes +++ b/newt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Sep 23 10:17:40 CEST 2009 - lrupp@suse.de + +- fix heap-based buffer overflow in function doReflow in textbox.c + (fix bnc#540930 and CVE-2009-2905 : newt-CVE-2009-2905.patch) + ------------------------------------------------------------------- Mon Sep 1 12:48:05 CEST 2008 - lrupp@suse.de diff --git a/newt.spec b/newt.spec index ef6df92..6fb4bce 100644 --- a/newt.spec +++ b/newt.spec @@ -1,7 +1,7 @@ # # spec file for package newt (Version 0.52.10) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,12 +22,13 @@ Name: newt Url: https://fedorahosted.org/newt/ Summary: Nifty Erik's Windowing Toolkit Version: 0.52.10 -Release: 1 +Release: 8 %define soname 0_52 License: LGPL v2.1 or later Group: System/Libraries Source: %name-%version.tar.bz2 Source10: %name-rpmlintrc +Patch1: newt-CVE-2009-2905.patch Requires: libnewt%soname = %version BuildRequires: popt-devel python-devel slang-devel %if 0%{?suse_version} < 1020 @@ -148,7 +149,7 @@ Authors: Erik Troan %package -n python-newt -License: GPL v2 only; GPL v2 or later; LGPL v2.1 or later +License: GPL v2 only ; GPL v2 or later ; LGPL v2.1 or later Summary: Python bindings for newt Group: System/Libraries Requires: newt = %{version} @@ -168,6 +169,7 @@ Authors: %prep %setup -q +%patch1 -p0 %build # gpm support seems to smash the stack @@ -240,173 +242,3 @@ rm -rf %buildroot %{py_sitedir}/* %changelog -* Mon Sep 01 2008 lrupp@suse.de -- update to 0.52.10: - + added support for help - + added cusor on/off stuff -- rename newt-python to python-newt to follow the naming policy -* Thu Apr 10 2008 ro@suse.de -- added baselibs.conf file to build xxbit packages - for multilib support -* Mon Apr 07 2008 lrupp@suse.de -- update to 0.52.9: - + handle component destruction (patch by Richard W.M. Jones) - + fix newtWinEntry definition - + don't use uninitialized values in newtWinMenu - + remove workarounds for old bug in SLsmg_write_nstring - + improve SIGWINCH handling in form - + don't abort from whiptail gauge on SIGWINCH - + redisplay also last line - + update Polish translation - + enable slang utf8 mode (rh#425992) - + support --disable-nls option (patch by Natanael Copa) - + redraw screen when using entry in euc encodings -- removed upstreamed patches -- devel package should require poptd-, python- and slang-devel and - recommend the main package (not really needed) -- updated rpmlintrc -* Mon Dec 17 2007 lrupp@suse.de -- split libnewt0_52 to follow the shared library packaging policy -- build on older distributions -- build parallel -* Thu Oct 11 2007 lrupp@suse.de -- split python module to -python subpackage -- add back support for list of Entries in EntryWindow prompts in - snack (RH#248878) (newt-0.52.7-snack.patch) -- fix segfault in whiptail when no entry is selected in radiolist - (newt-0.52.7-whiptail.patch) -- fix handling of UTF-8 characters (#289291) - (newt-0.52.7-utf8.patch) -* Tue Sep 11 2007 cthiel@suse.de -- removed bogus Provides: snack (to avoid name clash with package snack) -* Tue Jun 26 2007 lrupp@suse.de -- update to 0.52.7: - + add support to snack for multiple selection and border in listbox - and cursorAtEnd in entry (patch by Shawn Starr) - + fix scrollbar positioning in listbox - + cope with backward system time jumps (RH#240691) - + free helplines and windows in newtFinished, check for overflow (RH#239992) -- remove included patches -- created doc package for tutorial (N#287087) -* Wed Jun 13 2007 lrupp@suse.de -- included patches from Miroslav Lichvar: - + fix cursor positioning when setting entry or checkbox flags - (newt-0.52.6-cursor.patch) - + fix counting of items in checkboxtree - (newt-0.52.6-countitems.patch) - + fix some memory leaks - (newt-0.52.6-memleaks.patch) - + fix entry scrolling (RH#234829) and - + fix multibyte character handling in entry - (newt-0.52.6-entry.patch) -- disable gpm-support - seems to smash the stack -- remove libbz2-1 from buildreq -- re-arange buildrequires -* Tue Jun 05 2007 ro@suse.de -- buildreq: libbz2 -> libbz2-1 -* Sun Apr 01 2007 lrupp@suse.de -- added distribution specfic parts for build service -- added libbz2 to BuildRequires for suse_version > 1020 -* Wed Mar 07 2007 lrupp@suse.de -- update to 0.52.6: - + add newtSetColor() to allow changing individual colors - + add newtPopWindowNoRefresh() (patch by Forest Bond) -- branched newt-static package containing static library -* Wed Feb 14 2007 lrupp@suse.de -- update to 0.52.5 - + provide option to change text of buttons (rh#126768) - + don't add escape key to hot keys by default (rh#216157) - + fix cursor position in checkboxtree, radio button and checkbox - + don't force monochrome terminals to output colors - + highlight active compact button on monochrome terminals - + update translations from debian -- removed unnecessary ldconfig call in devel package -- removed obsolete newt-0.52.4-if1close.patch -* Thu Dec 21 2006 lrupp@suse.de -- new upstream version 0.52.4: patches included upstream - + fix entry corruption when reading multibyte characters - and double width character handling - + avoid overflow/crash in scale -- makefile, configure and spec cleanup -- package whiptail.1 and locale files -* Fri Sep 22 2006 lrupp@suse.de -- fix build with python 2.5 (thanks to aj) -- useful fixes from RH bugzilla included: - * #137957 : fix screen corruption - * #81352 : fix help dialog - * #83203 : make textbox with scrollbar focusable - * #86074 : turn off cursor when entry terminated form - * #186053 : better handling of listbox and checkboxtree focus - * #187545 : be more color friendly to 8-color terminals - * #189981 : fix handling windows larger than screen size - * fix checkboxtree positioning - * unfocus when displaying help - * fix double width character handling in checkboxtree and listbox -* Tue May 09 2006 lrupp@suse.de -- add "Provides: snack" to specfile -- do not build whiptcl to avoid dependency on tcl (RH #177346) - (whiptcl is currently not used by anything) -- Apply patch by Bill Nottingham (thanks) to improve scrollbar appearance - (RH #174771) -- Fix a crash in checkboxtree.c (RH #165347) -- draw correct dialog sizes on the screen (see RH #185950) - applying - patch from Tomas Mraz (thanks) -* Wed Jan 25 2006 mls@suse.de -- converted neededforbuild to BuildRequires -* Mon Dec 12 2005 lrupp@suse.de -- new version 0.52.2 -- include whiptcl.so -* Thu Nov 10 2005 lrupp@suse.de -- only do gpmclose if gpmopen succeeed - (see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118530) -- include example files (peanuts.py, popcorn.py) in devel package -- use "-fPIC -Wall -fno-strict-aliasing" in CFLAGS -* Tue Sep 27 2005 mls@suse.de -- make devel package require base package -* Mon Jul 25 2005 lrupp@suse.de 0.51.6 -- use of %%run_ldconfig -* Fri Jun 17 2005 lrupp@suse.de 0.51.6 -- use more macros: fix build on 64bit -* Fri Jun 17 2005 lrupp@suse.de 0.51.6 -- use $RPM_OPT_FLAGS -- delete /usr/lib/phyton in build to avoid errors from abuild - => we've a symlink to /usr/lib/python2.4 -* Thu Jun 16 2005 ro@suse.de -- fix files pagaged twice (real path and over symlink) -* Tue Feb 15 2005 ro@suse.de -- added python deps -* Mon Jan 24 2005 ro@suse.de -- fix lib64 build -* Tue Nov 30 2004 cwh@suse.de -- updated to 0.51.6 -* Wed Jun 02 2004 ro@suse.de -- get rid of some compiler warnings -* Thu Feb 26 2004 hmacht@suse.de -- building as non-root -* Tue Feb 24 2004 cwh@suse.de -- added soname link to package -* Mon Sep 15 2003 cwh@suse.de -- removed wrong "Provides: snack" from spec-file -* Thu Aug 21 2003 ro@suse.de -- expand filelist -- fix lib64 issues -* Wed Aug 20 2003 cwh@suse.de -- fixed to compile with tcl8.4 -* Tue Jan 16 2001 schwab@suse.de -- Fix missing -fPIC in Makefile. -- Fix use of varargs. -* Wed Nov 29 2000 ro@suse.de -- changed neededforbuild to -* Wed Nov 29 2000 smid@suse.cz -- subpackage renamed: newtd => newt-devel -* Fri Nov 24 2000 ro@suse.de -- fixes for 2.0-python -* Sun Oct 29 2000 kukuk@suse.de -- Add python-devel to need for build -* Mon May 22 2000 smid@suse.cz -- fixed to compile with tcl8.3 -* Wed May 10 2000 nadvornik@suse.cz -- update to 0.50.8 -- added BuildRoot -* Mon Jan 17 2000 nashif@suse.de -- Initial Release ( Version 0.50)