diff --git a/expect-stty.patch b/expect-stty.patch new file mode 100644 index 0000000..230f506 --- /dev/null +++ b/expect-stty.patch @@ -0,0 +1,29 @@ +--- exp_tty.c ++++ exp_tty.c +@@ -497,7 +497,7 @@ + + /* if no result, make a crude one */ + if (0 == strcmp(Tcl_GetString(Tcl_GetObjResult(interp)),"")) { +- char buf [10]; ++ char buf [11]; + sprintf(buf,"%sraw %secho", + (was_raw?"":"-"), + (was_echo?"":"-")); +@@ -635,7 +635,7 @@ + return(TCL_ERROR); + } + if (cmd_is_stty) { +- char buf [10]; ++ char buf [11]; + sprintf(buf,"%sraw %secho", + (was_raw?"":"-"), + (was_echo?"":"-")); +@@ -699,7 +699,7 @@ + } + + if (cmd_is_stty) { +- char buf [10]; ++ char buf [11]; + sprintf(buf,"%sraw %secho", + (was_raw?"":"-"), + (was_echo?"":"-")); diff --git a/expect.changes b/expect.changes index 05f366f..632b475 100644 --- a/expect.changes +++ b/expect.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon May 25 16:30:18 CEST 2009 - max@suse.de + +- Fix buffer overflow in the "stty" command + (bnc#506873, bnc#501291). + ------------------------------------------------------------------- Tue Oct 14 18:31:49 CEST 2008 - max@suse.de diff --git a/expect.spec b/expect.spec index 3dd199a..1dc86d9 100644 --- a/expect.spec +++ b/expect.spec @@ -1,7 +1,7 @@ # # spec file for package expect (Version 5.44.1.11) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ Url: http://expect.nist.gov Name: expect BuildRequires: tcl-devel Version: 5.44.1.11 -Release: 1 +Release: 2 BuildRoot: %{_tmppath}/%{name}-%{version}-build Group: Development/Languages/Tcl License: Public Domain, Freeware @@ -32,6 +32,7 @@ Source: %{name}-%{version}.tar.bz2 Source1: expect-rpmlintrc Patch1: expect.patch Patch2: expect-fixes.patch +Patch3: expect-stty.patch %description Expect is a tool primarily for automating interactive applications, @@ -69,6 +70,7 @@ Authors: %setup -q %patch1 %patch2 +%patch3 %build autoreconf @@ -114,81 +116,3 @@ rm -rf %buildroot %doc %_mandir/man3/* %changelog -* Tue Oct 14 2008 max@suse.de -- Updagte to version 5.44.1.11 from CVS. The changes mainly consist - of our former expect-fixes.patch and expect-warnings.patch, plus - some more bug fixes, e.g. for the [expect -exact] crash reported - at bnc#427270 . -* Tue Oct 14 2008 meissner@suse.de -- fixed fortify implicits. -* Tue May 06 2008 aj@suse.de -- Add missing return values. -* Thu Apr 03 2008 max@suse.de -- Fixed swapped arguments in prototype of exp_cmd_init() -- Adjusted installation to the new Tcl file system layout -* Thu Mar 20 2008 max@suse.de -- Update to version 5.44.1.5 from CVS: - * Improved internal buffer management - * Ported script-level commands to the newer Tcl object API - * Optimized regular expression matching -- Split off a -devel subpackage -- Don't package the example subdir anymore. -- Fix all critical and part of the non-critical warnings that - show up with gcc 4.3. To be continued... -* Wed Jan 25 2006 mls@suse.de -- converted neededforbuild to BuildRequires -* Tue Dec 13 2005 max@suse.de -- Fixed a typo in tcl.m4 that broke configure with bash 3.1. -- Updated expect-CVS.patch.bz2 . -* Fri Sep 23 2005 ro@suse.de -- fix some missing declarations -* Tue Jun 14 2005 max@suse.de -- New version: 5.43 plus patch to current CVS head. -- Disabled building of the static library. -- Moved script library to /usr/share/tcl . -* Tue Jul 13 2004 max@suse.de -- New version: 5.41. -* Mon Mar 01 2004 max@suse.de -- Re-enabled the test suite and added expect-send_tty.patch to - prevent it from crashing. -* Fri Feb 27 2004 max@suse.de -- New version: 5.40 -- Fixed warnings that broke build (expect-warnings.patch). -- Temporarily disabled "make test" to prevent crashes in autobuild - on some architectures (ppc, s390). -* Fri Oct 31 2003 max@suse.de -- New version: 5.39 -- Buliding as non-root user -* Wed May 28 2003 ro@suse.de -- package include files and static lib as well -* Tue Jan 28 2003 max@suse.de -- Fixed path to /usr/bin/write in kibitz. -* Fri Jan 10 2003 max@suse.de -- Fixed a segfault case during application shutdown, and sent - the patch to the author. -* Tue Nov 26 2002 max@suse.de -- New version: 5.38 -- Don't build the expectk binary anymore to remove the buildtime - dependency on Tk and X. Scripts that needed to run in expectk - before can be fixed by running them in expect and adding a line - that says "package require Tk" before the first tk command - is executed. -* Mon Aug 19 2002 aj@suse.de -- Read all input from invoked program. -* Wed Apr 03 2002 max@suse.de -- Replaced autoreconf by autoconf because it breaks on - autoconf-2.53 and was overkill anyways. -* Wed Feb 20 2002 max@suse.de -- Fixed for lib64-s390x. -* Thu Jan 24 2002 max@suse.de -- Removed the mkpasswd manpage due to a file name conflict and - because the respective program is also not included. -* Fri Jan 18 2002 max@suse.de -- added tk to neededforbuild to prevent linking to static libtk - which is included in tcl-devel -* Fri Jan 18 2002 ro@suse.de -- fixed neededforbuild -* Thu Jan 17 2002 max@suse.de -- New version 5.34. -- Separated this package from the tcl source RPM, because it - doesn not any longer need the Tcl and Tk sources at hand.