From 303a24e7170b9ea5c0b7765979d210cdbb4dfe7b0af586b180d2e55d47bde5e5 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Tue, 17 Apr 2007 10:54:22 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/man?expand=0&rev=7 --- man-db-2.4.3-CVE-2006-4250.dif | 57 ++++++++++++++++++++++++++++++++++ man-db-2.4.3.dif | 3 +- man.changes | 5 +++ man.spec | 6 +++- 4 files changed, 69 insertions(+), 2 deletions(-) create mode 100644 man-db-2.4.3-CVE-2006-4250.dif diff --git a/man-db-2.4.3-CVE-2006-4250.dif b/man-db-2.4.3-CVE-2006-4250.dif new file mode 100644 index 0000000..22c90a1 --- /dev/null +++ b/man-db-2.4.3-CVE-2006-4250.dif @@ -0,0 +1,57 @@ +--- src/man.c ++++ src/man.c 2007-04-16 17:24:18.424390534 +0200 +@@ -1795,32 +1795,35 @@ static pipeline *make_browser (const cha + { + pipeline *p; + char *browser; +- int command_len = strlen (command) * 2 + strlen (file) + 1; + int found_percent_s = 0; + char *percent; + char *esc_file; + +- browser = xmalloc (command_len + 1); ++ browser = xmalloc (1); + *browser = '\0'; + + percent = strchr (command, '%'); + while (percent) { ++ size_t len = strlen (browser); ++ browser = xrealloc (browser, len + 1 + (percent - command)); + strncat (browser, command, percent - command); + switch (*(percent + 1)) { + case '\0': + case '%': +- strcat (browser, "%"); ++ browser = strappend (browser, "%", NULL); + break; + case 'c': +- strcat (browser, ":"); ++ browser = strappend (browser, ":", NULL); + break; + case 's': + esc_file = escape_shell (file); +- strcat (browser, esc_file); ++ browser = strappend (browser, esc_file, NULL); + free (esc_file); + found_percent_s = 1; + break; + default: ++ len = strlen (browser); /* cannot be NULL */ ++ browser = xrealloc (browser, len + 3); + strncat (browser, percent, 2); + break; + } +@@ -1830,11 +1833,10 @@ static pipeline *make_browser (const cha + command = percent + 1; + percent = strchr (command, '%'); + } +- strcat (browser, command); ++ browser = strappend (browser, command, NULL); + if (!found_percent_s) { +- strcat (browser, " "); + esc_file = escape_shell (file); +- strcat (browser, esc_file); ++ browser = strappend (browser, " ", esc_file, NULL); + free (esc_file); + } + diff --git a/man-db-2.4.3.dif b/man-db-2.4.3.dif index 58b56bd..1a14902 100644 --- a/man-db-2.4.3.dif +++ b/man-db-2.4.3.dif @@ -1,12 +1,13 @@ --- .pkgextract +++ .pkgextract 2007-02-15 00:00:00.000000000 +0100 -@@ -0,0 +1,6 @@ +@@ -0,0 +1,7 @@ +bzcat ../man-db-2.4.3-3.diff.bz2 | patch -p1 -s --suffix=.debian +patch -p0 -s --suffix=.groff < ../man-db-2.3.19deb4.0-groff.dif +patch -p0 -s --suffix=.err < ../man-db-2.4.1-error.dif +patch -p0 -s --suffix=.sect < ../man-db-2.4.3-section.dif +patch -p0 -s --suffix=.secu2 < ../man-db-2.4.1-security2.dif +patch -p0 -s --suffix=.secu4 < ../man-db-2.4.1-security4.dif ++patch -p0 -s --suffix=.064250 < ../man-db-2.4.3-CVE-2006-4250.dif --- GNUmakefile.in +++ GNUmakefile.in 2007-02-15 00:00:00.000000000 +0100 @@ -35,7 +35,7 @@ diff --git a/man.changes b/man.changes index f03381f..7860e5a 100644 --- a/man.changes +++ b/man.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Apr 17 10:44:44 CEST 2007 - werner@suse.de + +- Fix heap buffer overflow (CVE-2006-4250, bug #262747) + ------------------------------------------------------------------- Mon Mar 26 11:38:22 CEST 2007 - rguenther@suse.de diff --git a/man.spec b/man.spec index 4244b75..b9ddc39 100644 --- a/man.spec +++ b/man.spec @@ -13,7 +13,7 @@ Name: man BuildRequires: flex gdbm-devel groff less libbz2-devel libzio-devel zlib-devel Version: 2.4.3 -Release: 46 +Release: 48 Summary: A Program for Displaying man Pages License: GNU General Public License (GPL) Group: System/Base @@ -32,6 +32,7 @@ Patch3: man-db-2.4.1-error.dif Patch4: man-db-%{version}-section.dif Patch5: man-db-2.4.1-security2.dif Patch6: man-db-2.4.1-security4.dif +Patch7: man-db-2.4.3-CVE-2006-4250.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -52,6 +53,7 @@ Authors: %patch4 -p0 -b .sect %patch5 -p0 -b .secu2 %patch6 -p0 -b .secu4 +%patch7 -p0 -b .064250 %patch -p0 %build @@ -147,6 +149,8 @@ test -d var/catman/ && rm -rf var/catman/ || true /var/adm/fillup-templates/sysconfig.cron-man %changelog +* Tue Apr 17 2007 - werner@suse.de +- Fix heap buffer overflow (CVE-2006-4250, bug #262747) * Mon Mar 26 2007 - rguenther@suse.de - Add libbz2-devel and libzio-devel BuildRequires * Wed Mar 21 2007 - rguenther@suse.de