OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/man?expand=0&rev=7

man-db-2.4.3-CVE-2006-4250.dif

@@ -0,0 +1,57 @@
+--- src/man.c
++++ src/man.c	2007-04-16 17:24:18.424390534 +0200
+@@ -1795,32 +1795,35 @@ static pipeline *make_browser (const cha
+ {
+ 	pipeline *p;
+ 	char *browser;
+-	int command_len = strlen (command) * 2 + strlen (file) + 1;
+ 	int found_percent_s = 0;
+ 	char *percent;
+ 	char *esc_file;
+ 
+-	browser = xmalloc (command_len + 1);
++	browser = xmalloc (1);
+ 	*browser = '\0';
+ 
+ 	percent = strchr (command, '%');
+ 	while (percent) {
++		size_t len = strlen (browser);
++		browser = xrealloc (browser, len + 1 + (percent - command));
+ 		strncat (browser, command, percent - command);
+ 		switch (*(percent + 1)) {
+ 			case '\0':
+ 			case '%':
+-				strcat (browser, "%");
++				browser = strappend (browser, "%", NULL);
+ 				break;
+ 			case 'c':
+-				strcat (browser, ":");
++				browser = strappend (browser, ":", NULL);
+ 				break;
+ 			case 's':
+ 				esc_file = escape_shell (file);
+-				strcat (browser, esc_file);
++				browser = strappend (browser, esc_file, NULL);
+ 				free (esc_file);
+ 				found_percent_s = 1;
+ 				break;
+ 			default:
++				len = strlen (browser); /* cannot be NULL */
++				browser = xrealloc (browser, len + 3);
+ 				strncat (browser, percent, 2);
+ 				break;
+ 		}
+@@ -1830,11 +1833,10 @@ static pipeline *make_browser (const cha
+ 			command = percent + 1;
+ 		percent = strchr (command, '%');
+ 	}
+-	strcat (browser, command);
++	browser = strappend (browser, command, NULL);
+ 	if (!found_percent_s) {
+-		strcat (browser, " ");
+ 		esc_file = escape_shell (file);
+-		strcat (browser, esc_file);
++		browser = strappend (browser, " ", esc_file, NULL);
+ 		free (esc_file);
+ 	}
+ 

man-db-2.4.3.dif

@@ -1,12 +1,13 @@
 --- .pkgextract
 +++ .pkgextract	2007-02-15 00:00:00.000000000 +0100
-@@ -0,0 +1,6 @@
+@@ -0,0 +1,7 @@
 +bzcat ../man-db-2.4.3-3.diff.bz2 | patch -p1 -s --suffix=.debian
 +patch -p0 -s --suffix=.groff  < ../man-db-2.3.19deb4.0-groff.dif
 +patch -p0 -s --suffix=.err    < ../man-db-2.4.1-error.dif
 +patch -p0 -s --suffix=.sect   < ../man-db-2.4.3-section.dif
 +patch -p0 -s --suffix=.secu2  < ../man-db-2.4.1-security2.dif
 +patch -p0 -s --suffix=.secu4  < ../man-db-2.4.1-security4.dif
++patch -p0 -s --suffix=.064250 < ../man-db-2.4.3-CVE-2006-4250.dif
 --- GNUmakefile.in
 +++ GNUmakefile.in	2007-02-15 00:00:00.000000000 +0100
 @@ -35,7 +35,7 @@

man.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue Apr 17 10:44:44 CEST 2007 - werner@suse.de
+
+- Fix heap buffer overflow (CVE-2006-4250, bug #262747)
+
 -------------------------------------------------------------------
 Mon Mar 26 11:38:22 CEST 2007 - rguenther@suse.de
 

man.spec

@@ -13,7 +13,7 @@
 Name:           man
 BuildRequires:  flex gdbm-devel groff less libbz2-devel libzio-devel zlib-devel
 Version:        2.4.3
-Release:        46
+Release:        48
 Summary:        A Program for Displaying man Pages
 License:        GNU General Public License (GPL)
 Group:          System/Base
@@ -32,6 +32,7 @@ Patch3:         man-db-2.4.1-error.dif
 Patch4:         man-db-%{version}-section.dif
 Patch5:         man-db-2.4.1-security2.dif
 Patch6:         man-db-2.4.1-security4.dif
+Patch7:         man-db-2.4.3-CVE-2006-4250.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -52,6 +53,7 @@ Authors:
 %patch4  -p0 -b .sect
 %patch5  -p0 -b .secu2
 %patch6  -p0 -b .secu4
+%patch7  -p0 -b .064250
 %patch   -p0
 
 %build
@@ -147,6 +149,8 @@ test -d var/catman/ && rm -rf var/catman/ || true
 /var/adm/fillup-templates/sysconfig.cron-man
 
 %changelog
+* Tue Apr 17 2007 - werner@suse.de
+- Fix heap buffer overflow (CVE-2006-4250, bug #262747)
 * Mon Mar 26 2007 - rguenther@suse.de
 - Add libbz2-devel and libzio-devel BuildRequires
 * Wed Mar 21 2007 - rguenther@suse.de