[Frugalware-darcs] frugalware-0.6: gftp-2.0.18-3terminus1-i686

voroskoi voroskoi at frugalware.org
Mon Sep 17 20:39:54 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070917182741-dd049-875463f00693051308e70ab6d5bb1f7bde8d644e.gz;

[gftp-2.0.18-3terminus1-i686
voroskoi <voroskoi at frugalware.org>**20070917182741
 secfix relbump, closes #2368
] {
addfile ./source/xapps/gftp/CVE-2007-3961-3962.patch
hunk ./source/xapps/gftp/CVE-2007-3961-3962.patch 1
+--- lib/fsplib/fsplib.h
++++ lib/fsplib/fsplib.h
+@@ -1,6 +1,7 @@
+ #ifndef _FSPLIB_H
+ #define _FSPLIB_H 1
+ #include <time.h>
++#include <stddef.h>
+ /* The FSP v2 protocol support library - public interface */
+ 
+ /*
+@@ -138,6 +139,12 @@
+ 		      unsigned int pos;          /* position of next packet */
+ } FSP_FILE;
+ 
++
++typedef union dirent_workaround {
++      struct dirent dirent;
++      char fill[offsetof (struct dirent, d_name) + MAXNAMLEN + 1];
++} dirent_workaround;
++ 
+ /* function prototypes */
+ 
+ /* session management */
+
+--- lib/fsplib/fsplib.c
++++ lib/fsplib/fsplib.c
+@@ -612,7 +612,7 @@
+     entry->d_reclen = fentry.reclen;
+     strncpy(entry->d_name,fentry.name,MAXNAMLEN);
+ 
+-    if (fentry.namlen > MAXNAMLEN)
++    if (fentry.namlen >= MAXNAMLEN)
+     {
+ 	entry->d_name[MAXNAMLEN + 1 ] = '\0';
+ #ifdef HAVE_NAMLEN
+@@ -681,7 +681,7 @@
+        dir->dirpos += 9;
+        /* read file name */
+        entry->name[255 + 1] = '\0';
+-       strncpy(entry->name,(char *)( dir->data + dir->dirpos ),MAXNAMLEN);
++       strncpy(entry->name,(char *)( dir->data + dir->dirpos ),255);
+        namelen = strlen( (char *) dir->data+dir->dirpos);
+        /* skip over file name */
+        dir->dirpos += namelen +1;
+@@ -709,12 +709,12 @@
+ 
+ struct dirent * fsp_readdir(FSP_DIR *dirp)
+ {
+-    static struct dirent entry;
++    static dirent_workaround entry;
+     struct dirent *result;
+     
+     
+     if (dirp == NULL) return NULL;
+-    if ( fsp_readdir_r(dirp,&entry,&result) )
++    if ( fsp_readdir_r(dirp,&entry.dirent,&result) )
+         return NULL;
+     else
+         return result;
hunk ./source/xapps/gftp/FrugalBuild 7
-pkgrel=2
+pkgrel=3terminus1
hunk ./source/xapps/gftp/FrugalBuild 17
-	01-$pkgname-$pkgver-hu.patch)
+	01-$pkgname-$pkgver-hu.patch \
+	CVE-2007-3961-3962.patch)
hunk ./source/xapps/gftp/FrugalBuild 21
-          '667a81f4c0cc8c4092b74b5b1a05a5e682911ee7')
+          '667a81f4c0cc8c4092b74b5b1a05a5e682911ee7' \
+          'b09a6505107afe4e0f9153a01d33741bbbb53d4e')
hunk ./source/xapps/gftp/FrugalBuild 25
-	Fcd
-	Fpatch 00-$pkgname-$pkgver-menu-file.patch || return 1
-	Fpatch 01-$pkgname-$pkgver-hu.patch || return 1
+	Fpatchall
hunk ./source/xapps/gftp/FrugalBuild 34
-
}


More information about the Frugalware-darcs mailing list