[packages/libPropList] - updated format-security patch to avoid overflows through environment variables - verbose lib, incl

qboosh qboosh at pld-linux.org
Sat Jan 18 23:24:28 CET 2014


commit a3f1bb5cec0b7ce2a9f106a6ba4fb6e0cc06717b
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date:   Sat Jan 18 23:25:35 2014 +0100

    - updated format-security patch to avoid overflows through environment variables
    - verbose lib, include files

 format-security.patch | 33 +++++++++++++++++++++++++++++----
 libPropList.spec      | 12 ++++++------
 2 files changed, 35 insertions(+), 10 deletions(-)
---
diff --git a/libPropList.spec b/libPropList.spec
index edb4391..e31b768 100644
--- a/libPropList.spec
+++ b/libPropList.spec
@@ -164,17 +164,17 @@ rm -rf $RPM_BUILD_ROOT
 %files
 %defattr(644,root,root,755)
 %doc AUTHORS ChangeLog NEWS README
-%attr(755,root,root) %{_libdir}/lib*.so.*.*
-%attr(755,root,root) %ghost %{_libdir}/lib*.so.0
+%attr(755,root,root) %{_libdir}/libPropList.so.*.*.*
+%attr(755,root,root) %ghost %{_libdir}/libPropList.so.0
 
 %files devel
 %defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/lib*.so
-%{_libdir}/lib*.la
-%{_includedir}/*.h
+%attr(755,root,root) %{_libdir}/libPropList.so
+%{_libdir}/libPropList.la
+%{_includedir}/proplist.h
 
 %if %{with static_libs}
 %files static
 %defattr(644,root,root,755)
-%{_libdir}/lib*.a
+%{_libdir}/libPropList.a
 %endif
diff --git a/format-security.patch b/format-security.patch
index f78e5be..594259b 100644
--- a/format-security.patch
+++ b/format-security.patch
@@ -1,6 +1,26 @@
---- libPropList-0.10.1/util.c.orig	2014-01-14 10:40:09.183601243 +0100
-+++ libPropList-0.10.1/util.c	2014-01-14 10:41:31.031533654 +0100
-@@ -213,15 +213,15 @@ char *MakeDefaultsFilename()
+--- libPropList-0.10.1/util.c.orig	1999-01-28 08:11:12.000000000 +0100
++++ libPropList-0.10.1/util.c	2014-01-18 23:22:10.186445054 +0100
+@@ -200,10 +200,17 @@ char *ManglePath(const char *path)
+       
+ char *MakeDefaultsFilename()
+ {
+-  char *env;
+-  char actual_filename[255];
++  char *env, *env2, *envh, *actual_filename, *ret;
++  size_t len;
+ 
+   env = (char *)getenv("GNUSTEP_USER_PATH");
++  env2 = (char *)getenv("GNUSTEP_DEFAULTS_FILE");
++  envh = (char *)getenv("HOME");
++
++  len = (env ? strlen(env) : (envh ? (strlen(envh) + 8) : 8)) + 1 + (env2 ? strlen(env2) : 8);
++
++  actual_filename = (char *)MyMalloc(__FILE__, __LINE__, len + 1);
++
+   if(!env)
+     {
+       env = (char *)getenv("HOME");
+@@ -213,17 +220,19 @@ char *MakeDefaultsFilename()
  	sprintf(actual_filename, "%s/GNUstep", env);
      }
    else
@@ -18,5 +38,10 @@
 -    sprintf(&(actual_filename[strlen(actual_filename)]), env);
 +    strcpy(&(actual_filename[strlen(actual_filename)]), env);
  
-   return ManglePath(actual_filename);
+-  return ManglePath(actual_filename);
++  ret = ManglePath(actual_filename);
++  MyFree(__FILE__, __LINE__, actual_filename);
++  return ret;
  }
+ 
+ BOOL LockFile(char *name)
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/libPropList.git/commitdiff/a3f1bb5cec0b7ce2a9f106a6ba4fb6e0cc06717b



More information about the pld-cvs-commit mailing list