Home Esplora Aiuto
Accedi
openpkg
/
openpkg-packages
Segui 2
Vota 0
Forka 0
File Problemi 0 Pull Requests 0
Sfoglia il codice sorgente

fix security bug

Ralf S. Engelschall 24 anni fa
parent
b1595822b2
commit
30461ff215
2 ha cambiato i file con 49 aggiunte e 5 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 9 5
      cvs/cvs.spec
  2. 40 0
      cvs/zlib.patch

+ 9 - 5
cvs/cvs.spec
Vedi File 

@@ -29,11 +29,11 @@
 
 %define       V_cvs2cl    2.38
 
 
 #   optional support for applying the RSE patches
 
-%ifndef rse_patches
 
-%define rse_patches no
 
+%ifndef       rse_patches
 
+%define       rse_patches no
 
 %endif
 
-%ifndef rse_patch_cvsuser_caller
 
-%define rse_patch_cvsuser_caller cvs
 
+%ifndef       rse_patch_cvsuser_caller
 
+%define       rse_patch_cvsuser_caller cvs
 
 %endif
 
 
 #   package information
 
@@ -46,7 +46,7 @@ Distribution: OpenPKG [REL]
 
 Group:        CVS
 
 License:      GPL
 
 Version:      %{V_cvs}
 
-Release:      20020224
 
+Release:      20020312
 
 
 #   list of sources
 
 Source0:      http://www.cvshome.org/files/19/10/cvs-%{V_cvs}.tar.gz
 
@@ -54,6 +54,7 @@ Source1:      ftp://riemann.iam.uni-bonn.de/pub/users/roessler/cvslock/cvslock-%
 
 Source2:      http://www.red-bean.com/cvs2cl/cvs2cl.pl
 
 Source3:      cvs.patches.rse
 
 Source4:      rc.cvs
 
+Patch0:       zlib.patch
 
 
 #   build information
 
 Prefix:       %{l_prefix}
 
@@ -89,6 +90,9 @@ AutoReqProv:  no
 
 %prep
 
     %setup0 -q -c
 
     %setup1 -q -T -D -a 1
 
+    ( cd cvs-%{V_cvs}/zlib
 
+      %patch0 -p1
 
+    )
 
 %if "%{rse_patches}" == "yes"
 
     ( cd cvs-%{V_cvs} 
       cat %{SOURCE cvs.patches.rse} |\

+ 40 - 0
cvs/zlib.patch
Vedi File 

@@ -0,0 +1,40 @@
 
+diff -u3 zlib-1.1.3/infblock.c zlib-1.1.4/infblock.c
 
+--- zlib-1.1.3/infblock.c	Mon Jun  8 19:06:16 1998
 
++++ zlib-1.1.4/infblock.c	Mon Mar 11 14:16:01 2002
 
+@@ -249,10 +249,12 @@
 
+                              &s->sub.trees.tb, s->hufts, z);
 
+       if (t != Z_OK)
 
+       {
 
+-        ZFREE(z, s->sub.trees.blens);
 
+         r = t;
 
+         if (r == Z_DATA_ERROR)
 
++        {
 
++          ZFREE(z, s->sub.trees.blens);
 
+           s->mode = BAD;
 
++        }
 
+         LEAVE
 
+       }
 
+       s->sub.trees.index = 0;
 
+@@ -313,11 +315,13 @@
 
+         t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f),
 
+                                   s->sub.trees.blens, &bl, &bd, &tl, &td,
 
+                                   s->hufts, z);
 
+-        ZFREE(z, s->sub.trees.blens);
 
+         if (t != Z_OK)
 
+         {
 
+           if (t == (uInt)Z_DATA_ERROR)
 
++          {
 
++            ZFREE(z, s->sub.trees.blens);
 
+             s->mode = BAD;
 
++          }
 
+           r = t;
 
+           LEAVE
 
+         }
 
+@@ -329,6 +333,7 @@
 
+         }
 
+         s->sub.decode.codes = c;
 
+       }
 
++      ZFREE(z, s->sub.trees.blens);
 
+       s->mode = CODES;
 
+     case CODES:
 
+       UPDATE