fix security bug

24 years ago · 30461ff215
2 changed files with 49 additions and 5 deletions
--- a/cvs/cvs.spec
+++ b/cvs/cvs.spec
@ -29,11 +29,11 @@
 %define       V_cvs2cl    2.38

 #   optional support for applying the RSE patches
-%ifndef rse_patches
-%define rse_patches no
+%ifndef       rse_patches
+%define       rse_patches no
 %endif
-%ifndef rse_patch_cvsuser_caller
-%define rse_patch_cvsuser_caller cvs
+%ifndef       rse_patch_cvsuser_caller
+%define       rse_patch_cvsuser_caller cvs
 %endif

 #   package information
@ -46,7 +46,7 @@ Distribution: OpenPKG [REL]
 Group:        CVS
 License:      GPL
 Version:      %{V_cvs}
-Release:      20020224
+Release:      20020312

 #   list of sources
 Source0:      http://www.cvshome.org/files/19/10/cvs-%{V_cvs}.tar.gz
@ -54,6 +54,7 @@ Source1:      ftp://riemann.iam.uni-bonn.de/pub/users/roessler/cvslock/cvslock-%
 Source2:      http://www.red-bean.com/cvs2cl/cvs2cl.pl
 Source3:      cvs.patches.rse
 Source4:      rc.cvs
+Patch0:       zlib.patch

 #   build information
 Prefix:       %{l_prefix}
@ -89,6 +90,9 @@ AutoReqProv:  no
 %prep
    %setup0 -q -c
    %setup1 -q -T -D -a 1
+    ( cd cvs-%{V_cvs}/zlib
+      %patch0 -p1
+    )
 %if "%{rse_patches}" == "yes"
    ( cd cvs-%{V_cvs} 
      cat %{SOURCE cvs.patches.rse} |\
--- a/cvs/zlib.patch
+++ b/cvs/zlib.patch
@ -0,0 +1,40 @@
+diff -u3 zlib-1.1.3/infblock.c zlib-1.1.4/infblock.c
+--- zlib-1.1.3/infblock.c	Mon Jun  8 19:06:16 1998
+++ zlib-1.1.4/infblock.c	Mon Mar 11 14:16:01 2002
+@@ -249,10 +249,12 @@
+                              &s->sub.trees.tb, s->hufts, z);
+       if (t != Z_OK)
+       {
+-        ZFREE(z, s->sub.trees.blens);
+         r = t;
+         if (r == Z_DATA_ERROR)
+        {
+          ZFREE(z, s->sub.trees.blens);
+           s->mode = BAD;
+        }
+         LEAVE
+       }
+       s->sub.trees.index = 0;
+@@ -313,11 +315,13 @@
+         t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f),
+                                   s->sub.trees.blens, &bl, &bd, &tl, &td,
+                                   s->hufts, z);
+-        ZFREE(z, s->sub.trees.blens);
+         if (t != Z_OK)
+         {
+           if (t == (uInt)Z_DATA_ERROR)
+          {
+            ZFREE(z, s->sub.trees.blens);
+             s->mode = BAD;
+          }
+           r = t;
+           LEAVE
+         }
+@@ -329,6 +333,7 @@
+         }
+         s->sub.decode.codes = c;
+       }
+      ZFREE(z, s->sub.trees.blens);
+       s->mode = CODES;
+     case CODES:
+       UPDATE