rev 14648 - in krap/libmsn/trunk/debian: . patches
Pau Garcia i Quiles
pgquiles-guest at alioth.debian.org
Tue May 19 09:35:34 UTC 2009
Author: pgquiles-guest
Date: 2009-05-19 09:35:34 +0000 (Tue, 19 May 2009)
New Revision: 14648
Added:
krap/libmsn/trunk/debian/patches/
krap/libmsn/trunk/debian/patches/02-avoid_potential_buffer_overrun.diff
krap/libmsn/trunk/debian/patches/series
Modified:
krap/libmsn/trunk/debian/changelog
krap/libmsn/trunk/debian/control
krap/libmsn/trunk/debian/rules
Log:
Beta5
Modified: krap/libmsn/trunk/debian/changelog
===================================================================
--- krap/libmsn/trunk/debian/changelog 2009-05-18 17:57:00 UTC (rev 14647)
+++ krap/libmsn/trunk/debian/changelog 2009-05-19 09:35:34 UTC (rev 14648)
@@ -1,3 +1,16 @@
+libmsn (4.0~beta5-1) unstable; urgency=low
+
+ * New upstream beta release
+ * Move the -dbg package to the debug section
+ * Add patch from Ubuntu to fix potential buffer overflow
+ ( 02-avoid_potential_buffer_overrun.diff , LP 308060 )
+ * Add build-dependency on quilt, for the patch above
+ * Bump standards to 3.8.1 (no changes needed)
+ * Bump shlibs dependency to beta5, as this is the first version without
+ the potential buffer overflow
+
+ -- Pau Garcia i Quiles <pgquiles at elpauer.org> Mon, 18 May 2009 12:51:14 +0200
+
libmsn (4.0~beta4-1) unstable; urgency=low
* New upstream beta release
Modified: krap/libmsn/trunk/debian/control
===================================================================
--- krap/libmsn/trunk/debian/control 2009-05-18 17:57:00 UTC (rev 14647)
+++ krap/libmsn/trunk/debian/control 2009-05-19 09:35:34 UTC (rev 14648)
@@ -1,8 +1,8 @@
Source: libmsn
Priority: optional
Maintainer: Pau Garcia i Quiles <pgquiles at elpauer.org>
-Build-Depends: debhelper (>= 6.0.7), cmake, libssl-dev
-Standards-Version: 3.8.0.1
+Build-Depends: debhelper (>= 6.0.7), cmake, libssl-dev, quilt
+Standards-Version: 3.8.1
Section: libs
Homepage: http://libmsn.sourceforge.net
@@ -17,6 +17,7 @@
Package: libmsn0.1-dbg
Architecture: any
Priority: extra
+Section: debug
Depends: libmsn0.1 (= ${binary:Version})
Description: high-level C++ library for MSN Messenger [debug]
The libmsn library is a C++ library for Microsoft's MSN Messenger
Added: krap/libmsn/trunk/debian/patches/02-avoid_potential_buffer_overrun.diff
===================================================================
--- krap/libmsn/trunk/debian/patches/02-avoid_potential_buffer_overrun.diff (rev 0)
+++ krap/libmsn/trunk/debian/patches/02-avoid_potential_buffer_overrun.diff 2009-05-19 09:35:34 UTC (rev 14648)
@@ -0,0 +1,259 @@
+Description: fix potential overflows in XML parsing.
+Ubuntu: https://bugs.launchpad.net/bugs/308060
+
+Index: libmsn-4.0~beta4/msn/xmlParser.cpp
+===================================================================
+--- libmsn-4.0~beta4.orig/msn/xmlParser.cpp 2009-03-27 16:18:12.000000000 -0700
++++ libmsn-4.0~beta4/msn/xmlParser.cpp 2009-03-27 16:22:57.000000000 -0700
+@@ -302,7 +302,14 @@
+ int _tcsicmp(XMLCSTR c1, XMLCSTR c2) { return wcscasecmp(c1,c2); }
+ #endif
+ XMLSTR _tcsstr(XMLCSTR c1, XMLCSTR c2) { return (XMLSTR)wcsstr(c1,c2); }
+- XMLSTR _tcscpy(XMLSTR c1, XMLCSTR c2) { return (XMLSTR)wcscpy(c1,c2); }
++ XMLSTR _tcscpy(XMLSTR c1, XMLCSTR c2, int n) {
++ if (n<=0) {
++ return NULL;
++ }
++ XMLSTR result=(XMLSTR)wcsncpy(c1,c2,n);
++ result[n-1]=L'\0';
++ return result;
++ }
+ FILE *_tfopen(XMLCSTR filename,XMLCSTR mode)
+ {
+ char *filenameAscii=myWideCharToMultiByte(filename);
+@@ -319,7 +326,14 @@
+ int _tcsncmp(XMLCSTR c1, XMLCSTR c2, int l) { return strncmp(c1,c2,l);}
+ int _tcsicmp(XMLCSTR c1, XMLCSTR c2) { return strcasecmp(c1,c2); }
+ XMLSTR _tcsstr(XMLCSTR c1, XMLCSTR c2) { return (XMLSTR)strstr(c1,c2); }
+- XMLSTR _tcscpy(XMLSTR c1, XMLCSTR c2) { return (XMLSTR)strcpy(c1,c2); }
++ XMLSTR _tcscpy(XMLSTR c1, XMLCSTR c2, int n) {
++ if (n<=0) {
++ return NULL;
++ }
++ XMLSTR result=(XMLSTR)strncpy(c1,c2,n);
++ result[n-1]='\0';
++ return result;
++ }
+ #endif
+ int _strnicmp(const char *c1,const char *c2, int l) { return strncasecmp(c1,c2,l);}
+ #endif
+@@ -550,28 +564,39 @@
+ return lpszNew;
+ }
+
+-XMLSTR toXMLStringUnSafe(XMLSTR dest,XMLCSTR source)
++XMLSTR toXMLStringUnSafe(XMLSTR dest,XMLCSTR source,int length)
+ {
+ XMLSTR dd=dest;
+ XMLCHAR ch;
+ XMLCharacterEntity *entity;
+- while ((ch=*source))
++ while ((ch=*source) && length > 0)
+ {
+ entity=XMLEntities;
+ do
+ {
+- if (ch==entity->c) {_tcscpy(dest,entity->s); dest+=entity->l; source++; goto out_of_loop1; }
++ if (ch==entity->c)
++ {
++ _tcscpy(dest,entity->s,length);
++ dest+=entity->l;
++ length-=entity->l;
++ source++;
++ goto out_of_loop1;
++ }
+ entity++;
+ } while(entity->s);
++ if (length > 0)
++ {
+ #ifdef _XMLWIDECHAR
+- *(dest++)=*(source++);
++ *(dest++)=*(source++);
++ length--;
+ #else
+- switch(XML_ByteTable[(unsigned char)ch])
+- {
+- case 4: *(dest++)=*(source++);
+- case 3: *(dest++)=*(source++);
+- case 2: *(dest++)=*(source++);
+- case 1: *(dest++)=*(source++);
++ switch(XML_ByteTable[(unsigned char)ch])
++ {
++ case 4: *(dest++)=*(source++); length--; if (!length) break;
++ case 3: *(dest++)=*(source++); length--; if (!length) break;
++ case 2: *(dest++)=*(source++); length--; if (!length) break;
++ case 1: *(dest++)=*(source++); length--; if (!length) break;
++ }
+ }
+ #endif
+ out_of_loop1:
+@@ -612,7 +637,7 @@
+ {
+ int l=lengthXMLString(source)+1;
+ if (l>buflen) { buflen=l; buf=(XMLSTR)realloc(buf,l*sizeof(XMLCHAR)); }
+- return toXMLStringUnSafe(buf,source);
++ return toXMLStringUnSafe(buf,source,buflen);
+ }
+
+ // private:
+@@ -1708,7 +1733,7 @@
+ //
+ // This recurses through all subnodes then adds contents of the nodes to the
+ // string.
+-int XMLNode::CreateXMLStringR(XMLNodeData *pEntry, XMLSTR lpszMarker, int nFormat)
++int XMLNode::CreateXMLStringR(XMLNodeData *pEntry, XMLSTR lpszMarker, int length, int nFormat)
+ {
+ int nResult = 0;
+ int cb;
+@@ -1735,7 +1760,7 @@
+ nResult = cb;
+ lpszMarker[nResult++]=_T('<');
+ if (pEntry->isDeclaration) lpszMarker[nResult++]=_T('?');
+- _tcscpy(&lpszMarker[nResult], pEntry->lpszName);
++ _tcscpy(&lpszMarker[nResult], pEntry->lpszName, length-nResult);
+ nResult+=cbElement;
+ lpszMarker[nResult++]=_T(' ');
+
+@@ -1753,7 +1778,7 @@
+ cb = (int)LENSTR(pAttr->lpszName);
+ if (cb)
+ {
+- if (lpszMarker) _tcscpy(&lpszMarker[nResult], pAttr->lpszName);
++ if (lpszMarker) _tcscpy(&lpszMarker[nResult], pAttr->lpszName, length-nResult);
+ nResult += cb;
+ // "Attrib=Value "
+ if (pAttr->lpszValue)
+@@ -1763,7 +1788,7 @@
+ {
+ lpszMarker[nResult]=_T('=');
+ lpszMarker[nResult+1]=_T('"');
+- if (cb) toXMLStringUnSafe(&lpszMarker[nResult+2],pAttr->lpszValue);
++ if (cb) toXMLStringUnSafe(&lpszMarker[nResult+2],pAttr->lpszValue, length-(nResult+2));
+ lpszMarker[nResult+cb+2]=_T('"');
+ }
+ nResult+=cb+3;
+@@ -1827,13 +1852,13 @@
+ if (lpszMarker)
+ {
+ charmemset(&lpszMarker[nResult],INDENTCHAR,sizeof(XMLCHAR)*(nFormat + 1));
+- toXMLStringUnSafe(&lpszMarker[nResult+nFormat+1],pChild);
++ toXMLStringUnSafe(&lpszMarker[nResult+nFormat+1],pChild, length - (nResult + nFormat + 1));
+ lpszMarker[nResult+nFormat+1+cb]=_T('\n');
+ }
+ nResult+=cb+nFormat+2;
+ } else
+ {
+- if (lpszMarker) toXMLStringUnSafe(&lpszMarker[nResult], pChild);
++ if (lpszMarker) toXMLStringUnSafe(&lpszMarker[nResult], pChild, length - nResult);
+ nResult += cb;
+ }
+ }
+@@ -1853,13 +1878,13 @@
+ if (lpszMarker)
+ {
+ charmemset(&lpszMarker[nResult], INDENTCHAR, sizeof(XMLCHAR)*(nFormat + 1));
+- _tcscpy(&lpszMarker[nResult+nFormat+1], pChild->lpszOpenTag);
++ _tcscpy(&lpszMarker[nResult+nFormat+1], pChild->lpszOpenTag, length - (nResult + nFormat + 1));
+ }
+ nResult+=cb+nFormat+1;
+ }
+ else
+ {
+- if (lpszMarker)_tcscpy(&lpszMarker[nResult], pChild->lpszOpenTag);
++ if (lpszMarker)_tcscpy(&lpszMarker[nResult], pChild->lpszOpenTag, length - nResult);
+ nResult += cb;
+ }
+ }
+@@ -1868,7 +1893,7 @@
+ cb = (int)LENSTR(pChild->lpszValue);
+ if (cb)
+ {
+- if (lpszMarker) _tcscpy(&lpszMarker[nResult], pChild->lpszValue);
++ if (lpszMarker) _tcscpy(&lpszMarker[nResult], pChild->lpszValue, length - nResult);
+ nResult += cb;
+ }
+
+@@ -1876,7 +1901,7 @@
+ cb = (int)LENSTR(pChild->lpszCloseTag);
+ if (cb)
+ {
+- if (lpszMarker) _tcscpy(&lpszMarker[nResult], pChild->lpszCloseTag);
++ if (lpszMarker) _tcscpy(&lpszMarker[nResult], pChild->lpszCloseTag, length - nResult);
+ nResult += cb;
+ }
+
+@@ -1892,7 +1917,7 @@
+ case eNodeChild:
+ {
+ // Recursively add child nodes
+- nResult += CreateXMLStringR(pEntry->pChild[j>>2].d, lpszMarker ? lpszMarker + nResult : 0, nChildFormat);
++ nResult += CreateXMLStringR(pEntry->pChild[j>>2].d, lpszMarker ? lpszMarker + nResult : 0, lpszMarker ? length - nResult : 0, nChildFormat);
+ break;
+ }
+ default: break;
+@@ -1917,18 +1942,18 @@
+ }
+ }
+
+- _tcscpy(&lpszMarker[nResult], _T("</"));
++ _tcscpy(&lpszMarker[nResult], _T("</"), length - nResult);
+ nResult += 2;
+- _tcscpy(&lpszMarker[nResult], pEntry->lpszName);
++ _tcscpy(&lpszMarker[nResult], pEntry->lpszName, length - nResult);
+ nResult += cbElement;
+
+ if (nFormat == -1)
+ {
+- _tcscpy(&lpszMarker[nResult], _T(">"));
++ _tcscpy(&lpszMarker[nResult], _T(">"), length - nResult);
+ nResult++;
+ } else
+ {
+- _tcscpy(&lpszMarker[nResult], _T(">\n"));
++ _tcscpy(&lpszMarker[nResult], _T(">\n"), length - nResult);
+ nResult+=2;
+ }
+ } else
+@@ -1945,12 +1970,12 @@
+ {
+ if (nFormat == -1)
+ {
+- _tcscpy(&lpszMarker[nResult], _T("/>"));
++ _tcscpy(&lpszMarker[nResult], _T("/>"), length - nResult);
+ nResult += 2;
+ }
+ else
+ {
+- _tcscpy(&lpszMarker[nResult], _T("/>\n"));
++ _tcscpy(&lpszMarker[nResult], _T("/>\n"), length - nResult);
+ nResult += 3;
+ }
+ }
+@@ -1985,12 +2010,12 @@
+ // Recursively Calculate the size of the XML string
+ if (!dropWhiteSpace) nFormat=0;
+ nFormat = nFormat ? 0 : -1;
+- cbStr = CreateXMLStringR(d, 0, nFormat);
++ cbStr = CreateXMLStringR(d, 0, 0, nFormat);
+ assert(cbStr);
+ // Alllocate memory for the XML string + the NULL terminator and
+ // create the recursively XML string.
+ lpszResult=(XMLSTR)malloc((cbStr+1)*sizeof(XMLCHAR));
+- CreateXMLStringR(d, lpszResult, nFormat);
++ CreateXMLStringR(d, lpszResult, cbStr+1, nFormat);
+ if (pnSize) *pnSize = cbStr;
+ return lpszResult;
+ }
+Index: libmsn-4.0~beta4/msn/xmlParser.h
+===================================================================
+--- libmsn-4.0~beta4.orig/msn/xmlParser.h 2009-03-27 16:18:12.000000000 -0700
++++ libmsn-4.0~beta4/msn/xmlParser.h 2009-03-27 16:18:43.000000000 -0700
+@@ -447,7 +447,7 @@
+ XMLCSTR addText_priv(int,XMLSTR,int);
+ XMLClear *addClear_priv(int,XMLSTR,XMLCSTR,XMLCSTR,int);
+ static inline int findPosition(XMLNodeData *d, int index, XMLElementType xtype);
+- static int CreateXMLStringR(XMLNodeData *pEntry, XMLSTR lpszMarker, int nFormat);
++ static int CreateXMLStringR(XMLNodeData *pEntry, XMLSTR lpszMarker, int length, int nFormat);
+ static int removeOrderElement(XMLNodeData *d, XMLElementType t, int index);
+ static void exactMemory(XMLNodeData *d);
+ static int detachFromParent(XMLNodeData *d);
Added: krap/libmsn/trunk/debian/patches/series
===================================================================
--- krap/libmsn/trunk/debian/patches/series (rev 0)
+++ krap/libmsn/trunk/debian/patches/series 2009-05-19 09:35:34 UTC (rev 14648)
@@ -0,0 +1 @@
+02-avoid_potential_buffer_overrun.diff
Modified: krap/libmsn/trunk/debian/rules
===================================================================
--- krap/libmsn/trunk/debian/rules 2009-05-18 17:57:00 UTC (rev 14647)
+++ krap/libmsn/trunk/debian/rules 2009-05-19 09:35:34 UTC (rev 14648)
@@ -9,6 +9,8 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
+include /usr/share/quilt/quilt.make
+
builddir/CMakeCache.txt:
dh_testdir
mkdir -p builddir
@@ -22,7 +24,7 @@
build: build-stamp
-build-stamp: builddir/CMakeCache.txt
+build-stamp: patch builddir/CMakeCache.txt
dh_testdir
# Add here commands to compile the package.
@@ -30,7 +32,7 @@
touch $@
-clean:
+clean: unpatch
dh_testdir
dh_testroot
rm -f build-stamp
@@ -66,7 +68,7 @@
dh_strip --dbg-package=libmsn0.1-dbg
dh_compress
dh_fixperms
- dh_makeshlibs -plibmsn0.1 -V'libmsn0.1 (>=4.0~beta4)'
+ dh_makeshlibs -plibmsn0.1 -V'libmsn0.1 (>=4.0~beta5)'
dh_shlibdeps -a
dh_installdeb
dh_gencontrol
More information about the pkg-kde-commits
mailing list