[Pkg-voip-commits] r2844 - in openser/trunk/debian: . patches
Julien Blache
jblache at alioth.debian.org
Tue Dec 26 22:21:40 CET 2006
Author: jblache
Date: 2006-12-26 22:21:40 +0100 (Tue, 26 Dec 2006)
New Revision: 2844
Added:
openser/trunk/debian/patches/22_OpenPKG-SA-2006.042.dpatch
Modified:
openser/trunk/debian/changelog
openser/trunk/debian/patches/00list
Log:
Add security fix for OpenPKG-SA-2006.042
Modified: openser/trunk/debian/changelog
===================================================================
--- openser/trunk/debian/changelog 2006-12-26 12:57:40 UTC (rev 2843)
+++ openser/trunk/debian/changelog 2006-12-26 21:21:40 UTC (rev 2844)
@@ -1,8 +1,9 @@
-openser (1.1.0-8) UNRELEASED; urgency=low
+openser (1.1.0-8) unstable; urgency=high
- * NOT RELEASED YET
+ * debian/patches/22_OpenPKG-SA-2006.042.dpatch:
+ + Added; security fix for OpenPKG-SA-2006.042 (closes: #404591).
- -- Julien BLACHE <jblache at debian.org> Fri, 3 Nov 2006 13:50:27 +0100
+ -- Julien BLACHE <jblache at debian.org> Tue, 26 Dec 2006 22:13:26 +0100
openser (1.1.0-7) unstable; urgency=low
Modified: openser/trunk/debian/patches/00list
===================================================================
--- openser/trunk/debian/patches/00list 2006-12-26 12:57:40 UTC (rev 2843)
+++ openser/trunk/debian/patches/00list 2006-12-26 21:21:40 UTC (rev 2844)
@@ -5,4 +5,5 @@
12_fail_on_build_failure
20_pdt_domains.c_lockfix
21_arm_register_overlap
+22_OpenPKG-SA-2006.042
Added: openser/trunk/debian/patches/22_OpenPKG-SA-2006.042.dpatch
===================================================================
--- openser/trunk/debian/patches/22_OpenPKG-SA-2006.042.dpatch 2006-12-26 12:57:40 UTC (rev 2843)
+++ openser/trunk/debian/patches/22_OpenPKG-SA-2006.042.dpatch 2006-12-26 21:21:40 UTC (rev 2844)
@@ -0,0 +1,34 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 22_OpenPKG-SA-2006.042.dpatch by <jblache at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Security fix for OpenPKG-SA-2006.042
+
+ at DPATCH@
+diff -urNad openser-1.1.0~/modules/permissions/parse_config.c openser-1.1.0/modules/permissions/parse_config.c
+--- openser-1.1.0~/modules/permissions/parse_config.c 2005-06-13 18:47:43.000000000 +0200
++++ openser-1.1.0/modules/permissions/parse_config.c 2006-12-26 22:11:53.681528074 +0100
+@@ -111,8 +111,11 @@
+ except = strstr(str, " EXCEPT ");
+ if (except) {
+ /* exception found */
+- strncpy(str2, str, except-str);
+- str2[except-str] = '\0';
++ int l = except - str;
++ if (l > sizeof(str2) - 1)
++ l = sizeof(str2) - 1;
++ strncpy(str2, str, l);
++ str2[l] = '\0';
+ /* except+8 points to the exception */
+ if (parse_expression_list(except+8, e_exceptions)) {
+ /* error */
+@@ -121,7 +124,8 @@
+ }
+ } else {
+ /* no exception */
+- strcpy(str2, str);
++ strncpy(str2, str, sizeof(str2)-1);
++ str2[sizeof(str2)-1] = '\0';
+ *e_exceptions = NULL;
+ }
+
Property changes on: openser/trunk/debian/patches/22_OpenPKG-SA-2006.042.dpatch
___________________________________________________________________
Name: svn:executable
+ *
More information about the Pkg-voip-commits
mailing list