[Pkg-voip-commits] r2844 - in openser/trunk/debian: . patches

Julien Blache jblache at alioth.debian.org
Tue Dec 26 22:21:40 CET 2006 

Author: jblache
Date: 2006-12-26 22:21:40 +0100 (Tue, 26 Dec 2006)
New Revision: 2844

Added:
   openser/trunk/debian/patches/22_OpenPKG-SA-2006.042.dpatch
Modified:
   openser/trunk/debian/changelog
   openser/trunk/debian/patches/00list
Log:
Add security fix for OpenPKG-SA-2006.042


Modified: openser/trunk/debian/changelog
===================================================================
--- openser/trunk/debian/changelog	2006-12-26 12:57:40 UTC (rev 2843)
+++ openser/trunk/debian/changelog	2006-12-26 21:21:40 UTC (rev 2844)
@@ -1,8 +1,9 @@
-openser (1.1.0-8) UNRELEASED; urgency=low
+openser (1.1.0-8) unstable; urgency=high
 
-  * NOT RELEASED YET
+  * debian/patches/22_OpenPKG-SA-2006.042.dpatch:
+    + Added; security fix for OpenPKG-SA-2006.042 (closes: #404591).
 
- -- Julien BLACHE <jblache at debian.org>  Fri,  3 Nov 2006 13:50:27 +0100
+ -- Julien BLACHE <jblache at debian.org>  Tue, 26 Dec 2006 22:13:26 +0100
 
 openser (1.1.0-7) unstable; urgency=low
 

Modified: openser/trunk/debian/patches/00list
===================================================================
--- openser/trunk/debian/patches/00list	2006-12-26 12:57:40 UTC (rev 2843)
+++ openser/trunk/debian/patches/00list	2006-12-26 21:21:40 UTC (rev 2844)
@@ -5,4 +5,5 @@
 12_fail_on_build_failure
 20_pdt_domains.c_lockfix
 21_arm_register_overlap
+22_OpenPKG-SA-2006.042
 

Added: openser/trunk/debian/patches/22_OpenPKG-SA-2006.042.dpatch
===================================================================
--- openser/trunk/debian/patches/22_OpenPKG-SA-2006.042.dpatch	2006-12-26 12:57:40 UTC (rev 2843)
+++ openser/trunk/debian/patches/22_OpenPKG-SA-2006.042.dpatch	2006-12-26 21:21:40 UTC (rev 2844)
@@ -0,0 +1,34 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 22_OpenPKG-SA-2006.042.dpatch by  <jblache at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Security fix for OpenPKG-SA-2006.042
+
+ at DPATCH@
+diff -urNad openser-1.1.0~/modules/permissions/parse_config.c openser-1.1.0/modules/permissions/parse_config.c
+--- openser-1.1.0~/modules/permissions/parse_config.c	2005-06-13 18:47:43.000000000 +0200
++++ openser-1.1.0/modules/permissions/parse_config.c	2006-12-26 22:11:53.681528074 +0100
+@@ -111,8 +111,11 @@
+ 	except = strstr(str, " EXCEPT ");
+ 	if (except) {
+ 		/* exception found */
+-		strncpy(str2, str, except-str);
+-		str2[except-str] = '\0';
++		int l = except - str;
++		if (l > sizeof(str2) - 1)
++			l = sizeof(str2) - 1;
++		strncpy(str2, str, l);
++		str2[l] = '\0';
+ 		/* except+8 points to the exception */
+ 		if (parse_expression_list(except+8, e_exceptions)) {
+ 			/* error */
+@@ -121,7 +124,8 @@
+ 		}
+ 	} else {
+ 		/* no exception */
+-		strcpy(str2, str);
++		strncpy(str2, str, sizeof(str2)-1);
++		str2[sizeof(str2)-1] = '\0';
+ 		*e_exceptions = NULL;
+ 	}
+ 	


Property changes on: openser/trunk/debian/patches/22_OpenPKG-SA-2006.042.dpatch
___________________________________________________________________
Name: svn:executable
   + *

More information about the Pkg-voip-commits mailing list