[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: documentation/4242: cvs patch for 3.7 Release



The following reply was made to PR documentation/4242; it has been noted by GNATS.

From: sebastian_(_dot_)_rother_(_at_)_jpberlin_(_dot_)_de
To: miket03_(_at_)_yahoo_(_dot_)_com
Cc: gnats_(_at_)_openbsd_(_dot_)_org
Subject: Re: documentation/4242: cvs patch for 3.7 Release
Date: Mon, 6 Jun 2005 20:03:34 +0200 (CEST)

 >>Number:         4242
 >>Category:       documentation
 >>Synopsis:       cvs patch for 3.7 Release
 >>Confidential:   yes
 >>Severity:       non-critical
 >>Priority:       medium
 >>Responsible:    bugs
 >>State:          open
 >>Quarter:
 >>Keywords:
 >>Date-Required:
 >>Class:          doc-bug
 >>Submitter-Id:   net
 >>Arrival-Date:   Mon Jun 06 11:30:02 GMT 2005
 >>Closed-Date:
 >>Last-Modified:
 >>Originator:     Mike
 >>Release:        3_7_BASE
 >>Organization:
 > net
 >>Environment:
 >
 > 	System      : OpenBSD 3.7
 > 	Architecture: OpenBSD.i386
 > 	Machine     : i386
 >>Description:
 > 	plus html says:
 > 	Fix potential security issues in GNU cvs(1) client (CAN-2005-0753).
 > 	A source code patch is available.
 >
 > 	but errata.html says:
 > 	There are no security patches for 3.7 at this time.
 >
 >>How-To-Repeat:
 > 	View above files.
 >>Fix:
 >
 > cvs patch (3.7 diff plus edited paste from the 3.6 patch):
 >
 > Apply by doing:
 > 	cd /usr/src
 > 	patch -p0 < 001_cvs.patch
 >
 > And then rebuild and install cvs:
 > 	cd gnu/usr.bin/cvs
 > 	make -f Makefile.bsd-wrapper obj
 > 	make -f Makefile.bsd-wrapper
 > 	make -f Makefile.bsd-wrapper install
 >
 >
 > Index: gnu/usr.bin/cvs/src/login.c
 > ===================================================================
 > RCS file: /cvs/src/gnu/usr.bin/cvs/src/login.c,v
 > retrieving revision 1.2
 > retrieving revision 1.2.12.1
 > diff -u -r1.2 -r1.2.12.1
 > --- gnu/usr.bin/cvs/src/login.c	20 Apr 2002 04:22:11 -0000	1.2
 > +++ gnu/usr.bin/cvs/src/login.c	23 May 2005 06:37:21 -0000	1.2.12.1
 > @@ -133,7 +133,7 @@
 >
 >  	if (isspace(*(linebuf + 1)))
 >  	    /* special case since strtoul ignores leading white space */
 > -	    entry_version = 0;
 > +	    q = linebuf + 1;
 >  	else
 >  	    entry_version = strtoul (linebuf + 1, &q, 10);
 >
 > Index: gnu/usr.bin/cvs/src/patch.c
 > ===================================================================
 > RCS file: /cvs/src/gnu/usr.bin/cvs/src/patch.c,v
 > retrieving revision 1.14
 > retrieving revision 1.14.16.1
 > diff -u -r1.14 -r1.14.16.1
 > --- gnu/usr.bin/cvs/src/patch.c	28 Sep 2001 23:26:33 -0000	1.14
 > +++ gnu/usr.bin/cvs/src/patch.c	23 May 2005 06:37:21 -0000	1.14.16.1
 > @@ -375,6 +375,7 @@
 >      struct utimbuf t;
 >      char *vers_tag, *vers_head;
 >      char *rcs = NULL;
 > +    char *rcs_orig = NULL;
 >      RCSNode *rcsfile;
 >      FILE *fp1, *fp2, *fp3;
 >      int ret = 0;
 > @@ -404,7 +405,7 @@
 >      if ((rcsfile->flags & VALID) && (rcsfile->flags & INATTIC))
 >  	isattic = 1;
 >
 > -    rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
 > +    rcs_orig = rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) +
 > 5);
 >      (void) sprintf (rcs, "%s%s", finfo->file, RCSEXT);
 >
 >      /* if vers_head is NULL, may have been removed from the release */
 > @@ -743,8 +744,8 @@
 >  	free (vers_tag);
 >      if (vers_head != NULL)
 >  	free (vers_head);
 > -    if (rcs != NULL)
 > -	free (rcs);
 > +    if (rcs_orig)
 > +	free (rcs_orig);
 >      return (ret);
 >  }
 >
 > Index: gnu/usr.bin/cvs/src/rcs.c
 > ===================================================================
 > RCS file: /cvs/src/gnu/usr.bin/cvs/src/rcs.c,v
 > retrieving revision 1.18
 > retrieving revision 1.18.6.1
 > diff -u -r1.18 -r1.18.6.1
 > --- gnu/usr.bin/cvs/src/rcs.c	16 Dec 2003 22:15:10 -0000	1.18
 > +++ gnu/usr.bin/cvs/src/rcs.c	23 May 2005 06:37:21 -0000	1.18.6.1
 > @@ -2895,7 +2895,7 @@
 >      if (retval != NULL)
 >  	return (retval);
 >
 > -    if (!force_tag_match || RCS_datecmp (vers->date, date) <= 0)
 > +    if (vers && (!force_tag_match || RCS_datecmp (vers->date, date) <=
 > 0))
 >  	return (xstrdup (vers->version));
 >      else
 >  	return (NULL);
 > @@ -3968,7 +3968,7 @@
 >      size_t len;
 >      int free_value = 0;
 >      char *log = NULL;
 > -    size_t loglen;
 > +    size_t loglen = 0;
 >      Node *vp = NULL;
 >  #ifdef PRESERVE_PERMISSIONS_SUPPORT
 >      uid_t rcs_owner = (uid_t) -1;
 > @@ -7236,7 +7236,7 @@
 >
 >  		for (ln = 0; ln < headlines.nlines; ++ln)
 >  		{
 > -		    char buf[80];
 > +		    char *buf;
 >  		    /* Period which separates year from month in date.  */
 >  		    char *ym;
 >  		    /* Period which separates month from day in date.  */
 > @@ -7247,10 +7247,12 @@
 >  		    if (prvers == NULL)
 >  			prvers = vers;
 >
 > +		    buf = xmalloc (strlen (prvers->version) + 24);
 >  		    sprintf (buf, "%-12s (%-8.8s ",
 >  			     prvers->version,
 >  			     prvers->author);
 >  		    cvs_output (buf, 0);
 > +		    free (buf);
 >
 >  		    /* Now output the date.  */
 >  		    ym = strchr (prvers->date, '.');
 >
 >
 >
 > Patch for errata.html:
 >
 > Index: www/errata.html
 > ===================================================================
 > RCS file: /cvs/www/errata.html,v
 > retrieving revision 1.535
 > diff -u -r1.535 errata.html
 > --- www/errata.html	17 May 2005 18:38:33 -0000	1.535
 > +++ www/errata.html	6 Jun 2005 10:58:48 -0000
 > @@ -55,8 +55,20 @@
 >  consult the <a href="./faq/faq10.html#Patches">OpenBSD FAQ</a>.
 >  <hr>
 >
 > -<li>
 > -There are no security patches for 3.7 at this time.
 > +<li><a name="cvs"></a>
 > +<font color="#009000"><strong>001: SECURITY FIX: June 7,
 > 2005</strong></font>   <i>All architectures</i><br>
 > +Fix a buffer overflow, memory leaks, and NULL pointer dereference in
 > +<a
 > href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1";>cvs(1)</a>
 > +. None of these issues are known to be exploitable.
 > +<a
 > href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753";>CAN-2005-0753</a>
 > +.
 > +<br>
 > +<a
 > href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/001_cvs.patch";>
 > +A source code patch exists which remedies this problem</a>.<br>
 > +
 > +<p>
 > +
 > +</p>
 >  </ul>
 >
 >  <br>
 >
 >
 >>Release-Note:
 >>Audit-Trail:
 >>Unformatted:
 >
 >
 
 
 This patch wont be listed like the other patches because they where fixed
 in 3.6 but they're not included 3.7 (take a look at the date).
 I mailed Wim earlier but got no response...
 
 So don't be disappoint... it's like all the port-updates which aren't
 listed somewhere.
 
 Kind regards,
 Sebastian



Visit your host, monkey.org