head 1.6; access; symbols OPENPKG_E1_MP_HEAD:1.6 OPENPKG_E1_MP:1.6 OPENPKG_E1_MP_2_STABLE:1.6 OPENPKG_E1_FP:1.6 OPENPKG_2_STABLE_20061018:1.6 OPENPKG_2_STABLE:1.6.0.4 OPENPKG_2_STABLE_BP:1.6 OPENPKG_2_5_SOLID:1.6.0.2 OPENPKG_2_5_SOLID_BP:1.6 OPENPKG_2_4_RELEASE:1.2 OPENPKG_2_4_SOLID:1.2.0.8 OPENPKG_2_4_SOLID_BP:1.2 OPENPKG_2_3_RELEASE:1.2 OPENPKG_2_3_SOLID:1.2.0.6 OPENPKG_2_3_SOLID_BP:1.2 OPENPKG_2_2_RELEASE:1.2 OPENPKG_2_2_SOLID:1.2.0.4 OPENPKG_2_2_SOLID_BP:1.2 OPENPKG_2_1_RELEASE:1.2 OPENPKG_2_1_SOLID:1.2.0.2 OPENPKG_2_1_SOLID_BP:1.2 OPENPKG_2_0_RELEASE:1.1 OPENPKG_2_0_SOLID:1.1.0.6 OPENPKG_2_0_SOLID_BP:1.1 OPENPKG_1_3_RELEASE:1.1.4.1 OPENPKG_1_3_SOLID:1.1.0.4 OPENPKG_1_STABLE:1.1.0.2; locks; strict; comment @# @; 1.6 date 2005.10.09.21.50.24; author thl; state dead; branches; next 1.5; 1.5 date 2005.10.03.11.45.55; author rse; state Exp; branches; next 1.4; 1.4 date 2005.09.23.14.42.40; author thl; state Exp; branches; next 1.3; 1.3 date 2005.09.05.14.45.22; author rse; state Exp; branches; next 1.2; 1.2 date 2004.04.23.10.51.48; author thl; state dead; branches 1.2.6.1 1.2.8.1; next 1.1; 1.1 date 2003.07.31.07.15.55; author rse; state Exp; branches 1.1.2.1 1.1.4.1; next ; 1.2.6.1 date 2005.09.05.14.52.29; author rse; state Exp; branches; next ; 1.2.8.1 date 2005.09.05.14.48.43; author rse; state Exp; branches; next ; 1.1.2.1 date 2003.07.31.07.22.49; author rse; state Exp; branches; next ; 1.1.4.1 date 2003.07.31.07.23.36; author rse; state Exp; branches; next ; desc @@ 1.6 log @upgrading package: lmtp2nntp 1.4.0 -> 1.4.1 @ text @Index: lib_tai/ts.c --- lib_tai/ts.c.orig 2005-10-03 12:54:16 +0200 +++ lib_tai/ts.c 2005-10-03 13:41:31 +0200 @@@@ -202,7 +202,7 @@@@ if (format == NULL || ap == NULL) return NULL; - ap2 = ap; + va_copy(ap2, ap); if ((n = ts_suite_mvxprintf(NULL, 0, format, ap)) == -1) return NULL; if ((buffer = (char *)malloc(n+1)) == NULL) @ 1.5 log @upgrading package: lmtp2nntp 1.3.0 -> 1.4.0 @ text @@ 1.4 log @portability fixes dedicated to rm6-amd64-freebsd5.4 @ text @a0 117 Security Fix (CAN-2005-2491, partially only) Index: lib_pcre/pcre.c --- lib_pcre/pcre.c.orig 2004-04-22 10:52:11 +0200 +++ lib_pcre/pcre.c 2005-09-05 15:38:37 +0200 @@@@ -716,12 +716,23 @@@@ while ((cd->ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; +if (min < 0 || min > 65535) + { + *errorptr = ERR5; + return p; + } + if (*p == '}') max = min; else { if (*(++p) != '}') { max = 0; while((cd->ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) + { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; Index: lib_l2/l2_ut_pcre.c --- lib_l2/l2_ut_pcre.c.orig 2003-01-28 10:10:39 +0100 +++ lib_l2/l2_ut_pcre.c 2005-09-05 16:22:43 +0200 @@@@ -674,6 +674,10 @@@@ while ((cd->ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; + if (min < 0 || min > 65535) { + *errorptr = ERR5; + return p; + } if (*p == '}') max = min; @@@@ -682,6 +686,10 @@@@ max = 0; while ((cd->ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; return p; Index: lib_str/str_pcre.c --- lib_str/str_pcre.c.orig 2003-01-28 10:10:39 +0100 +++ lib_str/str_pcre.c 2005-09-05 16:22:43 +0200 @@@@ -674,6 +674,10 @@@@ while ((cd->ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; + if (min < 0 || min > 65535) { + *errorptr = ERR5; + return p; + } if (*p == '}') max = min; @@@@ -682,6 +686,10 @@@@ max = 0; while ((cd->ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; return p; use va_copy for va_list copying for better portability. Index: str_basic.c --- lib_str/str_basic.c.orig 2003-01-06 20:13:47 +0100 +++ lib_str/str_basic.c 2005-09-23 15:35:49 +0200 @@@@ -133,7 +133,7 @@@@ return NULL; /* determine required target string length */ - ap_safe = ap; + va_copy(ap_safe, ap); n = str_len(s); while ((cp = va_arg(ap, char *)) != NULL) n += str_len(cp); Index: ts.c --- lib_str/ts.c.orig 2003-02-11 09:39:47 +0100 +++ lib_str/ts.c 2005-09-23 15:36:28 +0200 @@@@ -206,7 +206,7 @@@@ if (format == NULL) return NULL; - ap2 = ap; + va_copy(ap2, ap); if ((n = ts_suite_mvxprintf(NULL, 0, format, ap)) == -1) return NULL; if ((buffer = (char *)malloc(n+1)) == NULL) Index: lib_l2/l2_ut_format.c --- lib_l2/l2_ut_format.c.orig 2004-04-22 12:27:58 +0200 +++ lib_l2/l2_ut_format.c 2005-09-23 15:51:17 +0200 @@@@ -1151,7 +1151,7 @@@@ char *s; int rv; - apbak = ap; + va_copy(apbak, ap); if ((rv = l2_util_vsprintf(NULL, -1, fmt, ap)) == -1) return NULL; if ((s = malloc(rv+1)) == NULL) d2 2 a3 2 --- lib_tai/ts.c.orig 2004-04-02 16:02:59 +0200 +++ lib_tai/ts.c 2005-09-23 16:33:56 +0200 d6 1 a6 1 if (format == NULL) @ 1.3 log @apply Security Fix (CAN-2005-2491) @ text @d80 50 @ 1.2 log @upgrading package: lmtp2nntp 1.3a1 -> 1.3a2 @ text @d1 79 a79 82 --- lib_l2/l2_channel.c.orig Mon Jan 27 17:01:35 2003 +++ lib_l2/l2_channel.c Thu Jul 31 08:58:17 2003 @@@@ -560,7 +560,7 @@@@ l2_env_t *env; /* argument sanity check */ - if (ch == NULL || level == 0 || fmt == NULL || ap == NULL) + if (ch == NULL || level == 0 || fmt == NULL) return L2_ERR_ARG; /* make sure only a single level is specified */ --- lib_l2/l2_ut_param.c.orig Mon Jan 6 12:41:52 2003 +++ lib_l2/l2_ut_param.c Thu Jul 31 08:59:07 2003 @@@@ -46,7 +46,7 @@@@ int n; /* argument sanity check */ - if (env == NULL || pa == NULL || fmt == NULL || ap == NULL) + if (env == NULL || pa == NULL || fmt == NULL) return L2_ERR_ARG; /* on-the-fly create or just take over parameter specification string */ --- lib_val/val.c.orig Thu Feb 6 17:58:40 2003 +++ lib_val/val.c Thu Jul 31 09:00:43 2003 @@@@ -824,7 +824,7 @@@@ val_t *child; /* argument consistency check */ - if (val == NULL || name == NULL || ap == NULL) + if (val == NULL || name == NULL) return VAL_RC(VAL_ERR_ARG); /* recursive step-down on structured name */ @@@@ -888,7 +888,7 @@@@ val_t *child; /* argument consistency check */ - if (val == NULL || name == NULL || ap == NULL) + if (val == NULL || name == NULL) return VAL_RC(VAL_ERR_ARG); /* recursive step-down on structured name */ --- lib_var/var.c.orig Mon Feb 10 22:15:41 2003 +++ lib_var/var.c Thu Jul 31 09:01:11 2003 @@@@ -126,7 +126,7 @@@@ int n; int bytes; - if (format == NULL || ap == NULL) + if (format == NULL) return -1; bytes = 0; while (*format != '\0') { @@@@ -214,7 +214,7 @@@@ int n; var_mvsnprintf_cb_t ctx; - if (format == NULL || ap == NULL) + if (format == NULL) return -1; if (buffer != NULL && bufsize == 0) return -1; --- lib_tai/ts.c.orig Thu Apr 18 11:10:47 2002 +++ lib_tai/ts.c Thu Jul 31 09:05:09 2003 @@@@ -126,7 +126,7 @@@@ int n; int bytes; - if (format == NULL || ap == NULL) + if (format == NULL) return -1; bytes = 0; while (*format != '\0') { @@@@ -200,7 +200,7 @@@@ int n; va_list ap2; - if (format == NULL || ap == NULL) + if (format == NULL) return NULL; ap2 = ap; if ((n = ts_suite_mvxprintf(NULL, 0, format, ap)) == -1) @ 1.2.6.1 log @apply Security Fix (CAN-2005-2491) @ text @d1 82 a82 79 Security Fix (CAN-2005-2491, partially only) Index: lib_pcre/pcre.c --- lib_pcre/pcre.c.orig 2004-04-22 10:52:11 +0200 +++ lib_pcre/pcre.c 2005-09-05 15:38:37 +0200 @@@@ -716,12 +716,23 @@@@ while ((cd->ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; +if (min < 0 || min > 65535) + { + *errorptr = ERR5; + return p; + } + if (*p == '}') max = min; else { if (*(++p) != '}') { max = 0; while((cd->ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) + { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; Index: lib_l2/l2_ut_pcre.c --- lib_l2/l2_ut_pcre.c.orig 2003-01-28 10:10:39 +0100 +++ lib_l2/l2_ut_pcre.c 2005-09-05 16:22:43 +0200 @@@@ -674,6 +674,10 @@@@ while ((cd->ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; + if (min < 0 || min > 65535) { + *errorptr = ERR5; + return p; + } if (*p == '}') max = min; @@@@ -682,6 +686,10 @@@@ max = 0; while ((cd->ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; return p; Index: lib_str/str_pcre.c --- lib_str/str_pcre.c.orig 2003-01-28 10:10:39 +0100 +++ lib_str/str_pcre.c 2005-09-05 16:22:43 +0200 @@@@ -674,6 +674,10 @@@@ while ((cd->ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; + if (min < 0 || min > 65535) { + *errorptr = ERR5; + return p; + } if (*p == '}') max = min; @@@@ -682,6 +686,10 @@@@ max = 0; while ((cd->ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; return p; @ 1.2.8.1 log @commit patch to CVS, too @ text @d1 82 a82 79 Security Fix (CAN-2005-2491, partially only) Index: lib_pcre/pcre.c --- lib_pcre/pcre.c.orig 2004-04-22 10:52:11 +0200 +++ lib_pcre/pcre.c 2005-09-05 15:38:37 +0200 @@@@ -716,12 +716,23 @@@@ while ((cd->ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; +if (min < 0 || min > 65535) + { + *errorptr = ERR5; + return p; + } + if (*p == '}') max = min; else { if (*(++p) != '}') { max = 0; while((cd->ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) + { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; Index: lib_l2/l2_ut_pcre.c --- lib_l2/l2_ut_pcre.c.orig 2003-01-28 10:10:39 +0100 +++ lib_l2/l2_ut_pcre.c 2005-09-05 16:22:43 +0200 @@@@ -674,6 +674,10 @@@@ while ((cd->ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; + if (min < 0 || min > 65535) { + *errorptr = ERR5; + return p; + } if (*p == '}') max = min; @@@@ -682,6 +686,10 @@@@ max = 0; while ((cd->ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; return p; Index: lib_str/str_pcre.c --- lib_str/str_pcre.c.orig 2003-01-28 10:10:39 +0100 +++ lib_str/str_pcre.c 2005-09-05 16:22:43 +0200 @@@@ -674,6 +674,10 @@@@ while ((cd->ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; + if (min < 0 || min > 65535) { + *errorptr = ERR5; + return p; + } if (*p == '}') max = min; @@@@ -682,6 +686,10 @@@@ max = 0; while ((cd->ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; return p; @ 1.1 log @fix building: va_list is not comparable against NULL @ text @@ 1.1.4.1 log @MFS: fix building: va_list is not comparable against NULL @ text @@ 1.1.2.1 log @MFC: fix building: va_list is not comparable against NULL @ text @@