rpms/sipp/devel sipp--Do-not-include-bogus-library-paths-and-include-pat.patch, NONE, 1.1 sipp--Fix-for-CVE-2008-2085.patch, NONE, 1.1 sipp--Initial-fix-for-RHBZ-559620.patch, NONE, 1.1 import.log, 1.3, 1.4 sipp.spec, 1.16, 1.17 sipp--CVE-2008-2085-fix.diff, 1.2, NONE sipp--Makefile-fix-paths.diff, 1.2, NONE
Peter Lemenkov
peter at fedoraproject.org
Fri Jan 29 16:38:40 UTC 2010
- Previous message: rpms/atlas/devel atlas.spec,1.30,1.31
- Next message: rpms/sipp/F-12 sipp--Do-not-include-bogus-library-paths-and-include-pat.patch, NONE, 1.1 sipp--Fix-for-CVE-2008-2085.patch, NONE, 1.1 sipp--Initial-fix-for-RHBZ-559620.patch, NONE, 1.1 import.log, 1.3, 1.4 sipp.spec, 1.16, 1.17 sipp--CVE-2008-2085-fix.diff, 1.2, NONE sipp--Makefile-fix-paths.diff, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: peter
Update of /cvs/pkgs/rpms/sipp/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31203/devel
Modified Files:
import.log sipp.spec
Added Files:
sipp--Do-not-include-bogus-library-paths-and-include-pat.patch
sipp--Fix-for-CVE-2008-2085.patch
sipp--Initial-fix-for-RHBZ-559620.patch
Removed Files:
sipp--CVE-2008-2085-fix.diff sipp--Makefile-fix-paths.diff
Log Message:
Fix for rhbz #559620
sipp--Do-not-include-bogus-library-paths-and-include-pat.patch:
Makefile | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- NEW FILE sipp--Do-not-include-bogus-library-paths-and-include-pat.patch ---
>From 81153fa6c7908b0f62b5b87782265e68336493cb Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov at gmail.com>
Date: Mon, 11 Jan 2010 14:45:45 +0300
Subject: [PATCH 1/3] Do not include bogus library paths and include paths.
Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
---
Makefile | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index 23a3fac..6975fa0 100644
--- a/Makefile
+++ b/Makefile
@@ -138,7 +138,7 @@ LFLAGS_Darwin=
LFLAGS=$(LFLAGS_$(SYSTEM)) $(EXTRALFLAGS)
#Link Libraries
-LIBS_linux= -ldl -lpthread -lncurses -lstdc++ -lm -L /usr/local/lib -L /usr/lib -L /usr/lib64
+LIBS_linux= -ldl -lpthread -lncurses -lstdc++ -lm
LIBS_hpux= -lcurses -lpthread -L /opt/openssl/lib -L /usr/local/lib
LIBS_tru64= -lcurses -lpthread
LIBS_freebsd= -lcurses -pthread -L /usr/local/lib
@@ -148,7 +148,7 @@ LIBS_Darwin= -lcurses
LIBS=$(LIBS_$(SYSTEM)) $(EXTRALIBS)
# Include directories
-INCDIR_linux=-I. -I/usr/include/openssl
+INCDIR_linux=-I.
INCDIR_freebsd=-I. -I/usr/local/include
INCDIR_hpux=-I. -I/usr/local/include -I/opt/openssl/include
INCDIR_tru64=-I. -I/opt/openssl/include
--
1.6.2.5
sipp--Fix-for-CVE-2008-2085.patch:
call.cpp | 42 +++++++++++++++++++++++++++++++++---------
1 file changed, 33 insertions(+), 9 deletions(-)
--- NEW FILE sipp--Fix-for-CVE-2008-2085.patch ---
>From dce23af786559873071b3ea5e4641e4ecdca5ee6 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov at gmail.com>
Date: Wed, 27 Jan 2010 09:46:03 +0300
Subject: [PATCH 2/3] Fix for CVE-2008-2085.
Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
---
call.cpp | 41 +++++++++++++++++++++++++++++++++--------
1 files changed, 33 insertions(+), 8 deletions(-)
diff --git a/call.cpp b/call.cpp
index 6830304..408f23c 100644
--- a/call.cpp
+++ b/call.cpp
@@ -133,17 +133,26 @@ uint32_t get_remote_ip_media(char *msg)
char pattern[] = "c=IN IP4 ";
char *begin, *end;
char ip[32];
- begin = strstr(msg, pattern);
+ char *tmp = strdup(msg);
+
+ if(!tmp) return INADDR_NONE;
+ begin = strstr(tmp, pattern);
if (!begin) {
+ free(tmp);
/* Can't find what we're looking at -> return no address */
return INADDR_NONE;
}
begin += sizeof("c=IN IP4 ") - 1;
end = strstr(begin, "\r\n");
- if (!end)
+ if (!end){
+ free(tmp);
return INADDR_NONE;
+ }
+ *end = 0;
memset(ip, 0, 32);
- strncpy(ip, begin, end - begin);
+ strncpy(ip, begin, sizeof(ip) - 1);
+ ip[sizeof(ip) - 1] = 0;
+ free(tmp);
return inet_addr(ip);
}
@@ -156,20 +165,28 @@ uint8_t get_remote_ipv6_media(char *msg, struct in6_addr *addr)
char pattern[] = "c=IN IP6 ";
char *begin, *end;
char ip[128];
+ char *tmp = strdup(msg);
memset(addr, 0, sizeof(*addr));
memset(ip, 0, 128);
- begin = strstr(msg, pattern);
+ if(!tmp) return 0;
+ begin = strstr(tmp, pattern);
if (!begin) {
+ free(tmp);
/* Can't find what we're looking at -> return no address */
return 0;
}
begin += sizeof("c=IN IP6 ") - 1;
end = strstr(begin, "\r\n");
- if (!end)
+ if (!end){
+ free(tmp);
return 0;
- strncpy(ip, begin, end - begin);
+ }
+ *end = 0;
+ strncpy(ip, begin, sizeof(ip) - 1);
+ ip[sizeof(ip) - 1] = 0;
+ free(tmp);
if (!inet_pton(AF_INET6, ip, addr)) {
return 0;
}
@@ -196,17 +213,25 @@ uint16_t get_remote_port_media(char *msg, int pattype)
ERROR("Internal error: Undefined media pattern %d\n", 3);
}
- begin = strstr(msg, pattern);
+ char *tmp = strdup(msg);
+ if(!tmp) return 0;
+ begin = strstr(tmp, pattern);
if (!begin) {
+ free(tmp);
/* m=audio not found */
return 0;
}
begin += strlen(pattern) - 1;
end = strstr(begin, "\r\n");
- if (!end)
+ if (!end){
+ free(tmp);
ERROR("get_remote_port_media: no CRLF found");
+ }
+ *end = 0;
memset(number, 0, sizeof(number));
strncpy(number, begin, sizeof(number) - 1);
+ number[sizeof(number) - 1] = 0;
+ free(tmp);
return atoi(number);
}
--
1.6.2.5
sipp--Initial-fix-for-RHBZ-559620.patch:
auth.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
--- NEW FILE sipp--Initial-fix-for-RHBZ-559620.patch ---
>From 2b9333c4b1e3dffbd078cb4a747cc4254f3aa78f Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov at gmail.com>
Date: Fri, 29 Jan 2010 19:16:18 +0300
Subject: [PATCH 3/3] Initial fix for RHBZ #559620.
Signed-off-by: Peter Lemenkov <lemenkov at gmail.com>
---
auth.c | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/auth.c b/auth.c
index 3e96037..6283d50 100644
--- a/auth.c
+++ b/auth.c
@@ -223,6 +223,7 @@ int createAuthHeaderMD5(char * user, char * password, int password_len, char * m
static unsigned int mync = 1;
int has_opaque = 0;
MD5_CTX Md5Ctx;
+ char tmpbuf[2048];
// Extract the Auth Type - If not present, using 'none'
cnonce[0] = '\0';
@@ -254,7 +255,8 @@ int createAuthHeaderMD5(char * user, char * password, int password_len, char * m
sprintf(result, "Digest username=\"%s\",realm=\"%s\"",user,tmp);
if (cnonce[0] != '\0') {
- sprintf(result, "%s,cnonce=\"%s\",nc=%s,qop=%s",result,cnonce,nc,authtype);
+ snprintf(tmpbuf, 2048, "%s,cnonce=\"%s\",nc=%s,qop=%s",result,cnonce,nc,authtype);
+ strcpy(result,tmpbuf);
}
// Construct the URI
@@ -284,7 +286,8 @@ int createAuthHeaderMD5(char * user, char * password, int password_len, char * m
MD5_Final(ha2, &Md5Ctx);
hashToHex(&ha2[0], &ha2_hex[0]);
- sprintf(result, "%s,uri=\"%s\"",result,tmp);
+ snprintf(tmpbuf, 2048, "%s,uri=\"%s\"",result,tmp);
+ strcpy(result,tmpbuf);
// Extract the Nonce
if (!getAuthParameter("nonce", auth, tmp, sizeof(tmp))) {
@@ -309,10 +312,12 @@ int createAuthHeaderMD5(char * user, char * password, int password_len, char * m
MD5_Final(resp, &Md5Ctx);
hashToHex(&resp[0], &resp_hex[0]);
- sprintf(result, "%s,nonce=\"%s\",response=\"%s\",algorithm=%s",result,tmp,resp_hex,algo);
+ snprintf(tmpbuf, 2048, "%s,nonce=\"%s\",response=\"%s\",algorithm=%s",result,tmp,resp_hex,algo);
+ strcpy(result,tmpbuf);
if (has_opaque) {
- sprintf(result, "%s,opaque=\"%s\"",result,opaque);
+ snprintf(tmpbuf, 2048, "%s,opaque=\"%s\"",result,opaque);
+ strcpy(result,tmpbuf);
}
return 1;
--
1.6.2.5
Index: import.log
===================================================================
RCS file: /cvs/pkgs/rpms/sipp/devel/import.log,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- import.log 26 Jan 2010 10:20:28 -0000 1.3
+++ import.log 29 Jan 2010 16:38:39 -0000 1.4
@@ -1,3 +1,4 @@
sipp-3_1-2_fc9:HEAD:sipp-3.1-2.fc9.src.rpm:1215351390
sipp-3_1-5_fc11:HEAD:sipp-3.1-5.fc11.src.rpm:1245321037
sipp-3_1-8_svn586_fc12:HEAD:sipp-3.1-8.svn586.fc12.src.rpm:1264501162
+sipp-3_1-9_svn586_fc12:HEAD:sipp-3.1-9.svn586.fc12.src.rpm:1264783082
Index: sipp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sipp/devel/sipp.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -p -r1.16 -r1.17
--- sipp.spec 26 Jan 2010 10:20:29 -0000 1.16
+++ sipp.spec 29 Jan 2010 16:38:40 -0000 1.17
@@ -1,15 +1,18 @@
Summary: SIP test tool / traffic generator
Name: sipp
Version: 3.1
-Release: 8.svn586%{?dist}
+Release: 9.svn586%{?dist}
License: GPLv2+
Group: Applications/Communications
URL: http://sipp.sourceforge.net/
Source0: http://downloads.sourceforge.net/%{name}/%{name}.%{version}.src.tar.gz
-Patch0: sipp--Makefile-fix-paths.diff
+Patch0: sipp--3.1svn586.diff
+# Fedora-specific
+Patch1: sipp--Do-not-include-bogus-library-paths-and-include-pat.patch
# https://sourceforge.net/tracker/index.php?func=detail&aid=2011751&group_id=104305&atid=637566
-Patch2: sipp--CVE-2008-2085-fix.diff
-Patch4: sipp--3.1svn586.diff
+Patch2: sipp--Fix-for-CVE-2008-2085.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=559620
+Patch3: sipp--Initial-fix-for-RHBZ-559620.patch
BuildRequires: ncurses-devel
%if 0%{?el4}
BuildRequires: libpcap
@@ -31,9 +34,10 @@ retransmission management and dynamicall
%prep
%setup -qn %{name}.svn
-%patch0 -p0 -b .fix_paths
-%patch4 -p1 -b .svn586
-%patch2 -p0 -b .cve20082085
+%patch0 -p1 -b .svn586
+%patch1 -p1 -b .fix_paths
+%patch2 -p1 -b .cve20082085
+%patch3 -p1 -b .rhbz559620
sed -i s,^SVN_VERSION=.*,SVN_VERSION=586,g Makefile
%build
@@ -55,6 +59,10 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/%{name}
%changelog
+* Fri Jan 29 2010 Peter Lemenkov <lemenkov at gmail.com> 3.1-9.svn586
+- Fix for RHBZ #559620
+- Reorganized patches.
+
* Mon Jan 25 2010 Peter Lemenkov <lemenkov at gmail.com> 3.1-8.svn586
- Update to svn ver. 586 (fixes lots of small but nasty issues)
- Removed patch1, patch3
--- sipp--CVE-2008-2085-fix.diff DELETED ---
--- sipp--Makefile-fix-paths.diff DELETED ---
- Previous message: rpms/atlas/devel atlas.spec,1.30,1.31
- Next message: rpms/sipp/F-12 sipp--Do-not-include-bogus-library-paths-and-include-pat.patch, NONE, 1.1 sipp--Fix-for-CVE-2008-2085.patch, NONE, 1.1 sipp--Initial-fix-for-RHBZ-559620.patch, NONE, 1.1 import.log, 1.3, 1.4 sipp.spec, 1.16, 1.17 sipp--CVE-2008-2085-fix.diff, 1.2, NONE sipp--Makefile-fix-paths.diff, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list