[openconnect/el6] Applied bug fixes from 5.99 release

Nikos Mavrogiannopoulos nmav at fedoraproject.org
Mon Aug 4 08:19:37 UTC 2014 

commit 006ccff298c248321a70f66bed80113a1b999361
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date:   Mon Aug 4 10:19:26 2014 +0200

    Applied bug fixes from 5.99 release

 openconnect-5.03-crash-token-mode.patch |   13 ++++++++++++
 openconnect-5.03-off-by-one.patch       |   31 ++++++++++++++++++++++++++++++
 openconnect-5.03-url-encoding.patch     |   32 +++++++++++++++++++++++++++++++
 openconnect.spec                        |   13 +++++++++++-
 4 files changed, 88 insertions(+), 1 deletions(-)
---
diff --git a/openconnect-5.03-crash-token-mode.patch b/openconnect-5.03-crash-token-mode.patch
new file mode 100644
index 0000000..1aef544
--- /dev/null
+++ b/openconnect-5.03-crash-token-mode.patch
@@ -0,0 +1,13 @@
+diff -ur openconnect-5.03.orig/library.c openconnect-5.03/library.c
+--- openconnect-5.03.orig/library.c	2014-02-03 14:11:19.000000000 +0100
++++ openconnect-5.03/library.c	2014-08-04 10:07:00.801528724 +0200
+@@ -369,6 +369,9 @@
+ 	if (ret != OATH_OK)
+ 		return -EIO;
+ 
++	if (!token_str)
++		return -EINVAL;
++
+ 	if (strncasecmp(token_str, "base32:", strlen("base32:")) == 0) {
+ 		ret = oath_base32_decode(token_str + strlen("base32:"),
+ 					 strlen(token_str) - strlen("base32:"),
diff --git a/openconnect-5.03-off-by-one.patch b/openconnect-5.03-off-by-one.patch
new file mode 100644
index 0000000..efc9d2a
--- /dev/null
+++ b/openconnect-5.03-off-by-one.patch
@@ -0,0 +1,31 @@
+From 80dcbb666640427f10bf113f7b01b4b2bf4423f1 Mon Sep 17 00:00:00 2001
+From: David Woodhouse <David.Woodhouse at intel.com>
+Date: Mon, 14 Jul 2014 14:20:04 +0100
+Subject: [PATCH] Fix off-by-one in xmlnode_msg() handling of error messages
+
+There was an off-by-one which meant instead of just replacing the '%s' when
+inserting a parameter, it would also replace the character *after* it in
+the format string.
+
+This bug was introduced in v3.13 by commit d126095d ("Refactor
+xmlnode_msg() not to use server-provided string as asprintf() format.")
+
+Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
+---
+ auth.c            | 2 +-
+ www/changelog.xml | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/auth.c b/auth.c
+index cc0dfd7..73b04da 100644
+--- a/auth.c
++++ b/auth.c
+@@ -356,7 +356,7 @@ static char *xmlnode_msg(xmlNode *xml_node)
+ 		if (params[nr_params]) {
+ 			paramlen = strlen(params[nr_params]);
+ 			/* Move rest of fmt string up... */
+-			memmove(pct - 1 + paramlen, pct + 2, strlen(pct) - 1);
++			memmove(pct + paramlen, pct + 2, strlen(pct + 2) + 1);
+ 			/* ... and put the string parameter in where the '%s' was */
+ 			memcpy(pct, params[nr_params], paramlen);
+ 			pct += paramlen;
diff --git a/openconnect-5.03-url-encoding.patch b/openconnect-5.03-url-encoding.patch
new file mode 100644
index 0000000..e400f36
--- /dev/null
+++ b/openconnect-5.03-url-encoding.patch
@@ -0,0 +1,32 @@
+From 0e5eea87a8e0a4c75236419f0fd40ff903c45ad5 Mon Sep 17 00:00:00 2001
+From: David Woodhouse <David.Woodhouse at intel.com>
+Date: Fri, 25 Jul 2014 00:04:38 +0100
+Subject: [PATCH] Fix signedness in url-encoding for legacy auth postings
+
+---
+ auth.c            | 4 ++--
+ www/changelog.xml | 1 +
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/auth.c b/auth.c
+index 73b04da..a2130fd 100644
+--- a/auth.c
++++ b/auth.c
+@@ -64,7 +64,7 @@ static int append_opt(char *body, int bodylen, char *opt, char *name)
+ 		} else {
+ 			if (len >= bodylen - 3)
+ 				return -ENOSPC;
+-			sprintf(body+len, "%%%02x", *opt);
++			sprintf(body+len, "%%%02x", (unsigned char)*opt);
+ 			len += 3;
+ 		}
+ 		opt++;
+@@ -82,7 +82,7 @@ static int append_opt(char *body, int bodylen, char *opt, char *name)
+ 		} else {
+ 			if (len >= bodylen - 3)
+ 				return -ENOSPC;
+-			sprintf(body+len, "%%%02X", *name);
++			sprintf(body+len, "%%%02x", (unsigned char)*name);
+ 			len += 3;
+ 		}
+ 		name++;
diff --git a/openconnect.spec b/openconnect.spec
index d6f6eb7..6406039 100644
--- a/openconnect.spec
+++ b/openconnect.spec
@@ -15,7 +15,7 @@
 
 Name:		openconnect
 Version:	5.03
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	Open client for Cisco AnyConnect VPN
 
 Group:		Applications/Internet
@@ -24,6 +24,9 @@ URL:		http://www.infradead.org/openconnect.html
 Source0:	ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz
 Source1:	library15.c
 Source2:	libopenconnect15.map
+Patch1:		openconnect-5.03-crash-token-mode.patch
+Patch2:		openconnect-5.03-off-by-one.patch
+Patch3:		openconnect-5.03-url-encoding.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:	openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel
@@ -79,6 +82,11 @@ of the library.
 
 %prep
 %setup -q
+
+%patch1 -p1 -b .crash
+%patch2 -p1 -b .off-by-one
+%patch3 -p1 -b .url-encoding
+
 %if %{build_compat_lib}
 cp %{SOURCE1} .
 cp %{SOURCE2} libopenconnect15.map.in
@@ -154,6 +162,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/openconnect.pc
 
 %changelog
+* Fri Aug 01 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 5.03-2
+- Applied bug fixes from 5.99 release
+
 * Fri Aug 01 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 5.03-1
 - Update to 5.03 release

More information about the scm-commits mailing list