From d530aac535339ff01b0453233403f15b634d360b Mon Sep 17 00:00:00 2001
From: Jakub Bogusz <qboosh@pld-linux.org>
Date: Fri, 1 Dec 2006 10:18:44 +0000
Subject: [PATCH] - backport

Changed files:
    rpm-CVE-2006-5466.patch -> 1.1
---
 rpm-CVE-2006-5466.patch | 95 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 95 insertions(+)
 create mode 100644 rpm-CVE-2006-5466.patch

diff --git a/rpm-CVE-2006-5466.patch b/rpm-CVE-2006-5466.patch
new file mode 100644
index 0000000..d543958
--- /dev/null
+++ b/rpm-CVE-2006-5466.patch
@@ -0,0 +1,95 @@
+Index: lib/query.c
+===================================================================
+RCS file: /cvs/devel/rpm/lib/query.c,v
+retrieving revision 2.173.2.15
+retrieving revision 2.173.2.16
+diff -a -u -r2.173.2.15 -r2.173.2.16
+--- lib/query.c	8 Oct 2006 21:41:45 -0000	2.173.2.15
++++ lib/query.c	30 Oct 2006 02:50:53 -0000	2.173.2.16
+@@ -124,6 +124,28 @@
+     return str;
+ }
+ 
++/**
++ */
++static void flushBuffer(char ** tp, char ** tep, int nonewline)
++	/*@ modifies *tp, *tep @*/
++{
++    char *t, *te;
++
++    t = *tp;
++    te = *tep;
++    if (te > t) {
++	if (!nonewline) {
++	    *te++ = '\n';
++	    *te = '\0';
++	}
++	rpmMessage(RPMMESS_NORMAL, "%s", t);
++	te = t;
++	*t = '\0';
++    }
++    *tp = t;
++    *tep = te;
++}
++
+ int showQueryPackage(QVA_t qva, rpmts ts, Header h)
+ {
+     int scareMem = 0;
+@@ -131,7 +153,6 @@
+     char * t, * te;
+     char * prefix = NULL;
+     int rc = 0;		/* XXX FIXME: need real return code */
+-    int nonewline = 0;
+     int i;
+ 
+     te = t = xmalloc(BUFSIZ);
+@@ -141,7 +162,6 @@
+ 
+     if (qva->qva_queryFormat != NULL) {
+ 	const char * str = queryHeader(h, qva->qva_queryFormat);
+-	nonewline = 1;
+ 	/*@-branchstate@*/
+ 	if (str) {
+ 	    size_t tb = (te - t);
+@@ -157,6 +177,7 @@
+ 	    /*@=usereleased@*/
+ /*@=boundswrite@*/
+ 	    str = _free(str);
++	    flushBuffer(&t, &te, 1);
+ 	}
+ 	/*@=branchstate@*/
+     }
+@@ -312,31 +333,13 @@
+ 			_("package has neither file owner or id lists\n"));
+ 	    }
+ 	}
+-/*@-branchstate@*/
+-	if (te > t) {
+-/*@-boundswrite@*/
+-	    *te++ = '\n';
+-	    *te = '\0';
+-	    rpmMessage(RPMMESS_NORMAL, "%s", t);
+-	    te = t;
+-	    *t = '\0';
+-/*@=boundswrite@*/
+-	}
+-/*@=branchstate@*/
++	flushBuffer(&t, &te, 0);
+     }
+ 	    
+     rc = 0;
+ 
+ exit:
+-    if (te > t) {
+-	if (!nonewline) {
+-/*@-boundswrite@*/
+-	    *te++ = '\n';
+-	    *te = '\0';
+-/*@=boundswrite@*/
+-	}
+-	rpmMessage(RPMMESS_NORMAL, "%s", t);
+-    }
++    flushBuffer(&t, &te, 0);
+     t = _free(t);
+ 
+     fi = rpmfiFree(fi);
-- 
2.43.0