diff options
author | Krzysztof Taraszka | 2002-09-07 10:10:31 (GMT) |
---|---|---|
committer | cvs2git | 2012-06-24 12:13:13 (GMT) |
commit | c4e213d48ea4ca7974a7692313f99b7982e2653c (patch) | |
tree | f09f2fb5fa7fcd07127e5b6dcf96da864d361d7e | |
parent | 43e47f362e352ed271d895ad122d0ff70b73a96f (diff) | |
download | mpack-STABLE.zip mpack-STABLE.tar.gz |
- rel 9mpack-1_5-9STABLERA-1_0
- security fix: buffer overflow in parsing of MIME headers.
- do not accept disposition filenames like "../a".
Security impact is limited because only a single leading "../"
was accepted. (reported by Herbert Xu from debian)
- Only declare "extern int errno" if errno is not a macro.
- Made /var/tmp the default temp directory for mpack, just like
it is for munpack. It used to be /tmp. Also fixed the mpack
manpage, which used to say /usr/tmp. Spotted by Alex King.
Changed files:
mpack.spec -> 1.28
-rw-r--r-- | mpack.spec | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -2,11 +2,12 @@ Summary: mpack and munpack MIME e-mail utilities Summary(pl): mpack i munpack - narzędzia MIME do poczty elektronicznej Name: mpack Version: 1.5 -Release: 8 +Release: 9 License: distributable Group: Applications/Mail Source0: ftp://ftp.andrew.cmu.edu/pub/mpack/%{name}-%{version}-src.tar.Z Patch0: %{name}-tmp.patch +Patch1: %{name}-MIME_buffer_overflows.patch BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) %description @@ -28,7 +29,8 @@ poleceń) wysyłać pliki pocztą. %prep %setup -q -n mpack -%patch -p1 +%patch0 -p1 +%patch1 -p1 %build %{__make} CC="%{__cc}" OPT="%{rpmcflags}" |