Subject: CVS commit: [pkgsrc-2008Q1] pkgsrc/net/rdesktop
From: Geert Hendrickx
Date: 2008-05-11 11:25:19
Message id: 20080511092519.67916175D0@cvs.netbsd.org
Log Message:
Pullup ticket 2368 - requested by tonnerre
security fix for rdesktop

- pkgsrc/net/rdesktop/Makefile				1.34
- pkgsrc/net/rdesktop/distinfo				1.18
- pkgsrc/net/rdesktop/patches/patch-ac			1.5
- pkgsrc/net/rdesktop/patches/patch-ad			1.1
- pkgsrc/net/rdesktop/patches/patch-ae			1.1
- pkgsrc/net/rdesktop/patches/patch-af			1.1
- pkgsrc/net/rdesktop/patches/patch-ag			1.1
- pkgsrc/net/rdesktop/patches/patch-ah			1.1
- pkgsrc/net/rdesktop/patches/patch-ai			1.1

   Module Name:		pkgsrc
   Committed By:	tonnerre
   Date:		Sat May 10 15:28:04 UTC 2008

   Modified Files:
	   pkgsrc/net/rdesktop: Makefile distinfo
   Added Files:
	   pkgsrc/net/rdesktop/patches: patch-ac patch-ad patch-ae patch-af
	       patch-ag patch-ah patch-ai

   Log Message:
   Add patches required to fix CVE-2008-180[123], taken from rdesktop CVS.

   1) An integer underflow error in iso.c when processing RDP requests can
      be exploited to cause a heap-based buffer overflow.
   2) An input validation error in rdp.c when processing RDP redirect
      requests can be exploited to cause a BSS-based buffer overflow.
   3) A signedness error within "xrealloc()" in rdesktop.c can be exploited
      to cause a heap-based buffer overflow.
Files:
RevisionActionfile
1.33.2.1modifypkgsrc/net/rdesktop/Makefile
1.17.8.1modifypkgsrc/net/rdesktop/distinfo
1.4.24.1addpkgsrc/net/rdesktop/patches/patch-ac
1.1.2.2addpkgsrc/net/rdesktop/patches/patch-ad
1.1.2.2addpkgsrc/net/rdesktop/patches/patch-ae
1.1.2.2addpkgsrc/net/rdesktop/patches/patch-af
1.1.2.2addpkgsrc/net/rdesktop/patches/patch-ag
1.1.2.2addpkgsrc/net/rdesktop/patches/patch-ah
1.1.2.2addpkgsrc/net/rdesktop/patches/patch-ai