rpms/tar/F-12 tar-1.22-segfault-incompletearchive.patch, NONE, 1.1 tar.spec, 1.93, 1.94
Ondrej Vasik
ovasik at fedoraproject.org
Mon May 3 09:00:21 UTC 2010
Author: ovasik
Update of /cvs/pkgs/rpms/tar/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv24621
Modified Files:
tar.spec
Added Files:
tar-1.22-segfault-incompletearchive.patch
Log Message:
listing incomplete archive could cause segfault(#587831)
tar-1.22-segfault-incompletearchive.patch:
xheader.c | 3 +++
1 file changed, 3 insertions(+)
--- NEW FILE tar-1.22-segfault-incompletearchive.patch ---
diff -urNp tar-1.22-orig/src/xheader.c tar-1.22/src/xheader.c
--- tar-1.22-orig/src/xheader.c 2010-05-03 10:44:56.000000000 +0200
+++ tar-1.22/src/xheader.c 2010-05-03 10:46:41.000000000 +0200
@@ -734,6 +734,9 @@ xheader_read (struct xheader *xhdr, unio
if (len > BLOCKSIZE)
len = BLOCKSIZE;
+ if (!p)
+ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive")));
+
memcpy (&xhdr->buffer[j], p->buffer, len);
set_next_block_after (p);
Index: tar.spec
===================================================================
RCS file: /cvs/pkgs/rpms/tar/F-12/tar.spec,v
retrieving revision 1.93
retrieving revision 1.94
diff -u -p -r1.93 -r1.94
--- tar.spec 10 Mar 2010 13:15:32 -0000 1.93
+++ tar.spec 3 May 2010 09:00:20 -0000 1.94
@@ -2,7 +2,7 @@ Summary: A GNU file archiving program
Name: tar
Epoch: 2
Version: 1.22
-Release: 12%{?dist}
+Release: 13%{?dist}
License: GPLv3+
Group: Applications/Archiving
URL: http://www.gnu.org/software/tar/
@@ -39,6 +39,8 @@ Patch10: tar-1.22-utimens.patch
Patch11: tar-1.22-rtapelib-overflow.patch
#realloc within check_exclusion_tags() causes invalid write(#570591)
Patch12: tar-1.22-exclusion-tags.patch
+#listing incomplete archive could cause segfault(#587831)
+Patch13: tar-1.22-segfault-incompletearchive.patch
Prereq: info
BuildRequires: autoconf automake gzip texinfo gettext libacl-devel libselinux-devel gawk rsh
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -71,6 +73,7 @@ the rmt package.
%patch10 -p1 -b .utimens
%patch11 -p1 -b .overflow
%patch12 -p1 -b .exclude
+%patch13 -p1 -b .incomplete
%build
autoreconf
@@ -128,6 +131,9 @@ fi
%{_infodir}/tar.info*
%changelog
+* Mon May 03 2010 Ondrej Vasik <ovasik at redhat.com> 2:1.22-13
+- listing incomplete archive could cause segfault(#587831)
+
* Wed Mar 10 2010 Ondrej Vasik <ovasik at redhat.com> 2:1.22-12
- CVE-2010-0624 tar, cpio: Heap-based buffer overflow
by expanding a specially-crafted archive (#572149)
More information about the scm-commits
mailing list