rpms/tar/F-11 tar-1.22-segfault-incompletearchive.patch, NONE, 1.1 tar.spec, 1.82, 1.83
Ondrej Vasik
ovasik at fedoraproject.org
Mon May 3 10:18:21 UTC 2010
- Previous message: rpms/clutter/devel Call-backend-handle_event-from-clutter_x11_handle_ev.patch, NONE, 1.1 Ignore-unexpected-GLX_BufferSwapComplete.patch, NONE, 1.1 Use-a-native-format-for-atlas-textures.patch, NONE, 1.1 .cvsignore, 1.28, 1.29 clutter.spec, 1.48, 1.49 sources, 1.28, 1.29
- Next message: rpms/perl-MogileFS-Utils/devel perl-MogileFS-Utils.spec,1.6,1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ovasik
Update of /cvs/pkgs/rpms/tar/F-11
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv11355
Modified Files:
tar.spec
Added Files:
tar-1.22-segfault-incompletearchive.patch
Log Message:
listing incomplete archive could cause segfault(#587831)
tar-1.22-segfault-incompletearchive.patch:
xheader.c | 3 +++
1 file changed, 3 insertions(+)
--- NEW FILE tar-1.22-segfault-incompletearchive.patch ---
diff -urNp tar-1.22-orig/src/xheader.c tar-1.22/src/xheader.c
--- tar-1.22-orig/src/xheader.c 2010-05-03 10:44:56.000000000 +0200
+++ tar-1.22/src/xheader.c 2010-05-03 10:46:41.000000000 +0200
@@ -734,6 +734,9 @@ xheader_read (struct xheader *xhdr, unio
if (len > BLOCKSIZE)
len = BLOCKSIZE;
+ if (!p)
+ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive")));
+
memcpy (&xhdr->buffer[j], p->buffer, len);
set_next_block_after (p);
Index: tar.spec
===================================================================
RCS file: /cvs/pkgs/rpms/tar/F-11/tar.spec,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -p -r1.82 -r1.83
--- tar.spec 10 Mar 2010 13:24:28 -0000 1.82
+++ tar.spec 3 May 2010 10:18:14 -0000 1.83
@@ -2,7 +2,7 @@ Summary: A GNU file archiving program
Name: tar
Epoch: 2
Version: 1.22
-Release: 5%{?dist}
+Release: 6%{?dist}
License: GPLv3+
Group: Applications/Archiving
URL: http://www.gnu.org/software/tar/
@@ -39,6 +39,8 @@ Patch10: tar-1.22-utimens.patch
Patch11: tar-1.22-rtapelib-overflow.patch
#realloc within check_exclusion_tags() causes invalid write(#570591)
Patch12: tar-1.22-exclusion-tags.patch
+#listing incomplete archive could cause segfault(#587831)
+Patch13: tar-1.22-segfault-incompletearchive.patch
Prereq: info
BuildRequires: autoconf automake gzip texinfo gettext libacl-devel libselinux-devel gawk rsh
@@ -72,6 +74,7 @@ the rmt package.
%patch10 -p1 -b .utimens
%patch11 -p1 -b .overflow
%patch12 -p1 -b .exclude
+%patch13 -p1 -b .incomplete
%build
autoreconf
@@ -129,6 +132,9 @@ fi
%{_infodir}/tar.info*
%changelog
+* Mon May 03 2010 Ondrej Vasik <ovasik at redhat.com> 2:1.22-6
+- listing incomplete archive could cause segfault(#587831)
+
* Wed Mar 10 2010 Ondrej Vasik <ovasik at redhat.com> 2:1.22-5
- CVE-2010-0624 tar, cpio: Heap-based buffer overflow
by expanding a specially-crafted archive (#572149)
- Previous message: rpms/clutter/devel Call-backend-handle_event-from-clutter_x11_handle_ev.patch, NONE, 1.1 Ignore-unexpected-GLX_BufferSwapComplete.patch, NONE, 1.1 Use-a-native-format-for-atlas-textures.patch, NONE, 1.1 .cvsignore, 1.28, 1.29 clutter.spec, 1.48, 1.49 sources, 1.28, 1.29
- Next message: rpms/perl-MogileFS-Utils/devel perl-MogileFS-Utils.spec,1.6,1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list