rpms/libtar/devel libtar-1.2.11-mem-deref.patch, NONE, 1.1 libtar.spec, 1.18, 1.19 sources, 1.4, 1.5
Huzaifa Sidhpurwala
huzaifas at fedoraproject.org
Thu Dec 31 03:50:37 UTC 2009
- Previous message: rpms/gigolo/devel .cvsignore, 1.5, 1.6 gigolo.spec, 1.5, 1.6 sources, 1.5, 1.6
- Next message: rpms/libtar/F-12 libtar-1.2.11-mem-deref.patch, NONE, 1.1 libtar.spec, 1.18, 1.19
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: huzaifas
Update of /cvs/pkgs/rpms/libtar/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12652
Modified Files:
libtar.spec sources
Added Files:
libtar-1.2.11-mem-deref.patch
Log Message:
Fix BZ #380965
libtar-1.2.11-mem-deref.patch:
libtar.h | 1 +
util.c | 4 +---
2 files changed, 2 insertions(+), 3 deletions(-)
--- NEW FILE libtar-1.2.11-mem-deref.patch ---
--- libtar-1.2.11/lib/libtar.h.deref 2009-12-30 16:37:03.790121122 +0100
+++ libtar-1.2.11/lib/libtar.h 2009-12-30 16:37:35.521246633 +0100
@@ -172,6 +172,7 @@ int th_write(TAR *t);
#define TH_ISDIR(t) ((t)->th_buf.typeflag == DIRTYPE \
|| S_ISDIR((mode_t)oct_to_int((t)->th_buf.mode)) \
|| ((t)->th_buf.typeflag == AREGTYPE \
+ && strlen((t)->th_buf.name) \
&& ((t)->th_buf.name[strlen((t)->th_buf.name) - 1] == '/')))
#define TH_ISFIFO(t) ((t)->th_buf.typeflag == FIFOTYPE \
|| S_ISFIFO((mode_t)oct_to_int((t)->th_buf.mode)))
--- libtar-1.2.11/lib/util.c.deref 2003-01-07 02:41:00.000000000 +0100
+++ libtar-1.2.11/lib/util.c 2009-12-30 17:35:51.860121660 +0100
@@ -133,9 +133,7 @@ oct_to_int(char *oct)
{
int i;
- sscanf(oct, "%o", &i);
-
- return i;
+ return sscanf(oct, "%o", &i) == 1 ? i : 0;
}
Index: libtar.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libtar/devel/libtar.spec,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -p -r1.18 -r1.19
--- libtar.spec 20 Nov 2009 09:52:56 -0000 1.18
+++ libtar.spec 31 Dec 2009 03:50:36 -0000 1.19
@@ -1,7 +1,7 @@
Summary: Tar file manipulation API
Name: libtar
Version: 1.2.11
-Release: 15%{?dist}
+Release: 16%{?dist}
License: MIT
Group: System Environment/Libraries
URL: http://www.feep.net/libtar/
@@ -10,6 +10,7 @@ Patch0: http://ftp.debian.org/de
Patch1: libtar-1.2.11-missing-protos.patch
Patch2: libtar-macro.patch
Patch3: libtar-1.2.11-tar_header.patch
+Patch4: libtar-1.2.11-mem-deref.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
BuildRequires: zlib-devel libtool
@@ -35,6 +36,8 @@ developing applications that use %{name}
%patch1 -p1
%patch2 -p1
%patch3 -p1 -b .tar_header
+%patch4 -p1 -b .deref
+
# set correct version for .so build
%define ltversion %(echo %{version} | tr '.' ':')
sed -i 's/-rpath $(libdir)/-rpath $(libdir) -version-number %{ltversion}/' \
@@ -87,6 +90,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Thu Dec 31 2009 Huzaifa Sidhpurwala <huzaifas at redhat.com> - 1.2.11-16
+- Fix invalid memory de-reference issue in BZ #380965
+
* Fri Nov 20 2009 Huzaifa Sidhpurwala <huzaifas at redhat.com> - 1.2.11-15
- Fix buffer overflow in BZ #538770
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/libtar/devel/sources,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- sources 20 Nov 2009 10:07:01 -0000 1.4
+++ sources 31 Dec 2009 03:50:36 -0000 1.5
@@ -1 +1,2 @@
604238e8734ce6e25347a58c4f1a1d7e libtar-1.2.11.tar.gz
+8149a09f4baef9a879ef5f74dab1c32e libtar_1.2.11-4.diff.gz
- Previous message: rpms/gigolo/devel .cvsignore, 1.5, 1.6 gigolo.spec, 1.5, 1.6 sources, 1.5, 1.6
- Next message: rpms/libtar/F-12 libtar-1.2.11-mem-deref.patch, NONE, 1.1 libtar.spec, 1.18, 1.19
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list