rpms/xar/devel xar-1.5.2-CVE-2010-0055.patch, NONE, 1.1 xar.spec, 1.12, 1.13

[Matthias Saou]

Author: thias

Update of /cvs/extras/rpms/xar/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv32506/devel

Modified Files:
	xar.spec 
Added Files:
	xar-1.5.2-CVE-2010-0055.patch 
Log Message:
Update EPEL branches to 1.5.2 and include fix for CVE-2010-0055 to all branches.


xar-1.5.2-CVE-2010-0055.patch:
 archive.c |   38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

--- NEW FILE xar-1.5.2-CVE-2010-0055.patch ---
Index: xar/lib/archive.c
===================================================================
--- xar/lib/archive.c	(revision 224)
+++ xar/lib/archive.c	(revision 225)
@@ -330,6 +330,44 @@
 
 		EVP_DigestFinal(&XAR(ret)->toc_ctx, toccksum, &tlen);
 
+		const char *value;
+		uint64_t offset = 0;
+		uint64_t length = tlen;
+		if( xar_prop_get( XAR_FILE(ret) , "checksum/offset", &value) == 0 ) {
+			errno = 0;
+			offset = strtoull( value, (char **)NULL, 10);
+			if( errno != 0 ) {
+				xar_close(ret);
+				return NULL;
+			}
+		} else if( xar_signature_first(ret) != NULL ) {
+			// All archives that have a signature also specify the location
+			// of the checksum.  If the location isn't specified, error out.
+			xar_close(ret);
+			return NULL;
+		}
+
+		XAR(ret)->heap_offset = xar_get_heap_offset(ret) + offset;
+		if( lseek(XAR(ret)->fd, XAR(ret)->heap_offset, SEEK_SET) == -1 ) {
+			xar_close(ret);
+			return NULL;
+		}
+		if( xar_prop_get( XAR_FILE(ret) , "checksum/size", &value) == 0 ) {
+			errno = 0;
+			length = strtoull( value, (char **)NULL, 10);
+			if( errno != 0 ) {
+				xar_close(ret);
+				return NULL;
+			}
+		} else if( xar_signature_first(ret) != NULL ) {
+			xar_close(ret);
+			return NULL;
+		}
+		if( length != tlen ) {
+			xar_close(ret);
+			return NULL;
+		}
+
 		xar_read_fd(XAR(ret)->fd, cval, tlen);
 		XAR(ret)->heap_offset += tlen;
 		if( memcmp(cval, toccksum, tlen) != 0 ) {


Index: xar.spec
===================================================================
RCS file: /cvs/extras/rpms/xar/devel/xar.spec,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -p -r1.12 -r1.13
--- xar.spec	21 Aug 2009 16:29:41 -0000	1.12
+++ xar.spec	28 Apr 2010 12:28:58 -0000	1.13
@@ -1,12 +1,13 @@
 Summary: The eXtensible ARchiver
 Name: xar
 Version: 1.5.2
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: BSD
 Group: Applications/Archiving
 URL: http://code.google.com/p/xar/
 Source: http://xar.googlecode.com/files/xar-%{version}.tar.gz
 Patch0: xar-1.5-norpath.patch
+Patch1: xar-1.5.2-CVE-2010-0055.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: libxml2-devel
 BuildRequires: openssl-devel
@@ -37,6 +38,7 @@ Development files for the eXtensible ARc
 %prep
 %setup -q
 %patch0 -p1 -b .norpath
+%patch1 -p1 -b .CVE-2010-0055
 
 
 %build
@@ -73,6 +75,9 @@ Development files for the eXtensible ARc
 
 
 %changelog
+* Wed Apr 28 2010 Matthias Saou <http://freshrpms.net/> 1.5.2-6
+- Include patch to fix CVE-2010-0055 (#570678).
+
 * Fri Aug 21 2009 Tomas Mraz <tmraz at redhat.com> - 1.5.2-5
 - rebuilt with new openssl