rpms/gcc/F-13 fastjar-0.97-filename0.patch, NONE, 1.1 fastjar-CVE-2010-0831.patch, NONE, 1.1 .cvsignore, 1.321, 1.322 gcc.spec, 1.102, 1.103 import.log, 1.27, 1.28 sources, 1.326, 1.327
Jakub Jelinek
jakub at fedoraproject.org
Fri Jun 11 08:19:53 UTC 2010
- Previous message: rpms/rubygem-acts-as-list/devel import.log, NONE, 1.1 rubygem-acts-as-list-0.1.2-require-ar.patch, NONE, 1.1 rubygem-acts-as-list.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message: rpms/smc-fonts/devel Meera.ttf,NONE,1.1 smc-fonts.spec,1.19,1.20
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jakub
Update of /cvs/pkgs/rpms/gcc/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv32118/F-13
Modified Files:
.cvsignore gcc.spec import.log sources
Added Files:
fastjar-0.97-filename0.patch fastjar-CVE-2010-0831.patch
Log Message:
4.4.4-8
fastjar-0.97-filename0.patch:
jartool.c | 1 +
1 file changed, 1 insertion(+)
--- NEW FILE fastjar-0.97-filename0.patch ---
2010-03-01 Richard Guenther <rguenther at suse.de>
* jartool.c (read_entries): Properly zero-terminate filename.
--- fastjar-0.97/jartool.c 6 Sep 2009 22:16:00 -0000 1.59
+++ fastjar-0.97/jartool.c 1 Mar 2010 15:38:43 -0000 1.60
@@ -790,6 +790,7 @@ int read_entries (int fd)
progname, jarfile);
return 1;
}
+ ze->filename[len] = '\0';
len = UNPACK_UB4(header, CEN_EFLEN);
len += UNPACK_UB4(header, CEN_COMLEN);
if (lseek (fd, len, SEEK_CUR) == -1)
fastjar-CVE-2010-0831.patch:
jartool.c | 34 +++++++++++++++++++++++++---------
1 file changed, 25 insertions(+), 9 deletions(-)
--- NEW FILE fastjar-CVE-2010-0831.patch ---
2010-06-10 Jakub Jelinek <jakub at redhat.com>
Dan Rosenberg <dan.j.rosenberg at gmail.com>
* jartool.c (extract_jar): Fix up checks for traversal to parent
directories, disallow absolute paths, make the code slightly more
efficient.
--- fastjar-0.97/jartool.c.jj 2009-09-07 00:10:47.000000000 +0200
+++ fastjar-0.97/jartool.c 2010-06-08 20:00:29.000000000 +0200
@@ -1730,7 +1730,17 @@ int extract_jar(int fd, const char **fil
struct stat sbuf;
int depth = 0;
- tmp_buff = malloc(sizeof(char) * strlen((const char *)filename));
+ if(*filename == '/'){
+ fprintf(stderr, "Absolute path names are not allowed.\n");
+ exit(EXIT_FAILURE);
+ }
+
+ tmp_buff = malloc(strlen((const char *)filename));
+
+ if(tmp_buff == NULL) {
+ fprintf(stderr, "Out of memory.\n");
+ exit(EXIT_FAILURE);
+ }
for(;;){
const ub1 *idx = (const unsigned char *)strchr((const char *)start, '/');
@@ -1738,25 +1748,28 @@ int extract_jar(int fd, const char **fil
if(idx == NULL)
break;
else if(idx == start){
+ tmp_buff[idx - filename] = '/';
start++;
continue;
}
- start = idx + 1;
- strncpy(tmp_buff, (const char *)filename, (idx - filename));
- tmp_buff[(idx - filename)] = '\0';
+ memcpy(tmp_buff + (start - filename), (const char *)start, (idx - start));
+ tmp_buff[idx - filename] = '\0';
#ifdef DEBUG
printf("checking the existance of %s\n", tmp_buff);
#endif
- if(strcmp(tmp_buff, "..") == 0){
+ if(idx - start == 2 && memcmp(start, "..", 2) == 0){
--depth;
if (depth < 0){
fprintf(stderr, "Traversal to parent directories during unpacking!\n");
exit(EXIT_FAILURE);
}
- } else if (strcmp(tmp_buff, ".") != 0)
+ } else if (idx - start != 1 || *start != '.')
++depth;
+
+ start = idx + 1;
+
if(stat(tmp_buff, &sbuf) < 0){
if(errno != ENOENT)
exit_on_error("stat");
@@ -1765,6 +1778,7 @@ int extract_jar(int fd, const char **fil
#ifdef DEBUG
printf("Directory exists\n");
#endif
+ tmp_buff[idx - filename] = '/';
continue;
}else {
fprintf(stderr, "Hmmm.. %s exists but isn't a directory!\n",
@@ -1781,10 +1795,11 @@ int extract_jar(int fd, const char **fil
if(verbose && handle)
printf("%10s: %s/\n", "created", tmp_buff);
+ tmp_buff[idx - filename] = '/';
}
/* only a directory */
- if(strlen((const char *)start) == 0)
+ if(*start == '\0')
dir = TRUE;
#ifdef DEBUG
@@ -1792,7 +1807,7 @@ int extract_jar(int fd, const char **fil
#endif
/* If the entry was just a directory, don't write to file, etc */
- if(strlen((const char *)start) == 0)
+ if(*start == '\0')
f_fd = -1;
free(tmp_buff);
@@ -1876,7 +1891,8 @@ int extract_jar(int fd, const char **fil
exit(EXIT_FAILURE);
}
- close(f_fd);
+ if (f_fd != -1)
+ close(f_fd);
if(verbose && dir == FALSE && handle)
printf("%10s: %s\n",
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/gcc/F-13/.cvsignore,v
retrieving revision 1.321
retrieving revision 1.322
diff -u -p -r1.321 -r1.322
--- .cvsignore 8 Jun 2010 09:59:56 -0000 1.321
+++ .cvsignore 11 Jun 2010 08:19:51 -0000 1.322
@@ -1,2 +1,2 @@
fastjar-0.97.tar.gz
-gcc-4.4.4-20100608.tar.bz2
+gcc-4.4.4-20100611.tar.bz2
Index: gcc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/gcc/F-13/gcc.spec,v
retrieving revision 1.102
retrieving revision 1.103
diff -u -p -r1.102 -r1.103
--- gcc.spec 8 Jun 2010 09:59:56 -0000 1.102
+++ gcc.spec 11 Jun 2010 08:19:52 -0000 1.103
@@ -1,9 +1,9 @@
-%global DATE 20100608
-%global SVNREV 160426
+%global DATE 20100611
+%global SVNREV 160596
%global gcc_version 4.4.4
# Note, gcc_release must be integer, if you want to add suffixes to
# %{release}, append them after %{gcc_release} on Release: line.
-%global gcc_release 7
+%global gcc_release 8
%global _unpackaged_files_terminate_build 0
%global multilib_64_archs sparc64 ppc64 s390x x86_64
%if 0%{?fedora} >= 13 || 0%{?rhel} >= 6
@@ -178,6 +178,8 @@ Patch20: gcc44-no-add-needed.patch
Patch1000: fastjar-0.97-segfault.patch
Patch1001: fastjar-0.97-len1.patch
+Patch1002: fastjar-0.97-filename0.patch
+Patch1003: fastjar-CVE-2010-0831.patch
# On ARM EABI systems, we do want -gnueabi to be part of the
# target triple.
@@ -519,6 +521,8 @@ tar xzf %{SOURCE4}
%patch1000 -p0 -b .fastjar-0.97-segfault~
%patch1001 -p0 -b .fastjar-0.97-len1~
+%patch1002 -p0 -b .fastjar-0.97-filename0~
+%patch1003 -p0 -b .fastjar-CVE-2010-0831~
%if %{bootstrap_java}
tar xjf %{SOURCE10}
@@ -1994,6 +1998,15 @@ fi
%endif
%changelog
+* Fri Jun 11 2010 Jakub Jelinek <jakub at redhat.com> 4.4.4-8
+- update from gcc-4_4-branch
+ - fix demangler (PR other/43838)
+- VTA backports
+ - further var-tracking speedup (#598310, PR debug/41371)
+- for typedefs in non-template classes adjust underlying type to
+ emit proper debug info (#601893)
+- fix up fastjar directory traversal bugs (CVE-2010-0831)
+
* Tue Jun 8 2010 Jakub Jelinek <jakub at redhat.com> 4.4.4-7
- update from gcc-4_4-branch
- PRs c++/43555, fortran/42900, fortran/44360, libfortran/41169,
Index: import.log
===================================================================
RCS file: /cvs/pkgs/rpms/gcc/F-13/import.log,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- import.log 8 Jun 2010 09:59:56 -0000 1.27
+++ import.log 11 Jun 2010 08:19:52 -0000 1.28
@@ -25,3 +25,4 @@ gcc-4_4_4-3_fc13:F-13:gcc-4.4.4-3.fc13.s
gcc-4_4_4-4_fc13:F-13:gcc-4.4.4-4.fc13.src.rpm:1274217265
gcc-4_4_4-5_fc13:F-13:gcc-4.4.4-5.fc13.src.rpm:1274827909
gcc-4_4_4-7_fc13:F-13:gcc-4.4.4-7.fc13.src.rpm:1275991168
+gcc-4_4_4-8_fc13:F-13:gcc-4.4.4-8.fc13.src.rpm:1276244305
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/gcc/F-13/sources,v
retrieving revision 1.326
retrieving revision 1.327
diff -u -p -r1.326 -r1.327
--- sources 8 Jun 2010 09:59:56 -0000 1.326
+++ sources 11 Jun 2010 08:19:52 -0000 1.327
@@ -1,2 +1,2 @@
2659f09c2e43ef8b7d4406321753f1b2 fastjar-0.97.tar.gz
-e1a2819e9a9daad24662476f4a29d704 gcc-4.4.4-20100608.tar.bz2
+a896e6090fb9f4ef74a8b292fda42af4 gcc-4.4.4-20100611.tar.bz2
- Previous message: rpms/rubygem-acts-as-list/devel import.log, NONE, 1.1 rubygem-acts-as-list-0.1.2-require-ar.patch, NONE, 1.1 rubygem-acts-as-list.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message: rpms/smc-fonts/devel Meera.ttf,NONE,1.1 smc-fonts.spec,1.19,1.20
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list