rpms/cpio/F-13 cpio-2.10-rtapeliboverflow.patch, NONE, 1.1 cpio.spec, 1.70, 1.71
Ondrej Vasik
ovasik at fedoraproject.org
Wed Mar 10 14:01:32 UTC 2010
Author: ovasik
Update of /cvs/pkgs/rpms/cpio/F-13
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21014
Modified Files:
cpio.spec
Added Files:
cpio-2.10-rtapeliboverflow.patch
Log Message:
CVE-2010-0624 fix heap-based buffer overflow by expanding a specially-crafted archive(#572150)
cpio-2.10-rtapeliboverflow.patch:
rtapelib.c | 3 +++
1 file changed, 3 insertions(+)
--- NEW FILE cpio-2.10-rtapeliboverflow.patch ---
diff -urNp cpio-2.10-orig/lib/rtapelib.c cpio-2.10/lib/rtapelib.c
--- cpio-2.10-orig/lib/rtapelib.c 2010-03-10 14:41:41.000000000 +0100
+++ cpio-2.10/lib/rtapelib.c 2010-03-10 14:44:54.000000000 +0100
@@ -580,6 +580,9 @@ rmt_read__ (int handle, char *buffer, si
|| (status = get_status (handle)) == SAFE_READ_ERROR)
return SAFE_READ_ERROR;
+ if (status > length)
+ return SAFE_READ_ERROR;
+
for (counter = 0; counter < status; counter += rlen, buffer += rlen)
{
rlen = safe_read (READ_SIDE (handle), buffer, status - counter);
Index: cpio.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cpio/F-13/cpio.spec,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -p -r1.70 -r1.71
--- cpio.spec 25 Feb 2010 08:53:05 -0000 1.70
+++ cpio.spec 10 Mar 2010 14:01:32 -0000 1.71
@@ -3,7 +3,7 @@
Summary: A GNU archiving program
Name: cpio
Version: 2.10
-Release: 5%{?dist}
+Release: 6%{?dist}
License: GPLv3+
Group: Applications/Archiving
URL: http://www.gnu.org/software/cpio/
@@ -18,6 +18,9 @@ Patch6: cpio-2.9-sys_umask.patch
Patch7: cpio-2.9.90-defaultremoteshell.patch
Patch8: cpio-2.10-utimens.patch
Patch9: cpio-2.10-patternnamesigsegv.patch
+# CVE-2010-0624 fix heap-based buffer overflow by expanding
+# a specially-crafted archive(#572150)
+Patch10: cpio-2.10-rtapeliboverflow.patch
Requires(post): /sbin/install-info
Requires(preun): /sbin/install-info
BuildRequires: texinfo, autoconf, gettext, rmt
@@ -47,7 +50,8 @@ Install cpio if you need a program to ma
%patch6 -p1 -b .sys_umask
%patch7 -p1 -b .defaultremote
%patch8 -p1 -b .utimens
-%patch9 -p1 -b .patternsegv
+%patch9 -p1 -b .patternsegv
+%patch10 -p1 -b .rtapelib
autoheader
@@ -92,6 +96,10 @@ fi
%{_infodir}/*.info*
%changelog
+* Wed Mar 10 2010 Ondrej Vasik <ovasik at redhat.com> 2.10-6
+- CVE-2010-0624 fix heap-based buffer overflow by expanding
+ a specially-crafted archive(#572150)
+
* Thu Feb 25 2010 Ondrej Vasik <ovasik at redhat.com> 2.10-5
- remove redundant setLocale patch
- fix segfault with nonexisting file with patternnames
More information about the scm-commits
mailing list