diff --git a/cpio-2.10-rtapeliboverflow.patch b/cpio-2.10-rtapeliboverflow.patch new file mode 100644 index 0000000..99558cb --- /dev/null +++ b/cpio-2.10-rtapeliboverflow.patch @@ -0,0 +1,13 @@ +diff -urNp cpio-2.10-orig/lib/rtapelib.c cpio-2.10/lib/rtapelib.c +--- cpio-2.10-orig/lib/rtapelib.c 2010-03-10 14:41:41.000000000 +0100 ++++ cpio-2.10/lib/rtapelib.c 2010-03-10 14:44:54.000000000 +0100 +@@ -580,6 +580,9 @@ rmt_read__ (int handle, char *buffer, si + || (status = get_status (handle)) == SAFE_READ_ERROR) + return SAFE_READ_ERROR; + ++ if (status > length) ++ return SAFE_READ_ERROR; ++ + for (counter = 0; counter < status; counter += rlen, buffer += rlen) + { + rlen = safe_read (READ_SIDE (handle), buffer, status - counter); diff --git a/cpio.spec b/cpio.spec index f37b0f8..b304f2b 100644 --- a/cpio.spec +++ b/cpio.spec @@ -3,7 +3,7 @@ Summary: A GNU archiving program Name: cpio Version: 2.10 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv3+ Group: Applications/Archiving URL: http://www.gnu.org/software/cpio/ @@ -19,6 +19,10 @@ Patch7: cpio-2.9-sys_umask.patch Patch8: cpio-2.9.90-defaultremoteshell.patch Patch9: cpio-2.10-utimens.patch Patch10: cpio-2.10-patternnamesigsegv.patch +# CVE-2010-0624 fix heap-based buffer overflow by expanding +# a specially-crafted archive(#572150) +Patch11: cpio-2.10-rtapeliboverflow.patch + Requires(post): /sbin/install-info Requires(preun): /sbin/install-info BuildRequires: texinfo, autoconf, gettext, rmt @@ -50,6 +54,7 @@ Install cpio if you need a program to manage file archives. %patch8 -p1 -b .defaultremote %patch9 -p1 -b .utimens %patch10 -p1 -b .patternsegv +%patch11 -p1 -b .rtapelib autoheader @@ -94,6 +99,10 @@ fi %{_infodir}/*.info* %changelog +* Wed Mar 10 2010 Ondrej Vasik 2.10-5 +- CVE-2010-0624 fix heap-based buffer overflow by expanding + a specially-crafted archive(#572150) + * Thu Feb 25 2010 Ondrej Vasik 2.10-4 - fix segfault with nonexisting file with patternnames (#567022)