diff --git a/cpio-2.10-rtapeliboverflow.patch b/cpio-2.10-rtapeliboverflow.patch new file mode 100644 index 0000000..99558cb --- /dev/null +++ b/cpio-2.10-rtapeliboverflow.patch @@ -0,0 +1,13 @@ +diff -urNp cpio-2.10-orig/lib/rtapelib.c cpio-2.10/lib/rtapelib.c +--- cpio-2.10-orig/lib/rtapelib.c 2010-03-10 14:41:41.000000000 +0100 ++++ cpio-2.10/lib/rtapelib.c 2010-03-10 14:44:54.000000000 +0100 +@@ -580,6 +580,9 @@ rmt_read__ (int handle, char *buffer, si + || (status = get_status (handle)) == SAFE_READ_ERROR) + return SAFE_READ_ERROR; + ++ if (status > length) ++ return SAFE_READ_ERROR; ++ + for (counter = 0; counter < status; counter += rlen, buffer += rlen) + { + rlen = safe_read (READ_SIDE (handle), buffer, status - counter); diff --git a/cpio.spec b/cpio.spec index 9403650..e7601b0 100644 --- a/cpio.spec +++ b/cpio.spec @@ -3,7 +3,7 @@ Summary: A GNU archiving program Name: cpio Version: 2.10 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv3+ Group: Applications/Archiving URL: http://www.gnu.org/software/cpio/ @@ -18,6 +18,9 @@ Patch6: cpio-2.9-sys_umask.patch Patch7: cpio-2.9.90-defaultremoteshell.patch Patch8: cpio-2.10-utimens.patch Patch9: cpio-2.10-patternnamesigsegv.patch +# CVE-2010-0624 fix heap-based buffer overflow by expanding +# a specially-crafted archive(#572150) +Patch10: cpio-2.10-rtapeliboverflow.patch Requires(post): /sbin/install-info Requires(preun): /sbin/install-info BuildRequires: texinfo, autoconf, gettext, rmt @@ -47,7 +50,8 @@ Install cpio if you need a program to manage file archives. %patch6 -p1 -b .sys_umask %patch7 -p1 -b .defaultremote %patch8 -p1 -b .utimens -%patch9 -p1 -b .patternsegv +%patch9 -p1 -b .patternsegv +%patch10 -p1 -b .rtapelib autoheader @@ -92,6 +96,10 @@ fi %{_infodir}/*.info* %changelog +* Wed Mar 10 2010 Ondrej Vasik 2.10-6 +- CVE-2010-0624 fix heap-based buffer overflow by expanding + a specially-crafted archive(#572150) + * Thu Feb 25 2010 Ondrej Vasik 2.10-5 - remove redundant setLocale patch - fix segfault with nonexisting file with patternnames