From ddb852da99a24921a603a6dbc561453d43c5f099 Mon Sep 17 00:00:00 2001
From: Ondrej Vasik <ovasik@fedoraproject.org>
Date: Mar 10 2010 14:40:18 +0000
Subject: CVE-2010-0624 fix heap-based buffer overflow by expanding a

    specially-crafted archive(#572150)

---

diff --git a/cpio-2.10-rtapeliboverflow.patch b/cpio-2.10-rtapeliboverflow.patch
new file mode 100644
index 0000000..99558cb
--- /dev/null
+++ b/cpio-2.10-rtapeliboverflow.patch
@@ -0,0 +1,13 @@
+diff -urNp cpio-2.10-orig/lib/rtapelib.c cpio-2.10/lib/rtapelib.c
+--- cpio-2.10-orig/lib/rtapelib.c	2010-03-10 14:41:41.000000000 +0100
++++ cpio-2.10/lib/rtapelib.c	2010-03-10 14:44:54.000000000 +0100
+@@ -580,6 +580,9 @@ rmt_read__ (int handle, char *buffer, si
+       || (status = get_status (handle)) == SAFE_READ_ERROR)
+     return SAFE_READ_ERROR;
+ 
++  if (status > length)
++    return SAFE_READ_ERROR;
++
+   for (counter = 0; counter < status; counter += rlen, buffer += rlen)
+     {
+       rlen = safe_read (READ_SIDE (handle), buffer, status - counter);
diff --git a/cpio.spec b/cpio.spec
index d314491..310e9e6 100644
--- a/cpio.spec
+++ b/cpio.spec
@@ -3,7 +3,7 @@
 Summary: A GNU archiving program
 Name: cpio
 Version: 2.9.90
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv3+
 Group: Applications/Archiving
 URL: http://www.gnu.org/software/cpio/
@@ -20,6 +20,9 @@ Patch7: cpio-2.9-sys_umask.patch
 Patch8: cpio-2.9.90-defaultremoteshell.patch
 Patch9: cpio-fortifysources.patch
 Patch10: cpio-2.10-patternnamesigsegv.patch
+# CVE-2010-0624 fix heap-based buffer overflow by expanding
+# a specially-crafted archive(#572150)
+Patch11: cpio-2.10-rtapeliboverflow.patch
 Requires(post): /sbin/install-info
 Requires(preun): /sbin/install-info
 BuildRequires: texinfo, autoconf, gettext, rmt
@@ -51,6 +54,8 @@ Install cpio if you need a program to manage file archives.
 %patch8  -p1 -b .defaultremote
 %patch9  -p1 -b .fortify
 %patch10  -p1 -b .patternsegv
+%patch11  -p1 -b .rtapelib
+
 
 autoheader
 
@@ -95,6 +100,10 @@ fi
 %{_infodir}/*.info*
 
 %changelog
+* Wed Mar 10 2010 Ondrej Vasik <ovasik@redhat.com> 2.9.90-8
+- CVE-2010-0624 fix heap-based buffer overflow by expanding
+  a specially-crafted archive(#572150)
+
 * Thu Feb 25 2010 Ondrej Vasik <ovasik@redhat.com> 2.9.90-7
 - fix segfault with nonexisting file with patternnames
   (#567022)