rpms/mikmod/FC-3 mikmod-3.1.6-security.patch, NONE, 1.1 mikmod-3.1.6-tar.patch, NONE, 1.1 mikmod.spec, 1.18, 1.19
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jun 7 11:21:57 UTC 2005
Author: stransky
Update of /cvs/dist/rpms/mikmod/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv18620
Modified Files:
mikmod.spec
Added Files:
mikmod-3.1.6-security.patch mikmod-3.1.6-tar.patch
Log Message:
fixed #159290,#159291 - CAN-2003-0427, fixed playing mod files from tar archive
mikmod-3.1.6-security.patch:
marchive.c | 52 +++++++++++++++++++---------------------------------
1 files changed, 19 insertions(+), 33 deletions(-)
--- NEW FILE mikmod-3.1.6-security.patch ---
--- mikmod-3.1.6/src/marchive.c.sec 2005-06-03 15:57:05.000000000 +0200
+++ mikmod-3.1.6/src/marchive.c 2005-06-06 11:02:31.000000000 +0200
@@ -269,6 +269,10 @@
{
int t;
+ /* a filename may not start with '-' since this could be abused to
+ feed another option to the archiver */
+ if (filename[0]=='-')
+ return 0;
for (t=0;modulepatterns[t];t++)
if (!fnmatch(modulepatterns[t],filename,FNM_NOESCAPE))
return 1;
@@ -522,8 +526,8 @@
if (!pipe(fd)) {
pid_t pid;
- int status,cur,finished=0;
- char ch;
+ FILE *file;
+ int status,s;
switch (pid=fork()) {
case -1: /* fork failed */
@@ -553,40 +557,22 @@
}
break;
default: /* fork succeeded, main process code */
- /* have to wait for the child to ensure the command was
- successful and the pipe contains useful
- information */
- /* read from the pipe */
close(fd[1]);
- cur=0;
- for (;;) {
- /* check if child process has finished */
- if ((!finished)&&(waitpid(pid,&status,WNOHANG))) {
- finished=1;
- /* abnormal exit */
- if (!WIFEXITED(status)) {
- close(fd[0]);
- break;
- }
- }
-
- /* check for end of pipe, otherwise read char */
- if ((!read(fd[0],&ch,1))&&(finished)) break;
-
- if (ch=='\n') ch=0;
- string[cur++]=ch;
- if (!ch) {
- cur=0;
- if (!MA_archiver[archive].nameoffset) {
- for (t=0;string[t]!=' ';t++);
- string[t]=0;
- }
- if (MA_isModuleFilename2(string+MA_archiver[archive].nameoffset))
- PL_Add(pl,(string+MA_archiver[archive].nameoffset),filename,0,0);
- }
+ if (!(file=fdopen(fd[0],"r"))) {
+ close(fd[0]);
+ waitpid(pid,&status,0);
+ break;
+ }
+ /* read from the pipe */
+ while (fgets(string,PATH_MAX+MAXCOLUMN+1,file)) {
+ s=strlen(string)-1;
+ if (string[s]=='\n') string[s]='\0';
+ if (MA_isModuleFilename2(string+MA_archiver[archive].nameoffset))
+ PL_Add(pl,(string+MA_archiver[archive].nameoffset),filename,0,0);
}
- close(fd[0]);
+ fclose(file);
+ waitpid(pid,&status,0);
break;
}
}
mikmod-3.1.6-tar.patch:
marchive.c | 21 +++++++++++++++------
1 files changed, 15 insertions(+), 6 deletions(-)
--- NEW FILE mikmod-3.1.6-tar.patch ---
--- mikmod-3.1.6/src/marchive.c.tar 2005-06-06 16:12:52.000000000 +0200
+++ mikmod-3.1.6/src/marchive.c 2005-06-06 16:18:20.000000000 +0200
@@ -149,19 +149,19 @@
/* PKzip archive */
{ 0, pksignature, "unzip", "-pqq", NULL, "-vqq", NULL, 58},
/* zoo */
- { 20, zoosignature, "zoo", "xpq", NULL, "lq", NULL, 47},
+ { 20, zoosignature, "zoo", "xpq", NULL, "lfq", NULL, 0},
/* rar */
{ 0, rarsignature, "unrar", "p", "-inul", "v", "-c-", 1},
/* lharc */
{ 2, lhsignature, "lha", "pq", NULL, "vvq", NULL, 0},
{ 2, lzsignature, "lha", "pq", NULL, "vvq", NULL, 0},
/* tar */
- { 257,tarsignature, "tar", "-xOf", NULL, "-tRf", NULL, 18},
+ { 257,tarsignature, "tar", "-xOf", NULL, "-tf", NULL, 0},
/* tar.gz */
- { -1, targzextension, "tar", "-xOzf", NULL, "-tRzf", NULL, 18},
+ { -1, targzextension, "tar", "-xOzf", NULL, "-tzf", NULL, 0},
/* tar.bz2 */
{ -1, tarbzip2extension, "tar", "--use-compress-program=bzip2",
- "-xOf", "--use-compress-program=bzip2", "-tRf", 18},
+ "-xOf", "--use-compress-program=bzip2", "-tf", 0},
/* gzip */
{ 0, gzsignature, "gzip", "-dqc", NULL, NULL, NULL, 0},
/* bzip2 */
@@ -566,8 +566,17 @@
}
/* read from the pipe */
while (fgets(string,PATH_MAX+MAXCOLUMN+1,file)) {
- s=strlen(string)-1;
- if (string[s]=='\n') string[s]='\0';
+ s = strlen(string) - 1;
+ if (string[s]=='\n')
+ string[s]='\0';
+
+ /* remove trailing whitespace from the filename */
+ for (s = 0, t = 0; string[t]; t++)
+ if (string[t] != ' ')
+ s = t;
+ if(s)
+ string[s+1] = '\0';
+
if (MA_isModuleFilename2(string+MA_archiver[archive].nameoffset))
PL_Add(pl,(string+MA_archiver[archive].nameoffset),filename,0,0);
}
Index: mikmod.spec
===================================================================
RCS file: /cvs/dist/rpms/mikmod/FC-3/mikmod.spec,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- mikmod.spec 14 Dec 2004 01:26:42 -0000 1.18
+++ mikmod.spec 7 Jun 2005 11:21:55 -0000 1.19
@@ -4,7 +4,7 @@
Summary: A MOD music file player.
Name: mikmod
Version: 3.1.6
-Release: 30.2
+Release: 31.FC3
License: LGPL
Group: Applications/Multimedia
Prereq: /sbin/ldconfig
@@ -19,6 +19,8 @@
Patch3: libmikmod-64bit.patch
Patch4: patch-mikmod-3.1.6-a
Patch5: mikmod-3.1.6-varargs.patch
+Patch7: mikmod-3.1.6-security.patch
+Patch8: mikmod-3.1.6-tar.patch
Obsoletes: tracker
%description
@@ -51,6 +53,8 @@
%patch3 -p1
%patch4 -p1 -b .orig
%patch5 -p1
+%patch7 -p1 -b .sec
+%patch8 -p1 -b .tar
%build
rm -rf $RPM_BUILD_ROOT
@@ -110,6 +114,10 @@
%{_mandir}/man1/libmikmod-config*
%changelog
+* Mon Jun 6 2005 Martin Stransky <stransky at redhat.com> 3.1.6-31.FC3
+- fixed #159290,#159291 - CAN-2003-0427
+- fixed playing mod files from tar archive
+
* Mon Dec 13 2004 Bill Nottingham <notting at redhat.com> 3.1.6-30.2
- move mikmod binary back to main package (#142668)
More information about the fedora-cvs-commits
mailing list