rpms/cpio/FC-6 cpio-2.6-safer_name_suffix.patch, NONE, 1.1 cpio.spec, 1.44, 1.45
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Nov 2 13:13:23 UTC 2007
- Previous message (by thread): rpms/openldap/FC-6 openldap-2.3.34-classes-dos.patch, NONE, 1.1 openldap-2.3.34-pcache.patch, NONE, 1.1
- Next message (by thread): rpms/kernel/FC-6 patch-2.6.22.11.bz2.sign, NONE, 1.1 patch-2.6.22.12-rc1.bz2.sign, NONE, 1.1 .cvsignore, 1.576, 1.577 kernel-2.6.spec, 1.3035, 1.3036 sources, 1.540, 1.541 upstream, 1.460, 1.461 linux-2.6-genirq-fixes.patch, 1.1, NONE linux-2.6-lvm-snapshot-deadlock-fix.patch, 1.1, NONE linux-2.6-params-sysfs-skip-missing-period.patch, 1.1, NONE linux-2.6-x86_64-revert-sparsemem-4g.patch, 1.1, NONE patch-2.6.22.10.bz2.sign, 1.1, NONE patch-2.6.22.11-rc1.bz2.sign, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rbrich
Update of /cvs/dist/rpms/cpio/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv30167
Modified Files:
cpio.spec
Added Files:
cpio-2.6-safer_name_suffix.patch
Log Message:
CVE-2007-4476
cpio-2.6-safer_name_suffix.patch:
copyin.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletion(-)
--- NEW FILE cpio-2.6-safer_name_suffix.patch ---
diff -up cpio-2.6/src/copyin.c.safer_name_suffix cpio-2.6/src/copyin.c
--- cpio-2.6/src/copyin.c.safer_name_suffix 2007-10-24 17:27:52.000000000 +0200
+++ cpio-2.6/src/copyin.c 2007-11-01 15:59:39.000000000 +0100
@@ -1382,12 +1382,13 @@ safer_name_suffix (char const *file_name
if (prefix_len)
{
- char *prefix = alloca (prefix_len + 1);
+ char *prefix = xmalloc (prefix_len + 1);
memcpy (prefix, file_name, prefix_len);
prefix[prefix_len] = '\0';
error (0, 0, _("Removing leading `%s' from member names"), prefix);
+ free(prefix);
}
if (!*p)
Index: cpio.spec
===================================================================
RCS file: /cvs/dist/rpms/cpio/FC-6/cpio.spec,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- cpio.spec 5 Dec 2006 12:01:27 -0000 1.44
+++ cpio.spec 2 Nov 2007 13:13:21 -0000 1.45
@@ -6,7 +6,7 @@
Summary: A GNU archiving program.
Name: cpio
Version: 2.6
-Release: 21%{?dist}
+Release: 22%{?dist}
License: GPL
Group: Applications/Archiving
URL: http://www.gnu.org/software/cpio/
@@ -24,6 +24,7 @@
Patch22: cpio-2.6-writeOutHeaderBufferOverflow.patch
Patch23: cpio-2.6-initHeaderStruct.patch
Patch24: cpio-2.6-setLocale.patch
+Patch25: cpio-2.6-safer_name_suffix.patch
%ifnos linux
Prereq: /sbin/rmt
@@ -60,6 +61,7 @@
%patch22 -p1 -b .bufferOverflow
%patch23 -p1 -b .initHeaderStruct
%patch24 -p1 -b .setLocale
+%patch25 -p1 -b .safer_name_suffix
autoheader
@@ -112,6 +114,9 @@
%{_infodir}/*.info*
%changelog
+* Fri Nov 02 2007 Radek Brich <rbrich at redhat.com> 2.6-22
+- patch for CVE-2007-4476 (stack crashing in safer_name_suffix)
+
* Tue Dec 05 2006 Peter Vrabec <pvrabec at redhat.com> 2.6-21
- fix setlocale (#200478)
- Previous message (by thread): rpms/openldap/FC-6 openldap-2.3.34-classes-dos.patch, NONE, 1.1 openldap-2.3.34-pcache.patch, NONE, 1.1
- Next message (by thread): rpms/kernel/FC-6 patch-2.6.22.11.bz2.sign, NONE, 1.1 patch-2.6.22.12-rc1.bz2.sign, NONE, 1.1 .cvsignore, 1.576, 1.577 kernel-2.6.spec, 1.3035, 1.3036 sources, 1.540, 1.541 upstream, 1.460, 1.461 linux-2.6-genirq-fixes.patch, 1.1, NONE linux-2.6-lvm-snapshot-deadlock-fix.patch, 1.1, NONE linux-2.6-params-sysfs-skip-missing-period.patch, 1.1, NONE linux-2.6-x86_64-revert-sparsemem-4g.patch, 1.1, NONE patch-2.6.22.10.bz2.sign, 1.1, NONE patch-2.6.22.11-rc1.bz2.sign, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list