rpms/cpio/F-7 cpio-2.6-safer_name_suffix.patch, NONE, 1.1 cpio.spec, 1.52, 1.53
Radek Brich (rbrich)
fedora-extras-commits at redhat.com
Fri Nov 2 09:33:33 UTC 2007
Author: rbrich
Update of /cvs/extras/rpms/cpio/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv983
Modified Files:
cpio.spec
Added Files:
cpio-2.6-safer_name_suffix.patch
Log Message:
CVE-2007-4476
cpio-2.6-safer_name_suffix.patch:
--- NEW FILE cpio-2.6-safer_name_suffix.patch ---
diff -up cpio-2.6/src/copyin.c.safer_name_suffix cpio-2.6/src/copyin.c
--- cpio-2.6/src/copyin.c.safer_name_suffix 2007-10-24 17:27:52.000000000 +0200
+++ cpio-2.6/src/copyin.c 2007-11-01 15:59:39.000000000 +0100
@@ -1382,12 +1382,13 @@ safer_name_suffix (char const *file_name
if (prefix_len)
{
- char *prefix = alloca (prefix_len + 1);
+ char *prefix = xmalloc (prefix_len + 1);
memcpy (prefix, file_name, prefix_len);
prefix[prefix_len] = '\0';
error (0, 0, _("Removing leading `%s' from member names"), prefix);
+ free(prefix);
}
if (!*p)
Index: cpio.spec
===================================================================
RCS file: /cvs/extras/rpms/cpio/F-7/cpio.spec,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- cpio.spec 20 Feb 2007 16:30:05 -0000 1.52
+++ cpio.spec 2 Nov 2007 09:33:00 -0000 1.53
@@ -3,7 +3,7 @@
Summary: A GNU archiving program
Name: cpio
Version: 2.6
-Release: 27%{?dist}
+Release: 28%{?dist}
License: GPL
Group: Applications/Archiving
URL: http://www.gnu.org/software/cpio/
@@ -19,8 +19,9 @@
Patch7: cpio-2.6-warnings.patch
Patch8: cpio-2.6-checksum.patch
Patch9: cpio-2.6-writeOutHeaderBufferOverflow.patch
-Patch10:cpio-2.6-initHeaderStruct.patch
-Patch11:cpio-2.6-setLocale.patch
+Patch10: cpio-2.6-initHeaderStruct.patch
+Patch11: cpio-2.6-setLocale.patch
+Patch12: cpio-2.6-safer_name_suffix.patch
Requires(post): /sbin/install-info
Requires(preun): /sbin/install-info
BuildRequires: texinfo, autoconf, gettext
@@ -54,6 +55,7 @@
%patch9 -p1 -b .bufferOverflow
%patch10 -p1 -b .initHeaderStruct
%patch11 -p1 -b .setLocale.patch
+%patch12 -p1 -b .safer_name_suffix
autoheader
@@ -93,6 +95,9 @@
%{_infodir}/*.info*
%changelog
+* Fri Nov 02 2007 Radek Brich <rbrich at redhat.com> 2.6-28
+- patch for CVE-2007-4476 (stack crashing in safer_name_suffix)
+
* Tue Feb 20 2007 Peter Vrabec <pvrabec at redhat.com> 2.6-27
- fix typo in changelog
More information about the fedora-extras-commits
mailing list