commit tar for openSUSE:Factory
Hello community, here is the log from the commit of package tar for openSUSE:Factory checked in at Fri Mar 12 01:53:53 CET 2010. -------- --- tar/tar.changes 2010-02-02 21:59:19.000000000 +0100 +++ /mounts/work_src_done/STABLE/tar/tar.changes 2010-03-10 20:27:33.000000000 +0100 @@ -1,0 +2,6 @@ +Wed Mar 3 09:29:23 UTC 2010 - mseben@novell.com + +- added heap_overflow_in_rtapelib.patch fix possible heap overflow in + rtapelib.c (bnc#579475) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- tar-heap_overflow_in_rtapelib.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tar.spec ++++++ --- /var/tmp/diff_new_pack.kU0shx/_old 2010-03-12 01:53:43.000000000 +0100 +++ /var/tmp/diff_new_pack.kU0shx/_new 2010-03-12 01:53:43.000000000 +0100 @@ -27,7 +27,7 @@ PreReq: %install_info_prereq AutoReqProv: on Version: 1.22 -Release: 1 +Release: 2 Summary: GNU implementation of tar ((t)ape (ar)chiver) Source0: %name-%version.tar.bz2 # @@ -36,6 +36,8 @@ Patch2: tar-manpage.patch Patch3: tar-wildcards.patch Patch5: tar-1.22-fortifysourcessigabrt.patch +#fix possible heap overflow in rtapelib.c bnc#579475 (fix already in upstream git) +Patch6: tar-heap_overflow_in_rtapelib.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Recommends: xz Recommends: tar-lang = %version @@ -89,6 +91,7 @@ %patch2 -p1 %patch3 -p1 %patch5 -p1 +%patch6 -p1 %build rm -f po/no.* po/ky.* ++++++ tar-heap_overflow_in_rtapelib.patch ++++++
From 9bc39283e4cc6ab9e5913ccbf766998eab4ff093 Mon Sep 17 00:00:00 2001 From: Sergey Poznyakoff
Date: Mon, 01 Mar 2010 08:49:03 +0000 Subject: Bugfixes in rtapelib
* lib/rmt.h (rmtcreat): Use fcntl O_ macros insead of their hardcoded values. * lib/rtapelib.c (rmt_read__,rmt_ioctl__): Prevent potential overflow. --- diff --git a/lib/rmt.h b/lib/rmt.h index 50f037c..2ce9dc5 100644 --- a/lib/rmt.h +++ b/lib/rmt.h @@ -61,7 +61,7 @@ extern bool force_local_option; #define rmtcreat(dev_name, mode, command) \ (_remdev (dev_name) \ - ? rmt_open__ (dev_name, 1 | O_CREAT, __REM_BIAS, command) \ + ? rmt_open__ (dev_name, O_CREAT | O_WRONLY, __REM_BIAS, command) \ : creat (dev_name, mode)) #define rmtlstat(dev_name, muffer) \ diff --git a/lib/rtapelib.c b/lib/rtapelib.c index 02ad1e7..cb645db 100644 --- a/lib/rtapelib.c +++ b/lib/rtapelib.c @@ -573,7 +573,8 @@ rmt_read__ (int handle, char *buffer, size_t length) sprintf (command_buffer, "R%lu\n", (unsigned long) length); if (do_command (handle, command_buffer) == -1 - || (status = get_status (handle)) == SAFE_READ_ERROR) + || (status = get_status (handle)) == SAFE_READ_ERROR + || status > length) return SAFE_READ_ERROR; for (counter = 0; counter < status; counter += rlen, buffer += rlen) @@ -709,6 +710,12 @@ rmt_ioctl__ (int handle, int operation, char *argument) || (status = get_status (handle), status == -1)) return -1; + if (status > sizeof (struct mtop)) + { + errno = EOVERFLOW; + return -1; + } + for (; status > 0; status -= counter, argument += counter) { counter = safe_read (READ_SIDE (handle), argument, status); -- cgit v0.8.2.1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de