Hello community, here is the log from the commit of package rpm for openSUSE:11.4 checked in at Mon Oct 10 12:39:31 CEST 2011. -------- --- old-versions/11.4/all/rpm/rpm.changes 2011-01-14 10:00:03.000000000 +0100 +++ 11.4/rpm/rpm.changes 2011-10-04 19:28:10.000000000 +0200 @@ -1,0 +2,6 @@ +Tue Oct 4 19:20:23 CEST 2011 - mls@suse.de + +- fix multiple crashes on malformed data in header and gpg + key processing [bnc#720824] + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/rpm Destination is old-versions/11.4/UPDATES/all/rpm calling whatdependson for 11.4-i586 New: ---- headerchk.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rpm-python.spec ++++++ --- /var/tmp/diff_new_pack.vtyscx/_old 2011-10-10 12:38:59.000000000 +0200 +++ /var/tmp/diff_new_pack.vtyscx/_new 2011-10-10 12:38:59.000000000 +0200 @@ -26,7 +26,7 @@ Group: System/Packages Summary: Python Bindings for Manipulating RPM Packages Version: 4.8.0 -Release: 18 +Release: 21.<RELEASE2> Requires: rpm = %{version} %py_requires Source99: rpm.spec ++++++ rpm.spec ++++++ --- /var/tmp/diff_new_pack.vtyscx/_old 2011-10-10 12:38:59.000000000 +0200 +++ /var/tmp/diff_new_pack.vtyscx/_new 2011-10-10 12:38:59.000000000 +0200 @@ -29,7 +29,7 @@ AutoReqProv: on Summary: The RPM Package Manager Version: 4.8.0 -Release: 18 +Release: 28.<RELEASE29> Source: rpm-%{version}.tar.bz2 Source1: RPM-HOWTO.tar.bz2 Source2: RPM-Tips.html.tar.bz2 @@ -120,6 +120,7 @@ Patch83: langnoc.diff Patch84: initscriptsprov.diff Patch85: remove-translations.diff +Patch86: headerchk.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build # # avoid bootstrapping problem @@ -181,7 +182,7 @@ %patch -P 50 -P 51 -P 52 -P 53 -P 54 -P 55 -P 56 -P 57 -P 58 -P 59 %patch -P 60 -P 61 -P 62 -P 63 -P 64 -P 65 -P 66 -P 67 -P 68 -P 69 %patch -P 70 -P 71 -P 72 -P 73 -P 74 -P 75 -P 76 -P 77 -P 78 -P 79 -%patch -P 80 -P 81 -P 82 -P 83 -P 85 +%patch -P 80 -P 81 -P 82 -P 83 -P 85 -P 86 %patch84 -p1 #chmod 755 scripts/find-supplements{,.ksyms} #chmod 755 scripts/find-provides.ksyms scripts/find-requires.ksyms ++++++ headerchk.diff ++++++ --- ./lib/header.c.orig 2009-12-07 14:36:49.000000000 +0000 +++ ./lib/header.c 2011-10-04 17:17:48.000000000 +0000 @@ -358,6 +358,9 @@ static int regionSwab(indexEntry entry, const unsigned char * dataEnd, int regionid) { + if ((entry != NULL && regionid >= 0) || (entry == NULL && regionid != 0)) + return -1; + for (; il > 0; il--, pe++) { struct indexEntry_s ie; rpmTagType type; @@ -822,7 +825,7 @@ Header headerLoad(void * uh) { int off = ntohl(pe->offset); - if (hdrchkData(off)) + if (hdrchkData(off) || hdrchkRange(dl, off)) goto errxit; if (off) { size_t nb = REGION_TAG_COUNT; @@ -881,6 +884,11 @@ Header headerLoad(void * uh) h->indexUsed += ne; } } + + rdlen += REGION_TAG_COUNT; + /* XXX should be equality test, but dribbles are sometimes a bit off? */ + if (rdlen > dl) + goto errxit; } h->flags &= ~HEADERFLAG_SORTED; --- ./rpmio/rpmpgp.c.orig 2011-10-04 17:17:40.000000000 +0000 +++ ./rpmio/rpmpgp.c 2011-10-04 17:17:48.000000000 +0000 @@ -378,6 +378,9 @@ static int pgpPrtSubType(const uint8_t * while (hlen > 0) { i = pgpLen(p, &plen); + if (i + plen > hlen) + break; + p += i; hlen -= i; @@ -460,7 +463,7 @@ static int pgpPrtSubType(const uint8_t * p += plen; hlen -= plen; } - return 0; + return (hlen != 0); /* non-zero hlen is an error */ } static const char * const pgpSigRSA[] = { @@ -584,7 +587,8 @@ fprintf(stderr, " hash[%zu] -- %s\n", _digp->hashlen = sizeof(*v) + plen; _digp->hash = memcpy(xmalloc(_digp->hashlen), v, _digp->hashlen); } - (void) pgpPrtSubType(p, plen, v->sigtype, _digp); + if (pgpPrtSubType(p, plen, v->sigtype, _digp)) + return 1; p += plen; plen = pgpGrab(p,2); @@ -595,7 +599,8 @@ fprintf(stderr, " hash[%zu] -- %s\n", if (_debug && _print) fprintf(stderr, " unhash[%zu] -- %s\n", plen, pgpHexStr(p, plen)); - (void) pgpPrtSubType(p, plen, v->sigtype, _digp); + if (pgpPrtSubType(p, plen, v->sigtype, _digp)) + return 1; p += plen; plen = pgpGrab(p,2); continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de