Hello community, here is the log from the commit of package rzip for openSUSE:Factory checked in at 2017-05-06 18:30:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rzip (Old) and /work/SRC/openSUSE:Factory/.rzip.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "rzip" Sat May 6 18:30:24 2017 rev:17 rq:492828 version:2.1 Changes: -------- --- /work/SRC/openSUSE:Factory/rzip/rzip.changes 2015-04-13 20:30:44.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.rzip.new/rzip.changes 2017-05-06 18:30:36.815081638 +0200 @@ -1,0 +2,6 @@ +Thu May 4 09:30:11 UTC 2017 - schwab@suse.de + +- fill-buffer.patch: fix allocation of read buffer (bsc#1036941, + CVE-2017-8364) + +------------------------------------------------------------------- New: ---- fill-buffer.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rzip.spec ++++++ --- /var/tmp/diff_new_pack.D0tJoS/_old 2017-05-06 18:30:37.618968206 +0200 +++ /var/tmp/diff_new_pack.D0tJoS/_new 2017-05-06 18:30:37.622967642 +0200 @@ -1,7 +1,7 @@ # # spec file for package rzip # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,6 +24,7 @@ Group: Productivity/Archiving/Compression Url: https://rzip.samba.org Source: https://rzip.samba.org/ftp/rzip/%{name}-%{version}.tar.gz +Patch: fill-buffer.patch BuildRequires: libbz2-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -35,6 +36,7 @@ %prep %setup -q +%patch -p1 %build %configure ++++++ fill-buffer.patch ++++++ Index: rzip-2.1/stream.c =================================================================== --- rzip-2.1.orig/stream.c +++ rzip-2.1/stream.c @@ -147,16 +147,16 @@ static int write_u32(int f, u32 v) return 0; } -static int read_buf(int f, uchar *p, int len) +static int read_buf(int f, uchar *p, unsigned int len) { int ret; ret = read(f, p, len); if (ret == -1) { - err_msg("Read of length %d failed - %s\n", len, strerror(errno)); + err_msg("Read of length %u failed - %s\n", len, strerror(errno)); return -1; } if (ret != len) { - err_msg("Partial read!? asked for %d bytes but got %d\n", len, ret); + err_msg("Partial read!? asked for %u bytes but got %d\n", len, ret); return -1; } return 0; @@ -399,7 +399,7 @@ static int fill_buffer(struct stream_inf if (sinfo->s[stream].buf) { free(sinfo->s[stream].buf); } - sinfo->s[stream].buf = malloc(u_len); + sinfo->s[stream].buf = malloc(c_len > u_len ? c_len : u_len); if (!sinfo->s[stream].buf) { return -1; }