[packages/bzip2] fix Buffer overflow in bzip2's bzip2recover
glen
glen at pld-linux.org
Tue Sep 13 08:09:25 CEST 2016
commit 047fcf15a0a9442cc739d205a3f3fa5850c5fcfd
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Tue Sep 13 09:09:00 2016 +0300
fix Buffer overflow in bzip2's bzip2recover
patch from fedora
bzip2-1.0.4-bzip2recover.patch | 21 +++++++++++++++++++++
bzip2.spec | 2 ++
2 files changed, 23 insertions(+)
---
diff --git a/bzip2.spec b/bzip2.spec
index 79172d9..e68af7b 100644
--- a/bzip2.spec
+++ b/bzip2.spec
@@ -24,6 +24,7 @@ Patch0: %{name}-libtoolizeautoconf.patch
Patch1: %{name}-bzgrep.patch
# Modified from http://www.vanheusden.com/Linux/bzip2-1.0.2.diff.gz
Patch2: %{name}-progress-counter-1.0.2.patch
+Patch3: %{name}-1.0.4-bzip2recover.patch
URL: http://www.bzip.org/
BuildRequires: autoconf >= 2.50
BuildRequires: automake >= 1:1.6
@@ -169,6 +170,7 @@ Bibliotecas estáticas para desenvolvimento com a bzip2.
%patch0 -p1
%patch1 -p1
%{?with_progress:%patch2 -p1}
+%patch3 -p1
%build
%{__libtoolize}
diff --git a/bzip2-1.0.4-bzip2recover.patch b/bzip2-1.0.4-bzip2recover.patch
new file mode 100644
index 0000000..032ceed
--- /dev/null
+++ b/bzip2-1.0.4-bzip2recover.patch
@@ -0,0 +1,21 @@
+
+https://bugzilla.redhat.com/226979
+
+commit d92c60c24c16e46363dd15b94b47f04a7535898e
+Author: Ivana Varekova <varekova at fedoraproject.org>
+Date: Mon Feb 5 11:12:02 2007 +0000
+
+ - Resolves: 226979 Buffer overflow in bzip2's bzip2recover
+
+--- bzip2-1.0.4/bzip2recover.c.pom 2007-01-03 03:00:55.000000000 +0100
++++ bzip2-1.0.4/bzip2recover.c 2007-02-05 11:55:17.000000000 +0100
+@@ -309,7 +309,8 @@
+ UInt32 buffHi, buffLo, blockCRC;
+ Char* p;
+
+- strcpy ( progName, argv[0] );
++ strncpy ( progName, argv[0], BZ_MAX_FILENAME-1);
++ progName[BZ_MAX_FILENAME-1]='\0';
+ inFileName[0] = outFileName[0] = 0;
+
+ fprintf ( stderr,
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/bzip2.git/commitdiff/047fcf15a0a9442cc739d205a3f3fa5850c5fcfd
More information about the pld-cvs-commit
mailing list