commit 8dc5e0233ad0d5d82c143354cf67365c79f27525 Author: Jan Rękorajski <bagg...@pld-linux.org> Date: Sun Jan 25 22:01:45 2015 +0100
- adapt rpm.org fixes for CVE-2013-6435 and CVE-2014-8118 rpm-CVE-2013-6435.patch | 72 +++++++++++++++++++++++++++++++++++++++++++++++++ rpm-CVE-2014-8118.patch | 11 ++++++++ rpm.spec | 4 +++ 3 files changed, 87 insertions(+) --- diff --git a/rpm.spec b/rpm.spec index 0f292e1..7863ff8 100644 --- a/rpm.spec +++ b/rpm.spec @@ -171,6 +171,8 @@ Patch81: %{name}-perl-magic.patch Patch82: %{name}-5.4.15-use-DSA-sig.patch Patch83: %{name}-ignore-missing-macro-files.patch Patch84: x32.patch +Patch85: rpm-CVE-2013-6435.patch +Patch86: rpm-CVE-2014-8118.patch # Patches imported from Mandriva @@ -948,6 +950,8 @@ cd - %patch81 -p0 %patch82 -p1 %patch84 -p1 +%patch85 -p1 +%patch86 -p1 %patch1000 -p1 %patch1001 -p1 diff --git a/rpm-CVE-2013-6435.patch b/rpm-CVE-2013-6435.patch new file mode 100644 index 0000000..d96fd44 --- /dev/null +++ b/rpm-CVE-2013-6435.patch @@ -0,0 +1,72 @@ +--- rpm-5.4.15/rpmio/iosm.c~ 2014-06-11 19:58:04.000000000 +0200 ++++ rpm-5.4.15/rpmio/iosm.c 2015-01-25 21:53:27.659197235 +0100 +@@ -2627,7 +2627,7 @@ + iosm->rfd = NULL; + break; + case IOSM_WOPEN: +- iosm->wfd = Fopen(iosm->path, "w.fdio"); ++ iosm->wfd = Fopen(iosm->path, "wU.fdio"); + if (iosm->wfd == NULL || Ferror(iosm->wfd)) { + if (iosm->wfd != NULL) (void) iosmNext(iosm, IOSM_WCLOSE); + iosm->wfd = NULL; +--- rpm-5.4.15/rpmio/rpmio.c~ 2014-08-05 00:47:16.000000000 +0200 ++++ rpm-5.4.15/rpmio/rpmio.c 2015-01-25 21:50:59.409202466 +0100 +@@ -2638,16 +2638,20 @@ + * - bzopen: 'q' sets verbosity to 0 + * - bzopen: 'v' does verbosity++ (up to 4) + * - HACK: '.' terminates, rest is type of I/O ++ * - 'U' sets *mode to zero (no permissions) instead of 0666 + */ + static inline void cvtfmode (const char *m, + /*@out@*/ char *stdio, size_t nstdio, + /*@out@*/ char *other, size_t nother, +- /*@out@*/ const char **end, /*@out@*/ int * f) ++ /*@out@*/ const char **end, /*@out@*/ int * f, mode_t *mode) + /*@modifies *stdio, *other, *end, *f @*/ + { + int flags = 0; + char c; + ++ if (mode) ++ *mode = 0666; ++ + switch (*m) { + case 'a': + flags |= O_WRONLY | O_CREAT | O_APPEND; +@@ -2661,6 +2665,9 @@ + flags |= O_RDONLY; + if (--nstdio > 0) *stdio++ = *m; + break; ++ case 'U': ++ if (mode) *mode = 0; ++ break; + default: + *stdio = '\0'; + return; +@@ -2729,7 +2736,7 @@ + if (fmode == NULL) + return NULL; + +- cvtfmode(fmode, stdio, sizeof(stdio), other, sizeof(other), &end, NULL); ++ cvtfmode(fmode, stdio, sizeof(stdio), other, sizeof(other), &end, NULL, NULL); + if (stdio[0] == '\0') + return NULL; + zstdio[0] = '\0'; +@@ -2835,7 +2842,7 @@ + const char * fmode = NULL; + char stdio[20], other[20]; + const char *end = NULL; +- mode_t perms = 0666; ++ mode_t perms; + int flags = 0; + FD_t fd = NULL; + +@@ -2849,7 +2856,7 @@ + fprintf(stderr, "==> Fopen(%s, %s)\n", path, fmode); + + stdio[0] = '\0'; +- cvtfmode(fmode, stdio, sizeof(stdio), other, sizeof(other), &end, &flags); ++ cvtfmode(fmode, stdio, sizeof(stdio), other, sizeof(other), &end, &flags, &perms); + if (stdio[0] == '\0') + goto exit; + diff --git a/rpm-CVE-2014-8118.patch b/rpm-CVE-2014-8118.patch new file mode 100644 index 0000000..dfd27f4 --- /dev/null +++ b/rpm-CVE-2014-8118.patch @@ -0,0 +1,11 @@ +--- rpm-5.4.15/rpmio/cpio.c.orig 2012-04-16 05:21:22.000000000 +0200 ++++ rpm-5.4.15/rpmio/cpio.c 2015-01-25 15:50:23.017311712 +0100 +@@ -136,7 +136,7 @@ + /*@=shiftimplementation@*/ + + GET_NUM_FIELD(hdr->namesize, nb); +- if (nb >= iosm->wrsize) ++ if (nb <= 0 || nb >= iosm->wrsize) + return IOSMERR_BAD_HEADER; + + /* Read file name. */ ================================================================ ---- gitweb: http://git.pld-linux.org/gitweb.cgi/packages/rpm.git/commitdiff/8dc5e0233ad0d5d82c143354cf67365c79f27525 _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit