commit 8dc5e0233ad0d5d82c143354cf67365c79f27525
Author: Jan Rękorajski <bagg...@pld-linux.org>
Date: Sun Jan 25 22:01:45 2015 +0100
- adapt rpm.org fixes for CVE-2013-6435 and CVE-2014-8118
rpm-CVE-2013-6435.patch | 72 +++++++++++++++++++++++++++++++++++++++++++++++++
rpm-CVE-2014-8118.patch | 11 ++++++++
rpm.spec | 4 +++
3 files changed, 87 insertions(+)
---
diff --git a/rpm.spec b/rpm.spec
index 0f292e1..7863ff8 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -171,6 +171,8 @@ Patch81: %{name}-perl-magic.patch
Patch82: %{name}-5.4.15-use-DSA-sig.patch
Patch83: %{name}-ignore-missing-macro-files.patch
Patch84: x32.patch
+Patch85: rpm-CVE-2013-6435.patch
+Patch86: rpm-CVE-2014-8118.patch
# Patches imported from Mandriva
@@ -948,6 +950,8 @@ cd -
%patch81 -p0
%patch82 -p1
%patch84 -p1
+%patch85 -p1
+%patch86 -p1
%patch1000 -p1
%patch1001 -p1
diff --git a/rpm-CVE-2013-6435.patch b/rpm-CVE-2013-6435.patch
new file mode 100644
index 0000000..d96fd44
--- /dev/null
+++ b/rpm-CVE-2013-6435.patch
@@ -0,0 +1,72 @@
+--- rpm-5.4.15/rpmio/iosm.c~ 2014-06-11 19:58:04.000000000 +0200
++++ rpm-5.4.15/rpmio/iosm.c 2015-01-25 21:53:27.659197235 +0100
+@@ -2627,7 +2627,7 @@
+ iosm->rfd = NULL;
+ break;
+ case IOSM_WOPEN:
+- iosm->wfd = Fopen(iosm->path, "w.fdio");
++ iosm->wfd = Fopen(iosm->path, "wU.fdio");
+ if (iosm->wfd == NULL || Ferror(iosm->wfd)) {
+ if (iosm->wfd != NULL) (void) iosmNext(iosm, IOSM_WCLOSE);
+ iosm->wfd = NULL;
+--- rpm-5.4.15/rpmio/rpmio.c~ 2014-08-05 00:47:16.000000000 +0200
++++ rpm-5.4.15/rpmio/rpmio.c 2015-01-25 21:50:59.409202466 +0100
+@@ -2638,16 +2638,20 @@
+ * - bzopen: 'q' sets verbosity to 0
+ * - bzopen: 'v' does verbosity++ (up to 4)
+ * - HACK: '.' terminates, rest is type of I/O
++ * - 'U' sets *mode to zero (no permissions) instead of 0666
+ */
+ static inline void cvtfmode (const char *m,
+ /*@out@*/ char *stdio, size_t nstdio,
+ /*@out@*/ char *other, size_t nother,
+- /*@out@*/ const char **end, /*@out@*/ int * f)
++ /*@out@*/ const char **end, /*@out@*/ int * f,
mode_t *mode)
+ /*@modifies *stdio, *other, *end, *f @*/
+ {
+ int flags = 0;
+ char c;
+
++ if (mode)
++ *mode = 0666;
++
+ switch (*m) {
+ case 'a':
+ flags |= O_WRONLY | O_CREAT | O_APPEND;
+@@ -2661,6 +2665,9 @@
+ flags |= O_RDONLY;
+ if (--nstdio > 0) *stdio++ = *m;
+ break;
++ case 'U':
++ if (mode) *mode = 0;
++ break;
+ default:
+ *stdio = '\0';
+ return;
+@@ -2729,7 +2736,7 @@
+ if (fmode == NULL)
+ return NULL;
+
+- cvtfmode(fmode, stdio, sizeof(stdio), other, sizeof(other), &end, NULL);
++ cvtfmode(fmode, stdio, sizeof(stdio), other, sizeof(other), &end, NULL,
NULL);
+ if (stdio[0] == '\0')
+ return NULL;
+ zstdio[0] = '\0';
+@@ -2835,7 +2842,7 @@
+ const char * fmode = NULL;
+ char stdio[20], other[20];
+ const char *end = NULL;
+- mode_t perms = 0666;
++ mode_t perms;
+ int flags = 0;
+ FD_t fd = NULL;
+
+@@ -2849,7 +2856,7 @@
+ fprintf(stderr, "==> Fopen(%s, %s)\n", path, fmode);
+
+ stdio[0] = '\0';
+- cvtfmode(fmode, stdio, sizeof(stdio), other, sizeof(other), &end, &flags);
++ cvtfmode(fmode, stdio, sizeof(stdio), other, sizeof(other), &end, &flags,
&perms);
+ if (stdio[0] == '\0')
+ goto exit;
+
diff --git a/rpm-CVE-2014-8118.patch b/rpm-CVE-2014-8118.patch
new file mode 100644
index 0000000..dfd27f4
--- /dev/null
+++ b/rpm-CVE-2014-8118.patch
@@ -0,0 +1,11 @@
+--- rpm-5.4.15/rpmio/cpio.c.orig 2012-04-16 05:21:22.000000000 +0200
++++ rpm-5.4.15/rpmio/cpio.c 2015-01-25 15:50:23.017311712 +0100
+@@ -136,7 +136,7 @@
+ /*@=shiftimplementation@*/
+
+ GET_NUM_FIELD(hdr->namesize, nb);
+- if (nb >= iosm->wrsize)
++ if (nb <= 0 || nb >= iosm->wrsize)
+ return IOSMERR_BAD_HEADER;
+
+ /* Read file name. */
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/rpm.git/commitdiff/8dc5e0233ad0d5d82c143354cf67365c79f27525
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
