fix Buffer overflow in bzip2's bzip2recover

author Elan Ruusamäe <glen@delfi.ee>

Tue, 13 Sep 2016 06:09:00 +0000 (09:09 +0300)

committer Elan Ruusamäe <glen@delfi.ee>

Tue, 13 Sep 2016 06:09:00 +0000 (09:09 +0300)
author Elan Ruusamäe <glen@delfi.ee>
Tue, 13 Sep 2016 06:09:00 +0000 (09:09 +0300)
committer Elan Ruusamäe <glen@delfi.ee>
Tue, 13 Sep 2016 06:09:00 +0000 (09:09 +0300)
diff --git a/bzip2-1.0.4-bzip2recover.patch b/bzip2-1.0.4-bzip2recover.patch

new file mode 100644 (file)

index 0000000..032ceed
--- /dev/null
+++ b/bzip2-1.0.4-bzip2recover.patch
@@ -0,0 +1,21 @@
+
+https://bugzilla.redhat.com/226979
+
+commit d92c60c24c16e46363dd15b94b47f04a7535898e
+Author: Ivana Varekova <varekova@fedoraproject.org>
+Date:   Mon Feb 5 11:12:02 2007 +0000
+
+    - Resolves: 226979 Buffer overflow in bzip2's bzip2recover
+
+--- bzip2-1.0.4/bzip2recover.c.pom     2007-01-03 03:00:55.000000000 +0100
++++ bzip2-1.0.4/bzip2recover.c 2007-02-05 11:55:17.000000000 +0100
+@@ -309,7 +309,8 @@
+    UInt32      buffHi, buffLo, blockCRC;
+    Char*       p;
+ 
+-   strcpy ( progName, argv[0] );
++   strncpy ( progName, argv[0], BZ_MAX_FILENAME-1);
++   progName[BZ_MAX_FILENAME-1]='\0';
+    inFileName[0] = outFileName[0] = 0;
+ 
+    fprintf ( stderr, 
diff --git a/bzip2.spec b/bzip2.spec

index 79172d9ac701a196ba55eb31073f56920209ce97..e68af7bd4839b59e2cfa1c56672654296f7f3272 100644 (file)
--- a/bzip2.spec
+++ b/bzip2.spec
@@ -24,6 +24,7 @@ Patch0:               %{name}-libtoolizeautoconf.patch
  Patch1:                %{name}-bzgrep.patch
  # Modified from http://www.vanheusden.com/Linux/bzip2-1.0.2.diff.gz
  Patch2:                %{name}-progress-counter-1.0.2.patch
+Patch3:                %{name}-1.0.4-bzip2recover.patch
  URL:           http://www.bzip.org/
  BuildRequires: autoconf >= 2.50
  BuildRequires: automake >= 1:1.6
@@ -169,6 +170,7 @@ Bibliotecas estáticas para desenvolvimento com a bzip2.
  %patch0 -p1
  %patch1 -p1
  %{?with_progress:%patch2 -p1}
+%patch3 -p1
  
  %build
  %{__libtoolize}
author	Elan Ruusamäe <glen@delfi.ee>
	Tue, 13 Sep 2016 06:09:00 +0000 (09:09 +0300)
committer	Elan Ruusamäe <glen@delfi.ee>
	Tue, 13 Sep 2016 06:09:00 +0000 (09:09 +0300)
bzip2-1.0.4-bzip2recover.patch	[new file with mode: 0644]	patch \| blob
bzip2.spec		patch \| blob \| blame \| history