diff --git a/libcdio-joliet-name-overflow.patch b/libcdio-joliet-name-overflow.patch new file mode 100644 index 0000000..49fa71c --- /dev/null +++ b/libcdio-joliet-name-overflow.patch @@ -0,0 +1,104 @@ +--- src/cd-info.c 2007/06/16 20:12:16 1.149 ++++ src/cd-info.c 2008/01/09 04:26:24 1.152 (reduced patch) +@@ -518,6 +518,8 @@ + CdioList_t *p_dirlist = _cdio_list_new (); + CdioListNode_t *entnode; + uint8_t i_joliet_level; ++ char *translated_name = (char *) malloc(4096); ++ size_t translated_name_size = 4096; + + i_joliet_level = (opts.no_joliet) + ? 0 +@@ -539,7 +541,15 @@ + iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode); + char *psz_iso_name = p_statbuf->filename; + char _fullname[4096] = { 0, }; +- char translated_name[MAX_ISONAME+1]; ++ if (strlen(psz_iso_name) >= translated_name_size) { ++ translated_name_size = strlen(psz_iso_name)+1; ++ free(translated_name); ++ translated_name = (char *) malloc(translated_name_size); ++ if (!translated_name) { ++ report( stderr, "Error allocating memory\n" ); ++ return; ++ } ++ } + + if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) { + iso9660_name_translate_ext(psz_iso_name, translated_name, +@@ -564,6 +574,7 @@ + p_statbuf->rr.i_symlink = 0; + } + } ++ free (translated_name); + + _cdio_list_free (p_entlist, true); + +--- src/iso-info.c 2006/03/17 19:36:54 1.35 ++++ src/iso-info.c 2008/01/09 04:26:24 1.38 (reduced patch) +@@ -205,7 +205,8 @@ + CdioList_t *dirlist = _cdio_list_new (); + CdioListNode_t *entnode; + uint8_t i_joliet_level = iso9660_ifs_get_joliet_level(p_iso); +- ++ char *translated_name = (char *) malloc(4096); ++ size_t translated_name_size = 4096; + entlist = iso9660_ifs_readdir (p_iso, psz_path); + + if (opts.print_iso9660) { +@@ -224,7 +225,15 @@ + iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode); + char *psz_iso_name = p_statbuf->filename; + char _fullname[4096] = { 0, }; +- char translated_name[MAX_ISONAME+1]; ++ if (strlen(psz_iso_name) >= translated_name_size) { ++ translated_name_size = strlen(psz_iso_name)+1; ++ free(translated_name); ++ translated_name = (char *) malloc(translated_name_size); ++ if (!translated_name) { ++ report( stderr, "Error allocating memory\n" ); ++ return; ++ } ++ } + + if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) { + iso9660_name_translate_ext(psz_iso_name, translated_name, +@@ -258,6 +267,7 @@ + p_statbuf->rr.i_symlink = 0; + } + } ++ free (translated_name); + + _cdio_list_free (entlist, true); + +--- src/mmc-tool.c 2006/04/14 22:17:08 1.9 ++++ src/mmc-tool.c 2008/01/09 04:26:24 1.10 (reduced patch) +@@ -261,7 +261,7 @@ + } + + static void +-print_mode_sense (unsigned int i_mmc_size, const uint8_t buf[22]) ++print_mode_sense (unsigned int i_mmc_size, const uint8_t buf[30]) + { + printf("Mode sense %d information\n", i_mmc_size); + if (buf[2] & 0x01) { +@@ -461,7 +461,7 @@ + break; + case OP_MODE_SENSE_2A: + { +- uint8_t buf[22] = { 0, }; /* Place to hold returned data */ ++ uint8_t buf[30] = { 0, }; /* Place to hold returned data */ + if (p_op->arg.i_num == 10) { + rc = mmc_mode_sense_10(p_cdio, buf, sizeof(buf), + CDIO_MMC_CAPABILITIES_PAGE); +--- example/udf1.c 2005/11/02 03:42:49 1.17 ++++ example/udf1.c 2008/01/09 04:27:16 1.18 (reduced patch) +@@ -127,7 +127,7 @@ + printf("volume id: %s\n", vol_id); + + if (0 < udf_get_volume_id(p_udf, volset_id, sizeof(volset_id)) ) { +- volset_id[UDF_VOLSET_ID_SIZE+1]='\0'; ++ volset_id[UDF_VOLSET_ID_SIZE]='\0'; + printf("volume set id: %s\n", volset_id); + } + diff --git a/libcdio-mini.changes b/libcdio-mini.changes index f5dae84..387a87a 100644 --- a/libcdio-mini.changes +++ b/libcdio-mini.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Jan 9 17:52:24 CET 2008 - sbrabec@suse.cz + +- Fixed buffer overflows for long Joliet names (#351127). + ------------------------------------------------------------------- Wed Dec 5 14:52:36 CET 2007 - ro@suse.de diff --git a/libcdio-mini.spec b/libcdio-mini.spec index 796061b..9fa2a20 100644 --- a/libcdio-mini.spec +++ b/libcdio-mini.spec @@ -1,7 +1,7 @@ # # spec file for package libcdio-mini (Version 0.79) # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -23,7 +23,7 @@ BuildRequires: libcddb-devel libcdio-devel ncurses-devel vcdimager-devel #BuildRequires: cdparanoia %endif Version: 0.79 -Release: 3 +Release: 4 # WARNING: After changing versions please call Re or rpmbuild to auto-update spec file: %define libcdio_name 7 %define libcdio_paranoia_name 0 @@ -44,6 +44,7 @@ Provides: %{_name} = %{version} %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build Patch0: libcdio-gcc43.patch +Patch1: libcdio-joliet-name-overflow.patch %description This library encapsulates CD-ROM reading and control. Applications @@ -197,6 +198,7 @@ Authors: %prep %setup -q -n %{_name}-%{version} %patch0 +%patch1 %build %configure --disable-static --with-pic @@ -295,12 +297,14 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/*.pc %changelog -* Wed Dec 05 2007 - ro@suse.de +* Wed Jan 09 2008 sbrabec@suse.cz +- Fixed buffer overflows for long Joliet names (#351127). +* Wed Dec 05 2007 ro@suse.de - provide main package name in library package for debuginfo for mini package -* Fri Nov 16 2007 - sbrabec@suse.cz +* Fri Nov 16 2007 sbrabec@suse.cz - Removed unwanted NoSource preventing mirroring to Factory. -* Fri Nov 09 2007 - crrodriguez@suse.de +* Fri Nov 09 2007 crrodriguez@suse.de - fix build with gcc43 - update to version 0.79 * libcdio cdparanoia doing the wrong thing on a single-sector read. Savannah patch #5999. @@ -310,11 +314,11 @@ rm -rf $RPM_BUILD_ROOT * more than 30 other bugfixes - remove libtool archives with empty dependency_libs - exclude static libraries -* Tue Aug 07 2007 - sbrabec@suse.cz +* Tue Aug 07 2007 sbrabec@suse.cz - Fixed mini file list. -* Sun Aug 05 2007 - coolo@suse.de +* Sun Aug 05 2007 coolo@suse.de - adding versioned provides for upgrade -* Fri Jul 20 2007 - sbrabec@suse.cz +* Fri Jul 20 2007 sbrabec@suse.cz - Updated to version 0.78.2: * Fixed bug in libcdio.so version numbering. * Added mmc-tool and mmc-close-tray. @@ -326,9 +330,9 @@ rm -rf $RPM_BUILD_ROOT - Split package according to shared library packaging policy. - Added script to convert libcdio.spec to libcdio-mini.spec and update library package names. -* Mon Mar 12 2007 - sbrabec@suse.cz +* Mon Mar 12 2007 sbrabec@suse.cz - Fixed NoSrc and Provides of temporary package. -* Fri Oct 06 2006 - sbrabec@suse.cz +* Fri Oct 06 2006 sbrabec@suse.cz - Updated to version 0.77: * Added object-oriented C++ wrapper. * Replaced libpopt with getopt in binaries. @@ -346,43 +350,43 @@ rm -rf $RPM_BUILD_ROOT * Revised and improved example programs. * Replaced all uses of strcat and strcpy with strncat and strncpy. -* Mon Jul 03 2006 - max@suse.de +* Mon Jul 03 2006 max@suse.de - Added gcc-c++ to neededforbuild. -* Fri Jun 30 2006 - sbrabec@suse.cz +* Fri Jun 30 2006 sbrabec@suse.cz - Fixed cyclic dependencies in a correct way. -* Tue Jun 27 2006 - sbrabec@suse.cz +* Tue Jun 27 2006 sbrabec@suse.cz - Use NoSource in libcdio-mini. -* Thu Jun 22 2006 - sbrabec@suse.cz +* Thu Jun 22 2006 sbrabec@suse.cz - Simpler solution of cyclic dependencies. -* Tue Jan 31 2006 - sbrabec@suse.cz +* Tue Jan 31 2006 sbrabec@suse.cz - Do not link with invalid rpath. - Enabled parallel build. - Fixed devel splitting. -* Thu Jan 26 2006 - sbrabec@suse.cz +* Thu Jan 26 2006 sbrabec@suse.cz - Added %%install_info_prereq. -* Wed Jan 25 2006 - mls@suse.de +* Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires -* Tue Nov 08 2005 - sbrabec@suse.cz +* Tue Nov 08 2005 sbrabec@suse.cz - Fixed libiso9660.la circular dependency prevention trick. -* Wed Oct 26 2005 - sbrabec@suse.cz +* Wed Oct 26 2005 sbrabec@suse.cz - Updated to version 0.76. - Build as user. -* Fri Aug 05 2005 - sbrabec@suse.cz +* Fri Aug 05 2005 sbrabec@suse.cz - Build with libcddb-1.2.1. -* Fri Jul 29 2005 - sbrabec@suse.cz +* Fri Jul 29 2005 sbrabec@suse.cz - Updated to version 0.75. -* Mon May 09 2005 - sbrabec@suse.cz +* Mon May 09 2005 sbrabec@suse.cz - Build with libcddb-1.0.2. -* Tue Apr 26 2005 - sbrabec@suse.cz +* Tue Apr 26 2005 sbrabec@suse.cz - Updated to version 0.73. -* Fri Apr 01 2005 - meissner@suse.de +* Fri Apr 01 2005 meissner@suse.de - fixed gcc4 compile problem. -* Thu Feb 03 2005 - sbrabec@suse.cz +* Thu Feb 03 2005 sbrabec@suse.cz - Updated to version 0.72. -* Mon Jan 31 2005 - sbrabec@suse.cz +* Mon Jan 31 2005 sbrabec@suse.cz - Updated to version 0.72rc2. -* Mon Jan 24 2005 - sbrabec@suse.cz +* Mon Jan 24 2005 sbrabec@suse.cz - Updated to version 0.71. -* Tue Nov 09 2004 - sbrabec@suse.cz +* Tue Nov 09 2004 sbrabec@suse.cz - New SuSE package, version 0.70. - Work-around of circular dependency on libcddb and vcdimager. diff --git a/libcdio.changes b/libcdio.changes index f5dae84..387a87a 100644 --- a/libcdio.changes +++ b/libcdio.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Jan 9 17:52:24 CET 2008 - sbrabec@suse.cz + +- Fixed buffer overflows for long Joliet names (#351127). + ------------------------------------------------------------------- Wed Dec 5 14:52:36 CET 2007 - ro@suse.de diff --git a/libcdio.spec b/libcdio.spec index c56e982..60bda4a 100644 --- a/libcdio.spec +++ b/libcdio.spec @@ -1,7 +1,7 @@ # # spec file for package libcdio (Version 0.79) # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -23,7 +23,7 @@ BuildRequires: libcddb-devel libcdio-devel ncurses-devel vcdimager-devel #BuildRequires: cdparanoia %endif Version: 0.79 -Release: 3 +Release: 4 # WARNING: After changing versions please call Re or rpmbuild to auto-update spec file: %define libcdio_name 7 %define libcdio_paranoia_name 0 @@ -44,6 +44,7 @@ Provides: %{_name} = %{version} %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build Patch0: libcdio-gcc43.patch +Patch1: libcdio-joliet-name-overflow.patch %description This library encapsulates CD-ROM reading and control. Applications @@ -196,6 +197,7 @@ Authors: %prep %setup -q -n %{_name}-%{version} %patch0 +%patch1 %build %configure --disable-static --with-pic @@ -294,12 +296,14 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/*.pc %changelog -* Wed Dec 05 2007 - ro@suse.de +* Wed Jan 09 2008 sbrabec@suse.cz +- Fixed buffer overflows for long Joliet names (#351127). +* Wed Dec 05 2007 ro@suse.de - provide main package name in library package for debuginfo for mini package -* Fri Nov 16 2007 - sbrabec@suse.cz +* Fri Nov 16 2007 sbrabec@suse.cz - Removed unwanted NoSource preventing mirroring to Factory. -* Fri Nov 09 2007 - crrodriguez@suse.de +* Fri Nov 09 2007 crrodriguez@suse.de - fix build with gcc43 - update to version 0.79 * libcdio cdparanoia doing the wrong thing on a single-sector read. Savannah patch #5999. @@ -309,11 +313,11 @@ rm -rf $RPM_BUILD_ROOT * more than 30 other bugfixes - remove libtool archives with empty dependency_libs - exclude static libraries -* Tue Aug 07 2007 - sbrabec@suse.cz +* Tue Aug 07 2007 sbrabec@suse.cz - Fixed mini file list. -* Sun Aug 05 2007 - coolo@suse.de +* Sun Aug 05 2007 coolo@suse.de - adding versioned provides for upgrade -* Fri Jul 20 2007 - sbrabec@suse.cz +* Fri Jul 20 2007 sbrabec@suse.cz - Updated to version 0.78.2: * Fixed bug in libcdio.so version numbering. * Added mmc-tool and mmc-close-tray. @@ -325,9 +329,9 @@ rm -rf $RPM_BUILD_ROOT - Split package according to shared library packaging policy. - Added script to convert libcdio.spec to libcdio-mini.spec and update library package names. -* Mon Mar 12 2007 - sbrabec@suse.cz +* Mon Mar 12 2007 sbrabec@suse.cz - Fixed NoSrc and Provides of temporary package. -* Fri Oct 06 2006 - sbrabec@suse.cz +* Fri Oct 06 2006 sbrabec@suse.cz - Updated to version 0.77: * Added object-oriented C++ wrapper. * Replaced libpopt with getopt in binaries. @@ -345,43 +349,43 @@ rm -rf $RPM_BUILD_ROOT * Revised and improved example programs. * Replaced all uses of strcat and strcpy with strncat and strncpy. -* Mon Jul 03 2006 - max@suse.de +* Mon Jul 03 2006 max@suse.de - Added gcc-c++ to neededforbuild. -* Fri Jun 30 2006 - sbrabec@suse.cz +* Fri Jun 30 2006 sbrabec@suse.cz - Fixed cyclic dependencies in a correct way. -* Tue Jun 27 2006 - sbrabec@suse.cz +* Tue Jun 27 2006 sbrabec@suse.cz - Use NoSource in libcdio-mini. -* Thu Jun 22 2006 - sbrabec@suse.cz +* Thu Jun 22 2006 sbrabec@suse.cz - Simpler solution of cyclic dependencies. -* Tue Jan 31 2006 - sbrabec@suse.cz +* Tue Jan 31 2006 sbrabec@suse.cz - Do not link with invalid rpath. - Enabled parallel build. - Fixed devel splitting. -* Thu Jan 26 2006 - sbrabec@suse.cz +* Thu Jan 26 2006 sbrabec@suse.cz - Added %%install_info_prereq. -* Wed Jan 25 2006 - mls@suse.de +* Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires -* Tue Nov 08 2005 - sbrabec@suse.cz +* Tue Nov 08 2005 sbrabec@suse.cz - Fixed libiso9660.la circular dependency prevention trick. -* Wed Oct 26 2005 - sbrabec@suse.cz +* Wed Oct 26 2005 sbrabec@suse.cz - Updated to version 0.76. - Build as user. -* Fri Aug 05 2005 - sbrabec@suse.cz +* Fri Aug 05 2005 sbrabec@suse.cz - Build with libcddb-1.2.1. -* Fri Jul 29 2005 - sbrabec@suse.cz +* Fri Jul 29 2005 sbrabec@suse.cz - Updated to version 0.75. -* Mon May 09 2005 - sbrabec@suse.cz +* Mon May 09 2005 sbrabec@suse.cz - Build with libcddb-1.0.2. -* Tue Apr 26 2005 - sbrabec@suse.cz +* Tue Apr 26 2005 sbrabec@suse.cz - Updated to version 0.73. -* Fri Apr 01 2005 - meissner@suse.de +* Fri Apr 01 2005 meissner@suse.de - fixed gcc4 compile problem. -* Thu Feb 03 2005 - sbrabec@suse.cz +* Thu Feb 03 2005 sbrabec@suse.cz - Updated to version 0.72. -* Mon Jan 31 2005 - sbrabec@suse.cz +* Mon Jan 31 2005 sbrabec@suse.cz - Updated to version 0.72rc2. -* Mon Jan 24 2005 - sbrabec@suse.cz +* Mon Jan 24 2005 sbrabec@suse.cz - Updated to version 0.71. -* Tue Nov 09 2004 - sbrabec@suse.cz +* Tue Nov 09 2004 sbrabec@suse.cz - New SuSE package, version 0.70. - Work-around of circular dependency on libcddb and vcdimager.