OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libcdio?expand=0&rev=2

2008-02-01 21:44:34 +00:00 · 2008-02-01 21:44:34 +00:00 · d3a859f662
commit d3a859f662
parent 84b6afc695
5 changed files with 178 additions and 56 deletions
--- a/libcdio-joliet-name-overflow.patch
+++ b/libcdio-joliet-name-overflow.patch
@ -0,0 +1,104 @@
+--- src/cd-info.c	2007/06/16 20:12:16	1.149
+++ src/cd-info.c	2008/01/09 04:26:24	1.152 (reduced patch)
+@@ -518,6 +518,8 @@
+   CdioList_t *p_dirlist =  _cdio_list_new ();
+   CdioListNode_t *entnode;
+   uint8_t i_joliet_level;
+  char *translated_name = (char *) malloc(4096);
+  size_t translated_name_size = 4096;
+ 
+   i_joliet_level = (opts.no_joliet) 
+     ? 0
+@@ -539,7 +541,15 @@
+       iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
+       char *psz_iso_name = p_statbuf->filename;
+       char _fullname[4096] = { 0, };
+-      char translated_name[MAX_ISONAME+1];
+       if (strlen(psz_iso_name) >= translated_name_size) {
+         translated_name_size = strlen(psz_iso_name)+1;
+         free(translated_name);
+         translated_name = (char *) malloc(translated_name_size);
+         if (!translated_name) {
+           report( stderr, "Error allocating memory\n" );
+           return;
+         }
+       }
+ 
+       if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) {
+ 	iso9660_name_translate_ext(psz_iso_name, translated_name, 
+@@ -564,6 +574,7 @@
+ 	p_statbuf->rr.i_symlink = 0;
+       }
+     }
+    free (translated_name);
+ 
+   _cdio_list_free (p_entlist, true);
+ 
+--- src/iso-info.c	2006/03/17 19:36:54	1.35
+++ src/iso-info.c	2008/01/09 04:26:24	1.38 (reduced patch)
+@@ -205,7 +205,8 @@
+   CdioList_t *dirlist =  _cdio_list_new ();
+   CdioListNode_t *entnode;
+   uint8_t i_joliet_level = iso9660_ifs_get_joliet_level(p_iso);
+-
+  char *translated_name = (char *) malloc(4096);
+  size_t translated_name_size = 4096;
+   entlist = iso9660_ifs_readdir (p_iso, psz_path);
+     
+   if (opts.print_iso9660) {
+@@ -224,7 +225,15 @@
+       iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
+       char *psz_iso_name = p_statbuf->filename;
+       char _fullname[4096] = { 0, };
+-      char translated_name[MAX_ISONAME+1];
+       if (strlen(psz_iso_name) >= translated_name_size) {
+         translated_name_size = strlen(psz_iso_name)+1;
+         free(translated_name);
+         translated_name = (char *) malloc(translated_name_size);
+         if (!translated_name) {
+           report( stderr, "Error allocating memory\n" );
+           return;
+         }
+       }
+ 
+       if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) {
+ 	iso9660_name_translate_ext(psz_iso_name, translated_name, 
+@@ -258,6 +267,7 @@
+ 	p_statbuf->rr.i_symlink = 0;
+       }
+     }
+    free (translated_name);
+ 
+   _cdio_list_free (entlist, true);
+ 
+--- src/mmc-tool.c	2006/04/14 22:17:08	1.9
+++ src/mmc-tool.c	2008/01/09 04:26:24	1.10 (reduced patch)
+@@ -261,7 +261,7 @@
+ }
+ 
+ static void 
+-print_mode_sense (unsigned int i_mmc_size, const uint8_t buf[22])
+print_mode_sense (unsigned int i_mmc_size, const uint8_t buf[30])
+ {
+   printf("Mode sense %d information\n", i_mmc_size);
+   if (buf[2] & 0x01) {
+@@ -461,7 +461,7 @@
+       break;
+     case OP_MODE_SENSE_2A: 
+       {
+-	uint8_t buf[22] = { 0, };    /* Place to hold returned data */
+	uint8_t buf[30] = { 0, };    /* Place to hold returned data */
+ 	if (p_op->arg.i_num == 10) {
+ 	  rc = mmc_mode_sense_10(p_cdio, buf, sizeof(buf),
+ 				 CDIO_MMC_CAPABILITIES_PAGE);
+--- example/udf1.c	2005/11/02 03:42:49	1.17
+++ example/udf1.c	2008/01/09 04:27:16	1.18 (reduced patch)
+@@ -127,7 +127,7 @@
+ 	printf("volume id: %s\n", vol_id);
+ 
+       if (0 < udf_get_volume_id(p_udf, volset_id, sizeof(volset_id)) ) {
+-	volset_id[UDF_VOLSET_ID_SIZE+1]='\0';
+	volset_id[UDF_VOLSET_ID_SIZE]='\0';
+ 	printf("volume set id: %s\n", volset_id);
+       }
+ 
--- a/libcdio-mini.changes
+++ b/libcdio-mini.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Jan  9 17:52:24 CET 2008 - sbrabec@suse.cz
+
+- Fixed buffer overflows for long Joliet names (#351127).
+
 -------------------------------------------------------------------
 Wed Dec  5 14:52:36 CET 2007 - ro@suse.de

--- a/libcdio-mini.spec
+++ b/libcdio-mini.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libcdio-mini (Version 0.79)
 #
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@ -23,7 +23,7 @@ BuildRequires:  libcddb-devel libcdio-devel ncurses-devel vcdimager-devel
 #BuildRequires:  cdparanoia
 %endif
 Version:        0.79
-Release:        3
+Release:        4
 # WARNING: After changing versions please call Re or rpmbuild to auto-update spec file:
 %define libcdio_name 7
 %define libcdio_paranoia_name 0
@ -44,6 +44,7 @@ Provides:       %{_name} = %{version}
 %endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Patch0:         libcdio-gcc43.patch
+Patch1:         libcdio-joliet-name-overflow.patch

 %description
 This library encapsulates CD-ROM reading and control. Applications
@ -197,6 +198,7 @@ Authors:
 %prep
 %setup -q -n %{_name}-%{version}
 %patch0
+%patch1

 %build
 %configure --disable-static --with-pic
@ -295,12 +297,14 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/*.pc

 %changelog
-* Wed Dec 05 2007 - ro@suse.de
+* Wed Jan 09 2008 sbrabec@suse.cz
+- Fixed buffer overflows for long Joliet names (#351127).
+* Wed Dec 05 2007 ro@suse.de
 - provide main package name in library package for debuginfo
  for mini package
-* Fri Nov 16 2007 - sbrabec@suse.cz
+* Fri Nov 16 2007 sbrabec@suse.cz
 - Removed unwanted NoSource preventing mirroring to Factory.
-* Fri Nov 09 2007 - crrodriguez@suse.de
+* Fri Nov 09 2007 crrodriguez@suse.de
 - fix build with gcc43
 - update to version 0.79
  * libcdio cdparanoia doing the wrong thing on a single-sector read. Savannah patch #5999.
@ -310,11 +314,11 @@ rm -rf $RPM_BUILD_ROOT
  * more than 30 other bugfixes
 - remove libtool archives with empty dependency_libs
 - exclude static libraries
-* Tue Aug 07 2007 - sbrabec@suse.cz
+* Tue Aug 07 2007 sbrabec@suse.cz
 - Fixed mini file list.
-* Sun Aug 05 2007 - coolo@suse.de
+* Sun Aug 05 2007 coolo@suse.de
 - adding versioned provides for upgrade
-* Fri Jul 20 2007 - sbrabec@suse.cz
+* Fri Jul 20 2007 sbrabec@suse.cz
 - Updated to version 0.78.2:
  * Fixed bug in libcdio.so version numbering.
  * Added mmc-tool and mmc-close-tray.
@ -326,9 +330,9 @@ rm -rf $RPM_BUILD_ROOT
 - Split package according to shared library packaging policy.
 - Added script to convert libcdio.spec to libcdio-mini.spec and
  update library package names.
-* Mon Mar 12 2007 - sbrabec@suse.cz
+* Mon Mar 12 2007 sbrabec@suse.cz
 - Fixed NoSrc and Provides of temporary package.
-* Fri Oct 06 2006 - sbrabec@suse.cz
+* Fri Oct 06 2006 sbrabec@suse.cz
 - Updated to version 0.77:
  * Added object-oriented C++ wrapper.
  * Replaced libpopt with getopt in binaries.
@ -346,43 +350,43 @@ rm -rf $RPM_BUILD_ROOT
  * Revised and improved example programs.
  * Replaced all uses of strcat and strcpy with strncat and
  strncpy.
-* Mon Jul 03 2006 - max@suse.de
+* Mon Jul 03 2006 max@suse.de
 - Added gcc-c++ to neededforbuild.
-* Fri Jun 30 2006 - sbrabec@suse.cz
+* Fri Jun 30 2006 sbrabec@suse.cz
 - Fixed cyclic dependencies in a correct way.
-* Tue Jun 27 2006 - sbrabec@suse.cz
+* Tue Jun 27 2006 sbrabec@suse.cz
 - Use NoSource in libcdio-mini.
-* Thu Jun 22 2006 - sbrabec@suse.cz
+* Thu Jun 22 2006 sbrabec@suse.cz
 - Simpler solution of cyclic dependencies.
-* Tue Jan 31 2006 - sbrabec@suse.cz
+* Tue Jan 31 2006 sbrabec@suse.cz
 - Do not link with invalid rpath.
 - Enabled parallel build.
 - Fixed devel splitting.
-* Thu Jan 26 2006 - sbrabec@suse.cz
+* Thu Jan 26 2006 sbrabec@suse.cz
 - Added %%install_info_prereq.
-* Wed Jan 25 2006 - mls@suse.de
+* Wed Jan 25 2006 mls@suse.de
 - converted neededforbuild to BuildRequires
-* Tue Nov 08 2005 - sbrabec@suse.cz
+* Tue Nov 08 2005 sbrabec@suse.cz
 - Fixed libiso9660.la circular dependency prevention trick.
-* Wed Oct 26 2005 - sbrabec@suse.cz
+* Wed Oct 26 2005 sbrabec@suse.cz
 - Updated to version 0.76.
 - Build as user.
-* Fri Aug 05 2005 - sbrabec@suse.cz
+* Fri Aug 05 2005 sbrabec@suse.cz
 - Build with libcddb-1.2.1.
-* Fri Jul 29 2005 - sbrabec@suse.cz
+* Fri Jul 29 2005 sbrabec@suse.cz
 - Updated to version 0.75.
-* Mon May 09 2005 - sbrabec@suse.cz
+* Mon May 09 2005 sbrabec@suse.cz
 - Build with libcddb-1.0.2.
-* Tue Apr 26 2005 - sbrabec@suse.cz
+* Tue Apr 26 2005 sbrabec@suse.cz
 - Updated to version 0.73.
-* Fri Apr 01 2005 - meissner@suse.de
+* Fri Apr 01 2005 meissner@suse.de
 - fixed gcc4 compile problem.
-* Thu Feb 03 2005 - sbrabec@suse.cz
+* Thu Feb 03 2005 sbrabec@suse.cz
 - Updated to version 0.72.
-* Mon Jan 31 2005 - sbrabec@suse.cz
+* Mon Jan 31 2005 sbrabec@suse.cz
 - Updated to version 0.72rc2.
-* Mon Jan 24 2005 - sbrabec@suse.cz
+* Mon Jan 24 2005 sbrabec@suse.cz
 - Updated to version 0.71.
-* Tue Nov 09 2004 - sbrabec@suse.cz
+* Tue Nov 09 2004 sbrabec@suse.cz
 - New SuSE package, version 0.70.
 - Work-around of circular dependency on libcddb and vcdimager.
--- a/libcdio.changes
+++ b/libcdio.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Jan  9 17:52:24 CET 2008 - sbrabec@suse.cz
+
+- Fixed buffer overflows for long Joliet names (#351127).
+
 -------------------------------------------------------------------
 Wed Dec  5 14:52:36 CET 2007 - ro@suse.de

--- a/libcdio.spec
+++ b/libcdio.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libcdio (Version 0.79)
 #
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@ -23,7 +23,7 @@ BuildRequires:  libcddb-devel libcdio-devel ncurses-devel vcdimager-devel
 #BuildRequires:  cdparanoia
 %endif
 Version:        0.79
-Release:        3
+Release:        4
 # WARNING: After changing versions please call Re or rpmbuild to auto-update spec file:
 %define libcdio_name 7
 %define libcdio_paranoia_name 0
@ -44,6 +44,7 @@ Provides:       %{_name} = %{version}
 %endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Patch0:         libcdio-gcc43.patch
+Patch1:         libcdio-joliet-name-overflow.patch

 %description
 This library encapsulates CD-ROM reading and control. Applications
@ -196,6 +197,7 @@ Authors:
 %prep
 %setup -q -n %{_name}-%{version}
 %patch0
+%patch1

 %build
 %configure --disable-static --with-pic
@ -294,12 +296,14 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/*.pc

 %changelog
-* Wed Dec 05 2007 - ro@suse.de
+* Wed Jan 09 2008 sbrabec@suse.cz
+- Fixed buffer overflows for long Joliet names (#351127).
+* Wed Dec 05 2007 ro@suse.de
 - provide main package name in library package for debuginfo
  for mini package
-* Fri Nov 16 2007 - sbrabec@suse.cz
+* Fri Nov 16 2007 sbrabec@suse.cz
 - Removed unwanted NoSource preventing mirroring to Factory.
-* Fri Nov 09 2007 - crrodriguez@suse.de
+* Fri Nov 09 2007 crrodriguez@suse.de
 - fix build with gcc43
 - update to version 0.79
  * libcdio cdparanoia doing the wrong thing on a single-sector read. Savannah patch #5999.
@ -309,11 +313,11 @@ rm -rf $RPM_BUILD_ROOT
  * more than 30 other bugfixes
 - remove libtool archives with empty dependency_libs
 - exclude static libraries
-* Tue Aug 07 2007 - sbrabec@suse.cz
+* Tue Aug 07 2007 sbrabec@suse.cz
 - Fixed mini file list.
-* Sun Aug 05 2007 - coolo@suse.de
+* Sun Aug 05 2007 coolo@suse.de
 - adding versioned provides for upgrade
-* Fri Jul 20 2007 - sbrabec@suse.cz
+* Fri Jul 20 2007 sbrabec@suse.cz
 - Updated to version 0.78.2:
  * Fixed bug in libcdio.so version numbering.
  * Added mmc-tool and mmc-close-tray.
@ -325,9 +329,9 @@ rm -rf $RPM_BUILD_ROOT
 - Split package according to shared library packaging policy.
 - Added script to convert libcdio.spec to libcdio-mini.spec and
  update library package names.
-* Mon Mar 12 2007 - sbrabec@suse.cz
+* Mon Mar 12 2007 sbrabec@suse.cz
 - Fixed NoSrc and Provides of temporary package.
-* Fri Oct 06 2006 - sbrabec@suse.cz
+* Fri Oct 06 2006 sbrabec@suse.cz
 - Updated to version 0.77:
  * Added object-oriented C++ wrapper.
  * Replaced libpopt with getopt in binaries.
@ -345,43 +349,43 @@ rm -rf $RPM_BUILD_ROOT
  * Revised and improved example programs.
  * Replaced all uses of strcat and strcpy with strncat and
  strncpy.
-* Mon Jul 03 2006 - max@suse.de
+* Mon Jul 03 2006 max@suse.de
 - Added gcc-c++ to neededforbuild.
-* Fri Jun 30 2006 - sbrabec@suse.cz
+* Fri Jun 30 2006 sbrabec@suse.cz
 - Fixed cyclic dependencies in a correct way.
-* Tue Jun 27 2006 - sbrabec@suse.cz
+* Tue Jun 27 2006 sbrabec@suse.cz
 - Use NoSource in libcdio-mini.
-* Thu Jun 22 2006 - sbrabec@suse.cz
+* Thu Jun 22 2006 sbrabec@suse.cz
 - Simpler solution of cyclic dependencies.
-* Tue Jan 31 2006 - sbrabec@suse.cz
+* Tue Jan 31 2006 sbrabec@suse.cz
 - Do not link with invalid rpath.
 - Enabled parallel build.
 - Fixed devel splitting.
-* Thu Jan 26 2006 - sbrabec@suse.cz
+* Thu Jan 26 2006 sbrabec@suse.cz
 - Added %%install_info_prereq.
-* Wed Jan 25 2006 - mls@suse.de
+* Wed Jan 25 2006 mls@suse.de
 - converted neededforbuild to BuildRequires
-* Tue Nov 08 2005 - sbrabec@suse.cz
+* Tue Nov 08 2005 sbrabec@suse.cz
 - Fixed libiso9660.la circular dependency prevention trick.
-* Wed Oct 26 2005 - sbrabec@suse.cz
+* Wed Oct 26 2005 sbrabec@suse.cz
 - Updated to version 0.76.
 - Build as user.
-* Fri Aug 05 2005 - sbrabec@suse.cz
+* Fri Aug 05 2005 sbrabec@suse.cz
 - Build with libcddb-1.2.1.
-* Fri Jul 29 2005 - sbrabec@suse.cz
+* Fri Jul 29 2005 sbrabec@suse.cz
 - Updated to version 0.75.
-* Mon May 09 2005 - sbrabec@suse.cz
+* Mon May 09 2005 sbrabec@suse.cz
 - Build with libcddb-1.0.2.
-* Tue Apr 26 2005 - sbrabec@suse.cz
+* Tue Apr 26 2005 sbrabec@suse.cz
 - Updated to version 0.73.
-* Fri Apr 01 2005 - meissner@suse.de
+* Fri Apr 01 2005 meissner@suse.de
 - fixed gcc4 compile problem.
-* Thu Feb 03 2005 - sbrabec@suse.cz
+* Thu Feb 03 2005 sbrabec@suse.cz
 - Updated to version 0.72.
-* Mon Jan 31 2005 - sbrabec@suse.cz
+* Mon Jan 31 2005 sbrabec@suse.cz
 - Updated to version 0.72rc2.
-* Mon Jan 24 2005 - sbrabec@suse.cz
+* Mon Jan 24 2005 sbrabec@suse.cz
 - Updated to version 0.71.
-* Tue Nov 09 2004 - sbrabec@suse.cz
+* Tue Nov 09 2004 sbrabec@suse.cz
 - New SuSE package, version 0.70.
 - Work-around of circular dependency on libcddb and vcdimager.