Accepting request 34546 from home:mseben:branches:Base:System

Copy from home:mseben:branches:Base:System/tar via accept of submit request 34546 revision 2. Request was accepted with message: OBS-URL: https://build.opensuse.org/request/show/34546 OBS-URL: https://build.opensuse.org/package/show/Base:System/tar?expand=0&rev=12
2010-03-10 19:53:52 +00:00 · 2010-03-10 19:53:52 +00:00 · 1e55badb5d
commit 1e55badb5d
parent 644e5ee229
4 changed files with 64 additions and 0 deletions
--- a/tar-1.21.tar.bz2
+++ b/tar-1.21.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dc6c70d2071ca4a928460b6d68ab500a32e67d50255261a0d17765a307aeb350
+size 2071237
--- a/tar-heap_overflow_in_rtapelib.patch
+++ b/tar-heap_overflow_in_rtapelib.patch
@ -0,0 +1,52 @@
+From 9bc39283e4cc6ab9e5913ccbf766998eab4ff093 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org.ua>
+Date: Mon, 01 Mar 2010 08:49:03 +0000
+Subject: Bugfixes in rtapelib
+
+* lib/rmt.h (rmtcreat): Use fcntl O_ macros insead of
+their hardcoded values.
+* lib/rtapelib.c (rmt_read__,rmt_ioctl__): Prevent
+potential overflow.
+---
+diff --git a/lib/rmt.h b/lib/rmt.h
+index 50f037c..2ce9dc5 100644
+--- a/lib/rmt.h
+++ b/lib/rmt.h
+@@ -61,7 +61,7 @@ extern bool force_local_option;
+ 
+ #define rmtcreat(dev_name, mode, command) \
+    (_remdev (dev_name) \
+-    ? rmt_open__ (dev_name, 1 | O_CREAT, __REM_BIAS, command) \
+    ? rmt_open__ (dev_name, O_CREAT | O_WRONLY, __REM_BIAS, command) \
+     : creat (dev_name, mode))
+ 
+ #define rmtlstat(dev_name, muffer) \
+diff --git a/lib/rtapelib.c b/lib/rtapelib.c
+index 02ad1e7..cb645db 100644
+--- a/lib/rtapelib.c
+++ b/lib/rtapelib.c
+@@ -573,7 +573,8 @@ rmt_read__ (int handle, char *buffer, size_t length)
+ 
+   sprintf (command_buffer, "R%lu\n", (unsigned long) length);
+   if (do_command (handle, command_buffer) == -1
+-      || (status = get_status (handle)) == SAFE_READ_ERROR)
+      || (status = get_status (handle)) == SAFE_READ_ERROR
+      || status > length)
+     return SAFE_READ_ERROR;
+ 
+   for (counter = 0; counter < status; counter += rlen, buffer += rlen)
+@@ -709,6 +710,12 @@ rmt_ioctl__ (int handle, int operation, char *argument)
+ 	    || (status = get_status (handle), status == -1))
+ 	  return -1;
+ 
+	if (status > sizeof (struct mtop))
+	  {
+	    errno = EOVERFLOW;
+	    return -1;
+	  }
+	
+ 	for (; status > 0; status -= counter, argument += counter)
+ 	  {
+ 	    counter = safe_read (READ_SIDE (handle), argument, status);
+--
+cgit v0.8.2.1
--- a/tar.changes
+++ b/tar.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Mar  3 09:29:23 UTC 2010 - mseben@novell.com
+
+- added heap_overflow_in_rtapelib.patch fix possible heap overflow in 
+  rtapelib.c (bnc#579475)
+
 -------------------------------------------------------------------
 Tue Feb  2 20:35:03 UTC 2010 - mseben@novell.com

--- a/tar.spec
+++ b/tar.spec
@ -36,6 +36,8 @@ Patch1:         tar-disable-listed02-test.diff
 Patch2:         tar-manpage.patch
 Patch3:         tar-wildcards.patch
 Patch5:         tar-1.22-fortifysourcessigabrt.patch
+#fix possible heap overflow in rtapelib.c bnc#579475 (fix already in upstream git)
+Patch6:		    tar-heap_overflow_in_rtapelib.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Recommends:     xz
 Recommends:     tar-lang = %version
@ -89,6 +91,7 @@ Shell scripts for system backup/restore
 %patch2 -p1
 %patch3 -p1
 %patch5 -p1
+%patch6 -p1

 %build
 rm -f po/no.* po/ky.*