diff --git a/cmake.changes b/cmake.changes index 5164979..c8ee591 100644 --- a/cmake.changes +++ b/cmake.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat Feb 13 16:09:25 CET 2010 - dmueller@suse.de + +- fix fortify related static buffer overflows (not exploitable) + ------------------------------------------------------------------- Fri Nov 27 14:00:50 CET 2009 - puzel@suse.cz diff --git a/cmake.spec b/cmake.spec index fbe4484..bd06534 100644 --- a/cmake.spec +++ b/cmake.spec @@ -1,7 +1,7 @@ # # spec file for package cmake (Version 2.8.0) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,13 +20,14 @@ Name: cmake Version: 2.8.0 -Release: 1 +Release: 2 License: BSD3c Group: Development/Tools/Building %define tar_version %version Url: http://www.cmake.org/ Source0: %{name}-%{tar_version}.tar.bz2 Patch4: cmake-disable-builtin-chrpath.diff +Patch5: fortify-buffer-overflows.diff Summary: Cross-platform, open-source make system BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} > 1020 @@ -66,6 +67,7 @@ Authors: %prep %setup -q -n %name-%tar_version %patch4 +%patch5 %build EXTRA_FLAGS="" diff --git a/fortify-buffer-overflows.diff b/fortify-buffer-overflows.diff new file mode 100644 index 0000000..4012a22 --- /dev/null +++ b/fortify-buffer-overflows.diff @@ -0,0 +1,25 @@ +--- Source/kwsys/SystemInformation.cxx ++++ Source/kwsys/SystemInformation.cxx +@@ -139,7 +139,7 @@ + void RunMemoryCheck(); + public: + #define VENDOR_STRING_LENGTH (12 + 1) +-#define CHIPNAME_STRING_LENGTH (48 + 1) ++#define CHIPNAME_STRING_LENGTH (70 + 1) + #define SERIALNUMBER_STRING_LENGTH (29 + 1) + + typedef struct tagID +--- Utilities/cmtar/encode.c ++++ Utilities/cmtar/encode.c +@@ -32,7 +32,10 @@ + int i, sum = 0; + + if (t->options & TAR_GNU) +- strncpy(t->th_buf.magic, "ustar ", 8); ++ { ++ strncpy(t->th_buf.version, " ", TVERSLEN); ++ strncpy(t->th_buf.magic, "ustar", TMAGLEN); ++ } + else + { + strncpy(t->th_buf.version, TVERSION, TVERSLEN);