Accepting request 34550 from Archiving

Copy from Archiving/cpio based on submit request 34550 from user mseben

OBS-URL: https://build.opensuse.org/request/show/34550
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cpio?expand=0&rev=23

cpio-2.10-heap_overflow_in_rtapelib.patch

@@ -0,0 +1,52 @@
+From 9bc39283e4cc6ab9e5913ccbf766998eab4ff093 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org.ua>
+Date: Mon, 01 Mar 2010 08:49:03 +0000
+Subject: Bugfixes in rtapelib
+
+* lib/rmt.h (rmtcreat): Use fcntl O_ macros insead of
+their hardcoded values.
+* lib/rtapelib.c (rmt_read__,rmt_ioctl__): Prevent
+potential overflow.
+---
+diff --git a/lib/rmt.h b/lib/rmt.h
+index 50f037c..2ce9dc5 100644
+--- a/lib/rmt.h
++++ b/lib/rmt.h
+@@ -61,7 +61,7 @@ extern bool force_local_option;
+ 
+ #define rmtcreat(dev_name, mode, command) \
+    (_remdev (dev_name) \
+-    ? rmt_open__ (dev_name, 1 | O_CREAT, __REM_BIAS, command) \
++    ? rmt_open__ (dev_name, O_CREAT | O_WRONLY, __REM_BIAS, command) \
+     : creat (dev_name, mode))
+ 
+ #define rmtlstat(dev_name, muffer) \
+diff --git a/lib/rtapelib.c b/lib/rtapelib.c
+index 02ad1e7..cb645db 100644
+--- a/lib/rtapelib.c
++++ b/lib/rtapelib.c
+@@ -573,7 +573,8 @@ rmt_read__ (int handle, char *buffer, size_t length)
+ 
+   sprintf (command_buffer, "R%lu\n", (unsigned long) length);
+   if (do_command (handle, command_buffer) == -1
+-      || (status = get_status (handle)) == SAFE_READ_ERROR)
++      || (status = get_status (handle)) == SAFE_READ_ERROR
++      || status > length)
+     return SAFE_READ_ERROR;
+ 
+   for (counter = 0; counter < status; counter += rlen, buffer += rlen)
+@@ -709,6 +710,12 @@ rmt_ioctl__ (int handle, int operation, char *argument)
+ 	    || (status = get_status (handle), status == -1))
+ 	  return -1;
+ 
++	if (status > sizeof (struct mtop))
++	  {
++	    errno = EOVERFLOW;
++	    return -1;
++	  }
++	
+ 	for (; status > 0; status -= counter, argument += counter)
+ 	  {
+ 	    counter = safe_read (READ_SIDE (handle), argument, status);
+--
+cgit v0.8.2.1

cpio.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Mar  3 09:29:23 UTC 2010 - mseben@novell.com
+
+- added heap_overflow_in_rtapelib.patch fix possible heap overflow in 
+  rtapelib.c (bnc#579475)
+
 -------------------------------------------------------------------
 Sat Dec 26 11:51:46 CET 2009 - jengelh@medozas.de
 

cpio.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package cpio (Version 2.10)
 #
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@ License:        GPLv3
 Group:          Productivity/Archiving/Compression
 AutoReqProv:    on
 Version:        2.10
-Release:        5
+Release:        6
 Summary:        A Backup and Archiving Utility
 Source:         %{name}-%{version}.tar.bz2
 Patch2:         %{name}-%{version}-use_new_ascii_format.patch
@@ -43,6 +43,9 @@ Patch18:        %{name}-%{version}-default_tape_dev.patch
 Patch19:        %{name}-%{version}-include_fatal_c.patch
 #PATCH-FIX-UPSTREAM cpio-2.10-close_files_after_copy.patch
 Patch20:        %{name}-%{version}-close_files_after_copy.patch
+#fix possible heap overflow in rtapelib.c bnc#579475 
+Patch21:        %{name}-%{version}-heap_overflow_in_rtapelib.patch
+PreReq:         %install_info_prereq
 PreReq:         %install_info_prereq
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       %{name}-lang = %{version}
@@ -80,6 +83,7 @@ Authors:
 %patch18
 %patch19
 %patch20
+%patch21 -p1
 #chmod 755 .
 #chmod u+w *
 #chmod a+r *