From a4b6681cdd11cc509694d8061e5a212ec1a19a0f1a20b4573ee1d14f98bd3e2a Mon Sep 17 00:00:00 2001
From: OBS User unknown <null@suse.de>
Date: Fri, 28 Nov 2008 15:19:38 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/openSUSE:Factory/rpm?expand=0&rev=66

---
 finddebuginfo-absolute-links.diff |  4 ++--
 rpm-filelist-bufferoverflow.diff  | 12 ++++++++++++
 rpm-python.spec                   |  2 +-
 rpm-suse_macros                   |  5 +++++
 rpm.changes                       |  7 +++++++
 rpm.spec                          | 13 +++++++++----
 6 files changed, 36 insertions(+), 7 deletions(-)
 create mode 100644 rpm-filelist-bufferoverflow.diff

diff --git a/finddebuginfo-absolute-links.diff b/finddebuginfo-absolute-links.diff
index da28ce1..20098fb 100644
--- a/finddebuginfo-absolute-links.diff
+++ b/finddebuginfo-absolute-links.diff
@@ -12,8 +12,8 @@ Signed-off-by: Jan Blunck <jblunck@suse.de>
 
 Index: b/scripts/find-debuginfo.sh
 ===================================================================
---- a/scripts/find-debuginfo.sh
-+++ b/scripts/find-debuginfo.sh
+--- scripts/find-debuginfo.sh
++++ scripts/find-debuginfo.sh
 @@ -123,7 +123,17 @@ debug_link()
    local l="/usr/lib/debug$2"
    local t="$1"
diff --git a/rpm-filelist-bufferoverflow.diff b/rpm-filelist-bufferoverflow.diff
new file mode 100644
index 0000000..47397c3
--- /dev/null
+++ b/rpm-filelist-bufferoverflow.diff
@@ -0,0 +1,12 @@
+--- build/files.c
++++ build/files.c
+@@ -2053,7 +2053,8 @@ static int processPackageFiles(Spec spec, Package pkg,
+ 	    continue;
+ 	fileName = NULL;
+ 	/*@-nullpass@*/	/* LCL: buf is NULL ?!? */
+-	strcpy(buf, s);
++	strncpy(buf, s, sizeof(buf)-1);
++	buf[sizeof(buf)-1] = '\0';
+ 	/*@=nullpass@*/
+ 	
+ 	/* Reset for a new line in %files */
diff --git a/rpm-python.spec b/rpm-python.spec
index d637e29..8f43ecf 100644
--- a/rpm-python.spec
+++ b/rpm-python.spec
@@ -24,7 +24,7 @@ License:        GPL v2 or later
 Group:          System/Packages
 Summary:        Python Bindings for Manipulating RPM Packages
 Version:        4.4.2.3
-Release:        18
+Release:        19
 Requires:       rpm = %{version}
 %py_requires
 Source99:       rpm.spec
diff --git a/rpm-suse_macros b/rpm-suse_macros
index 3aea0fb..d6b9e42 100644
--- a/rpm-suse_macros
+++ b/rpm-suse_macros
@@ -366,6 +366,11 @@
 %cflags_profile_generate -fprofile-generate
 %cflags_profile_feedback -fprofile-use
 
+%suse_install_update_message() \
+    install -D -m 644 %1 %buildroot/var/adm/update-messages/%{name}-%{version}-%{release}-%(basename %1).txt
+%suse_install_update_script() \
+     install -D -m 755 %1 %buildroot/var/adm/update-scripts/%{name}-%{version}-%{release}-%(basename %1).txt
+
 # Template for lang sub-package.
 %lang_package(n:) \
 %package %{-n:-n %{-n*}-}lang \
diff --git a/rpm.changes b/rpm.changes
index 5b3d310..e2b6962 100644
--- a/rpm.changes
+++ b/rpm.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Nov 28 15:15:10 CET 2008 - dmueller@suse.de
+
+- fix build
+- fix stack based buffer overflow in filelist parsing (bnc#397006)
+- add macros for update messages and update scripts
+
 -------------------------------------------------------------------
 Fri Nov 28 14:46:04 CET 2008 - mls@suse.de
 
diff --git a/rpm.spec b/rpm.spec
index 7578702..e4819b2 100644
--- a/rpm.spec
+++ b/rpm.spec
@@ -27,7 +27,7 @@ PreReq:         %insserv_prereq %fillup_prereq permissions
 AutoReqProv:    on
 Summary:        The RPM Package Manager
 Version:        4.4.2.3
-Release:        18
+Release:        19
 Source:         rpm-%{version}.tar.bz2
 Source1:        RPM-HOWTO.tar.bz2
 Source2:        RPM-Tips.html.tar.bz2
@@ -96,6 +96,7 @@ Patch62:        fingerprint.diff
 Patch63:        finddebuginfo-absolute-links.diff
 Patch64:        firmware.diff
 Patch65:        specfilemacro.diff
+Patch66:        rpm-filelist-bufferoverflow.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 #
 # avoid bootstrapping problem
@@ -179,7 +180,7 @@ rm -f rpmdb/db.h
 %patch -P 30 -P 31 -P 32 -P 33 -P 34 -P 35 -P 36 -P 37 -P 38 -P 39
 %patch -P 40 -P 41 -P 42 -P 43 -P 44 -P 45 -P 46 -P 47 -P 48 -P 49
 %patch -P 50 -P 51 -P 52 -P 53 -P 54 -P 55 -P 56 -P 57 -P 58 -P 59
-%patch -P 60 -P 61 -P 62 -P 63 -P 64 -P 65
+%patch -P 60 -P 61 -P 62 -P 63 -P 64 -P 65 -P 66
 chmod 755 scripts/find-supplements{,.ksyms}
 chmod 755 scripts/find-provides.ksyms scripts/find-requires.ksyms
 chmod 755 scripts/firmware.prov
@@ -329,7 +330,7 @@ Summary:        A C library for parsing command line parameters
 License:        LGPL v2.1 or later
 Group:          System/Libraries
 Version:        1.7
-Release:        466
+Release:        467
 #
 
 %description -n popt
@@ -352,7 +353,7 @@ Summary:        C Library for Parsing Command Line Parameters
 License:        LGPL v2.1 or later
 Group:          System/Libraries
 Version:        1.7
-Release:        466
+Release:        467
 Requires:       popt = 1.7
 Requires:       glibc-devel
 
@@ -387,6 +388,10 @@ Authors:
 %doc	%{_mandir}/man3/popt.3*
 
 %changelog
+* Fri Nov 28 2008 dmueller@suse.de
+- fix build
+- fix stack based buffer overflow in filelist parsing (bnc#397006)
+- add macros for update messages and update scripts
 * Fri Nov 28 2008 mls@suse.de
 - disable debug package requires for now, they cause more harm
   than benefits