[pkgsrc/trunk]: pkgsrc/misc/rpm Add patch for CVE-2014-8118 - Integer overflo...

[sevan <sevan%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/2192923c65e5
branches:  trunk
changeset: 648895:2192923c65e5
user:      sevan <sevan%pkgsrc.org@localhost>
date:      Sun Mar 22 17:32:54 2015 +0000

description:
Add patch for CVE-2014-8118 - Integer overflow allows remote attackers to
execute arbitrary code via a crafted CPIO header in the payload section of an
RPM file, which triggers a stack-based buffer overflow.

https://bugzilla.redhat.com/show_bug.cgi?id=1168715

Reviewed by wiz@

diffstat:

 misc/rpm/Makefile                 |   3 ++-
 misc/rpm/distinfo                 |   3 ++-
 misc/rpm/patches/patch-lib_cpio.c |  20 ++++++++++++++++++++
 3 files changed, 24 insertions(+), 2 deletions(-)

diffs (53 lines):

diff -r 87ef2837f07f -r 2192923c65e5 misc/rpm/Makefile
--- a/misc/rpm/Makefile Sun Mar 22 17:26:05 2015 +0000
+++ b/misc/rpm/Makefile Sun Mar 22 17:32:54 2015 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.85 2015/03/15 05:34:56 ryoon Exp $
+# $NetBSD: Makefile,v 1.86 2015/03/22 17:32:54 sevan Exp $
 
 DISTNAME=      rpm-4.12.0.1
+PKGREVISION=   1
 CATEGORIES=    misc
 MASTER_SITES=  http://rpm.org/releases/rpm-4.12.x/
 EXTRACT_SUFX=  .tar.bz2
diff -r 87ef2837f07f -r 2192923c65e5 misc/rpm/distinfo
--- a/misc/rpm/distinfo Sun Mar 22 17:26:05 2015 +0000
+++ b/misc/rpm/distinfo Sun Mar 22 17:32:54 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2015/03/15 05:34:56 ryoon Exp $
+$NetBSD: distinfo,v 1.15 2015/03/22 17:32:54 sevan Exp $
 
 SHA1 (rpm-4.12.0.1.tar.bz2) = d416bdb249b246b00b2d5d34c66e7f5a68a62524
 RMD160 (rpm-4.12.0.1.tar.bz2) = c57a676d467d0984b13bdca7df803e26609055fd
@@ -6,6 +6,7 @@
 SHA1 (patch-build_rpmfc.c) = 10e3196d7d2dcc17f7c2be0acbea01f00354eee3
 SHA1 (patch-configure.ac) = c6301dce864ad1ade8bc21c2d00f2c9754594b2d
 SHA1 (patch-lib_backend_db3.c) = 241c9193723253bbe037e61c54992f66aa825136
+SHA1 (patch-lib_cpio.c) = e5f0a60e33832175ab393562be89aba998513ae8
 SHA1 (patch-lib_header.c) = 091dc42741fd5f34edcf9b90f1e9d76087be56b4
 SHA1 (patch-lib_rpmrc.c) = cf9e1349d84dea4f60b7db574e31e14799d4e75c
 SHA1 (patch-misc_fnmatch.c) = d4a8d81fe4a0cb97946e4037c5d8a4299a4411a7
diff -r 87ef2837f07f -r 2192923c65e5 misc/rpm/patches/patch-lib_cpio.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/rpm/patches/patch-lib_cpio.c Sun Mar 22 17:32:54 2015 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-lib_cpio.c,v 1.1 2015/03/22 17:32:55 sevan Exp $
+
+CVE-2014-8118 - Integer overflow allows remote attackers to execute arbitrary
+code via a crafted CPIO header in the payload section of an RPM file, which
+triggers a stack-based buffer overflow.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1168715
+
+--- lib/cpio.c.orig    2014-06-30 08:47:13.000000000 +0000
++++ lib/cpio.c
+@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, ch
+ 
+     GET_NUM_FIELD(hdr.filesize, fsize);
+     GET_NUM_FIELD(hdr.namesize, nameSize);
++    if (nameSize <= 0 || nameSize > 4096) {
++      return RPMERR_BAD_HEADER;
++    }
+ 
+     char name[nameSize + 1];
+     read = Fread(name, nameSize, 1, cpio->fd);