pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/misc/rpm Add patch for CVE-2014-8118 - Integer overflo...
details: https://anonhg.NetBSD.org/pkgsrc/rev/2192923c65e5
branches: trunk
changeset: 648895:2192923c65e5
user: sevan <sevan%pkgsrc.org@localhost>
date: Sun Mar 22 17:32:54 2015 +0000
description:
Add patch for CVE-2014-8118 - Integer overflow allows remote attackers to
execute arbitrary code via a crafted CPIO header in the payload section of an
RPM file, which triggers a stack-based buffer overflow.
https://bugzilla.redhat.com/show_bug.cgi?id=1168715
Reviewed by wiz@
diffstat:
misc/rpm/Makefile | 3 ++-
misc/rpm/distinfo | 3 ++-
misc/rpm/patches/patch-lib_cpio.c | 20 ++++++++++++++++++++
3 files changed, 24 insertions(+), 2 deletions(-)
diffs (53 lines):
diff -r 87ef2837f07f -r 2192923c65e5 misc/rpm/Makefile
--- a/misc/rpm/Makefile Sun Mar 22 17:26:05 2015 +0000
+++ b/misc/rpm/Makefile Sun Mar 22 17:32:54 2015 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.85 2015/03/15 05:34:56 ryoon Exp $
+# $NetBSD: Makefile,v 1.86 2015/03/22 17:32:54 sevan Exp $
DISTNAME= rpm-4.12.0.1
+PKGREVISION= 1
CATEGORIES= misc
MASTER_SITES= http://rpm.org/releases/rpm-4.12.x/
EXTRACT_SUFX= .tar.bz2
diff -r 87ef2837f07f -r 2192923c65e5 misc/rpm/distinfo
--- a/misc/rpm/distinfo Sun Mar 22 17:26:05 2015 +0000
+++ b/misc/rpm/distinfo Sun Mar 22 17:32:54 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2015/03/15 05:34:56 ryoon Exp $
+$NetBSD: distinfo,v 1.15 2015/03/22 17:32:54 sevan Exp $
SHA1 (rpm-4.12.0.1.tar.bz2) = d416bdb249b246b00b2d5d34c66e7f5a68a62524
RMD160 (rpm-4.12.0.1.tar.bz2) = c57a676d467d0984b13bdca7df803e26609055fd
@@ -6,6 +6,7 @@
SHA1 (patch-build_rpmfc.c) = 10e3196d7d2dcc17f7c2be0acbea01f00354eee3
SHA1 (patch-configure.ac) = c6301dce864ad1ade8bc21c2d00f2c9754594b2d
SHA1 (patch-lib_backend_db3.c) = 241c9193723253bbe037e61c54992f66aa825136
+SHA1 (patch-lib_cpio.c) = e5f0a60e33832175ab393562be89aba998513ae8
SHA1 (patch-lib_header.c) = 091dc42741fd5f34edcf9b90f1e9d76087be56b4
SHA1 (patch-lib_rpmrc.c) = cf9e1349d84dea4f60b7db574e31e14799d4e75c
SHA1 (patch-misc_fnmatch.c) = d4a8d81fe4a0cb97946e4037c5d8a4299a4411a7
diff -r 87ef2837f07f -r 2192923c65e5 misc/rpm/patches/patch-lib_cpio.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/rpm/patches/patch-lib_cpio.c Sun Mar 22 17:32:54 2015 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-lib_cpio.c,v 1.1 2015/03/22 17:32:55 sevan Exp $
+
+CVE-2014-8118 - Integer overflow allows remote attackers to execute arbitrary
+code via a crafted CPIO header in the payload section of an RPM file, which
+triggers a stack-based buffer overflow.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1168715
+
+--- lib/cpio.c.orig 2014-06-30 08:47:13.000000000 +0000
++++ lib/cpio.c
+@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, ch
+
+ GET_NUM_FIELD(hdr.filesize, fsize);
+ GET_NUM_FIELD(hdr.namesize, nameSize);
++ if (nameSize <= 0 || nameSize > 4096) {
++ return RPMERR_BAD_HEADER;
++ }
+
+ char name[nameSize + 1];
+ read = Fread(name, nameSize, 1, cpio->fd);
Home |
Main Index |
Thread Index |
Old Index