rpms/cdrkit/F-11 cdrkit-1.1.9-buffer_overflow.patch, NONE, 1.1 cdrkit-1.1.9-root_option.patch, NONE, 1.1 cdrkit.spec, 1.26, 1.27
Nikola Pajkovsky
npajkovs at fedoraproject.org
Wed Aug 12 08:28:18 UTC 2009
Author: npajkovs
Update of /cvs/extras/rpms/cdrkit/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14825
Modified Files:
cdrkit.spec
Added Files:
cdrkit-1.1.9-buffer_overflow.patch
cdrkit-1.1.9-root_option.patch
Log Message:
fix two buffer overflows
cdrkit-1.1.9-buffer_overflow.patch:
scsi_cdr.c | 36 +++++++++++++++++++++---------------
1 file changed, 21 insertions(+), 15 deletions(-)
--- NEW FILE cdrkit-1.1.9-buffer_overflow.patch ---
diff -ru origin-1.1.9/wodim/scsi_cdr.c master-1.1.9/wodim/scsi_cdr.c
--- origin-1.1.9/wodim/scsi_cdr.c 2008-02-25 12:14:07.000000000 +0100
+++ master-1.1.9/wodim/scsi_cdr.c 2009-07-16 12:01:29.000000000 +0200
@@ -2181,26 +2181,30 @@
if (inq->add_len == 0) {
if (usalp->dev == DEV_UNKNOWN && got_inquiry) {
usalp->dev = DEV_ACB5500;
- strcpy(inq->vendor_info,
- "ADAPTEC ACB-5500 FAKE");
+ strncpy(inq->vendor_info, "ADAPTEC ", 8);
+ strncpy(inq->prod_ident,"ACB-5500 ", 16);
+ strncpy(inq->prod_revision, "FAKE", 4);
} else switch (usalp->dev) {
-
case DEV_ACB40X0:
- strcpy(inq->vendor_info,
- "ADAPTEC ACB-40X0 FAKE");
+ strncpy(inq->vendor_info, "ADAPTEC ", 8);
+ strncpy(inq->prod_ident, "ACB-40X0 ",16);
+ strncpy(inq->prod_revision, "FAKE", 4);
break;
case DEV_ACB4000:
- strcpy(inq->vendor_info,
- "ADAPTEC ACB-4000 FAKE");
+ strncpy(inq->vendor_info, "ADAPTEC ",8);
+ strncpy(inq->prod_ident, "ACB-4000 ",16);
+ strncpy(inq->prod_revision, "FAKE",4);
break;
case DEV_ACB4010:
- strcpy(inq->vendor_info,
- "ADAPTEC ACB-4010 FAKE");
+ strncpy(inq->vendor_info, "ADAPTEC ",8);
+ strncpy(inq->prod_ident, "ACB-4010 ",16);
+ strncpy(inq->prod_revision, "FAKE",4);
break;
case DEV_ACB4070:
- strcpy(inq->vendor_info,
- "ADAPTEC ACB-4070 FAKE");
+ strncpy(inq->vendor_info,"ADAPTEC ",8);
+ strncpy(inq->prod_ident, "ACB-4070 ", 16);
+ strncpy(inq->prod_revision, "FAKE",4 );
break;
}
} else if (inq->add_len < 31) {
@@ -2230,14 +2234,16 @@
case INQ_SEQD:
if (usalp->dev == DEV_SC4000) {
- strcpy(inq->vendor_info,
- "SYSGEN SC4000 FAKE");
+ strncpy(inq->vendor_info,"SYSGEN ",8);
+ strncpy(inq->prod_ident, "SC4000 ",16);
+ strncpy(inq->prod_revision, "FAKE",4);
} else if (inq->add_len == 0 &&
inq->removable &&
inq->ansi_version == 1) {
usalp->dev = DEV_MT02;
- strcpy(inq->vendor_info,
- "EMULEX MT02 FAKE");
+ strncpy(inq->vendor_info,"EMULEX ",8);
+ strncpy(inq->prod_ident, "MT02 ",16);
+ strncpy(inq->prod_revision, "FAKE",4);
}
break;
cdrkit-1.1.9-root_option.patch:
genisoimage.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- NEW FILE cdrkit-1.1.9-root_option.patch ---
--- cdrkit-1.1.9/genisoimage/genisoimage.c 2009-08-11 13:45:42.491887853 +0200
+++ cdrkit-1.1.9-master/genisoimage/genisoimage.c 2009-08-11 15:10:23.382014864 +0200
@@ -3117,8 +3117,10 @@ if (check_session == 0)
if (reloc_root != NULL) {
strcpy(graft_point, reloc_root);
len = strlen(graft_point);
- if (graft_point[len] != '/')
+ if (graft_point[len] != '/'){
graft_point[len++] = '/';
+ graft_point[len] = '\0';
+ }
} else {
len = 0;
}
Index: cdrkit.spec
===================================================================
RCS file: /cvs/extras/rpms/cdrkit/F-11/cdrkit.spec,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -p -r1.26 -r1.27
--- cdrkit.spec 16 Jul 2009 16:03:22 -0000 1.26
+++ cdrkit.spec 12 Aug 2009 08:28:17 -0000 1.27
@@ -1,7 +1,7 @@
Summary: A collection of CD/DVD utilities
Name: cdrkit
Version: 1.1.9
-Release: 5%{?dist}
+Release: 6%{?dist}
License: GPLv2
Group: Applications/System
URL: http://cdrkit.org/
@@ -10,6 +10,8 @@ Source: http://cdrkit.org/releases/cdrki
Patch1: cdrkit-1.1.8-werror.patch
Patch2: cdrkit-1.1.9-efi-boot.patch
Patch3: cdrkit-1.1.9-types.patch
+Patch4: cdrkit-1.1.9-buffer_overflow.patch
+Patch5: cdrkit-1.1.9-root_option.patch
BuildRequires: cmake libcap-devel zlib-devel perl file-devel bzip2-devel
@@ -70,13 +72,16 @@ Recording formats include stereo/mono, 8
rates. Icedax can also be used as a CD player.
%prep
-%setup -q
+%setup -q
%patch1 -p1 -b .werror
%patch2 -p1 -b .efi
%patch3 -p1 -b .getline
+%patch4 -p1 -b .buffer_overflow
+%patch5 -p1 -b .root_option
+
find . -type f -print0 | xargs -0 perl -pi -e 's#/usr/local/bin/perl#/usr/bin/perl#g'
-find doc -type f -print0 | xargs -0 chmod a-x
+find doc -type f -print0 | xargs -0 chmod a-x
%build
@@ -123,7 +128,7 @@ fi
%{_mandir}/man1/wodim.1.gz \
--slave %{_bindir}/readcd cdrecord-readcd %{_bindir}/readom \
--slave %{_mandir}/man1/readcd.1.gz cdrecord-readcdman \
- %{_mandir}/man1/readom.1.gz
+ %{_mandir}/man1/readom.1.gz
%preun -n wodim
if [ $1 = 0 ]; then
@@ -155,7 +160,7 @@ fi
%{_sbindir}/alternatives --install %{_bindir}/cdda2wav cdda2wav \
%{_bindir}/icedax 50 \
--slave %{_mandir}/man1/cdda2wav.1.gz cdda2wav-cdda2wavman \
- %{_mandir}/man1/icedax.1.gz
+ %{_mandir}/man1/icedax.1.gz
%preun -n icedax
if [ $1 = 0 ]; then
@@ -211,6 +216,10 @@ fi
%{_mandir}/man1/readmult.*
%changelog
+* Wed Aug 12 2009 Nikola Pajkovsky <npajkovs at redhat.com> 1.1.9-6
+- fix #508449. fix string overflow breakage when using the -root
+- fix buffer overflow
+
* Thu Jul 16 2009 Nikola Pajkovsky <npajkovs at redhat.com> 1.1.9-5
- icedax require vorbis-tools
More information about the fedora-extras-commits
mailing list