rpms/cdrkit/devel cdrkit-1.1.9-buffer_overflow.patch, NONE, 1.1 cdrkit.spec, 1.26, 1.27
Nikola Pajkovsky
npajkovs at fedoraproject.org
Thu Jul 16 10:28:11 UTC 2009
Author: npajkovs
Update of /cvs/extras/rpms/cdrkit/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28095
Modified Files:
cdrkit.spec
Added Files:
cdrkit-1.1.9-buffer_overflow.patch
Log Message:
fix buffer overflow
cdrkit-1.1.9-buffer_overflow.patch:
--- NEW FILE cdrkit-1.1.9-buffer_overflow.patch ---
Pouze v master-1.1.9/wodim: isosize.c.werror
diff -ru origin-1.1.9/wodim/scsi_cdr.c master-1.1.9/wodim/scsi_cdr.c
--- origin-1.1.9/wodim/scsi_cdr.c 2008-02-25 12:14:07.000000000 +0100
+++ master-1.1.9/wodim/scsi_cdr.c 2009-07-16 12:01:29.000000000 +0200
@@ -2181,26 +2181,30 @@
if (inq->add_len == 0) {
if (usalp->dev == DEV_UNKNOWN && got_inquiry) {
usalp->dev = DEV_ACB5500;
- strcpy(inq->vendor_info,
- "ADAPTEC ACB-5500 FAKE");
+ strncpy(inq->vendor_info, "ADAPTEC ", 8);
+ strncpy(inq->prod_ident,"ACB-5500 ", 16);
+ strncpy(inq->prod_revision, "FAKE", 4);
} else switch (usalp->dev) {
-
case DEV_ACB40X0:
- strcpy(inq->vendor_info,
- "ADAPTEC ACB-40X0 FAKE");
+ strncpy(inq->vendor_info, "ADAPTEC ", 8);
+ strncpy(inq->prod_ident, "ACB-40X0 ",16);
+ strncpy(inq->prod_revision, "FAKE", 4);
break;
case DEV_ACB4000:
- strcpy(inq->vendor_info,
- "ADAPTEC ACB-4000 FAKE");
+ strncpy(inq->vendor_info, "ADAPTEC ",8);
+ strncpy(inq->prod_ident, "ACB-4000 ",16);
+ strncpy(inq->prod_revision, "FAKE",4);
break;
case DEV_ACB4010:
- strcpy(inq->vendor_info,
- "ADAPTEC ACB-4010 FAKE");
+ strncpy(inq->vendor_info, "ADAPTEC ",8);
+ strncpy(inq->prod_ident, "ACB-4010 ",16);
+ strncpy(inq->prod_revision, "FAKE",4);
break;
case DEV_ACB4070:
- strcpy(inq->vendor_info,
- "ADAPTEC ACB-4070 FAKE");
+ strncpy(inq->vendor_info,"ADAPTEC ",8);
+ strncpy(inq->prod_ident, "ACB-4070 ", 16);
+ strncpy(inq->prod_revision, "FAKE",4 );
break;
}
} else if (inq->add_len < 31) {
@@ -2230,14 +2234,16 @@
case INQ_SEQD:
if (usalp->dev == DEV_SC4000) {
- strcpy(inq->vendor_info,
- "SYSGEN SC4000 FAKE");
+ strncpy(inq->vendor_info,"SYSGEN ",8);
+ strncpy(inq->prod_ident, "SC4000 ",16);
+ strncpy(inq->prod_revision, "FAKE",4);
} else if (inq->add_len == 0 &&
inq->removable &&
inq->ansi_version == 1) {
usalp->dev = DEV_MT02;
- strcpy(inq->vendor_info,
- "EMULEX MT02 FAKE");
+ strncpy(inq->vendor_info,"EMULEX ",8);
+ strncpy(inq->prod_ident, "MT02 ",16);
+ strncpy(inq->prod_revision, "FAKE",4);
}
break;
Index: cdrkit.spec
===================================================================
RCS file: /cvs/extras/rpms/cdrkit/devel/cdrkit.spec,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -p -r1.26 -r1.27
--- cdrkit.spec 10 Jul 2009 20:40:49 -0000 1.26
+++ cdrkit.spec 16 Jul 2009 10:28:09 -0000 1.27
@@ -1,7 +1,7 @@
Summary: A collection of CD/DVD utilities
Name: cdrkit
Version: 1.1.9
-Release: 7%{?dist}
+Release: 8%{?dist}
License: GPLv2
Group: Applications/System
URL: http://cdrkit.org/
@@ -11,6 +11,7 @@ Patch1: cdrkit-1.1.8-werror.patch
Patch2: cdrkit-1.1.9-efi-boot.patch
Patch3: cdrkit-1.1.9-types.patch
Patch4: cdrkit-1.1.9-no_mp3.patch
+Patch5: cdrkit-1.1.9-buffer_overflow.patch
BuildRequires: cmake libcap-devel zlib-devel perl file-devel bzip2-devel
@@ -84,6 +85,7 @@ rates. Icedax can also be used as a CD p
%patch2 -p1 -b .efi
%patch3 -p1 -b .types
%patch4 -p1 -b .no_mp3
+%patch5 -p1 -b .buffer_overflow
find . -type f -print0 | xargs -0 perl -pi -e 's#/usr/local/bin/perl#/usr/bin/perl#g'
find doc -type f -print0 | xargs -0 chmod a-x
@@ -97,8 +99,10 @@ export CXXFLAGS="$CFLAGS"
export FFLAGS="$CFLAGS"
cmake .. \
-DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} \
- -DBUILD_SHARED_LIBS:BOOL=ON
-make VERBOSE=1 %{?_smp_mflags}
+ -DBUILD_SHARED_LIBS:BOOL=ON \
+ --debug-output \
+ --trace
+make VERBOSE=2 %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
@@ -226,6 +230,9 @@ fi
%{_mandir}/man1/dirsplit.*
%changelog
+* Thu Jul 16 2009 Nikola Pajkovsky <npajkovs at redhat.com> 1.1.9-8
+- fix buffer overflow
+
* Fri Jul 10 2009 Adam Jackson <ajax at redhat.com> 1.1.9-7
- Move dirsplit to a subpackage to isolate the perl dependency.
More information about the fedora-extras-commits
mailing list