diff options
| author | sevan <sevan@pkgsrc.org> | 2015-03-22 17:32:54 +0000 |
|---|---|---|
| committer | sevan <sevan@pkgsrc.org> | 2015-03-22 17:32:54 +0000 |
| commit | 6760986f4703aaf3a1ac73789f8711a08d196a84 (patch) | |
| tree | aec0d3f36457cf2f18e67088799ca721baed59bf | |
| parent | 581001a2c8174b950140807d0a50d252701d64e2 (diff) | |
| download | pkgsrc-6760986f4703aaf3a1ac73789f8711a08d196a84.tar.gz | |
Add patch for CVE-2014-8118 - Integer overflow allows remote attackers to
execute arbitrary code via a crafted CPIO header in the payload section of an
RPM file, which triggers a stack-based buffer overflow.
https://bugzilla.redhat.com/show_bug.cgi?id=1168715
Reviewed by wiz@
| -rw-r--r-- | misc/rpm/Makefile | 3 | ||||
| -rw-r--r-- | misc/rpm/distinfo | 3 | ||||
| -rw-r--r-- | misc/rpm/patches/patch-lib_cpio.c | 20 |
3 files changed, 24 insertions, 2 deletions
diff --git a/misc/rpm/Makefile b/misc/rpm/Makefile index bb6c2779e70..598b492a68c 100644 --- a/misc/rpm/Makefile +++ b/misc/rpm/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.85 2015/03/15 05:34:56 ryoon Exp $ +# $NetBSD: Makefile,v 1.86 2015/03/22 17:32:54 sevan Exp $ DISTNAME= rpm-4.12.0.1 +PKGREVISION= 1 CATEGORIES= misc MASTER_SITES= http://rpm.org/releases/rpm-4.12.x/ EXTRACT_SUFX= .tar.bz2 diff --git a/misc/rpm/distinfo b/misc/rpm/distinfo index d07b1ad61d2..abdd08e9cb6 100644 --- a/misc/rpm/distinfo +++ b/misc/rpm/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.14 2015/03/15 05:34:56 ryoon Exp $ +$NetBSD: distinfo,v 1.15 2015/03/22 17:32:54 sevan Exp $ SHA1 (rpm-4.12.0.1.tar.bz2) = d416bdb249b246b00b2d5d34c66e7f5a68a62524 RMD160 (rpm-4.12.0.1.tar.bz2) = c57a676d467d0984b13bdca7df803e26609055fd @@ -6,6 +6,7 @@ Size (rpm-4.12.0.1.tar.bz2) = 4129093 bytes SHA1 (patch-build_rpmfc.c) = 10e3196d7d2dcc17f7c2be0acbea01f00354eee3 SHA1 (patch-configure.ac) = c6301dce864ad1ade8bc21c2d00f2c9754594b2d SHA1 (patch-lib_backend_db3.c) = 241c9193723253bbe037e61c54992f66aa825136 +SHA1 (patch-lib_cpio.c) = e5f0a60e33832175ab393562be89aba998513ae8 SHA1 (patch-lib_header.c) = 091dc42741fd5f34edcf9b90f1e9d76087be56b4 SHA1 (patch-lib_rpmrc.c) = cf9e1349d84dea4f60b7db574e31e14799d4e75c SHA1 (patch-misc_fnmatch.c) = d4a8d81fe4a0cb97946e4037c5d8a4299a4411a7 diff --git a/misc/rpm/patches/patch-lib_cpio.c b/misc/rpm/patches/patch-lib_cpio.c new file mode 100644 index 00000000000..12fb6914ae9 --- /dev/null +++ b/misc/rpm/patches/patch-lib_cpio.c @@ -0,0 +1,20 @@ +$NetBSD: patch-lib_cpio.c,v 1.1 2015/03/22 17:32:55 sevan Exp $ + +CVE-2014-8118 - Integer overflow allows remote attackers to execute arbitrary +code via a crafted CPIO header in the payload section of an RPM file, which +triggers a stack-based buffer overflow. + +https://bugzilla.redhat.com/show_bug.cgi?id=1168715 + +--- lib/cpio.c.orig 2014-06-30 08:47:13.000000000 +0000 ++++ lib/cpio.c +@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, ch + + GET_NUM_FIELD(hdr.filesize, fsize); + GET_NUM_FIELD(hdr.namesize, nameSize); ++ if (nameSize <= 0 || nameSize > 4096) { ++ return RPMERR_BAD_HEADER; ++ } + + char name[nameSize + 1]; + read = Fread(name, nameSize, 1, cpio->fd); |