- Resolves: 226979 Buffer overflow in bzip2's bzip2recover

2007-02-05 11:12:02 +00:00 · 2007-02-05 11:12:02 +00:00 · d92c60c24c
commit d92c60c24c
parent 3dbd352616
2 changed files with 19 additions and 1 deletions
--- a/bzip2-1.0.4-bzip2recover.patch
+++ b/bzip2-1.0.4-bzip2recover.patch
@ -0,0 +1,12 @@
+--- bzip2-1.0.4/bzip2recover.c.pom	2007-01-03 03:00:55.000000000 +0100
+++ bzip2-1.0.4/bzip2recover.c	2007-02-05 11:55:17.000000000 +0100
+@@ -309,7 +309,8 @@
+    UInt32      buffHi, buffLo, blockCRC;
+    Char*       p;
+ 
+-   strcpy ( progName, argv[0] );
+   strncpy ( progName, argv[0], BZ_MAX_FILENAME-1);
+   progName[BZ_MAX_FILENAME]="\0";
+    inFileName[0] = outFileName[0] = 0;
+ 
+    fprintf ( stderr, 
--- a/bzip2.spec
+++ b/bzip2.spec
@ -1,13 +1,14 @@
 Summary: A file compression utility
 Name: bzip2
 Version: 1.0.4
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: BSD
 Group: Applications/File
 URL: http://sources.redhat.com/bzip2/
 Source: ftp://sources.redhat.com/pub/bzip2/v102/bzip2-%{version}.tar.gz
 Patch0: bzip2-1.0.4-saneso.patch
 Patch5: bzip2-1.0.4-cflags.patch
+Patch6: bzip2-1.0.4-bzip2recover.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 Requires: bzip2-libs = %{version}

@ -44,6 +45,7 @@ Libraries for applications using the bzip2 compression format.
 %setup -q 
 %patch0 -p1 -b .saneso
 %patch5 -p1 -b .cflags
+%patch6 -p1 -b .pom

 %build

@ -103,6 +105,10 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_libdir}/*so

 %changelog
+* Mon Feb  5 2007 Ivana Varekova <varekova@redhat.com> 1.0.4-2
+- Resolves: 226979 
+  Buffer overflow in bzip2's bzip2recover
+
 * Mon Jan  8 2007 Ivana Varekova <varekova@redhat.com> 1.0.4-1
 - update to 1.0.4
 - spec file cleanup