fix buffer overflow

cdrkit-1.1.9-buffer_overflow.patch

@@ -0,0 +1,67 @@
+Pouze v master-1.1.9/wodim: isosize.c.werror
+diff -ru origin-1.1.9/wodim/scsi_cdr.c master-1.1.9/wodim/scsi_cdr.c
+--- origin-1.1.9/wodim/scsi_cdr.c	2008-02-25 12:14:07.000000000 +0100
++++ master-1.1.9/wodim/scsi_cdr.c	2009-07-16 12:01:29.000000000 +0200
+@@ -2181,26 +2181,30 @@
+ 		if (inq->add_len == 0) {
+ 			if (usalp->dev == DEV_UNKNOWN && got_inquiry) {
+ 				usalp->dev = DEV_ACB5500;
+-				strcpy(inq->vendor_info,
+-					"ADAPTEC ACB-5500        FAKE");
++				strncpy(inq->vendor_info, "ADAPTEC ", 8);
++				strncpy(inq->prod_ident,"ACB-5500        ", 16);
++				strncpy(inq->prod_revision, "FAKE", 4);
+ 
+ 			} else switch (usalp->dev) {
+-
+ 				case DEV_ACB40X0:
+-					strcpy(inq->vendor_info,
+-							"ADAPTEC ACB-40X0        FAKE");
++					strncpy(inq->vendor_info, "ADAPTEC ", 8);
++					strncpy(inq->prod_ident, "ACB-40X0        ",16);
++					strncpy(inq->prod_revision, "FAKE", 4);
+ 					break;
+ 				case DEV_ACB4000:
+-					strcpy(inq->vendor_info,
+-							"ADAPTEC ACB-4000        FAKE");
++					strncpy(inq->vendor_info, "ADAPTEC ",8);
++					strncpy(inq->prod_ident, "ACB-4000        ",16);
++					strncpy(inq->prod_revision, "FAKE",4);
+ 					break;
+ 				case DEV_ACB4010:
+-					strcpy(inq->vendor_info,
+-							"ADAPTEC ACB-4010        FAKE");
++					strncpy(inq->vendor_info, "ADAPTEC ",8);
++					strncpy(inq->prod_ident, "ACB-4010        ",16);
++					strncpy(inq->prod_revision, "FAKE",4);
+ 					break;
+ 				case DEV_ACB4070:
+-					strcpy(inq->vendor_info,
+-							"ADAPTEC ACB-4070        FAKE");
++					strncpy(inq->vendor_info,"ADAPTEC ",8);
++					strncpy(inq->prod_ident, "ACB-4070        ", 16);
++					strncpy(inq->prod_revision, "FAKE",4 );
+ 					break;
+ 			}
+ 		} else if (inq->add_len < 31) {
+@@ -2230,14 +2234,16 @@
+ 
+ 	case INQ_SEQD:
+ 		if (usalp->dev == DEV_SC4000) {
+-			strcpy(inq->vendor_info,
+-				"SYSGEN  SC4000          FAKE");
++			strncpy(inq->vendor_info,"SYSGEN  ",8);
++			strncpy(inq->prod_ident, "SC4000          ",16);
++			strncpy(inq->prod_revision, "FAKE",4);
+ 		} else if (inq->add_len == 0 &&
+ 					inq->removable &&
+ 						inq->ansi_version == 1) {
+ 			usalp->dev = DEV_MT02;
+-			strcpy(inq->vendor_info,
+-				"EMULEX  MT02            FAKE");
++			strncpy(inq->vendor_info,"EMULEX  ",8);
++			strncpy(inq->prod_ident, "MT02            ",16);
++			strncpy(inq->prod_revision, "FAKE",4);
+ 		}
+ 		break;
+ 

cdrkit.spec

@@ -1,7 +1,7 @@
 Summary: A collection of CD/DVD utilities
 Name: cdrkit
 Version: 1.1.9
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2
 Group: Applications/System
 URL: http://cdrkit.org/
@@ -11,6 +11,7 @@ Patch1: cdrkit-1.1.8-werror.patch
 Patch2: cdrkit-1.1.9-efi-boot.patch
 Patch3: cdrkit-1.1.9-types.patch
 Patch4: cdrkit-1.1.9-no_mp3.patch
+Patch5: cdrkit-1.1.9-buffer_overflow.patch
 
 BuildRequires: cmake libcap-devel zlib-devel perl file-devel bzip2-devel
 
@@ -84,6 +85,7 @@ rates. Icedax can also be used as a CD player.
 %patch2 -p1 -b .efi
 %patch3 -p1 -b .types
 %patch4 -p1 -b .no_mp3
+%patch5 -p1 -b .buffer_overflow
 
 find . -type f -print0 | xargs -0 perl -pi -e 's#/usr/local/bin/perl#/usr/bin/perl#g'
 find doc -type f -print0 | xargs -0 chmod a-x 
@@ -97,8 +99,10 @@ export CXXFLAGS="$CFLAGS"
 export FFLAGS="$CFLAGS"
 cmake .. \
         -DCMAKE_INSTALL_PREFIX:PATH=%{_prefix} \
-        -DBUILD_SHARED_LIBS:BOOL=ON
-make VERBOSE=1 %{?_smp_mflags}
+        -DBUILD_SHARED_LIBS:BOOL=ON \
+        --debug-output \
+        --trace
+make VERBOSE=2 %{?_smp_mflags}
 
 %install
 rm -rf $RPM_BUILD_ROOT
@@ -226,6 +230,9 @@ fi
 %{_mandir}/man1/dirsplit.*
 
 %changelog
+* Thu Jul 16 2009 Nikola Pajkovsky <npajkovs@redhat.com> 1.1.9-8
+- fix buffer overflow
+
 * Fri Jul 10 2009 Adam Jackson <ajax@redhat.com> 1.1.9-7
 - Move dirsplit to a subpackage to isolate the perl dependency.