From f1093c3eae3e41f57b947b151d2f19f3ca3482bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
Date: Fri, 7 Jan 2011 12:21:42 +0100
Subject: [PATCH 1/2] - Fixed buffer overflow in reclaim file (#660154)

---
 dosfstools-3.0.9-fix-reclaim-file.patch | 11 +++++++++++
 dosfstools.spec                         |  8 +++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 dosfstools-3.0.9-fix-reclaim-file.patch

diff --git a/dosfstools-3.0.9-fix-reclaim-file.patch b/dosfstools-3.0.9-fix-reclaim-file.patch
new file mode 100644
index 0000000..1dd621d
--- /dev/null
+++ b/dosfstools-3.0.9-fix-reclaim-file.patch
@@ -0,0 +1,11 @@
+--- dosfstools-3.0.9/src/fat.c.old	2010-01-23 10:13:34.000000000 +0100
++++ dosfstools-3.0.9/src/fat.c	2010-12-10 14:36:29.510247580 +0100
+@@ -486,7 +486,7 @@
+ 	    DIR_ENT de;
+ 	    loff_t offset;
+ 	    files++;
+-	    offset = alloc_rootdir_entry(fs,&de,"FSCK%04dREC");
++	    offset = alloc_rootdir_entry(fs,&de,"FSCK%04d");
+ 	    de.start = CT_LE_W(i&0xffff);
+ 	    if (fs->fat_bits == 32)
+ 		de.starthi = CT_LE_W(i>>16);
diff --git a/dosfstools.spec b/dosfstools.spec
index 3efcf2c..d4aa96a 100644
--- a/dosfstools.spec
+++ b/dosfstools.spec
@@ -1,12 +1,14 @@
 Name: dosfstools
 Summary: Utilities for making and checking MS-DOS FAT filesystems on Linux
 Version: 3.0.9
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv3+
 Group: Applications/System
 Source0: http://www.daniel-baumann.ch/software/dosfstools/%{name}-%{version}.tar.bz2
 URL: http://www.daniel-baumann.ch/software/dosfstools/
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+# Fix buffer overflow in reclaim file (#660154)
+Patch0: dosfstools-3.0.9-fix-reclaim-file.patch
 
 %description
 The dosfstools package includes the mkdosfs and dosfsck utilities,
@@ -15,6 +17,7 @@ drives or on floppies.
 
 %prep
 %setup -q
+%patch0 -p1 -b .fix-reclaim-file
 
 %build
 make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fno-strict-aliasing"
@@ -33,6 +36,9 @@ rm -rf %{buildroot}
 %{_mandir}/man8/*
 
 %changelog
+* Fri Jan 07 2011 Jaroslav Škarvada <jskarvad@redhat.com> - 3.0.9-4
+- Fixed buffer overflow in reclaim file (#660154)
+
 * Mon May 31 2010 Jaroslav Škarvada <jskarvad@redhat.com> - 3.0.9-3
 - Rebuilt with -fno-strict-aliasing
 

From 8de1eb801e105f1d97e70a171a9317f72b1db65a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
Date: Mon, 14 Feb 2011 15:43:34 +0100
Subject: [PATCH 2/2] - Fixed buffer overflow in alloc_rootdir_entry (#674095)
 - Dropped fix-reclaim-file patch, obsoleted by fix-alloc-rootdir-entry patch

---
 dosfstools-3.0.9-fix-alloc-rootdir-entry.patch | 14 ++++++++++++++
 dosfstools-3.0.9-fix-reclaim-file.patch        | 11 -----------
 dosfstools.spec                                | 12 ++++++++----
 3 files changed, 22 insertions(+), 15 deletions(-)
 create mode 100644 dosfstools-3.0.9-fix-alloc-rootdir-entry.patch
 delete mode 100644 dosfstools-3.0.9-fix-reclaim-file.patch

diff --git a/dosfstools-3.0.9-fix-alloc-rootdir-entry.patch b/dosfstools-3.0.9-fix-alloc-rootdir-entry.patch
new file mode 100644
index 0000000..07c4977
--- /dev/null
+++ b/dosfstools-3.0.9-fix-alloc-rootdir-entry.patch
@@ -0,0 +1,14 @@
+--- dosfstools-3.0.9/src/check.c.old	2010-01-23 10:13:17.000000000 +0100
++++ dosfstools-3.0.9/src/check.c	2011-01-31 17:43:31.462674941 +0100
+@@ -174,7 +174,10 @@
+ 	offset = fs->root_start+next_free*sizeof(DIR_ENT);
+ 	memset(de,0,sizeof(DIR_ENT));
+ 	while (1) {
+-	    sprintf(de->name,pattern,curr_num);
++	    char expanded[12];
++	    sprintf(expanded, pattern, curr_num);
++	    memcpy(de->name, expanded, 8);
++	    memcpy(de->ext, expanded+8, 3);
+	    for (scan = 0; scan < fs->root_entries; scan++)
+ 		if (scan != next_free &&
+ 		    !strncmp(root[scan].name,de->name,MSDOS_NAME))
diff --git a/dosfstools-3.0.9-fix-reclaim-file.patch b/dosfstools-3.0.9-fix-reclaim-file.patch
deleted file mode 100644
index 1dd621d..0000000
--- a/dosfstools-3.0.9-fix-reclaim-file.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- dosfstools-3.0.9/src/fat.c.old	2010-01-23 10:13:34.000000000 +0100
-+++ dosfstools-3.0.9/src/fat.c	2010-12-10 14:36:29.510247580 +0100
-@@ -486,7 +486,7 @@
- 	    DIR_ENT de;
- 	    loff_t offset;
- 	    files++;
--	    offset = alloc_rootdir_entry(fs,&de,"FSCK%04dREC");
-+	    offset = alloc_rootdir_entry(fs,&de,"FSCK%04d");
- 	    de.start = CT_LE_W(i&0xffff);
- 	    if (fs->fat_bits == 32)
- 		de.starthi = CT_LE_W(i>>16);
diff --git a/dosfstools.spec b/dosfstools.spec
index d4aa96a..463d100 100644
--- a/dosfstools.spec
+++ b/dosfstools.spec
@@ -1,14 +1,14 @@
 Name: dosfstools
 Summary: Utilities for making and checking MS-DOS FAT filesystems on Linux
 Version: 3.0.9
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv3+
 Group: Applications/System
 Source0: http://www.daniel-baumann.ch/software/dosfstools/%{name}-%{version}.tar.bz2
 URL: http://www.daniel-baumann.ch/software/dosfstools/
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-# Fix buffer overflow in reclaim file (#660154)
-Patch0: dosfstools-3.0.9-fix-reclaim-file.patch
+# Fix buffer overflow in alloc_rootdir_entry (#674095)
+Patch0: dosfstools-3.0.9-fix-alloc-rootdir-entry.patch
 
 %description
 The dosfstools package includes the mkdosfs and dosfsck utilities,
@@ -17,7 +17,7 @@ drives or on floppies.
 
 %prep
 %setup -q
-%patch0 -p1 -b .fix-reclaim-file
+%patch0 -p1 -b .fix-alloc-rootdir-entry
 
 %build
 make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fno-strict-aliasing"
@@ -36,6 +36,10 @@ rm -rf %{buildroot}
 %{_mandir}/man8/*
 
 %changelog
+* Mon Jan 31 2011 Jaroslav Škarvada <jskarvad@redhat.com> - 3.0.9-5
+- Fixed buffer overflow in alloc_rootdir_entry (#674095)
+- Dropped fix-reclaim-file patch, obsoleted by fix-alloc-rootdir-entry patch
+
 * Fri Jan 07 2011 Jaroslav Škarvada <jskarvad@redhat.com> - 3.0.9-4
 - Fixed buffer overflow in reclaim file (#660154)