diff options
| author | Johan van Selst <johans@FreeBSD.org> | 2015-03-22 19:49:34 +0000 |
|---|---|---|
| committer | Johan van Selst <johans@FreeBSD.org> | 2015-03-22 19:49:34 +0000 |
| commit | d380c8d7d5c689c5cf3cc0b48707f7822461d82a (patch) | |
| tree | b33c1ccf36a693134b7e0ec75aeebc1375d39a91 | |
| parent | b4a013cf4f94a8c887ec17e820feee38e1a1bb45 (diff) | |
| download | ports-d380c8d7d5c689c5cf3cc0b48707f7822461d82a.tar.gz ports-d380c8d7d5c689c5cf3cc0b48707f7822461d82a.zip | |
MFH: r381946
Add security fix for CVE-2014-8118
PR: 198796
Submitted by: Sevan Janiyan <venture37@geeklan.co.uk>
Obtained from: https://bugzilla.redhat.com/show_bug.cgi?id=1168715
Approved by: portmgr
Notes
Notes:
svn path=/branches/2015Q1/; revision=381952
| -rw-r--r-- | archivers/rpm4/Makefile | 2 | ||||
| -rw-r--r-- | archivers/rpm4/files/patch-lib_cpio.c | 15 |
2 files changed, 16 insertions, 1 deletions
diff --git a/archivers/rpm4/Makefile b/archivers/rpm4/Makefile index 62253f15bd29..f20e12495a53 100644 --- a/archivers/rpm4/Makefile +++ b/archivers/rpm4/Makefile @@ -3,7 +3,7 @@ PORTNAME= rpm PORTVERSION= 4.12.0.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= archivers MASTER_SITES= http://rpm.org/releases/rpm-${PORTVERSION:R:R}.x/ \ ftp://ftp.mirrorservice.org/sites/ftp.rpm.org/pub/rpm/dist/rpm-${PORTVERSION:E}.x/ diff --git a/archivers/rpm4/files/patch-lib_cpio.c b/archivers/rpm4/files/patch-lib_cpio.c new file mode 100644 index 000000000000..a06895394295 --- /dev/null +++ b/archivers/rpm4/files/patch-lib_cpio.c @@ -0,0 +1,15 @@ +Fix for CVE-2014-8118 as found at +https://bugzilla.redhat.com/show_bug.cgi?id=1168715 + +--- lib/cpio.c.orig 2015-03-22 19:29:29.000000000 +0100 ++++ lib/cpio.c 2015-03-22 19:29:30.000000000 +0100 +@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, ch + + GET_NUM_FIELD(hdr.filesize, fsize); + GET_NUM_FIELD(hdr.namesize, nameSize); ++ if (nameSize <= 0 || nameSize > 4096) { ++ return RPMERR_BAD_HEADER; ++ } + + char name[nameSize + 1]; + read = Fread(name, nameSize, 1, cpio->fd); |