From de046a7e9fb21eb7fc0c78eccee458b4f5eae1ca Mon Sep 17 00:00:00 2001
From: Ondrej Vasik <ovasik@fedoraproject.org>
Date: Tue, 15 Apr 2008 19:38:04 +0000
Subject: [PATCH] fix possible segfault in sha1sum/md5sum command

---
 coreutils-6.10-md5sha1sum.patch | 43 +++++++++++++++++++++++++++++++++
 coreutils.spec                  |  7 +++++-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 coreutils-6.10-md5sha1sum.patch

diff --git a/coreutils-6.10-md5sha1sum.patch b/coreutils-6.10-md5sha1sum.patch
new file mode 100644
index 0000000..09ed0a1
--- /dev/null
+++ b/coreutils-6.10-md5sha1sum.patch
@@ -0,0 +1,43 @@
+diff -urNp coreutils-6.10-orig/src/md5sum.c coreutils-6.10/src/md5sum.c
+--- coreutils-6.10-orig/src/md5sum.c	2007-11-25 14:23:31.000000000 +0100
++++ coreutils-6.10/src/md5sum.c	2008-04-15 21:04:09.000000000 +0200
+@@ -205,6 +205,9 @@ bsd_split_3 (char *s, size_t s_len, unsi
+ {
+   size_t i;
+ 
++	if (s_len ==0)
++		return false;
++
+   *file_name = s;
+ 
+   /* Find end of filename. The BSD 'md5' and 'sha1' commands do not escape
+diff -urNp coreutils-6.10-orig/tests/misc/sha1sum coreutils-6.10/tests/misc/sha1sum
+--- coreutils-6.10-orig/tests/misc/sha1sum	2007-12-13 00:14:28.000000000 +0100
++++ coreutils-6.10/tests/misc/sha1sum	2008-04-15 21:05:43.000000000 +0200
+@@ -29,7 +29,7 @@ exec $PERL -w -I$srcdir/.. -MCoreutils -M"CuTmpdir qw($me)" -- - <<\EOF
+ require 5.003;
+ use strict;
+ 
+-(my $program_name = $0) =~ s|.*/||;
++my $prog = 'sha1sum';
+ 
+ # Turn off localisation of executable's ouput.
+ @ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3;
+@@ -72,6 +72,8 @@ my @Tests =
+      ['check-bsd3', '--check', '--status',
+ 			{IN=> {'f.sha1' => "SHA1 (f) = $sha_degenerate\n"}},
+ 			{AUX=> {f=> 'bar'}}, {EXIT=> 1}],
++     ['bsd-segv', '--check', {IN=> {'z' => "SHA1 ("}}, {EXIT=> 1},
++      {ERR=> "$prog: z: no properly formatted SHA1 checksum lines found\n"}],
+     );
+ 
+ # Insert the `--text' argument for each test.
+@@ -86,7 +88,6 @@ foreach $t (@Tests)
+ my $save_temps = $ENV{DEBUG};
+ my $verbose = $ENV{VERBOSE};
+ 
+-my $prog = 'sha1sum';
+-my $fail = run_tests ($program_name, $prog, \@Tests, $save_temps, $verbose);
++my $fail = run_tests ($prog, $prog, \@Tests, $save_temps, $verbose);
+ exit $fail;
+ EOF
diff --git a/coreutils.spec b/coreutils.spec
index 3bbefc4..9fac389 100644
--- a/coreutils.spec
+++ b/coreutils.spec
@@ -1,7 +1,7 @@
 Summary: The GNU core utilities: a set of tools commonly used in shell scripts
 Name:    coreutils
 Version: 6.10
-Release: 19%{?dist}
+Release: 20%{?dist}
 License: GPLv3+
 Group:   System Environment/Base
 Url:     http://www.gnu.org/software/coreutils/
@@ -23,6 +23,7 @@ Patch2: coreutils-dddoubleclose.patch
 Patch3: coreutils-mvatomic.patch
 Patch4: coreutils-6.10-lonebackslash.patch
 Patch5: coreutils-6.10-mkscontextsegfault.patch
+Patch6: coreutils-6.10-md5sha1sum.patch
 
 # Our patches
 Patch100: coreutils-chgrp.patch
@@ -106,6 +107,7 @@ cd %name-%version
 %patch3 -p1 -b .atomic
 %patch4 -p1 -b .backslash
 %patch5 -p1 -b .mksegfault
+%patch6 -p1 -b .mda5sum
 
 # Our patches
 %patch100 -p1 -b .chgrp
@@ -312,6 +314,9 @@ fi
 /sbin/runuser
 
 %changelog
+* Tue Apr 15 2008 Ondrej Vasik <ovasik@redhat.com> - 6.10-20
+- fix possible segfault in sha1sum/md5sum command
+
 * Mon Apr 14 2008 Ondrej Vasik <ovasik@redhat.com> - 6.10-19
 - fix possible build-failure typo in i18n patch(#442205)