diff --git a/star-1.5.1-bufferoverflow.patch b/star-1.5.1-bufferoverflow.patch new file mode 100644 index 0000000..ef5f51c --- /dev/null +++ b/star-1.5.1-bufferoverflow.patch @@ -0,0 +1,12 @@ +diff -urNp star-1.5.1-orig/star/longnames.c star-1.5.1/star/longnames.c +--- star-1.5.1-orig/star/longnames.c 2009-10-16 00:38:55.000000000 +0200 ++++ star-1.5.1/star/longnames.c 2010-02-03 13:36:03.000000000 +0100 +@@ -155,7 +155,7 @@ name_to_tcb(info, ptb) + if (add) + strcatl(ptb->dbuf.t_name, name, "/", (char *)NULL); + else +- strcpy(ptb->dbuf.t_name, name); ++ strncpy(ptb->dbuf.t_name, name, props.pr_maxsname); + return (TRUE); + } + diff --git a/star.spec b/star.spec index 705995f..a4e15b0 100644 --- a/star.spec +++ b/star.spec @@ -4,7 +4,7 @@ Summary: An archiving tool with ACL support Name: star Version: 1.5 -Release: 8%{?dist} +Release: 9%{?dist} URL: http://cdrecord.berlios.de/old/private/star.html Source: ftp://ftp.berlios.de/pub/star/%{name}-%{version}.tar.bz2 @@ -18,6 +18,8 @@ Patch3: star-1.5-changewarnSegv.patch Patch4: star-1.5-removenames_c.patch #do not conflict with glibc stdio functions (#494213) Patch5: star-1.5-stdioconflict.patch +#Prevent buffer overflow for filenames with length of 100 characters (#556664) +Patch6: star-1.5.1-bufferoverflow.patch License: CDDL Group: Applications/Archiving @@ -38,6 +40,7 @@ and can restore individual files from the archive. Star supports ACL. %patch3 -p1 -b .changewarnSegv %patch4 -p1 -b .removenames %patch5 -p1 -b .conflict +%patch6 -p1 -b .namesoverflow iconv -f iso_8859-1 -t utf-8 AN-1.5 >AN-1.5_utf8 mv AN-1.5_utf8 AN-1.5 cp -a READMEs/README.linux . @@ -113,6 +116,10 @@ rm -rf ${RPM_BUILD_ROOT} %{_mandir}/man1/ustar.1* %changelog +* Wed Feb 03 2010 Ondrej Vasik 1.5-9 +- fix buffer overflow for files with names of length + 100 chars(#556664) + * Thu Aug 27 2009 Ondrej Vasik 1.5-8 - provide symlinked manpage for ustar