Djam/rpm
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/rpm.git synced 2025-02-23 18:33:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix

Browse source
This commit is contained in:
akdengi 2012-07-17 15:35:41 +04:00
commit ec216637f7
5 changed files with 1563 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

146
rpm-5.3.12-cve-2012-0815,0060,0061.patch Normal file
View file

@ -0,0 +1,146 @@
--- rpm-5.3.12/rpmdb/header.c 2010-11-11 22:31:02.000000000 +0300
+++ rpm-5.3.12/rpmdb/header.c 2012-04-17 13:48:41.387629216 +0400
@@ -516,7 +516,6 @@
assert(dataEnd != NULL);
assert(entry != NULL);
-assert(dl == 0); /* XXX eliminate dl argument (its always 0) */
memset(&ieprev, 0, sizeof(ieprev));
for (; il > 0; il--, pe++) {
@@ -1031,10 +1030,13 @@
entry->info.type = (rpmuint32_t) htonl(pe->type);
entry->info.count = (rpmuint32_t) htonl(pe->count);
+ entry->info.tag = (rpmuint32_t) htonl(pe->tag);
- if (hdrchkType(entry->info.type))
+ if (!ENTRY_IS_REGION(entry))
goto errxit;
- if (hdrchkTags(entry->info.count))
+ if (entry->info.type != REGION_TAG_TYPE)
+ goto errxit;
+ if (entry->info.count != REGION_TAG_COUNT)
goto errxit;
{ rpmint32_t off = (rpmint32_t) ntohl(pe->offset);
@@ -1051,7 +1053,6 @@
ril = (rpmuint32_t)(rdl/sizeof(*pe));
if (hdrchkTags(ril) || hdrchkData(rdl))
goto errxit;
- entry->info.tag = (rpmuint32_t) htonl(pe->tag);
} else {
ril = il;
/*@-sizeoftype@*/
@@ -1075,13 +1076,12 @@
indexEntry newEntry = entry + ril;
size_t ne = (h->indexUsed - ril);
rpmint32_t rid = entry->info.offset+1;
- rpmuint32_t rc;
/* Load dribble entries from region. */
- rc = regionSwab(newEntry, (rpmuint32_t)ne, 0, pe+ril, dataStart, dataEnd, rid);
- if (rc == 0)
+ rdlen = regionSwab(newEntry, (rpmuint32_t)ne, rdlen, pe+ril,
+ dataStart, dataEnd, rid);
+ if (rdlen == 0)
goto errxit;
- rdlen += rc;
{ indexEntry firstEntry = newEntry;
size_t save = h->indexUsed;
@@ -1103,6 +1103,10 @@
h->indexUsed += ne;
}
}
+
+ rdlen += REGION_TAG_COUNT;
+ if (rdlen != dl)
+ goto errxit;
}
h->flags &= ~HEADERFLAG_SORTED;
--- rpm-5.3.12/rpmdb/header_internal.c 2010-11-03 17:06:06.000000000 +0300
+++ rpmdb/header_internal.c 2012-04-17 13:48:41.388629216 +0400
@@ -58,7 +58,7 @@
return (int)i;
if (hdrchkAlign(info->type, info->offset))
return (int)i;
- if (!negate && hdrchkRange((rpmint32_t)dl, info->offset))
+ if (hdrchkRange((rpmint32_t)dl, info->offset))
return (int)i;
if (hdrchkData(info->count))
return (int)i;
--- rpm-5.3.12/rpmdb/pkgio.c 2010-10-18 10:53:08.000000000 +0400
+++ rpm-5.3.12/rpmdb/pkgio.c 2012-04-17 13:48:41.388629216 +0400
@@ -869,10 +869,18 @@
/* Is there an immutable header region tag? */
/*@-sizeoftype@*/
- if (entry->info.tag == RPMTAG_HEADERSIGNATURES
- && entry->info.type == RPM_BIN_TYPE
- && entry->info.count == (rpmTagCount)REGION_TAG_COUNT)
+ if (entry->info.tag == RPMTAG_HEADERSIGNATURES)
{
+ /* Is the region tag sane? */
+ if (!(entry->info.type == REGION_TAG_TYPE
+ && entry->info.count == (rpmTagCount)REGION_TAG_COUNT))
+ {
+ (void) snprintf(buf, sizeof(buf),
+ _("region tag: BAD, tag %u type %u offset %d count %u"),
+ (unsigned) entry->info.tag, (unsigned) entry->info.type,
+ (int)entry->info.offset, (unsigned) entry->info.count);
+ goto exit;
+ }
/*@=sizeoftype@*/
/*
@@ -900,10 +908,10 @@
}
dataEnd += REGION_TAG_COUNT;
- xx = headerVerifyInfo(1, dl, info, &entry->info, 1);
+ xx = headerVerifyInfo(1, il * sizeof(*pe), info, &entry->info, 1);
if (xx != -1 ||
!(entry->info.tag == RPMTAG_HEADERSIGNATURES
- && entry->info.type == RPM_BIN_TYPE
+ && entry->info.type == REGION_TAG_TYPE
&& entry->info.count == (rpmTagCount)REGION_TAG_COUNT))
{
(void) snprintf(buf, sizeof(buf),
@@ -1060,11 +1068,19 @@
/* Is there an immutable header region tag? */
/*@-sizeoftype@*/
- if (!(entry->info.tag == RPMTAG_HEADERIMMUTABLE
- && entry->info.type == RPM_BIN_TYPE
+ if (entry->info.tag != RPMTAG_HEADERIMMUTABLE) {
+ rc = RPMRC_NOTFOUND;
+ goto exit;
+ }
+
+ /* Is the region tag sane? */
+ if (!(entry->info.type == RPM_BIN_TYPE
&& entry->info.count == (rpmTagCount)REGION_TAG_COUNT))
{
- rc = RPMRC_NOTFOUND;
+ (void) snprintf(buf, sizeof(buf),
+ _("region tag: BAD, tag %u type %u offset %d count %u"),
+ (unsigned) entry->info.tag, (unsigned) entry->info.type,
+ (int)entry->info.offset, (unsigned) entry->info.count);
goto exit;
}
/*@=sizeoftype@*/
@@ -1084,10 +1100,10 @@
(void) memcpy(info, regionEnd, REGION_TAG_COUNT);
regionEnd += REGION_TAG_COUNT;
- xx = headerVerifyInfo(1, dl, info, &entry->info, 1);
+ xx = headerVerifyInfo(1, il * sizeof(*pe), info, &entry->info, 1);
if (xx != -1 ||
!(entry->info.tag == RPMTAG_HEADERIMMUTABLE
- && entry->info.type == RPM_BIN_TYPE
+ && entry->info.type == REGION_TAG_TYPE
&& entry->info.count == (rpmTagCount)REGION_TAG_COUNT))
{
(void) snprintf(buf, sizeof(buf),

26
rpm-5.3.12-fix-verify-segfault.patch Normal file
View file

@ -0,0 +1,26 @@
--- rpm-5.3.12/rpmio/rpmhkp.c 2010-10-12 01:56:41.000000000 +0400
+++ rpm-5.3.12/rpmio/rpmhkp.c 2012-03-29 12:56:02.322614316 +0400
@@ -878,6 +878,14 @@
rpmRC rpmhkpValidate(rpmhkp hkp, const char * keyname)
{
+ /*Reset all the temporary variables*/
+ hkp->pubx = -1;
+ hkp->uidx = -1;
+ hkp->subx = -1;
+ hkp->sigx = -1;
+ hkp->tvalid = 0;
+ hkp->uvalidx = -1;
+
pgpPkt pp = alloca(sizeof(*pp));
size_t pleft;
rpmRC rc = RPMRC_NOKEY; /* assume failure */
@@ -1055,7 +1063,7 @@
}
exit:
- if ((hkp->uidx >= 0 && hkp->uidx < hkp->npkts) && hkp->tvalid > 0) {
+ if ((hkp->uvalidx >= 0 && hkp->uvalidx < hkp->npkts) && hkp->tvalid > 0) {
char user[256+1];
size_t nuser;
pgpPktUid * u;

55
rpm-5.3.12.vendor.ROSA.patch Normal file
View file

@ -0,0 +1,55 @@
diff -Nur rpm-5.3.12/macros/macros rpm-5.3.12.new/macros/macros
--- rpm-5.3.12/macros/macros 2011-07-12 14:08:41.000000000 +0400
+++ rpm-5.3.12.new/macros/macros 2012-04-10 14:42:44.000000000 +0400
@@ -835,7 +835,7 @@
#
%_arch x86_64
%_build_arch x86_64
-%_vendor mandriva
+%_vendor rosa
%_os linux
%_gnu -gnu
diff -Nur rpm-5.3.12/macros/mandriva rpm-5.3.12.new/macros/mandriva
--- rpm-5.3.12/macros/mandriva 2011-07-12 14:08:41.000000000 +0400
+++ rpm-5.3.12.new/macros/mandriva 2012-04-10 14:44:02.000000000 +0400
@@ -1,7 +1,7 @@
%distribution Mandriva Linux
%vendor Mandriva
-%bugurl http://qa.mandriva.com
-%disturl http://mandriva.org
+%bugurl http://bugs.rosalinux.ru/
+%disturl http://www.rosalab.ru/
# This macro will disable the transaction lock on /var/lib/rpm/__db.*.
# This lock is of no use to us and will also result in errors when trying to
diff -Nur rpm-5.3.12/macros/mandriva.in rpm-5.3.12.new/macros/mandriva.in
--- rpm-5.3.12/macros/mandriva.in 2011-05-04 16:20:06.000000000 +0400
+++ rpm-5.3.12.new/macros/mandriva.in 2012-04-10 14:46:12.000000000 +0400
@@ -1,7 +1,7 @@
-%distribution Mandriva Linux
-%vendor Mandriva
-%bugurl http://qa.mandriva.com
-%disturl http://mandriva.org
+%distribution ROSA Linux
+%vendor ROSA
+%bugurl http://bugs.rosalinux.ru/
+%disturl http://www.rosalab.ru/
# This macro will disable the transaction lock on /var/lib/rpm/__db.*.
# This lock is of no use to us and will also result in errors when trying to
diff -Nur rpm-5.3.12/macros/openmamba rpm-5.3.12.new/macros/openmamba
--- rpm-5.3.12/macros/openmamba 2011-07-12 14:08:41.000000000 +0400
+++ rpm-5.3.12.new/macros/openmamba 2012-04-10 14:45:46.000000000 +0400
@@ -1,7 +1,7 @@
-%distribution mandriva Linux
-%vendor mandriva
-%bugurl http://bugs.mandriva.org
-%disturl http://mandriva.org
+%distribution rosa Linux
+%vendor rosa
+%bugurl http://bugs.rosalinux.ru/
+%disturl http://www.rosalab.ru/
%_target_platform %{_target_cpu}-%{_vendor}-%{_target_os}%{?_gnu}

11
rpm-5.3.8-rpmsq-ignored-signal-return-value.patch Normal file
View file

@ -0,0 +1,11 @@
--- rpm-5.3.12/rpmio/rpmsq.c.old 2009-03-07 16:38:10.000000000 +0300
+++ rpm-5.3.12/rpmio/rpmsq.c 2011-08-07 11:06:23.363291460 +0400
@@ -443,7 +443,7 @@
int tblsignum = (signum >= 0 ? signum : -signum);
struct sigaction sa;
rpmsig tbl;
- int ret = -1;
+ int ret = (signum >= 0 ? 1 : 0);
int xx;
xx = DO_LOCK ();

1326
rpm.spec
View file

File diff suppressed because it is too large Load diff