aboutsummaryrefslogtreecommitdiffstats
path: root/archivers
diff options
context:
space:
mode:
authorjohans <johans@FreeBSD.org>2015-03-23 02:40:54 +0800
committerjohans <johans@FreeBSD.org>2015-03-23 02:40:54 +0800
commit1a1e19f2066d1e7fa1430a9012df91d28c93790d (patch)
tree87d6ad14ed38ebc16232e8d508f3bd777db74fce /archivers
parent0ff9803c9add5648c2fb05e488f21e0e629849eb (diff)
downloadfreebsd-ports-gnome-1a1e19f2066d1e7fa1430a9012df91d28c93790d.tar.gz
freebsd-ports-gnome-1a1e19f2066d1e7fa1430a9012df91d28c93790d.tar.zst
freebsd-ports-gnome-1a1e19f2066d1e7fa1430a9012df91d28c93790d.zip
Add security fix for CVE-2014-8118
PR: 198796 Submitted by: Sevan Janiyan <venture37@geeklan.co.uk> Obtained from: https://bugzilla.redhat.com/show_bug.cgi?id=1168715 MFH: 2015Q1
Diffstat (limited to 'archivers')
-rw-r--r--archivers/rpm4/Makefile2
-rw-r--r--archivers/rpm4/files/patch-lib_cpio.c15
2 files changed, 16 insertions, 1 deletions
diff --git a/archivers/rpm4/Makefile b/archivers/rpm4/Makefile
index 62253f15bd29..f20e12495a53 100644
--- a/archivers/rpm4/Makefile
+++ b/archivers/rpm4/Makefile
@@ -3,7 +3,7 @@
PORTNAME= rpm
PORTVERSION= 4.12.0.1
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= archivers
MASTER_SITES= http://rpm.org/releases/rpm-${PORTVERSION:R:R}.x/ \
ftp://ftp.mirrorservice.org/sites/ftp.rpm.org/pub/rpm/dist/rpm-${PORTVERSION:E}.x/
diff --git a/archivers/rpm4/files/patch-lib_cpio.c b/archivers/rpm4/files/patch-lib_cpio.c
new file mode 100644
index 000000000000..a06895394295
--- /dev/null
+++ b/archivers/rpm4/files/patch-lib_cpio.c
@@ -0,0 +1,15 @@
+Fix for CVE-2014-8118 as found at
+https://bugzilla.redhat.com/show_bug.cgi?id=1168715
+
+--- lib/cpio.c.orig 2015-03-22 19:29:29.000000000 +0100
++++ lib/cpio.c 2015-03-22 19:29:30.000000000 +0100
+@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, ch
+
+ GET_NUM_FIELD(hdr.filesize, fsize);
+ GET_NUM_FIELD(hdr.namesize, nameSize);
++ if (nameSize <= 0 || nameSize > 4096) {
++ return RPMERR_BAD_HEADER;
++ }
+
+ char name[nameSize + 1];
+ read = Fread(name, nameSize, 1, cpio->fd);