diff --git a/SOURCES/conman-0.2.7-hack-around-overflow-issue.patch b/SOURCES/conman-0.2.7-hack-around-overflow-issue.patch new file mode 100644 index 0000000..d03f47e --- /dev/null +++ b/SOURCES/conman-0.2.7-hack-around-overflow-issue.patch @@ -0,0 +1,23 @@ +diff --git a/server-esc.c b/server-esc.c +index 3616f67..bae7b8f 100644 +--- a/server-esc.c ++++ b/server-esc.c +@@ -333,7 +333,7 @@ static void perform_log_replay(obj_t *client) + p = logfile->bufInPtr - n; + if (p >= logfile->buf) { /* no wrap needed */ + memcpy(ptr, p, n); +- ptr += n; ++ ptr = (ptr - buf + n > MAX_BUF_SIZE - 1 ? buf + MAX_BUF_SIZE - 1 : ptr + n); + } + else { /* wrap backwards */ + m = logfile->buf - p; +@@ -351,6 +351,9 @@ static void perform_log_replay(obj_t *client) + * for this string. We could get away with just sprintf() here. + */ + len = &buf[sizeof(buf)] - ptr; ++ if( len > sizeof(buf) - 1 ) { /* Ensure buffer overflow cannot happen */ ++ len = sizeof(buf) - 1; ++ } + n = snprintf((char *) ptr, len, "%sEnd log replay of console [%s]%s", + CONMAN_MSG_PREFIX, console->name, CONMAN_MSG_SUFFIX); + assert((n >= 0) && (n < len)); diff --git a/SPECS/conman.spec b/SPECS/conman.spec index 9168218..80171c5 100644 --- a/SPECS/conman.spec +++ b/SPECS/conman.spec @@ -1,6 +1,6 @@ Name: conman Version: 0.2.7 -Release: 12%{?dist} +Release: 15%{?dist} Summary: ConMan - The Console Manager Group: Applications/System @@ -12,6 +12,8 @@ Source2: %{name}.logrotate Patch1: conman-0.2.5-openfiles.patch Patch2: conman-0.2.5-strftime.patch Patch3: conman-0.2.7-num_threads.patch +Patch4: conman-0.2.7-hack-around-overflow-issue.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: logrotate @@ -40,6 +42,7 @@ Its features include: %patch1 -b .openfiles -p1 %patch2 -b .strftime -p1 %patch3 -b .num_threads -p1 +%patch4 -b .overflowfixhack -p1 %build # not really lib material, more like share @@ -53,7 +56,18 @@ chmod -x share/examples/*.exp %{__perl} -pi -e 's|-m 755 -s conman|-m 755 conman|g' \ Makefile.in -%configure --with-tcp-wrappers +# This is a bit rough, it builds as PIE client tool (conman) +# in addition to PIEing daemon (conmand). But for finer granularity, +# we'd need to patch Makefile.in to make it possible to have different +# CFLAGS et al for these two binaries. +%ifarch s390 s390x sparcv9 sparc64 +export PIECFLAGS="-fPIE" +%else +export PIECFLAGS="-fpie" +%endif +export RELRO="-Wl,-z,relro,-z,now" + +%configure --with-tcp-wrappers CFLAGS="$CFLAGS $PIECFLAGS $RELRO" CXXFLAGS="$CXXFLAGS $PIECFLAGS $RELRO" LDFLAGS="$LDFLAGS -pie" make %{?_smp_mflags} %install @@ -127,6 +141,15 @@ fi %{_mandir}/*/* %changelog +* Fri May 13 2016 David Sommerseth - 0.2.7-15 +- Fix lost CFFLAGS/CXXFLAGS/LDFLAGS from RELRO/PIE fixes in 0.2.7-13 (1092546) + +* Fri May 13 2016 David Sommerseth - 0.2.7-14 +- Fix buffer overflow issue triggered by PIE/RELRO builds (1092546) + +* Mon Sep 14 2015 Denys Vlasenko - 0.2.7-13 +- Build executables with RELRO and PIE (1092546) + * Fri Jul 17 2015 Denys Vlasenko - 0.2.7-12 - Remove unused /etc/sysconfig/conman. - Resolves: rhbz#1244219.