diff options
| -rw-r--r-- | cgit-0.8.2.1-CVE-2010-2542.patch | 12 | ||||
| -rw-r--r-- | cgit.spec | 8 |
2 files changed, 19 insertions, 1 deletions
diff --git a/cgit-0.8.2.1-CVE-2010-2542.patch b/cgit-0.8.2.1-CVE-2010-2542.patch new file mode 100644 index 0000000..62a8863 --- /dev/null +++ b/cgit-0.8.2.1-CVE-2010-2542.patch @@ -0,0 +1,12 @@ +diff -up cgit-0.8.2.1/git/setup.c.cve-2010-2542 cgit-0.8.2.1/git/setup.c +--- cgit-0.8.2.1/git/setup.c.cve-2010-2542 2009-01-25 19:48:26.000000000 -0500 ++++ cgit-0.8.2.1/git/setup.c 2010-09-27 18:14:27.377427596 -0400 +@@ -239,6 +239,8 @@ static int is_git_directory(const char * + char path[PATH_MAX]; + size_t len = strlen(suspect); + ++ if (PATH_MAX <= len + strlen("/objects")) ++ die("Too long path: %.*s", 60, suspect); + strcpy(path, suspect); + if (getenv(DB_ENVIRONMENT)) { + if (access(getenv(DB_ENVIRONMENT), X_OK)) @@ -17,7 +17,7 @@ make V=1 %{?_smp_mflags} \\\ Name: cgit Version: 0.8.2.1 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A fast webinterface for git Group: Development/Tools @@ -28,6 +28,7 @@ Source1: http://www.kernel.org/pub/software/scm/git/git-%{gitver}.tar.bz2 Source2: cgitrc Source3: cgit.httpd Source4: README.SELinux +Patch0: cgit-0.8.2.1-CVE-2010-2542.patch BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) %if 0%{?fedora} @@ -50,6 +51,8 @@ rm -rf git mv git-%{gitver} git sed -i 's/^\(CFLAGS = \).*/\1%{optflags}/' git/Makefile +%patch0 -p1 + # add README.SELinux cp -p %{SOURCE4} . @@ -81,6 +84,9 @@ rm -rf %{buildroot} %changelog +* Mon Sep 27 2010 Todd Zullinger <tmz@pobox.com> - 0.8.2.1-4 +- Appy upstream git patch for CVE-2010-2542 (#618108) + * Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 0.8.2.1-3 - rebuilt with new openssl |