diff --git a/netatalk-2.0.3-fpsyncdir.patch b/netatalk-2.0.3-fpsyncdir.patch index 96281b0..e22b472 100644 --- a/netatalk-2.0.3-fpsyncdir.patch +++ b/netatalk-2.0.3-fpsyncdir.patch @@ -51,7 +51,7 @@ extern int afp_enumerate __P((AFPObj *, char *, unsigned int, char *, unsigned int *)); --- netatalk/etc/afpd/directory.c 2008-05-14 15:30:52.000000000 +0200 +++ netatalk.syncdir/etc/afpd/directory.c 2008-05-14 15:36:36.000000000 +0200 -@@ -2271,6 +2271,53 @@ +@@ -1962,6 +1962,53 @@ return err; } @@ -103,5 +103,5 @@ +} + int afp_createdir(obj, ibuf, ibuflen, rbuf, rbuflen ) - AFPObj *obj; + AFPObj *obj; char *ibuf, *rbuf; diff --git a/netatalk-2.0.3-papd_cmds.patch b/netatalk-2.0.3-papd_cmds.patch new file mode 100644 index 0000000..fdc1e51 --- /dev/null +++ b/netatalk-2.0.3-papd_cmds.patch @@ -0,0 +1,104 @@ +diff -Nurad netatalk-2.0.3.orig/etc/papd/lp.c netatalk-2.0.3/etc/papd/lp.c +--- netatalk-2.0.3.orig/etc/papd/lp.c 2009-01-28 17:04:36.000000000 +0100 ++++ netatalk-2.0.3/etc/papd/lp.c 2009-01-28 17:05:01.000000000 +0100 +@@ -212,10 +212,54 @@ + + #define is_var(a, b) (strncmp((a), (b), 2) == 0) + ++static size_t quote(char *dest, char *src, const size_t bsize, size_t len) { ++ size_t used = 0; ++ ++ while (len && used < bsize ) { ++ switch (*src) { ++ case '$': ++ case '\\': ++ case '"': ++ case ';': ++ case '&': ++ case '(': ++ case ')': ++ case ' ': ++ case '*': ++ case '#': ++ case '|': ++ case '>': ++ case '<': ++ case '[': ++ case ']': ++ case '{': ++ case '}': ++ case '^': ++ case '?': ++ case '~': ++ case '`': ++ case '\x0A': ++ case '\xFF': ++ if (used + 2 > bsize ) ++ return used; ++ *dest = '\\'; ++ dest++; ++ used++; ++ break; ++ } ++ *dest = *src; ++ src++; ++ dest++; ++ len--; ++ used++; ++ } ++ return used; ++} ++ + static char* pipexlate(char *src) + { + char *p, *q, *dest; +- static char destbuf[MAXPATHLEN]; ++ static char destbuf[MAXPATHLEN + 1]; + size_t destlen = MAXPATHLEN; + int len = 0; + +@@ -224,13 +268,16 @@ + if (!src) + return NULL; + +- strncpy(dest, src, MAXPATHLEN); +- if ((p = strchr(src, '%')) == NULL) /* nothing to do */ ++ memset(dest, 0, sizeof(destbuf)); ++ if ((p = strchr(src, '%')) == NULL) { /* nothing to do */ ++ strncpy(dest, src, sizeof(dest) - 1); + return destbuf; ++ } + + /* first part of the path. just forward to the next variable. */ + len = MIN((size_t)(p - src), destlen); + if (len > 0) { ++ strncpy(dest, src, len); + destlen -= len; + dest += len; + } +@@ -246,17 +293,20 @@ + q = lp.lp_created_for; + } else if (is_var(p, "%%")) { + q = "%"; +- } else +- q = p; ++ } + + /* copy the stuff over. if we don't understand something that we + * should, just skip it over. */ + if (q) { +- len = MIN(p == q ? 2 : strlen(q), destlen); ++ len = MIN(strlen(q), destlen); ++ len = quote(dest, q, destlen, len); ++ } ++ else { ++ len = MIN(2, destlen); + strncpy(dest, q, len); +- dest += len; +- destlen -= len; + } ++ dest += len; ++ destlen -= len; + + /* stuff up to next $ */ + src = p + 2; diff --git a/netatalk.spec b/netatalk.spec index 78058de..26e4681 100644 --- a/netatalk.spec +++ b/netatalk.spec @@ -1,7 +1,7 @@ Summary: AppleTalk networking programs Name: netatalk Version: 2.0.3 -Release: 20%{?dist} +Release: 21%{?dist} Epoch: 4 License: GPL Group: System Environment/Daemons @@ -23,6 +23,7 @@ Patch8: netatalk-2.0.3-log_stderr.patch Patch9: netatalk-2.0.3-multiarch.patch Patch10: netatalk-2.0.3-fpsyncdir.patch Patch11: netatalk-2.0.3-no-verb-chkpoint.patch +Patch12: netatalk-2.0.3-papd_cmds.patch Url: http://netatalk.sourceforge.net/ Requires: pam Requires(post): /sbin/chkconfig /sbin/ldconfig @@ -62,6 +63,7 @@ programs. %patch9 -p1 -b .multiarch %patch10 -p1 -b .fpsyncdir %patch11 -p1 -b .no-verb-chkpoint +%patch12 -p1 -b .papd_cmds ln -s ./NEWS ChangeLog @@ -204,6 +206,9 @@ fi %{_mandir}/man*/netatalk-config.1* %changelog +* Mon Feb 16 2009 Jiri Skala - 4:2.0.3-21 +- fix #480641 - CVE-2008-5718 netatalk: papd command injection vulnerability + * Thu Jan 15 2009 Jiri Skala - 4:2.0.3-20 - fix #453072 - netatalk should use dbd cnid by default - fix #453073 - netatalk: add FPSyncDir patch for Time Machine