diff --git a/gnome-vfs-2.24.xx-ftp-symlink-NULL.patch b/gnome-vfs-2.24.xx-ftp-symlink-NULL.patch new file mode 100644 index 0000000..93a6f62 --- /dev/null +++ b/gnome-vfs-2.24.xx-ftp-symlink-NULL.patch @@ -0,0 +1,28 @@ +From 92869585b2e9ab4e262f1d6b7592fe7e2c3fb327 Mon Sep 17 00:00:00 2001 +From: Alexander Larsson +Date: Wed, 10 Mar 2010 10:23:24 +0000 +Subject: Don't crash if we get a NULL symlink + +Patch from debian/ubuntu: +http://launchpadlibrarian.net/35571673/gnome-vfs_2.24.2-1ubuntu2.debdiff +--- +diff --git a/modules/ftp-method.c b/modules/ftp-method.c +index c40c323..ac02b56 100644 +--- a/modules/ftp-method.c ++++ b/modules/ftp-method.c +@@ -2678,7 +2678,12 @@ do_read_directory (GnomeVFSMethod *method, + res = GNOME_VFS_ERROR_TOO_MANY_LINKS; + break; + } +- ++ ++ if (symlink_info->symlink_name == NULL) { ++ res = GNOME_VFS_ERROR_BAD_PARAMETERS; ++ break; ++ } ++ + symlink_name = gnome_vfs_escape_path_string (symlink_info->symlink_name); + gnome_vfs_file_info_clear (symlink_info); + +-- +cgit v0.8.3.1 diff --git a/gnome-vfs2.spec b/gnome-vfs2.spec index b99da68..3b8fe32 100644 --- a/gnome-vfs2.spec +++ b/gnome-vfs2.spec @@ -14,7 +14,7 @@ Summary: The GNOME virtual file-system libraries Name: gnome-vfs2 Version: 2.24.2 -Release: 3%{?dist} +Release: 4%{?dist} License: LGPLv2+ and GPLv2+ # the daemon and the library are LGPLv2+ # the modules are LGPLv2+ and GPLv2+ @@ -89,6 +89,9 @@ Patch404: gnome-vfs-2.24.xx-utf8-mounts.patch # https://bugzilla.gnome.org/show_bug.cgi?id=435653 Patch405: 0001-Add-default-media-application-schema.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=542006 +Patch406: gnome-vfs-2.24.xx-ftp-symlink-NULL.patch + %description GNOME VFS is the GNOME virtual file system. It is the foundation of @@ -145,6 +148,8 @@ shares (SMB) to applications using GNOME VFS. %patch405 -p1 -b .default-media +%patch406 -p1 -b .ftp-symlink + # for patch 10 and 4 autoheader autoconf @@ -266,6 +271,9 @@ fi %config %{_sysconfdir}/gnome-vfs-2.0/modules/smb-module.conf %changelog +* Fri Mar 12 2010 Tomas Bzatek - 2.24.2-4 +- ftp: Don't crash if we get a NULL symlink (#542006) + * Wed Dec 2 2009 Tomas Bzatek - 2.24.2-3 - Patch security hole in embedded neon (CVE-2009-2473)