diff options
author | snj <snj@pkgsrc.org> | 2006-03-11 04:17:55 +0000 |
---|---|---|
committer | snj <snj@pkgsrc.org> | 2006-03-11 04:17:55 +0000 |
commit | 9abe7efecab8a70269abd2302abfa0ec84b3d9ac (patch) | |
tree | 2b4a4f716be8c091195e033ad46b063a76c90044 | |
parent | 80fe2db2a07c339c0c9e0a6f66260babcc6ee0bc (diff) | |
download | pkgsrc-9abe7efecab8a70269abd2302abfa0ec84b3d9ac.tar.gz |
Pullup ticket 1205 - requested by Joerg Sonnenberger
security fix for libast
Revisions pulled up:
- pkgsrc/devel/libast/Makefile 1.20
- pkgsrc/devel/libast/distinfo 1.4
- pkgsrc/devel/libast/patches/patch-aa 1.3
Module Name: pkgsrc
Committed By: joerg
Date: Tue Mar 7 02:30:41 UTC 2006
Modified Files:
pkgsrc/devel/libast: Makefile distinfo
Added Files:
pkgsrc/devel/libast/patches: patch-aa
Log Message:
Backport fix for CVE-20060224.
-rw-r--r-- | devel/libast/Makefile | 3 | ||||
-rw-r--r-- | devel/libast/distinfo | 3 | ||||
-rw-r--r-- | devel/libast/patches/patch-aa | 57 |
3 files changed, 61 insertions, 2 deletions
diff --git a/devel/libast/Makefile b/devel/libast/Makefile index ae60c60f91b..9af9d957536 100644 --- a/devel/libast/Makefile +++ b/devel/libast/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.18 2005/06/01 18:02:44 jlam Exp $ +# $NetBSD: Makefile,v 1.18.6.1 2006/03/11 04:17:55 snj Exp $ DISTNAME= libast-0.6.1 +PKGREVISION= 2 CATEGORIES= devel MASTER_SITES= http://www.eterm.org/download/ diff --git a/devel/libast/distinfo b/devel/libast/distinfo index b2df70f8733..5e8cee68624 100644 --- a/devel/libast/distinfo +++ b/devel/libast/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.3 2005/02/23 22:24:17 agc Exp $ +$NetBSD: distinfo,v 1.3.8.1 2006/03/11 04:17:55 snj Exp $ SHA1 (libast-0.6.1.tar.gz) = 894b9dda8e6f971e0192b78d05dc4812839a01cb RMD160 (libast-0.6.1.tar.gz) = 85d6a6433fe12c81d120adf7e6567c0676d26b8c Size (libast-0.6.1.tar.gz) = 356881 bytes +SHA1 (patch-aa) = ae46e2d08170f491d13f573ca075166c3f6e1a2a diff --git a/devel/libast/patches/patch-aa b/devel/libast/patches/patch-aa new file mode 100644 index 00000000000..73c5d8348e5 --- /dev/null +++ b/devel/libast/patches/patch-aa @@ -0,0 +1,57 @@ +$NetBSD: patch-aa,v 1.2.8.1 2006/03/11 04:17:55 snj Exp $ + +--- src/conf.c.orig 2004-11-07 20:18:21.000000000 +0100 ++++ src/conf.c +@@ -721,14 +721,12 @@ spifconf_shell_expand(spif_charptr_t s) + + /* The config file reader. This looks for the config file by searching CONFIG_SEARCH_PATH. + If it can't find a config file, it displays a warning but continues. -- mej */ +- + spif_charptr_t + spifconf_find_file(const spif_charptr_t file, const spif_charptr_t dir, const spif_charptr_t pathlist) + { + static spif_char_t name[PATH_MAX], full_path[PATH_MAX]; + spif_charptr_t path, p; +- short maxpathlen; +- unsigned short len; ++ spif_int32_t len, maxpathlen; + struct stat fst; + + REQUIRE_RVAL(file != NULL, NULL); +@@ -737,6 +735,13 @@ spifconf_find_file(const spif_charptr_t + D_CONF(("spifconf_find_file(\"%s\", \"%s\", \"%s\") called from directory \"%s\".\n", + file, NONULL(dir), NONULL(pathlist), name)); + ++ /* Make sure our supplied settings don't overflow. */ ++ len = strlen(SPIF_CAST_C(char *) file) + ((dir) ? (strlen(SPIF_CAST_C(char *) dir)) : (0)) + 2; ++ if ((len > SPIF_CAST(int32) sizeof(name)) || (len <= 0)) { ++ D_CONF(("Too big. I lose. :(\n")); ++ return ((spif_charptr_t) NULL); ++ } ++ + if (dir) { + strcpy(SPIF_CAST_C(char *) name, SPIF_CAST_C(char *) dir); + strcat(SPIF_CAST_C(char *) name, "/"); +@@ -756,7 +761,7 @@ spifconf_find_file(const spif_charptr_t + /* maxpathlen is the longest possible path we can stuff into name[]. The - 2 saves room for + an additional / and the trailing null. */ + if ((maxpathlen = sizeof(name) - len - 2) <= 0) { +- D_CONF(("Too big. I lose. :(\n", name)); ++ D_CONF(("Too big. I lose. :(\n")); + return ((spif_charptr_t) NULL); + } + +@@ -827,10 +832,12 @@ spifconf_open_file(spif_charptr_t name) + /* Check version number against current application version. */ + begin_ptr = SPIF_STR_STR(ver_str) + spif_str_index(ver_str, SPIF_CAST(char) '-') + 1; + end_ptr = SPIF_STR_STR(ver_str) + spif_str_index(ver_str, SPIF_CAST(char) '>'); ++ D_CONF(("Begin pointer is %10p (%s), end pointer is %10p (%s), length is %d, buffer size is %d\n", ++ begin_ptr, begin_ptr, end_ptr, end_ptr, SPIF_CAST_C(int) (end_ptr - begin_ptr), sizeof(buff))); + if (SPIF_PTR_ISNULL(end_ptr)) { + spiftool_safe_strncpy(buff, begin_ptr, sizeof(buff)); + } else { +- testlen = MAX(SPIF_CAST_C(int) sizeof(buff), SPIF_CAST_C(int) (end_ptr - begin_ptr)); ++ testlen = MIN(SPIF_CAST_C(int) sizeof(buff), SPIF_CAST_C(int) (end_ptr - begin_ptr + 1)); + spiftool_safe_strncpy(buff, begin_ptr, testlen); + } + ver = spiftool_version_compare(buff, libast_program_version); |