diff options
| author | ghen <ghen@pkgsrc.org> | 2006-09-11 11:18:03 +0000 |
|---|---|---|
| committer | ghen <ghen@pkgsrc.org> | 2006-09-11 11:18:03 +0000 |
| commit | 8d8cd22aa0991a84f06ab65f4889939958430727 (patch) | |
| tree | abb92e22c8044b7c233aacd87ec4c54cf2440fe3 | |
| parent | aa4d745ec870715b2ade22e2f698021b4bf37e3d (diff) | |
| download | pkgsrc-8d8cd22aa0991a84f06ab65f4889939958430727.tar.gz | |
Pullup ticket 1821 - requested by adrianp
security fix for gtar
Revisions pulled up:
- pkgsrc/archivers/gtar-base/Makefile 1.54
- pkgsrc/archivers/gtar-base/distinfo 1.17
- pkgsrc/archivers/gtar-base/patches/patch-ai 1.1
Module Name: pkgsrc
Committed By: adrianp
Date: Sun Sep 3 17:24:16 UTC 2006
Modified Files:
pkgsrc/archivers/gtar-base: Makefile distinfo
Added Files:
pkgsrc/archivers/gtar-base/patches: patch-ai
Log Message:
Fix for CVE-2006-0300 via RedHat
| -rw-r--r-- | archivers/gtar-base/Makefile | 4 | ||||
| -rw-r--r-- | archivers/gtar-base/distinfo | 3 | ||||
| -rw-r--r-- | archivers/gtar-base/patches/patch-ai | 123 |
3 files changed, 127 insertions, 3 deletions
diff --git a/archivers/gtar-base/Makefile b/archivers/gtar-base/Makefile index cd85ebf177c..00cc683a64c 100644 --- a/archivers/gtar-base/Makefile +++ b/archivers/gtar-base/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.53 2006/06/18 07:04:16 rillig Exp $ +# $NetBSD: Makefile,v 1.53.2.1 2006/09/11 11:18:03 ghen Exp $ # DISTNAME= tar-1.15.1 PKGNAME= gtar-base-1.15.1 -PKGREVISION= 2 +PKGREVISION= 3 SVR4_PKGNAME= gtarb CATEGORIES= archivers MASTER_SITES= ${MASTER_SITE_GNU:=tar/} diff --git a/archivers/gtar-base/distinfo b/archivers/gtar-base/distinfo index bc7a0540e43..72497487168 100644 --- a/archivers/gtar-base/distinfo +++ b/archivers/gtar-base/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.16 2006/01/28 02:03:57 rillig Exp $ +$NetBSD: distinfo,v 1.16.4.1 2006/09/11 11:18:03 ghen Exp $ SHA1 (tar-1.15.1.tar.gz) = 21574ae5d39b698f7f577e2cecc91a5ec89b659c RMD160 (tar-1.15.1.tar.gz) = 83f35ee090d05f0865ebd9915bbd1b649a6555c5 @@ -11,3 +11,4 @@ SHA1 (patch-ae) = 6518ab82e19c831f16bc772136fafc037a592df4 SHA1 (patch-af) = be20dafd1c65db4ca60a5aedbc7a972117cd7072 SHA1 (patch-ag) = dc39d490b0085e452664b8ea7af0329f01f630d5 SHA1 (patch-ah) = d8532a99bf2bd0c35a9d994101fbd722f52c9ead +SHA1 (patch-ai) = 444d47a539427df39404fcf4996082de1d00a4df diff --git a/archivers/gtar-base/patches/patch-ai b/archivers/gtar-base/patches/patch-ai new file mode 100644 index 00000000000..6ceddb0e28b --- /dev/null +++ b/archivers/gtar-base/patches/patch-ai @@ -0,0 +1,123 @@ +$NetBSD: patch-ai,v 1.1.2.2 2006/09/11 11:18:03 ghen Exp $ + +--- src/xheader.c.orig 2004-09-06 12:31:14.000000000 +0100 ++++ src/xheader.c +@@ -783,6 +783,32 @@ code_num (uintmax_t value, char const *k + xheader_print (xhdr, keyword, sbuf); + } + ++static bool ++decode_num (uintmax_t *num, char const *arg, uintmax_t maxval, ++ char const *keyword) ++{ ++ uintmax_t u; ++ char *arg_lim; ++ ++ if (! (ISDIGIT (*arg) ++ && (errno = 0, u = strtoumax (arg, &arg_lim, 10), !*arg_lim))) ++ { ++ ERROR ((0, 0, _("Malformed extended header: invalid %s=%s"), ++ keyword, arg)); ++ return false; ++ } ++ ++ if (! (u <= maxval && errno != ERANGE)) ++ { ++ ERROR ((0, 0, _("Extended header %s=%s is out of range"), ++ keyword, arg)); ++ return false; ++ } ++ ++ *num = u; ++ return true; ++} ++ + static void + dummy_coder (struct tar_stat_info const *st __attribute__ ((unused)), + char const *keyword __attribute__ ((unused)), +@@ -821,7 +847,7 @@ static void + gid_decoder (struct tar_stat_info *st, char const *arg) + { + uintmax_t u; +- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) ++ if (decode_num (&u, arg, TYPE_MAXIMUM (gid_t), "gid")) + st->stat.st_gid = u; + } + +@@ -903,7 +929,7 @@ static void + size_decoder (struct tar_stat_info *st, char const *arg) + { + uintmax_t u; +- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) ++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "size")) + st->archive_file_size = st->stat.st_size = u; + } + +@@ -918,7 +944,7 @@ static void + uid_decoder (struct tar_stat_info *st, char const *arg) + { + uintmax_t u; +- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) ++ if (decode_num (&u, arg, TYPE_MAXIMUM (uid_t), "uid")) + st->stat.st_uid = u; + } + +@@ -946,7 +972,7 @@ static void + sparse_size_decoder (struct tar_stat_info *st, char const *arg) + { + uintmax_t u; +- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) ++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.size")) + st->stat.st_size = u; + } + +@@ -962,10 +988,10 @@ static void + sparse_numblocks_decoder (struct tar_stat_info *st, char const *arg) + { + uintmax_t u; +- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) ++ if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numblocks")) + { + st->sparse_map_size = u; +- st->sparse_map = calloc(st->sparse_map_size, sizeof(st->sparse_map[0])); ++ st->sparse_map = xcalloc (u, sizeof st->sparse_map[0]); + st->sparse_map_avail = 0; + } + } +@@ -982,8 +1008,14 @@ static void + sparse_offset_decoder (struct tar_stat_info *st, char const *arg) + { + uintmax_t u; +- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) ++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.offset")) ++ { ++ if (st->sparse_map_avail < st->sparse_map_size) + st->sparse_map[st->sparse_map_avail].offset = u; ++ else ++ ERROR ((0, 0, _("Malformed extended header: excess %s=%s"), ++ "GNU.sparse.offset", arg)); ++ } + } + + static void +@@ -998,15 +1030,13 @@ static void + sparse_numbytes_decoder (struct tar_stat_info *st, char const *arg) + { + uintmax_t u; +- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) ++ if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numbytes")) + { + if (st->sparse_map_avail == st->sparse_map_size) +- { +- st->sparse_map_size *= 2; +- st->sparse_map = xrealloc (st->sparse_map, +- st->sparse_map_size +- * sizeof st->sparse_map[0]); +- } ++ st->sparse_map = x2nrealloc (st->sparse_map, ++ &st->sparse_map_size, ++ sizeof st->sparse_map[0]); ++ + st->sparse_map[st->sparse_map_avail++].numbytes = u; + } + } |