diff options
author | adrianp <adrianp@pkgsrc.org> | 2006-11-10 00:29:44 +0000 |
---|---|---|
committer | adrianp <adrianp@pkgsrc.org> | 2006-11-10 00:29:44 +0000 |
commit | 52b0fc8fd3e398c6e28173768ccbb01eccc986f7 (patch) | |
tree | 570d511c5f0950e458e8815afb6ccbec8a17f987 | |
parent | 6a3488f924e7c17cb62a9c28369063c7d1b0f52e (diff) | |
download | pkgsrc-52b0fc8fd3e398c6e28173768ccbb01eccc986f7.tar.gz |
Update to 1.3.1
Sep 05, 2006: libarchive 1.3.1 released
Sep 5, 2006: Bump version to 1.3 for new I/O wrappers.
Sep 4, 2006: New memory and FILE read/write wrappers.
Sep 4, 2006: libarchive test harness is now minimally functional;
it's located a few minor bugs in error-handling logic
Fix a denial of service security issue via FreeBSD:
If the end of an archive is reached while attempting to "skip" past a
region of an archive, libarchive will enter an infinite loop wherein it
repeatedly attempts (and fails) to read further data.
-rw-r--r-- | archivers/libarchive/Makefile | 4 | ||||
-rw-r--r-- | archivers/libarchive/distinfo | 9 | ||||
-rw-r--r-- | archivers/libarchive/patches/patch-ac | 52 |
3 files changed, 59 insertions, 6 deletions
diff --git a/archivers/libarchive/Makefile b/archivers/libarchive/Makefile index 9cc86aa45b7..000739e91ac 100644 --- a/archivers/libarchive/Makefile +++ b/archivers/libarchive/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.14 2006/08/20 14:56:03 joerg Exp $ +# $NetBSD: Makefile,v 1.15 2006/11/10 00:29:44 adrianp Exp $ # -DISTNAME= libarchive-1.2.57 +DISTNAME= libarchive-1.3.1 CATEGORIES= archivers MASTER_SITES= http://people.freebsd.org/~kientzle/libarchive/src/ diff --git a/archivers/libarchive/distinfo b/archivers/libarchive/distinfo index 7af318f5498..d785aed7de3 100644 --- a/archivers/libarchive/distinfo +++ b/archivers/libarchive/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.12 2006/08/20 14:56:03 joerg Exp $ +$NetBSD: distinfo,v 1.13 2006/11/10 00:29:44 adrianp Exp $ -SHA1 (libarchive-1.2.57.tar.gz) = 70bf5a0a6a8af4cefda412db5a2ba53724e9e3e8 -RMD160 (libarchive-1.2.57.tar.gz) = 238a44ec554aa4fc5ae795c1af3640d253f36445 -Size (libarchive-1.2.57.tar.gz) = 536128 bytes +SHA1 (libarchive-1.3.1.tar.gz) = aed6eda15b012adbb88af0f0d76887920ffe7bbf +RMD160 (libarchive-1.3.1.tar.gz) = e518f802d9a50afcfede6dd7cbb4f42b2cbe12a1 +Size (libarchive-1.3.1.tar.gz) = 901173 bytes SHA1 (patch-ab) = 5e92405b0898123d8240f332475d13abe85f8ad3 +SHA1 (patch-ac) = 5775e26d19ace2b94c870c0e8de8e6efbe4b5c63 diff --git a/archivers/libarchive/patches/patch-ac b/archivers/libarchive/patches/patch-ac new file mode 100644 index 00000000000..ba331b02208 --- /dev/null +++ b/archivers/libarchive/patches/patch-ac @@ -0,0 +1,52 @@ +$NetBSD: patch-ac,v 1.1 2006/11/10 00:29:44 adrianp Exp $ + +--- libarchive/archive_read_support_compression_none.c.orig 2006-09-05 07:00:47.000000000 +0100 ++++ libarchive/archive_read_support_compression_none.c +@@ -257,7 +257,9 @@ archive_decompressor_none_read_consume(s + } + + /* +- * Skip at most request bytes. Skipped data is marked as consumed. ++ * Skip forward by exactly the requested bytes or else return ++ * ARCHIVE_FATAL. Note that this differs from the contract for ++ * read_ahead, which does not gaurantee a minimum count. + */ + static ssize_t + archive_decompressor_none_skip(struct archive *a, size_t request) +@@ -287,9 +289,7 @@ archive_decompressor_none_skip(struct ar + if (request == 0) + return (total_bytes_skipped); + /* +- * If no client_skipper is provided, just read the old way. It is very +- * likely that after skipping, the request has not yet been fully +- * satisfied (and is still > 0). In that case, read as well. ++ * If a client_skipper was provided, try that first. + */ + if (a->client_skipper != NULL) { + bytes_skipped = (a->client_skipper)(a, a->client_data, +@@ -307,6 +307,12 @@ archive_decompressor_none_skip(struct ar + a->raw_position += bytes_skipped; + state->client_avail = state->client_total = 0; + } ++ /* ++ * Note that client_skipper will usually not satisfy the ++ * full request (due to low-level blocking concerns), ++ * so even if client_skipper is provided, we may still ++ * have to use ordinary reads to finish out the request. ++ */ + while (request > 0) { + const void* dummy_buffer; + ssize_t bytes_read; +@@ -314,6 +320,12 @@ archive_decompressor_none_skip(struct ar + &dummy_buffer, request); + if (bytes_read < 0) + return (bytes_read); ++ if (bytes_read == 0) { ++ /* We hit EOF before we satisfied the skip request. */ ++ archive_set_error(a, ARCHIVE_ERRNO_MISC, ++ "Truncated input file (need to skip %d bytes)", (int)request); ++ return (ARCHIVE_FATAL); ++ } + assert(bytes_read >= 0); /* precondition for cast below */ + min = minimum((size_t)bytes_read, request); + bytes_read = archive_decompressor_none_read_consume(a, min); |