diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2015-03-27 16:49:55 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2015-03-27 16:49:55 +0000 |
| commit | 011e98672846df16aa34b6e46737c1a49ca11694 (patch) | |
| tree | 36dd045c140ad47d20c49288139eb08887685838 /archivers/cabextract | |
| parent | 2b81e54129bc1b9428cc66e7932e6caa1dc04f54 (diff) | |
| download | pkgsrc-011e98672846df16aa34b6e46737c1a49ca11694.tar.gz | |
SECURITY: Update cabextract to 1.6.
It fixes CVE-2015-2060, a directory traversal vulnerability.
A CAB file with overlong UTF-8 encodings for "/" can get its files extracted to
an absolute path instead of the current directory. [Debian bug #778753]
Under Cygwin, a CAB file using both "/" and "\" can evade checks for absolute
files and "../" directory traversals and can get its files extracted to any
path.
Diffstat (limited to 'archivers/cabextract')
| -rw-r--r-- | archivers/cabextract/Makefile | 4 | ||||
| -rw-r--r-- | archivers/cabextract/distinfo | 9 | ||||
| -rw-r--r-- | archivers/cabextract/patches/patch-mspack_system.h | 35 |
3 files changed, 6 insertions, 42 deletions
diff --git a/archivers/cabextract/Makefile b/archivers/cabextract/Makefile index c12d64efff0..4ae2e73ff01 100644 --- a/archivers/cabextract/Makefile +++ b/archivers/cabextract/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.26 2015/01/29 13:28:28 wiz Exp $ +# $NetBSD: Makefile,v 1.27 2015/03/27 16:49:55 bsiegert Exp $ -DISTNAME= cabextract-1.5 +DISTNAME= cabextract-1.6 CATEGORIES= archivers MASTER_SITES= http://www.cabextract.org.uk/ diff --git a/archivers/cabextract/distinfo b/archivers/cabextract/distinfo index 3ba254e2193..23516792b70 100644 --- a/archivers/cabextract/distinfo +++ b/archivers/cabextract/distinfo @@ -1,6 +1,5 @@ -$NetBSD: distinfo,v 1.14 2015/01/29 13:28:28 wiz Exp $ +$NetBSD: distinfo,v 1.15 2015/03/27 16:49:55 bsiegert Exp $ -SHA1 (cabextract-1.5.tar.gz) = 7ddb31072590a807bef09234f46f940e1ba51067 -RMD160 (cabextract-1.5.tar.gz) = a1f673aee26b13911eba14fca3b892f8f9cad501 -Size (cabextract-1.5.tar.gz) = 241010 bytes -SHA1 (patch-mspack_system.h) = e997f6ea664e8fbf7b03ff9fb10fb8adc06d8779 +SHA1 (cabextract-1.6.tar.gz) = 64f6d5056d3e417a943648c23cb22218b7079ced +RMD160 (cabextract-1.6.tar.gz) = 6b693c30aa4d6821b5e83b63a8dc9d58968268b7 +Size (cabextract-1.6.tar.gz) = 241731 bytes diff --git a/archivers/cabextract/patches/patch-mspack_system.h b/archivers/cabextract/patches/patch-mspack_system.h deleted file mode 100644 index 908394562f8..00000000000 --- a/archivers/cabextract/patches/patch-mspack_system.h +++ /dev/null @@ -1,35 +0,0 @@ -$NetBSD: patch-mspack_system.h,v 1.2 2011/05/13 04:10:47 adam Exp $ - -Autoconf has already assured us of a 64-bit off_t. - ---- mspack/system.h.orig 2011-04-26 17:15:21.000000000 +0000 -+++ mspack/system.h -@@ -19,6 +19,7 @@ extern "C" { - # include <config.h> - #endif - -+#include <inttypes.h> - #include <mspack.h> - - /* fix for problem with GCC 4 and glibc (thanks to Ville Skytta) -@@ -57,18 +58,8 @@ extern "C" { - # include <limits.h> - #endif - --#if ((defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS >= 64) || \ -- (defined(FILESIZEBITS) && FILESIZEBITS >= 64) || \ -- (defined(SIZEOF_OFF_T) && SIZEOF_OFF_T >= 8) || \ -- defined(_LARGEFILE_SOURCE) || defined(_LARGEFILE64_SOURCE)) --# define LARGEFILE_SUPPORT --# define LD "lld" --# define LU "llu" --#else --extern const char *largefile_msg; --# define LD "ld" --# define LU "lu" --#endif -+#define LARGEFILE_SUPPORT -+#define LD PRId64 - - /* endian-neutral reading of little-endian data */ - #define __egi32(a,n) ( ((((unsigned char *) a)[n+3]) << 24) | \ |