- Apply patch to fix CVE-2007-1669

- Stop using mktemp(3).

Bump PKGREVISION.

5 files changed, 140 insertions, 4 deletions

diff --git a/archivers/zoo/patches/patch-ai b/archivers/zoo/patches/patch-ai
index 9867a5f35d4..25ecdd8fbb3 100644
--- a/archivers/zoo/patches/patch-ai
+++ b/archivers/zoo/patches/patch-ai
@@ -1,8 +1,38 @@
-$NetBSD: patch-ai,v 1.2 2005/05/21 11:35:01 rillig Exp $
+$NetBSD: patch-ai,v 1.3 2007/05/13 16:59:39 taca Exp $
 
---- ./zoolist.c	Sat Jul 20 00:57:27 1991
-+++ /usr/pkgsrc/archivers/zoo/work.i386.unpatched/zoolist.c	Fri Nov 12 06:19:38 1999
-@@ -539,10 +539,12 @@
+--- zoolist.c.orig	1991-07-20 07:57:27.000000000 +0900
++++ zoolist.c
+@@ -92,6 +92,7 @@ int genson = 1;					/* enable/disable ge
+ int show_mode = 0;				/* show file protection */
+ #endif
+ int first_dir = 1;				/* if first direntry -- to adjust dat_ofs */
++unsigned long zoo_pointer = 0;         /* Track our position in the file */
+ 
+ while (*option) {
+    switch (*option) {
+@@ -211,6 +212,9 @@ if (fiz_ofs != 0L) {                /* i
+ 		show_acmt (&zoo_header, zoo_file, 0);		/* show archive comment */
+ 	}
+ 
++   /* Begin tracking our position in the file */
++   zoo_pointer = zoo_header.zoo_start;
++
+    /* Seek to the beginning of the first directory entry */
+    if (zooseek (zoo_file, zoo_header.zoo_start, 0) != 0) {
+       ercount++;
+@@ -437,6 +441,11 @@ if (fiz_ofs != 0L) {                /* i
+          if (verb_list && !fast)
+             show_comment (&direntry, zoo_file, 0, (char *) NULL);
+       } /* end if (lots of conditions) */
++
++      /* Make sure we are not seeking to already processed data */
++      if (direntry.next <= zoo_pointer)
++               prterror ('f', "ZOO chain structure is corrupted\n");
++      zoo_pointer = direntry.next;
+    
+ 		/* ..seek to next dir entry */
+       zooseek (zoo_file, direntry.next, 0);
+@@ -539,10 +548,12 @@ int file_tz;
  {
  	long gettz();
  	int diff_tz;				/* timezone difference */
diff --git a/archivers/zoo/patches/patch-al b/archivers/zoo/patches/patch-al
new file mode 100644
index 00000000000..11314e5729d
--- /dev/null
+++ b/archivers/zoo/patches/patch-al
@@ -0,0 +1,35 @@
+$NetBSD: patch-al,v 1.1 2007/05/13 16:59:39 taca Exp $
+
+--- zooext.c.orig	1993-05-01 12:58:50.000000000 +0900
++++ zooext.c
+@@ -89,6 +89,7 @@ int alloc_size;                         
+ #endif
+ struct direntry direntry;                 /* directory entry */
+ int first_dir = 1;								/* first dir entry seen? */
++unsigned long zoo_pointer = 0;            /* Track our position in the file */
+ 
+ static char extract_ver[] = "Zoo %d.%d is needed to extract %s.\n";
+ static char no_space[] = "Insufficient disk space to extract %s.\n";
+@@ -169,6 +170,9 @@ if (fiz_ofs != 0L) {                /* i
+ 		exit_status = 1;
+    }
+    zooseek (zoo_file, zoo_header.zoo_start, 0); /* seek to where data begins */
++
++   /* Begin tracking our position in the file */
++   zoo_pointer = zoo_header.zoo_start;
+ }
+ 
+ #ifndef PORTABLE
+@@ -597,6 +601,12 @@ bit 23==0 and bit 22==1. */
+    } /* end if */
+ 
+ loop_again:
++
++   /* Make sure we are not seeking to already processed data */
++   if (next_ptr <= zoo_pointer)
++          prterror ('f', "ZOO chain structure is corrupted\n");
++   zoo_pointer = next_ptr;
++
+    zooseek (zoo_file, next_ptr, 0); /* ..seek to next dir entry */
+ } /* end while */
+ 
diff --git a/archivers/zoo/patches/patch-am b/archivers/zoo/patches/patch-am
new file mode 100644
index 00000000000..c21813cf3d8
--- /dev/null
+++ b/archivers/zoo/patches/patch-am
@@ -0,0 +1,17 @@
+$NetBSD: patch-am,v 1.1 2007/05/13 16:59:39 taca Exp $
+
+--- portable.c.orig	1991-07-17 00:55:11.000000000 +0900
++++ portable.c
+@@ -87,6 +87,12 @@ ZOOFILE zoocreate (fname)
+ char *fname;
+ { return ((ZOOFILE) fopen (fname, Z_NEW)); }
+ 
++#ifndef USE_MKTEMP
++ZOOFILE zoocreate_fd (fd)
++int fd;
++{ return ((ZOOFILE) fdopen (fd, Z_NEW)); }
++#endif
++
+ #endif /* FIZ */
+ 
+ #ifndef zooseek
diff --git a/archivers/zoo/patches/patch-an b/archivers/zoo/patches/patch-an
new file mode 100644
index 00000000000..2bc3a0246b7
--- /dev/null
+++ b/archivers/zoo/patches/patch-an
@@ -0,0 +1,14 @@
+$NetBSD: patch-an,v 1.1 2007/05/13 16:59:40 taca Exp $
+
+--- zooio.h.orig	1993-05-01 12:39:50.000000000 +0900
++++ zooio.h
+@@ -53,6 +53,9 @@ long zootell PARMS((ZOOFILE));
+ 
+ ZOOFILE zooopen PARMS((char *, char *));
+ ZOOFILE zoocreate PARMS((char *));
++#ifndef USE_MKTEMP
++ZOOFILE zoocreate_fd PARMS((int));
++#endif
+ int zooclose PARMS((ZOOFILE));
+ int zootrunc PARMS((ZOOFILE));
+ 
diff --git a/archivers/zoo/patches/patch-ao b/archivers/zoo/patches/patch-ao
new file mode 100644
index 00000000000..7f086795fae
--- /dev/null
+++ b/archivers/zoo/patches/patch-ao
@@ -0,0 +1,40 @@
+$NetBSD: patch-ao,v 1.1 2007/05/13 16:59:40 taca Exp $
+
+--- zoopack.c.orig	1993-05-01 12:59:21.000000000 +0900
++++ zoopack.c
+@@ -32,7 +32,9 @@ Copyright (C) 1986, 1987 Rahul Dhesi -- 
+ #include <signal.h>
+ #endif
+ 
++#ifdef USE_MKTEMP
+ char *mktemp PARMS((char *));
++#endif
+ 
+ struct zoo_header zoo_header = {
+    TEXT,
+@@ -76,6 +78,7 @@ int bad_header = 0;                     
+ int latest_date = 0;                      /* latest date on any file moved */
+ int latest_time = 0;                      /*  ...likewise */
+ int curr_dir = 0;									/* create backup in curr dir */
++static int fd;
+ static char partial_msg[] =
+    "Partially packed archive left in %s.\n";
+ 
+@@ -171,9 +174,16 @@ if (!curr_dir) {
+ } else {
+    strcpy (temp_file, xes);
+ }
++#ifdef USE_MKTEMP
++fd = 0;
+ mktemp (temp_file);                    /* ... and make unique */
+ new_file = zoocreate (temp_file);
+-if (new_file == NOFILE)
++#else
++fd = mkstemp (temp_file);
++if (fd >= 0)
++   new_file = zoocreate (temp_file);
++#endif
++if (fd < 0 || new_file == NOFILE)
+    prterror ('f', "Could not create temporary file %s.\n", temp_file);
+ 
+ /*