summaryrefslogtreecommitdiff
path: root/archivers
diff options
context:
space:
mode:
authortaca <taca@pkgsrc.org>2007-05-06 00:28:57 +0000
committertaca <taca@pkgsrc.org>2007-05-06 00:28:57 +0000
commit179121e598ae7b9f62c63e7035209002b085ff85 (patch)
tree3a94c7b53e987355928390d975371db7ed5efcc0 /archivers
parent14e74f1ccdafa1f7db3fecf6309c42b8aec49c7d (diff)
downloadpkgsrc-179121e598ae7b9f62c63e7035209002b085ff85.tar.gz
Add a patch to prevent possible buffer overflow by using strcpy()
in zzip_open_shared_io(), it was reported as CVE-2007-1614. Bump PKGREVISION.
Diffstat (limited to 'archivers')
-rw-r--r--archivers/zziplib/Makefile4
-rw-r--r--archivers/zziplib/distinfo3
-rw-r--r--archivers/zziplib/patches/patch-ab15
3 files changed, 19 insertions, 3 deletions
diff --git a/archivers/zziplib/Makefile b/archivers/zziplib/Makefile
index 6a5c4518a81..08977f9cbfc 100644
--- a/archivers/zziplib/Makefile
+++ b/archivers/zziplib/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.13 2006/08/11 12:50:40 taca Exp $
+# $NetBSD: Makefile,v 1.14 2007/05/06 00:28:57 taca Exp $
#
DISTNAME= zziplib-0.10.82
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= archivers
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=zziplib/}
EXTRACT_SUFX= .tar.bz2
diff --git a/archivers/zziplib/distinfo b/archivers/zziplib/distinfo
index e83a717b873..cdf59f64a22 100644
--- a/archivers/zziplib/distinfo
+++ b/archivers/zziplib/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.3 2006/08/11 12:50:40 taca Exp $
+$NetBSD: distinfo,v 1.4 2007/05/06 00:28:57 taca Exp $
SHA1 (zziplib-0.10.82.tar.bz2) = 7f9e07a200a52e38b9011acefcbed9fff0e4b6d3
RMD160 (zziplib-0.10.82.tar.bz2) = 58be317eda7657e7e9d4a26e3070a70134d416a0
Size (zziplib-0.10.82.tar.bz2) = 572573 bytes
SHA1 (patch-aa) = b72e1fb94e1c91f5c3f920d0aa6e1e450bf7eace
+SHA1 (patch-ab) = 166bbab7eb90e0d756f8eada2fdc67eee6ac0e51
diff --git a/archivers/zziplib/patches/patch-ab b/archivers/zziplib/patches/patch-ab
new file mode 100644
index 00000000000..c9628bf3bfa
--- /dev/null
+++ b/archivers/zziplib/patches/patch-ab
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.1 2007/05/06 00:28:57 taca Exp $
+
+--- zzip/file.c.orig 2003-07-29 04:52:49.000000000 +0900
++++ zzip/file.c
+@@ -708,7 +708,9 @@ zzip_open_shared_io (ZZIP_FILE* stream,
+ /* see if we can open a file that is a zip file */
+ { char basename[PATH_MAX];
+ char* p;
+- strcpy (basename, filename);
++ int filename_len = strlen (filename);
++ if (filename_len >= PATH_MAX) { errno = ENAMETOOLONG; return 0; }
++ memcpy (basename, filename, filename_len+1);
+
+ /* see if we can share the same zip directory */
+ if (stream && stream->dir && stream->dir->realname)