summaryrefslogtreecommitdiff
path: root/time/pcal
diff options
context:
space:
mode:
authorsalo <salo@pkgsrc.org>2005-03-20 21:34:17 +0000
committersalo <salo@pkgsrc.org>2005-03-20 21:34:17 +0000
commit232f9b233dd1df4da74a2d291709ba7c7bdae0ca (patch)
tree24f233a7b22cd816873c0206bc65e4cc0703d2f8 /time/pcal
parent599183622a1d494db20d613d002f49bcd1316912 (diff)
downloadpkgsrc-232f9b233dd1df4da74a2d291709ba7c7bdae0ca.tar.gz
Security fix for CAN-2004-1289.
"Multiple buffer overflows in the getline function in pcalutil.c and the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file." Partial patch from Debian. Bump PKGREVISION.
Diffstat (limited to 'time/pcal')
-rw-r--r--time/pcal/Makefile3
-rw-r--r--time/pcal/distinfo4
-rw-r--r--time/pcal/patches/patch-af13
-rw-r--r--time/pcal/patches/patch-ag15
4 files changed, 33 insertions, 2 deletions
diff --git a/time/pcal/Makefile b/time/pcal/Makefile
index 4e3d94f94e7..ca0b1efccdc 100644
--- a/time/pcal/Makefile
+++ b/time/pcal/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.6 2004/12/03 15:15:11 wiz Exp $
+# $NetBSD: Makefile,v 1.7 2005/03/20 21:34:17 salo Exp $
#
DISTNAME= pcal-4.7
+PKGREVISION= 1
CATEGORIES= time
MASTER_SITES= http://membled.com/work/mirror/pcal/
EXTRACT_SUFX= .tar.bz2
diff --git a/time/pcal/distinfo b/time/pcal/distinfo
index 65d6ff84320..96e96451448 100644
--- a/time/pcal/distinfo
+++ b/time/pcal/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2005/02/23 19:14:55 wiz Exp $
+$NetBSD: distinfo,v 1.5 2005/03/20 21:34:17 salo Exp $
SHA1 (pcal-4.7.tar.bz2) = 4604067da16b7674630eb4d8894406b885e85d89
RMD160 (pcal-4.7.tar.bz2) = d0b5380da2bbf94c5c5824f3355b583abba593bc
@@ -8,3 +8,5 @@ SHA1 (patch-ab) = 95205a855ed29f45f68bdb940f88d33133348b97
SHA1 (patch-ac) = ab1eee4e3441268255d4bbc2d043db74d3eac2ae
SHA1 (patch-ad) = ffd8b00dbb716df55be4a7e17f4637dad86bcd1f
SHA1 (patch-ae) = 34ae04ae56d096b1b2294114428dc1f29af83701
+SHA1 (patch-af) = 59f064df3fa9441c22be91c1e6dd12c7ffef3a08
+SHA1 (patch-ag) = 34c442b33d47f51e4f6e82f966446a717ceb64a1
diff --git a/time/pcal/patches/patch-af b/time/pcal/patches/patch-af
new file mode 100644
index 00000000000..1669ad8830e
--- /dev/null
+++ b/time/pcal/patches/patch-af
@@ -0,0 +1,13 @@
+$NetBSD: patch-af,v 1.1 2005/03/20 21:34:17 salo Exp $
+
+--- pcalutil.c.orig 2000-02-09 17:06:23.000000000 +0100
++++ pcalutil.c 2005-03-20 22:26:14.000000000 +0100
+@@ -1111,6 +1111,8 @@
+ else
+ ungetc(c2, fp);
+ }
++ /* Don't overflow the buffer */
++ if ( (cp - tmpbuf) < (LINSIZ -1))
+ *cp++ = c;
+ }
+
diff --git a/time/pcal/patches/patch-ag b/time/pcal/patches/patch-ag
new file mode 100644
index 00000000000..6a7d343a4b1
--- /dev/null
+++ b/time/pcal/patches/patch-ag
@@ -0,0 +1,15 @@
+$NetBSD: patch-ag,v 1.1 2005/03/20 21:34:17 salo Exp $
+
+--- readfile.c.orig 2000-02-09 17:06:23.000000000 +0100
++++ readfile.c 2005-03-20 22:18:17.000000000 +0100
+@@ -1300,8 +1300,9 @@
+ {
+ KWD_H *p;
+ char tmp[STRSIZ];
++ memset(tmp,'\0',sizeof(tmp));
+
+- strcpy(tmp, cp); /* make copy without any trailing '*' */
++ strncpy(tmp, cp,sizeof(tmp)-1); /* make copy without any trailing '*' */
+ if (LASTCHAR(tmp) == '*')
+ LASTCHAR(tmp) = '\0';
+