summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--archivers/gcpio/Makefile5
-rw-r--r--archivers/gcpio/distinfo3
-rw-r--r--archivers/gcpio/patches/patch-aq15
3 files changed, 20 insertions, 3 deletions
diff --git a/archivers/gcpio/Makefile b/archivers/gcpio/Makefile
index 16dde531a4e..e138f6640a0 100644
--- a/archivers/gcpio/Makefile
+++ b/archivers/gcpio/Makefile
@@ -1,15 +1,16 @@
-# $NetBSD: Makefile,v 1.37 2008/06/20 01:09:05 joerg Exp $
+# $NetBSD: Makefile,v 1.38 2010/03/23 22:42:17 tez Exp $
#
DISTNAME= cpio-2.6
PKGNAME= g${DISTNAME}
-PKGREVISION= 5
+PKGREVISION= 6
CATEGORIES= archivers
MASTER_SITES= ${MASTER_SITE_GNU:=cpio/}
MAINTAINER= pkgsrc-users@NetBSD.org
HOMEPAGE= http://www.gnu.org/software/cpio/cpio.html
COMMENT= GNU copy-in/out (cpio) with remote magnetic tape (rmt) support
+LICENSE= gnu-gpl-v2
CONFLICTS+= gtar-base-[0-9]*
diff --git a/archivers/gcpio/distinfo b/archivers/gcpio/distinfo
index 040e609b5b5..4ccc5e56a6f 100644
--- a/archivers/gcpio/distinfo
+++ b/archivers/gcpio/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2006/02/12 01:44:28 seb Exp $
+$NetBSD: distinfo,v 1.11 2010/03/23 22:42:17 tez Exp $
SHA1 (cpio-2.6.tar.gz) = 5a4ea156519909994fe05933dc823abcf07e3e21
RMD160 (cpio-2.6.tar.gz) = 8246bdd08ab8727f9a8042d33ddfe3a6332476b8
@@ -15,3 +15,4 @@ SHA1 (patch-am) = d380ee141b218c568abc69ad90def03add91cde5
SHA1 (patch-an) = 943fe81aba7846bd8349cc2e31ab9525e019e99f
SHA1 (patch-ao) = 53c7b6bc1e00a0203665e12807b3388204f838c3
SHA1 (patch-ap) = cf1ca21394e4e437e64fc83837e08b0aba26d41e
+SHA1 (patch-aq) = d1536000401bbe2d1d32833f5871242e3ba1ddf6
diff --git a/archivers/gcpio/patches/patch-aq b/archivers/gcpio/patches/patch-aq
new file mode 100644
index 00000000000..cb83db1b8f9
--- /dev/null
+++ b/archivers/gcpio/patches/patch-aq
@@ -0,0 +1,15 @@
+$NetBSD: patch-aq,v 1.1 2010/03/23 22:42:17 tez Exp $
+fix CVE-2010-0624
+
+--- lib/rtapelib.c.orig 2010-03-23 16:14:45.037892500 -0500
++++ lib/rtapelib.c 2010-03-23 16:16:25.765812000 -0500
+@@ -573,6 +573,9 @@
+ || (status = get_status (handle)) == SAFE_READ_ERROR)
+ return SAFE_READ_ERROR;
+
++ if (status > length)
++ return SAFE_READ_ERROR;
++
+ for (counter = 0; counter < status; counter += rlen, buffer += rlen)
+ {
+ rlen = safe_read (READ_SIDE (handle), buffer, status - counter);