diff options
-rw-r--r-- | archivers/gcpio/Makefile | 5 | ||||
-rw-r--r-- | archivers/gcpio/distinfo | 3 | ||||
-rw-r--r-- | archivers/gcpio/patches/patch-aq | 15 |
3 files changed, 20 insertions, 3 deletions
diff --git a/archivers/gcpio/Makefile b/archivers/gcpio/Makefile index 16dde531a4e..e138f6640a0 100644 --- a/archivers/gcpio/Makefile +++ b/archivers/gcpio/Makefile @@ -1,15 +1,16 @@ -# $NetBSD: Makefile,v 1.37 2008/06/20 01:09:05 joerg Exp $ +# $NetBSD: Makefile,v 1.38 2010/03/23 22:42:17 tez Exp $ # DISTNAME= cpio-2.6 PKGNAME= g${DISTNAME} -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= archivers MASTER_SITES= ${MASTER_SITE_GNU:=cpio/} MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.gnu.org/software/cpio/cpio.html COMMENT= GNU copy-in/out (cpio) with remote magnetic tape (rmt) support +LICENSE= gnu-gpl-v2 CONFLICTS+= gtar-base-[0-9]* diff --git a/archivers/gcpio/distinfo b/archivers/gcpio/distinfo index 040e609b5b5..4ccc5e56a6f 100644 --- a/archivers/gcpio/distinfo +++ b/archivers/gcpio/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.10 2006/02/12 01:44:28 seb Exp $ +$NetBSD: distinfo,v 1.11 2010/03/23 22:42:17 tez Exp $ SHA1 (cpio-2.6.tar.gz) = 5a4ea156519909994fe05933dc823abcf07e3e21 RMD160 (cpio-2.6.tar.gz) = 8246bdd08ab8727f9a8042d33ddfe3a6332476b8 @@ -15,3 +15,4 @@ SHA1 (patch-am) = d380ee141b218c568abc69ad90def03add91cde5 SHA1 (patch-an) = 943fe81aba7846bd8349cc2e31ab9525e019e99f SHA1 (patch-ao) = 53c7b6bc1e00a0203665e12807b3388204f838c3 SHA1 (patch-ap) = cf1ca21394e4e437e64fc83837e08b0aba26d41e +SHA1 (patch-aq) = d1536000401bbe2d1d32833f5871242e3ba1ddf6 diff --git a/archivers/gcpio/patches/patch-aq b/archivers/gcpio/patches/patch-aq new file mode 100644 index 00000000000..cb83db1b8f9 --- /dev/null +++ b/archivers/gcpio/patches/patch-aq @@ -0,0 +1,15 @@ +$NetBSD: patch-aq,v 1.1 2010/03/23 22:42:17 tez Exp $ +fix CVE-2010-0624 + +--- lib/rtapelib.c.orig 2010-03-23 16:14:45.037892500 -0500 ++++ lib/rtapelib.c 2010-03-23 16:16:25.765812000 -0500 +@@ -573,6 +573,9 @@ + || (status = get_status (handle)) == SAFE_READ_ERROR) + return SAFE_READ_ERROR; + ++ if (status > length) ++ return SAFE_READ_ERROR; ++ + for (counter = 0; counter < status; counter += rlen, buffer += rlen) + { + rlen = safe_read (READ_SIDE (handle), buffer, status - counter); |