summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sysutils/tcx/DESCR8
-rw-r--r--sysutils/tcx/MESSAGE11
-rw-r--r--sysutils/tcx/Makefile17
-rw-r--r--sysutils/tcx/PLIST3
-rw-r--r--sysutils/tcx/distinfo8
-rw-r--r--sysutils/tcx/patches/patch-aa29
-rw-r--r--sysutils/tcx/patches/patch-ab41
-rw-r--r--sysutils/tcx/patches/patch-ac172
-rw-r--r--sysutils/tcx/patches/patch-ad36
9 files changed, 325 insertions, 0 deletions
diff --git a/sysutils/tcx/DESCR b/sysutils/tcx/DESCR
new file mode 100644
index 00000000000..7e6e0a5d6f2
--- /dev/null
+++ b/sysutils/tcx/DESCR
@@ -0,0 +1,8 @@
+TCX is a system designed for the transparent decompression, execution
+and recompression of executables under Unix. It allows configuration
+options such as the type of compression system used (compress(1),
+gzip(1), your own local system etc), timeouts between recompressions,
+and emergency directories in case a decompression fails from shortage
+of disk space. The system is designed with a reasonable amount of
+robustness in mind, such as in the event of system crashes, or races
+on trying to uncompress, compress or execute something.
diff --git a/sysutils/tcx/MESSAGE b/sysutils/tcx/MESSAGE
new file mode 100644
index 00000000000..e1efe372a7f
--- /dev/null
+++ b/sysutils/tcx/MESSAGE
@@ -0,0 +1,11 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $
+
+ WARNING - this package contains a setuid root executable called
+ untcx, which was written in 1994, and contained calls to getwd(3),
+ sprintf(3), strcpy(3) and strcat(3). I've done a minor audit of
+ the code, and have fixed the above functions with calls to safer
+ alternatives, but you may wish to delete this package from your
+ own systems until you have carried out your own audit.
+
+===========================================================================
diff --git a/sysutils/tcx/Makefile b/sysutils/tcx/Makefile
new file mode 100644
index 00000000000..2793ad7b808
--- /dev/null
+++ b/sysutils/tcx/Makefile
@@ -0,0 +1,17 @@
+# $NetBSD: Makefile,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $
+
+DISTNAME= tcx-linux
+PKGNAME= tcx-19940124
+CATEGORIES= sysutils
+MASTER_SITES= ftp://ibiblio.unc.edu/pub/Linux/utils/compress/
+
+MAINTAINER= packages@netbsd.org
+#HOMEPAGE=
+COMMENT= transparently compress executables
+
+WRKSRC= ${WRKDIR}/tcx
+
+post-patch:
+ cd ${WRKSRC}; ${MV} config.h config.h-pre; ${SED} -e 's|@PREFIX@|"${PREFIX}"|g' < config.h-pre > config.h
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/sysutils/tcx/PLIST b/sysutils/tcx/PLIST
new file mode 100644
index 00000000000..7d260a722be
--- /dev/null
+++ b/sysutils/tcx/PLIST
@@ -0,0 +1,3 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $
+bin/tcx
+bin/untcx
diff --git a/sysutils/tcx/distinfo b/sysutils/tcx/distinfo
new file mode 100644
index 00000000000..8cdbfe698a3
--- /dev/null
+++ b/sysutils/tcx/distinfo
@@ -0,0 +1,8 @@
+$NetBSD: distinfo,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $
+
+SHA1 (tcx-linux.tar.gz) = 73c112fc39cbfb794fe0f6b0d2e15739ee1c9f5a
+Size (tcx-linux.tar.gz) = 21028 bytes
+SHA1 (patch-aa) = 2e03b68d4c4ed05757fe788649eede461a11a4e5
+SHA1 (patch-ab) = 5e7e7247783090e3029504f80440b6faebe1d1dd
+SHA1 (patch-ac) = 9a285e8365a3e0151fd37e2bf86ee8c346599e3b
+SHA1 (patch-ad) = 5ba81fcec1e674054c532fc3c70a8a6d8f17c350
diff --git a/sysutils/tcx/patches/patch-aa b/sysutils/tcx/patches/patch-aa
new file mode 100644
index 00000000000..920e08a5b90
--- /dev/null
+++ b/sysutils/tcx/patches/patch-aa
@@ -0,0 +1,29 @@
+$NetBSD: patch-aa,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $
+
+--- Makefile 2003/05/19 15:39:04 1.1
++++ Makefile 2003/05/19 16:01:40
+@@ -6,11 +6,11 @@
+
+ # C compiler of your choice. Should be ansi'ish
+ #CC = cc # IRIX, ULTRIX
+-CC = gcc # SUNOS, LINUX
++#CC = gcc # SUNOS, LINUX
+ #CC = c++ # try & see?
+
+ # Cflags of choice.
+-CFLAGS = -s -O6 -Wall
++#CFLAGS = -s -O6 -Wall
+
+
+ # Any libraries
+@@ -29,4 +29,9 @@
+ shar -c -l 45 -o tcx README VERSION COPYING Makefile tcx.1 untcx.1 tcx.c config.h untcx.c
+
+ clean:
+- /bin/rm -f *.o tcx untcx
++ rm -f *.o tcx untcx
++
++install:
++ ${BSD_INSTALL_PROGRAM} tcx ${PREFIX}/bin
++ ${BSD_INSTALL_PROGRAM} untcx ${PREFIX}/bin
++ chmod 4755 ${PREFIX}/bin/untcx
diff --git a/sysutils/tcx/patches/patch-ab b/sysutils/tcx/patches/patch-ab
new file mode 100644
index 00000000000..6cf1712371d
--- /dev/null
+++ b/sysutils/tcx/patches/patch-ab
@@ -0,0 +1,41 @@
+$NetBSD: patch-ab,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $
+
+--- config.h 2003/05/19 16:02:37 1.1
++++ config.h 2003/05/19 16:03:51
+@@ -23,7 +23,7 @@
+ /* Define one of the following where appropriate */
+ /************************************************************************/
+
+-#define LINUX
++/* #define LINUX */
+ /* #define SUNOS */
+ /* #define IRIX */
+ /* #define ULTRIX */
+@@ -45,14 +45,14 @@
+ /* since PATHUNTCX must run setuid to root. */
+ /************************************************************************/
+
+-#define PATHUNTCX "/usr/local/bin/untcx"
++#define PATHUNTCX @PREFIX@ "/bin/untcx"
+
+ /************************************************************************/
+ /* PATHTCX is the pathname to the tcx executable. This does not have to*/
+ /* be installed setuid. */
+ /************************************************************************/
+
+-#define PATHTCX "/usr/local/bin/tcx"
++#define PATHTCX @PREFIX@ "/bin/tcx"
+
+ /************************************************************************/
+ /* PATHPACKER is the pathname to the compression program you wish to use*/
+@@ -143,6 +143,10 @@
+ #define PUSLEEP(x) (usleep(x))
+ #endif
+
++#ifndef PUSLEEP
++#define PUSLEEP(x) (usleep(x))
++#endif
++
+ #include <stdlib.h>
+ #include <unistd.h>
+ #include <sys/time.h>
diff --git a/sysutils/tcx/patches/patch-ac b/sysutils/tcx/patches/patch-ac
new file mode 100644
index 00000000000..2ce1e46145f
--- /dev/null
+++ b/sysutils/tcx/patches/patch-ac
@@ -0,0 +1,172 @@
+$NetBSD: patch-ac,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $
+
+Minor security audit - the world has moved on since 1994.
+
+--- untcx.c 2003/06/20 07:59:56 1.1
++++ untcx.c 2003/06/20 08:09:26
+@@ -166,9 +166,9 @@
+
+ /* Set global paths */
+
+- (void)sprintf(logpath, "%s/log", ENFSDIR);
+- (void)sprintf(logtmppath, "%s/logtmp", ENFSDIR);
+- (void)sprintf(lockpath, "%s/.lock", ENFSDIR);
++ (void)snprintf(logpath, sizeof(logpath), "%s/log", ENFSDIR);
++ (void)snprintf(logtmppath, sizeof(logtmppath), "%s/logtmp", ENFSDIR);
++ (void)snprintf(lockpath, sizeof(lockpath), "%s/.lock", ENFSDIR);
+
+ /* Check and start tcxd as required */
+
+@@ -185,16 +185,16 @@
+
+ /* Grab argv[0] and resolve to full path name via getwd() */
+
+- if(getwd(cwd) == NULL)
++ if(getcwd(cwd, sizeof(cwd)) == NULL)
+ {
+ (void)fprintf(stderr, "Get Working Directory Error: %s\n", cwd);
+ exit(-1);
+ }
+
+ if(*argv[0] == '/')
+- (void)strcpy(realdir, argv[0]);
++ (void)strlcpy(realdir, argv[0], sizeof(realdir));
+ else
+- (void)sprintf(realdir, "%s/%s", cwd, argv[0]);
++ (void)snprintf(realdir, sizeof(realdir), "%s/%s", cwd, argv[0]);
+ for(;;)
+ {
+ if((c = strrchr(realdir, '/')) == NULL)
+@@ -203,7 +203,7 @@
+ exit(-1);
+ }
+ c++;
+- (void)strcpy(execname, c);
++ (void)strlcpy(execname, c, sizeof(execname));
+ *c = '\0';
+
+ if(chdir(realdir) < 0) /* Oops. Failed. Report and quit. */
+@@ -212,7 +212,7 @@
+ exit(-1);
+ }
+
+- if(getwd(realdir) == NULL)
++ if(getcwd(realdir, sizeof(realdir)) == NULL)
+ {
+ (void)fprintf(stderr, "Get Working Directory Error: %s\n", cwd);
+ exit(-1);
+@@ -238,11 +238,11 @@
+ }
+ execpath[len] = '\0';
+ if(execpath[0] == '/')
+- (void)strcpy(realdir, execpath);
++ (void)strlcpy(realdir, execpath, sizeof(realdir));
+ else
+ {
+- (void)strcat(realdir, "/");
+- (void)strcat(realdir, execpath);
++ (void)strlcat(realdir, "/", sizeof(realdir));
++ (void)strlcat(realdir, execpath, sizeof(realdir));
+ }
+ continue;
+ }
+@@ -291,8 +291,8 @@
+ #else
+ if(setreuid(getuid(), getuid()) < 0) { perror("setreuid"); exit(-1); }
+ #endif
+- (void)sprintf(tcxtarg, "%s/%s", realdir, execname);
+- (void)sprintf(untcxtmp, "%s/.untcx.%s", realdir, execname);
++ (void)snprintf(tcxtarg, sizeof(tcxtarg), "%s/%s", realdir, execname);
++ (void)snprintf(untcxtmp, sizeof(untcxtmp), "%s/.untcx.%s", realdir, execname);
+ just_untcx(tcxtarg, untcxtmp);
+ exit(0);
+ }
+@@ -302,8 +302,8 @@
+
+ if(local)
+ {
+- (void)sprintf(tcxtarg, "%s/%s", realdir, execname);
+- (void)sprintf(untcxtmp, "%s/.untcx.%s", realdir, execname);
++ (void)snprintf(tcxtarg, sizeof(tcxtarg), "%s/%s", realdir, execname);
++ (void)snprintf(untcxtmp, sizeof(untcxtmp), "%s/.untcx.%s", realdir, execname);
+ untcx_and_exec_local(tcxtarg, untcxtmp, &(argv[1]));
+ }
+ #endif
+@@ -315,7 +315,7 @@
+ for(c = realdir; *c ; c++)
+ if(*c == '/')
+ *c = '=';
+- (void)sprintf(tcxtarg, "%s/%s", ENFSDIR, realdir);
++ (void)snprintf(tcxtarg, sizeof(tcxtarg), "%s/%s", ENFSDIR, realdir);
+ if(mkdir(tcxtarg, 0777) < 0)
+ if(errno != EEXIST)
+ {
+@@ -323,9 +323,9 @@
+ exit(-1);
+ }
+ (void)chmod(tcxtarg, 0777);
+- (void)strcat(tcxtarg,"/");
+- (void)strcat(tcxtarg, execname);
+- (void)sprintf(untcxtmp, "%s/%s/.untcx.%s", ENFSDIR, realdir, execname);
++ (void)strlcat(tcxtarg,"/", sizeof(tcxtarg));
++ (void)strlcat(tcxtarg, execname, sizeof(tcxtarg));
++ (void)snprintf(untcxtmp, sizeof(untcxtmp), "%s/%s/.untcx.%s", ENFSDIR, realdir, execname);
+
+ untcx_and_exec_nfs(argv[0], untcxtmp, tcxtarg, &(argv[1]));
+
+@@ -415,7 +415,7 @@
+
+ /* Write our process id to the lock file. Don't really care if fails. */
+
+- (void)sprintf(spid, "%d\n", getpid());
++ (void)snprintf(spid, sizeof(spid), "%d\n", getpid());
+ (void)write(lkfd, spid, strlen(spid));
+
+ #ifdef UNPACK_IN_PLACE
+@@ -810,30 +810,30 @@
+
+ /* resolve first stage of argv[0] */
+
+- if(getwd(cwd) == NULL) { (void)fprintf(stderr, "Get Working Directory Error: %s\n", cwd); exit(-1); }
++ if(getcwd(cwd, sizeof(cwd)) == NULL) { (void)fprintf(stderr, "Get Working Directory Error: %s\n", cwd); exit(-1); }
+
+- if(*argv[0] == '/') (void)strcpy(realdir, argv[0]); else (void)sprintf(realdir, "%s/%s", cwd, argv[0]);
++ if(*argv[0] == '/') (void)strlcpy(realdir, argv[0], sizeof(realdir)); else (void)snprintf(realdir, sizeof(realdir), "%s/%s", cwd, argv[0]);
+
+ if((c = strrchr(realdir, '/')) == NULL) { (void)fprintf(stderr, "Help! Internal corruption of variables!\n"); exit(-1); }
+
+- c++; (void)strcpy(execname, c); *c = '\0';
++ c++; (void)strlcpy(execname, c, sizeof(execname)); *c = '\0';
+
+ if(chdir(realdir) < 0) { perror(realdir); exit(-1); }
+
+- if(getwd(realdir) == NULL) { (void)fprintf(stderr, "Get Working Directory Error: %s\n", cwd); exit(-1); }
++ if(getcwd(realdir, sizeof(realdir)) == NULL) { (void)fprintf(stderr, "Get Working Directory Error: %s\n", cwd); exit(-1); }
+
+ for(c = realdir; *c; c++)
+ if(*c == '/')
+ *c = '=';
+- (void)sprintf(linkpath, "%s/%s", ENFSDIR, realdir);
++ (void)snprintf(linkpath, sizeof(linkpath), "%s/%s", ENFSDIR, realdir);
+ if(mkdir(linkpath, 0777) < 0)
+ {
+ if(errno != EEXIST) { perror(linkpath); exit(-1); }
+ }
+ else
+ (void)chmod(linkpath, 0777);
+- (void)strcat(linkpath,"/");
+- (void)strcat(linkpath, execname);
++ (void)strlcat(linkpath,"/", sizeof(linkpath));
++ (void)strlcat(linkpath, execname, sizeof(linkpath));
+
+ if(chdir(cwd) < 0) { perror(cwd); exit(-1); }
+
+@@ -1244,7 +1244,7 @@
+ if((curr = (path *)malloc(sizeof(path))) == NULL)
+ continue;
+
+- (void)strcpy(curr->path, newpath);
++ (void)strlcpy(curr->path, newpath, sizeof(curr->path));
+ #ifdef UNPACK_IN_PLACE
+ curr->pid = -1;
+ (strstr(newpath, ENFSDIR) == newpath) ? (curr->local = 0) : (curr->local = 1);
diff --git a/sysutils/tcx/patches/patch-ad b/sysutils/tcx/patches/patch-ad
new file mode 100644
index 00000000000..489002cfcd5
--- /dev/null
+++ b/sysutils/tcx/patches/patch-ad
@@ -0,0 +1,36 @@
+$NetBSD: patch-ad,v 1.1.1.1 2003/06/23 13:55:24 agc Exp $
+
+Minor security audit
+
+--- tcx.c 2003/06/20 10:44:29 1.1
++++ tcx.c 2003/06/20 10:45:54
+@@ -120,16 +120,16 @@
+ /* If cannot, warn user and quit */
+
+ if(strrchr(argv[1], '/') == NULL)
+- (void)sprintf(tofile, ".tcx.%s", argv[1]);
++ (void)snprintf(tofile, sizeof(tofile), ".tcx.%s", argv[1]);
+ else
+ {
+- (void)strcpy(tofile, argv[1]);
++ (void)strlcpy(tofile, argv[1], sizeof(tofile));
+ s = strrchr(tofile, '/');
+ *s = '\0';
+- (void)strcat(tofile, "/.tcx.");
++ (void)strlcat(tofile, "/.tcx.", sizeof(tofile));
+ s = strrchr(argv[1], '/');
+ s++;
+- (void)strcat(tofile, s);
++ (void)strlcat(tofile, s, sizeof(tofile));
+ }
+
+ lck.l_type = F_WRLCK; lck.l_whence = 0; lck.l_start = 0; lck.l_len = 0;
+@@ -213,7 +213,7 @@
+
+ /* Spit out header and start encoding executable */
+
+- (void)sprintf(header, "#!%s\n", PATHUNTCX);
++ (void)snprintf(header, sizeof(header), "#!%s\n", PATHUNTCX);
+ if(write(outfd, header, strlen(header)) < 0) { (void)perror("write"); exit(-1); }
+
+ c = 0; if((write(outfd, &c, 1)) < 0) { (void)perror("write"); exit(-1); }
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-02 20:17:30 +0000