From ac48ad723fba7d3c672562a7ed2dd43b33a6c91f Mon Sep 17 00:00:00 2001 From: taca Date: Sun, 13 May 2007 16:59:39 +0000 Subject: - Apply patch to fix CVE-2007-1669 - Stop using mktemp(3). Bump PKGREVISION. --- archivers/zoo/Makefile | 4 ++-- archivers/zoo/distinfo | 8 ++++++-- archivers/zoo/patches/patch-ai | 38 ++++++++++++++++++++++++++++++++++---- archivers/zoo/patches/patch-al | 35 +++++++++++++++++++++++++++++++++++ archivers/zoo/patches/patch-am | 17 +++++++++++++++++ archivers/zoo/patches/patch-an | 14 ++++++++++++++ archivers/zoo/patches/patch-ao | 40 ++++++++++++++++++++++++++++++++++++++++ 7 files changed, 148 insertions(+), 8 deletions(-) create mode 100644 archivers/zoo/patches/patch-al create mode 100644 archivers/zoo/patches/patch-am create mode 100644 archivers/zoo/patches/patch-an create mode 100644 archivers/zoo/patches/patch-ao diff --git a/archivers/zoo/Makefile b/archivers/zoo/Makefile index 4bb916ff0a1..1fc9e0cf3a4 100644 --- a/archivers/zoo/Makefile +++ b/archivers/zoo/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.29 2006/10/01 21:08:26 rillig Exp $ +# $NetBSD: Makefile,v 1.30 2007/05/13 16:59:39 taca Exp $ DISTNAME= zoo-2.10pl1 PKGNAME= zoo-2.10.1 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= archivers MASTER_SITES= ftp://ftp.kiarchive.ru/pub/unix/arcers/ diff --git a/archivers/zoo/distinfo b/archivers/zoo/distinfo index 7ca1f2e7c0b..2858abc24f1 100644 --- a/archivers/zoo/distinfo +++ b/archivers/zoo/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.9 2006/10/01 21:08:26 rillig Exp $ +$NetBSD: distinfo,v 1.10 2007/05/13 16:59:39 taca Exp $ SHA1 (zoo-2.10pl1.tar.gz) = c02d96148ee57df01596d0c8d07a3e327b821600 RMD160 (zoo-2.10pl1.tar.gz) = 971d388b8cb29def1e4e31011463563e91c3d700 @@ -11,6 +11,10 @@ SHA1 (patch-ae) = 9fd888a05d9866b9b2554d2bc41170e9ee68c226 SHA1 (patch-af) = f1489b0896a73df823f5623812a879a6bc47d572 SHA1 (patch-ag) = 05b0a774e7aea3137917b2c714b46012fd401f6d SHA1 (patch-ah) = af3d79f9dd42f080863c6b672d9ca504c2bf79df -SHA1 (patch-ai) = 87b3f07ec542b554a3ba1744f435e9be2200ed54 +SHA1 (patch-ai) = 9f6f815cb225dc6f81c66baf5f04ea50a9c345d6 SHA1 (patch-aj) = a210f34c8d0ea713d3a92d187c395b7b6ef2c128 SHA1 (patch-ak) = 40f83eccc77d54af5130d78bcd2d9af1d7cc54a9 +SHA1 (patch-al) = 7fe791ff692fd8b04e1a4d603204c2a2e34e95a0 +SHA1 (patch-am) = 0c35f8787f3d8c0f4f9a728ec6c85a143e0a816c +SHA1 (patch-an) = 5530a9a6f56e12d21b12defa8e668b2229739703 +SHA1 (patch-ao) = cb4b567f1c78cd9299157bae5be92e2fb95d3894 diff --git a/archivers/zoo/patches/patch-ai b/archivers/zoo/patches/patch-ai index 9867a5f35d4..25ecdd8fbb3 100644 --- a/archivers/zoo/patches/patch-ai +++ b/archivers/zoo/patches/patch-ai @@ -1,8 +1,38 @@ -$NetBSD: patch-ai,v 1.2 2005/05/21 11:35:01 rillig Exp $ +$NetBSD: patch-ai,v 1.3 2007/05/13 16:59:39 taca Exp $ ---- ./zoolist.c Sat Jul 20 00:57:27 1991 -+++ /usr/pkgsrc/archivers/zoo/work.i386.unpatched/zoolist.c Fri Nov 12 06:19:38 1999 -@@ -539,10 +539,12 @@ +--- zoolist.c.orig 1991-07-20 07:57:27.000000000 +0900 ++++ zoolist.c +@@ -92,6 +92,7 @@ int genson = 1; /* enable/disable ge + int show_mode = 0; /* show file protection */ + #endif + int first_dir = 1; /* if first direntry -- to adjust dat_ofs */ ++unsigned long zoo_pointer = 0; /* Track our position in the file */ + + while (*option) { + switch (*option) { +@@ -211,6 +212,9 @@ if (fiz_ofs != 0L) { /* i + show_acmt (&zoo_header, zoo_file, 0); /* show archive comment */ + } + ++ /* Begin tracking our position in the file */ ++ zoo_pointer = zoo_header.zoo_start; ++ + /* Seek to the beginning of the first directory entry */ + if (zooseek (zoo_file, zoo_header.zoo_start, 0) != 0) { + ercount++; +@@ -437,6 +441,11 @@ if (fiz_ofs != 0L) { /* i + if (verb_list && !fast) + show_comment (&direntry, zoo_file, 0, (char *) NULL); + } /* end if (lots of conditions) */ ++ ++ /* Make sure we are not seeking to already processed data */ ++ if (direntry.next <= zoo_pointer) ++ prterror ('f', "ZOO chain structure is corrupted\n"); ++ zoo_pointer = direntry.next; + + /* ..seek to next dir entry */ + zooseek (zoo_file, direntry.next, 0); +@@ -539,10 +548,12 @@ int file_tz; { long gettz(); int diff_tz; /* timezone difference */ diff --git a/archivers/zoo/patches/patch-al b/archivers/zoo/patches/patch-al new file mode 100644 index 00000000000..11314e5729d --- /dev/null +++ b/archivers/zoo/patches/patch-al @@ -0,0 +1,35 @@ +$NetBSD: patch-al,v 1.1 2007/05/13 16:59:39 taca Exp $ + +--- zooext.c.orig 1993-05-01 12:58:50.000000000 +0900 ++++ zooext.c +@@ -89,6 +89,7 @@ int alloc_size; + #endif + struct direntry direntry; /* directory entry */ + int first_dir = 1; /* first dir entry seen? */ ++unsigned long zoo_pointer = 0; /* Track our position in the file */ + + static char extract_ver[] = "Zoo %d.%d is needed to extract %s.\n"; + static char no_space[] = "Insufficient disk space to extract %s.\n"; +@@ -169,6 +170,9 @@ if (fiz_ofs != 0L) { /* i + exit_status = 1; + } + zooseek (zoo_file, zoo_header.zoo_start, 0); /* seek to where data begins */ ++ ++ /* Begin tracking our position in the file */ ++ zoo_pointer = zoo_header.zoo_start; + } + + #ifndef PORTABLE +@@ -597,6 +601,12 @@ bit 23==0 and bit 22==1. */ + } /* end if */ + + loop_again: ++ ++ /* Make sure we are not seeking to already processed data */ ++ if (next_ptr <= zoo_pointer) ++ prterror ('f', "ZOO chain structure is corrupted\n"); ++ zoo_pointer = next_ptr; ++ + zooseek (zoo_file, next_ptr, 0); /* ..seek to next dir entry */ + } /* end while */ + diff --git a/archivers/zoo/patches/patch-am b/archivers/zoo/patches/patch-am new file mode 100644 index 00000000000..c21813cf3d8 --- /dev/null +++ b/archivers/zoo/patches/patch-am @@ -0,0 +1,17 @@ +$NetBSD: patch-am,v 1.1 2007/05/13 16:59:39 taca Exp $ + +--- portable.c.orig 1991-07-17 00:55:11.000000000 +0900 ++++ portable.c +@@ -87,6 +87,12 @@ ZOOFILE zoocreate (fname) + char *fname; + { return ((ZOOFILE) fopen (fname, Z_NEW)); } + ++#ifndef USE_MKTEMP ++ZOOFILE zoocreate_fd (fd) ++int fd; ++{ return ((ZOOFILE) fdopen (fd, Z_NEW)); } ++#endif ++ + #endif /* FIZ */ + + #ifndef zooseek diff --git a/archivers/zoo/patches/patch-an b/archivers/zoo/patches/patch-an new file mode 100644 index 00000000000..2bc3a0246b7 --- /dev/null +++ b/archivers/zoo/patches/patch-an @@ -0,0 +1,14 @@ +$NetBSD: patch-an,v 1.1 2007/05/13 16:59:40 taca Exp $ + +--- zooio.h.orig 1993-05-01 12:39:50.000000000 +0900 ++++ zooio.h +@@ -53,6 +53,9 @@ long zootell PARMS((ZOOFILE)); + + ZOOFILE zooopen PARMS((char *, char *)); + ZOOFILE zoocreate PARMS((char *)); ++#ifndef USE_MKTEMP ++ZOOFILE zoocreate_fd PARMS((int)); ++#endif + int zooclose PARMS((ZOOFILE)); + int zootrunc PARMS((ZOOFILE)); + diff --git a/archivers/zoo/patches/patch-ao b/archivers/zoo/patches/patch-ao new file mode 100644 index 00000000000..7f086795fae --- /dev/null +++ b/archivers/zoo/patches/patch-ao @@ -0,0 +1,40 @@ +$NetBSD: patch-ao,v 1.1 2007/05/13 16:59:40 taca Exp $ + +--- zoopack.c.orig 1993-05-01 12:59:21.000000000 +0900 ++++ zoopack.c +@@ -32,7 +32,9 @@ Copyright (C) 1986, 1987 Rahul Dhesi -- + #include + #endif + ++#ifdef USE_MKTEMP + char *mktemp PARMS((char *)); ++#endif + + struct zoo_header zoo_header = { + TEXT, +@@ -76,6 +78,7 @@ int bad_header = 0; + int latest_date = 0; /* latest date on any file moved */ + int latest_time = 0; /* ...likewise */ + int curr_dir = 0; /* create backup in curr dir */ ++static int fd; + static char partial_msg[] = + "Partially packed archive left in %s.\n"; + +@@ -171,9 +174,16 @@ if (!curr_dir) { + } else { + strcpy (temp_file, xes); + } ++#ifdef USE_MKTEMP ++fd = 0; + mktemp (temp_file); /* ... and make unique */ + new_file = zoocreate (temp_file); +-if (new_file == NOFILE) ++#else ++fd = mkstemp (temp_file); ++if (fd >= 0) ++ new_file = zoocreate (temp_file); ++#endif ++if (fd < 0 || new_file == NOFILE) + prterror ('f', "Could not create temporary file %s.\n", temp_file); + + /* -- cgit v1.2.3