From 179121e598ae7b9f62c63e7035209002b085ff85 Mon Sep 17 00:00:00 2001 From: taca Date: Sun, 6 May 2007 00:28:57 +0000 Subject: Add a patch to prevent possible buffer overflow by using strcpy() in zzip_open_shared_io(), it was reported as CVE-2007-1614. Bump PKGREVISION. --- archivers/zziplib/Makefile | 4 ++-- archivers/zziplib/distinfo | 3 ++- archivers/zziplib/patches/patch-ab | 15 +++++++++++++++ 3 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 archivers/zziplib/patches/patch-ab (limited to 'archivers/zziplib') diff --git a/archivers/zziplib/Makefile b/archivers/zziplib/Makefile index 6a5c4518a81..08977f9cbfc 100644 --- a/archivers/zziplib/Makefile +++ b/archivers/zziplib/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.13 2006/08/11 12:50:40 taca Exp $ +# $NetBSD: Makefile,v 1.14 2007/05/06 00:28:57 taca Exp $ # DISTNAME= zziplib-0.10.82 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= archivers MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=zziplib/} EXTRACT_SUFX= .tar.bz2 diff --git a/archivers/zziplib/distinfo b/archivers/zziplib/distinfo index e83a717b873..cdf59f64a22 100644 --- a/archivers/zziplib/distinfo +++ b/archivers/zziplib/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.3 2006/08/11 12:50:40 taca Exp $ +$NetBSD: distinfo,v 1.4 2007/05/06 00:28:57 taca Exp $ SHA1 (zziplib-0.10.82.tar.bz2) = 7f9e07a200a52e38b9011acefcbed9fff0e4b6d3 RMD160 (zziplib-0.10.82.tar.bz2) = 58be317eda7657e7e9d4a26e3070a70134d416a0 Size (zziplib-0.10.82.tar.bz2) = 572573 bytes SHA1 (patch-aa) = b72e1fb94e1c91f5c3f920d0aa6e1e450bf7eace +SHA1 (patch-ab) = 166bbab7eb90e0d756f8eada2fdc67eee6ac0e51 diff --git a/archivers/zziplib/patches/patch-ab b/archivers/zziplib/patches/patch-ab new file mode 100644 index 00000000000..c9628bf3bfa --- /dev/null +++ b/archivers/zziplib/patches/patch-ab @@ -0,0 +1,15 @@ +$NetBSD: patch-ab,v 1.1 2007/05/06 00:28:57 taca Exp $ + +--- zzip/file.c.orig 2003-07-29 04:52:49.000000000 +0900 ++++ zzip/file.c +@@ -708,7 +708,9 @@ zzip_open_shared_io (ZZIP_FILE* stream, + /* see if we can open a file that is a zip file */ + { char basename[PATH_MAX]; + char* p; +- strcpy (basename, filename); ++ int filename_len = strlen (filename); ++ if (filename_len >= PATH_MAX) { errno = ENAMETOOLONG; return 0; } ++ memcpy (basename, filename, filename_len+1); + + /* see if we can share the same zip directory */ + if (stream && stream->dir && stream->dir->realname) -- cgit v1.2.3