From 4c15d1f97b78d709f7cd2a7743b37ba7a829a098 Mon Sep 17 00:00:00 2001 From: obache Date: Mon, 21 Sep 2009 06:43:59 +0000 Subject: Update libast to 0.7. (CVE-2006-0224 was already fixed by patch-aa in pkgsrc). XXX: self test failed on NetBSD-5.0.1, but old version also failed. Changes: The string class is now both an interface and an implementation, so parallel implementations (e.g., a glib string wrapper) can be created. Detection of Imlib2 support and a pixmap leak when it was disabled have been fixed. Fixes have been made for gcc4/newer autotools. This release also contains a fix for CVE-2006-0224, a buffer overflow which could lead to privilege escalation in set uid/setgid apps using LibAST's configuration engine. --- devel/libast/Makefile | 7 +++--- devel/libast/PLIST | 3 ++- devel/libast/distinfo | 9 +++---- devel/libast/patches/patch-aa | 57 ------------------------------------------- 4 files changed, 9 insertions(+), 67 deletions(-) delete mode 100644 devel/libast/patches/patch-aa (limited to 'devel/libast') diff --git a/devel/libast/Makefile b/devel/libast/Makefile index 0161fb76751..b10ca4b3e19 100644 --- a/devel/libast/Makefile +++ b/devel/libast/Makefile @@ -1,12 +1,11 @@ -# $NetBSD: Makefile,v 1.25 2009/08/26 19:56:45 sno Exp $ +# $NetBSD: Makefile,v 1.26 2009/09/21 06:43:59 obache Exp $ -DISTNAME= libast-0.6.1 -PKGREVISION= 4 +DISTNAME= libast-0.7 CATEGORIES= devel MASTER_SITES= http://www.eterm.org/download/ MAINTAINER= gendalia@NetBSD.org -HOMEPAGE= http://freshmeat.net/projects/libast/?topic_id=809%2C861 +HOMEPAGE= http://freshmeat.net/projects/libast/ COMMENT= The Library of Assorted Spiffy Things PKG_DESTDIR_SUPPORT= user-destdir diff --git a/devel/libast/PLIST b/devel/libast/PLIST index 945ef46de9b..4cfed098ac3 100644 --- a/devel/libast/PLIST +++ b/devel/libast/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.4 2009/06/14 17:48:50 joerg Exp $ +@comment $NetBSD: PLIST,v 1.5 2009/09/21 06:43:59 obache Exp $ bin/libast-config include/libast.h include/libast/array.h @@ -8,6 +8,7 @@ include/libast/iterator_if.h include/libast/linked_list.h include/libast/list_if.h include/libast/map_if.h +include/libast/mbuff.h include/libast/obj.h include/libast/objpair.h include/libast/regexp.h diff --git a/devel/libast/distinfo b/devel/libast/distinfo index e34db69c4cf..eeef028607c 100644 --- a/devel/libast/distinfo +++ b/devel/libast/distinfo @@ -1,6 +1,5 @@ -$NetBSD: distinfo,v 1.4 2006/03/07 02:30:41 joerg Exp $ +$NetBSD: distinfo,v 1.5 2009/09/21 06:43:59 obache Exp $ -SHA1 (libast-0.6.1.tar.gz) = 894b9dda8e6f971e0192b78d05dc4812839a01cb -RMD160 (libast-0.6.1.tar.gz) = 85d6a6433fe12c81d120adf7e6567c0676d26b8c -Size (libast-0.6.1.tar.gz) = 356881 bytes -SHA1 (patch-aa) = ae46e2d08170f491d13f573ca075166c3f6e1a2a +SHA1 (libast-0.7.tar.gz) = 8449049642c5a945336a326b8d512e4d261232d0 +RMD160 (libast-0.7.tar.gz) = 82dedafc23668f0bbecbf09433676d4b31e9e154 +Size (libast-0.7.tar.gz) = 508654 bytes diff --git a/devel/libast/patches/patch-aa b/devel/libast/patches/patch-aa deleted file mode 100644 index cb306283c25..00000000000 --- a/devel/libast/patches/patch-aa +++ /dev/null @@ -1,57 +0,0 @@ -$NetBSD: patch-aa,v 1.3 2006/03/07 02:30:41 joerg Exp $ - ---- src/conf.c.orig 2004-11-07 20:18:21.000000000 +0100 -+++ src/conf.c -@@ -721,14 +721,12 @@ spifconf_shell_expand(spif_charptr_t s) - - /* The config file reader. This looks for the config file by searching CONFIG_SEARCH_PATH. - If it can't find a config file, it displays a warning but continues. -- mej */ -- - spif_charptr_t - spifconf_find_file(const spif_charptr_t file, const spif_charptr_t dir, const spif_charptr_t pathlist) - { - static spif_char_t name[PATH_MAX], full_path[PATH_MAX]; - spif_charptr_t path, p; -- short maxpathlen; -- unsigned short len; -+ spif_int32_t len, maxpathlen; - struct stat fst; - - REQUIRE_RVAL(file != NULL, NULL); -@@ -737,6 +735,13 @@ spifconf_find_file(const spif_charptr_t - D_CONF(("spifconf_find_file(\"%s\", \"%s\", \"%s\") called from directory \"%s\".\n", - file, NONULL(dir), NONULL(pathlist), name)); - -+ /* Make sure our supplied settings don't overflow. */ -+ len = strlen(SPIF_CAST_C(char *) file) + ((dir) ? (strlen(SPIF_CAST_C(char *) dir)) : (0)) + 2; -+ if ((len > SPIF_CAST(int32) sizeof(name)) || (len <= 0)) { -+ D_CONF(("Too big. I lose. :(\n")); -+ return ((spif_charptr_t) NULL); -+ } -+ - if (dir) { - strcpy(SPIF_CAST_C(char *) name, SPIF_CAST_C(char *) dir); - strcat(SPIF_CAST_C(char *) name, "/"); -@@ -756,7 +761,7 @@ spifconf_find_file(const spif_charptr_t - /* maxpathlen is the longest possible path we can stuff into name[]. The - 2 saves room for - an additional / and the trailing null. */ - if ((maxpathlen = sizeof(name) - len - 2) <= 0) { -- D_CONF(("Too big. I lose. :(\n", name)); -+ D_CONF(("Too big. I lose. :(\n")); - return ((spif_charptr_t) NULL); - } - -@@ -827,10 +832,12 @@ spifconf_open_file(spif_charptr_t name) - /* Check version number against current application version. */ - begin_ptr = SPIF_STR_STR(ver_str) + spif_str_index(ver_str, SPIF_CAST(char) '-') + 1; - end_ptr = SPIF_STR_STR(ver_str) + spif_str_index(ver_str, SPIF_CAST(char) '>'); -+ D_CONF(("Begin pointer is %10p (%s), end pointer is %10p (%s), length is %d, buffer size is %d\n", -+ begin_ptr, begin_ptr, end_ptr, end_ptr, SPIF_CAST_C(int) (end_ptr - begin_ptr), sizeof(buff))); - if (SPIF_PTR_ISNULL(end_ptr)) { - spiftool_safe_strncpy(buff, begin_ptr, sizeof(buff)); - } else { -- testlen = MAX(SPIF_CAST_C(int) sizeof(buff), SPIF_CAST_C(int) (end_ptr - begin_ptr)); -+ testlen = MIN(SPIF_CAST_C(int) sizeof(buff), SPIF_CAST_C(int) (end_ptr - begin_ptr + 1)); - spiftool_safe_strncpy(buff, begin_ptr, testlen); - } - ver = spiftool_version_compare(buff, libast_program_version); -- cgit v1.2.3