pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2004Q3]: pkgsrc/doc Security Pullup - requested by Grant Beatt...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/986f63b85ccc
branches:  pkgsrc-2004Q3
changeset: 480727:986f63b85ccc
user:      agc <agc%pkgsrc.org@localhost>
date:      Tue Nov 02 10:33:50 2004 +0000

description:
Security Pullup - requested by Grant Beattie and Havard Eidnes
security fix for cabextract

        Module Name:    pkgsrc
        Committed By:   wiz
        Date:           Thu Oct 28 10:35:56 UTC 2004

        Modified Files:
                pkgsrc/archivers/cabextract: Makefile distinfo
        Added Files:
                pkgsrc/archivers/cabextract/patches: patch-aa

        Log Message:
        Update to 1.1:
          * A security vulnerability has been fixed. If the files within a
            cabinet file include "../" in their filenames, this will be
            changed to "xx/", so cabinets cannot access the parent directory
            of where you want to extract them.
          * cabextract should now compile cleanly on AIX and Cygwin.
----
        Module Name:    pkgsrc
        Committed By:   tv
        Date:           Fri Oct 29 14:31:27 UTC 2004

        Modified Files:
                pkgsrc/archivers/cabextract: distinfo
        Added Files:
                pkgsrc/archivers/cabextract/patches: patch-ab

        Log Message:
        Make build on Interix (and possibly AIX).  mempcpy() is not actually used
        anywhere, yet configure.ac declared an AC_REPLACE_FUNCS() for it.  Rip out
        the offending code from configure until it is rebuilt at the source.

        (Patch to remove the AC_REPLACE_FUNCS submitted to author.)

diffstat:

 archivers/cabextract/Makefile         |   6 +++---
 archivers/cabextract/distinfo         |   8 +++++---
 archivers/cabextract/patches/patch-aa |  19 +++++++++++++++++++
 archivers/cabextract/patches/patch-ab |  22 ++++++++++++++++++++++
 doc/CHANGES-pkgsrc-2004Q3             |   4 +++-
 5 files changed, 52 insertions(+), 7 deletions(-)

diffs (97 lines):

diff -r 048f7ae20e5f -r 986f63b85ccc archivers/cabextract/Makefile
--- a/archivers/cabextract/Makefile     Tue Oct 26 11:25:05 2004 +0000
+++ b/archivers/cabextract/Makefile     Tue Nov 02 10:33:50 2004 +0000
@@ -1,12 +1,12 @@
-# $NetBSD: Makefile,v 1.11 2004/04/22 23:26:05 minskim Exp $
+# $NetBSD: Makefile,v 1.11.4.1 2004/11/02 10:33:50 agc Exp $
 #
 
-DISTNAME=              cabextract-1.0
+DISTNAME=              cabextract-1.1
 CATEGORIES=            archivers
 MASTER_SITES=          http://www.kyz.uklinux.net/downloads/
 
 MAINTAINER=            ben%NetBSD.org@localhost
-HOMEPAGE=              http://www.kyz.uklinux.net/cabextract.php3
+HOMEPAGE=              http://www.kyz.uklinux.net/cabextract.php
 COMMENT=               Microsoft cabinet (.CAB) file extractor
 
 PKG_INSTALLATION_TYPES=        overwrite pkgviews
diff -r 048f7ae20e5f -r 986f63b85ccc archivers/cabextract/distinfo
--- a/archivers/cabextract/distinfo     Tue Oct 26 11:25:05 2004 +0000
+++ b/archivers/cabextract/distinfo     Tue Nov 02 10:33:50 2004 +0000
@@ -1,4 +1,6 @@
-$NetBSD: distinfo,v 1.5 2004/03/10 23:05:43 ben Exp $
+$NetBSD: distinfo,v 1.5.6.1 2004/11/02 10:33:50 agc Exp $
 
-SHA1 (cabextract-1.0.tar.gz) = 789f2401fc62876a55cd9c9928fbe31589982b72
-Size (cabextract-1.0.tar.gz) = 189625 bytes
+SHA1 (cabextract-1.1.tar.gz) = 359c8f4ec9c62d9dac5d572269b607b2cae4fbf7
+Size (cabextract-1.1.tar.gz) = 187495 bytes
+SHA1 (patch-aa) = 4d36b50b1ca2dfd6f317dd0bcbc23523e1da70f2
+SHA1 (patch-ab) = 87d0089ebc1589c805b67d44675c78f1cc4ffc3b
diff -r 048f7ae20e5f -r 986f63b85ccc archivers/cabextract/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/cabextract/patches/patch-aa     Tue Nov 02 10:33:50 2004 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-aa,v 1.4.6.1 2004/11/02 10:33:50 agc Exp $
+
+--- mempcpy.c.orig     2004-07-16 16:07:01.000000000 +0200
++++ mempcpy.c
+@@ -29,7 +29,13 @@ Copies @var{length} bytes from memory re
+ 
+ */
+ 
+-#include <ansidecl.h>
++#include <string.h>
++#ifndef PTR
++#define PTR void*
++#endif
++#ifndef PARAMS
++#define PARAMS(x)     x
++#endif
+ #ifdef ANSI_PROTOTYPES
+ #include <stddef.h>
+ #else
diff -r 048f7ae20e5f -r 986f63b85ccc archivers/cabextract/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/cabextract/patches/patch-ab     Tue Nov 02 10:33:50 2004 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ab,v 1.1.2.2 2004/11/02 10:33:50 agc Exp $
+
+--- configure.orig     Fri Oct 29 09:40:19 2004
++++ configure
+@@ -6608,7 +6608,7 @@ fi
+ 
+ 
+ 
+-
++if false; then
+ for ac_func in mempcpy
+ do
+ as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+@@ -6717,7 +6717,7 @@ esac
+ 
+ fi
+ done
+-
++fi
+ 
+ 
+                     ac_config_files="$ac_config_files Makefile cabextract.spec"
diff -r 048f7ae20e5f -r 986f63b85ccc doc/CHANGES-pkgsrc-2004Q3
--- a/doc/CHANGES-pkgsrc-2004Q3 Tue Oct 26 11:25:05 2004 +0000
+++ b/doc/CHANGES-pkgsrc-2004Q3 Tue Nov 02 10:33:50 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-pkgsrc-2004Q3,v 1.1.2.13 2004/10/26 11:25:05 agc Exp $
+$NetBSD: CHANGES-pkgsrc-2004Q3,v 1.1.2.14 2004/11/02 10:33:50 agc Exp $
 
 Changes to the packages collection and infrastructure on the
 pkgsrc-2004Q3 branch:
@@ -29,4 +29,6 @@
 security fix for firefox
 Security Pullup - requested by Adrian Portelli
 security fix for socat
+Security Pullup - requested by Grant Beattie and Havard Eidnes
+security fix for cabextract
 



Home | Main Index | Thread Index | Old Index