[pkgsrc/trunk]: pkgsrc/time/pcal Security fix for CAN-2004-1289.

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/9c93aea1579f
branches:  trunk
changeset: 490819:9c93aea1579f
user:      salo <salo%pkgsrc.org@localhost>
date:      Sun Mar 20 21:34:17 2005 +0000

description:
Security fix for CAN-2004-1289.

"Multiple buffer overflows in the getline function in pcalutil.c and the
 get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers
 to execute arbitrary code via a crafted calendar file."

Partial patch from Debian.  Bump PKGREVISION.

diffstat:

 time/pcal/Makefile         |   3 ++-
 time/pcal/distinfo         |   4 +++-
 time/pcal/patches/patch-af |  13 +++++++++++++
 time/pcal/patches/patch-ag |  15 +++++++++++++++
 4 files changed, 33 insertions(+), 2 deletions(-)

diffs (64 lines):

diff -r 46a305d7c0a8 -r 9c93aea1579f time/pcal/Makefile
--- a/time/pcal/Makefile        Sun Mar 20 21:29:05 2005 +0000
+++ b/time/pcal/Makefile        Sun Mar 20 21:34:17 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.6 2004/12/03 15:15:11 wiz Exp $
+# $NetBSD: Makefile,v 1.7 2005/03/20 21:34:17 salo Exp $
 #
 
 DISTNAME=      pcal-4.7
+PKGREVISION=   1
 CATEGORIES=    time
 MASTER_SITES=  http://membled.com/work/mirror/pcal/
 EXTRACT_SUFX=  .tar.bz2
diff -r 46a305d7c0a8 -r 9c93aea1579f time/pcal/distinfo
--- a/time/pcal/distinfo        Sun Mar 20 21:29:05 2005 +0000
+++ b/time/pcal/distinfo        Sun Mar 20 21:34:17 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2005/02/23 19:14:55 wiz Exp $
+$NetBSD: distinfo,v 1.5 2005/03/20 21:34:17 salo Exp $
 
 SHA1 (pcal-4.7.tar.bz2) = 4604067da16b7674630eb4d8894406b885e85d89
 RMD160 (pcal-4.7.tar.bz2) = d0b5380da2bbf94c5c5824f3355b583abba593bc
@@ -8,3 +8,5 @@
 SHA1 (patch-ac) = ab1eee4e3441268255d4bbc2d043db74d3eac2ae
 SHA1 (patch-ad) = ffd8b00dbb716df55be4a7e17f4637dad86bcd1f
 SHA1 (patch-ae) = 34ae04ae56d096b1b2294114428dc1f29af83701
+SHA1 (patch-af) = 59f064df3fa9441c22be91c1e6dd12c7ffef3a08
+SHA1 (patch-ag) = 34c442b33d47f51e4f6e82f966446a717ceb64a1
diff -r 46a305d7c0a8 -r 9c93aea1579f time/pcal/patches/patch-af
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/time/pcal/patches/patch-af        Sun Mar 20 21:34:17 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-af,v 1.1 2005/03/20 21:34:17 salo Exp $
+
+--- pcalutil.c.orig    2000-02-09 17:06:23.000000000 +0100
++++ pcalutil.c 2005-03-20 22:26:14.000000000 +0100
+@@ -1111,6 +1111,8 @@
+                               else
+                                       ungetc(c2, fp);
+                       }
++                      /* Don't overflow the buffer */
++                      if ( (cp - tmpbuf) < (LINSIZ -1))
+                       *cp++ = c;
+               }
+ 
diff -r 46a305d7c0a8 -r 9c93aea1579f time/pcal/patches/patch-ag
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/time/pcal/patches/patch-ag        Sun Mar 20 21:34:17 2005 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ag,v 1.1 2005/03/20 21:34:17 salo Exp $
+
+--- readfile.c.orig    2000-02-09 17:06:23.000000000 +0100
++++ readfile.c 2005-03-20 22:18:17.000000000 +0100
+@@ -1300,8 +1300,9 @@
+ {
+       KWD_H *p;
+       char tmp[STRSIZ];
++      memset(tmp,'\0',sizeof(tmp));
+ 
+-      strcpy(tmp, cp);                /* make copy without any trailing '*' */
++      strncpy(tmp, cp,sizeof(tmp)-1);         /* make copy without any trailing '*' */
+       if (LASTCHAR(tmp) == '*')
+               LASTCHAR(tmp) = '\0';
+