pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/archivers/gcpio Security fix for http://secunia.com/ad...
details: https://anonhg.NetBSD.org/pkgsrc/rev/c4aad843888f
branches: trunk
changeset: 507970:c4aad843888f
user: seb <seb%pkgsrc.org@localhost>
date: Sun Feb 12 01:44:28 2006 +0000
description:
Security fix for http://secunia.com/advisories/18251/ (CVE-2005-4268)
adapted from patch attached in redhat bugzilla
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669
While here add test target support.
Bump PKGREVISION to 2.
diffstat:
archivers/gcpio/Makefile | 6 +-
archivers/gcpio/distinfo | 5 +-
archivers/gcpio/patches/patch-ak | 13 +-
archivers/gcpio/patches/patch-ap | 549 +++++++++++++++++++++++++++++++++++++++
4 files changed, 567 insertions(+), 6 deletions(-)
diffs (truncated from 621 to 300 lines):
diff -r 63db9ece64ce -r c4aad843888f archivers/gcpio/Makefile
--- a/archivers/gcpio/Makefile Sun Feb 12 00:52:20 2006 +0000
+++ b/archivers/gcpio/Makefile Sun Feb 12 01:44:28 2006 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.28 2005/12/05 23:55:01 rillig Exp $
+# $NetBSD: Makefile,v 1.29 2006/02/12 01:44:28 seb Exp $
#
DISTNAME= cpio-2.6
-PKGREVISION= 1
+PKGREVISION= 2
PKGNAME= g${DISTNAME}
CATEGORIES= archivers
MASTER_SITES= ${MASTER_SITE_GNU:=cpio/}
@@ -16,6 +16,8 @@
GNU_CONFIGURE= yes
USE_MAKEINFO= yes
+TEST_TARGET= check
+
INFO_FILES= cpio.info
.include "../../mk/bsd.prefs.mk"
diff -r 63db9ece64ce -r c4aad843888f archivers/gcpio/distinfo
--- a/archivers/gcpio/distinfo Sun Feb 12 00:52:20 2006 +0000
+++ b/archivers/gcpio/distinfo Sun Feb 12 01:44:28 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2005/11/03 19:38:51 adrianp Exp $
+$NetBSD: distinfo,v 1.10 2006/02/12 01:44:28 seb Exp $
SHA1 (cpio-2.6.tar.gz) = 5a4ea156519909994fe05933dc823abcf07e3e21
RMD160 (cpio-2.6.tar.gz) = 8246bdd08ab8727f9a8042d33ddfe3a6332476b8
@@ -9,8 +9,9 @@
SHA1 (patch-ah) = f7e17682c2f6783e72310ef1d82a1bfca376e5ce
SHA1 (patch-ai) = c3ad35aa4fe9c82e5110c52c61ca3405915e19ab
SHA1 (patch-aj) = 1a4f796692cdad64297590acea33f371c903fa66
-SHA1 (patch-ak) = fb1a4d78901b419e370609e28efe67bdb72cdbd5
+SHA1 (patch-ak) = 9f795bf2f600ec31cf760ea0e5a0fc1c014fd143
SHA1 (patch-al) = 3c1e71ad7a10c80e8ec82718ee44d138641eb18e
SHA1 (patch-am) = d380ee141b218c568abc69ad90def03add91cde5
SHA1 (patch-an) = 943fe81aba7846bd8349cc2e31ab9525e019e99f
SHA1 (patch-ao) = 53c7b6bc1e00a0203665e12807b3388204f838c3
+SHA1 (patch-ap) = cf1ca21394e4e437e64fc83837e08b0aba26d41e
diff -r 63db9ece64ce -r c4aad843888f archivers/gcpio/patches/patch-ak
--- a/archivers/gcpio/patches/patch-ak Sun Feb 12 00:52:20 2006 +0000
+++ b/archivers/gcpio/patches/patch-ak Sun Feb 12 01:44:28 2006 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-ak,v 1.1 2005/11/03 19:38:50 adrianp Exp $
+$NetBSD: patch-ak,v 1.2 2006/02/12 01:44:28 seb Exp $
---- src/extern.h.orig 2004-09-08 11:49:57.000000000 +0100
+--- src/extern.h.orig 2004-09-08 12:49:57.000000000 +0200
+++ src/extern.h
@@ -46,7 +46,7 @@ extern int no_chown_flag;
extern int sparse_flag;
@@ -11,3 +11,12 @@
extern unsigned int warn_option;
/* Values for warn_option */
+@@ -112,7 +112,7 @@ void long_format P_((struct new_cpio_hea
+ void print_name_with_quoting P_((char *p));
+
+ /* copyout.c */
+-void write_out_header P_((struct new_cpio_header *file_hdr, int out_des));
++int write_out_header P_((struct new_cpio_header *file_hdr, int out_des));
+ void process_copy_out P_((void));
+
+ /* copypass.c */
diff -r 63db9ece64ce -r c4aad843888f archivers/gcpio/patches/patch-ap
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/gcpio/patches/patch-ap Sun Feb 12 01:44:28 2006 +0000
@@ -0,0 +1,549 @@
+$NetBSD: patch-ap,v 1.1 2006/02/12 01:44:28 seb Exp $
+
+--- src/copyout.c.orig 2004-10-14 09:14:03.000000000 +0000
++++ src/copyout.c
+@@ -159,7 +159,7 @@ add_link_defer (struct new_cpio_header *
+ }
+
+ /* We are about to put a file into a newc or crc archive that is
+- multiply linked. We have already seen and defered all of the
++ multiply linked. We have already seen and deferred all of the
+ other links to the file but haven't written them into the archive.
+ Write the other links into the archive, and remove them from the
+ deferouts list. */
+@@ -231,8 +231,10 @@ writeout_defered_file (struct new_cpio_h
+ file_hdr.c_filesize,
+ header->c_name);
+
+- write_out_header (&file_hdr, out_file_des);
+- copy_files_disk_to_tape (in_file_des, out_file_des, file_hdr.c_filesize, header->c_name);
++ if (write_out_header (&file_hdr, out_file_des))
++ return;
++ copy_files_disk_to_tape (in_file_des, out_file_des, file_hdr.c_filesize,
++ header->c_name);
+ warn_if_file_changed(header->c_name, file_hdr.c_filesize, file_hdr.c_mtime);
+
+ if (archive_format == arf_tar || archive_format == arf_ustar)
+@@ -288,153 +290,313 @@ writeout_final_defers (int out_des)
+ }
+ }
+
+-
+-/* Write out header FILE_HDR, including the file name, to file
+- descriptor OUT_DES. */
++/* FIXME: These two defines should be defined in paxutils */
++#define LG_8 3
++#define LG_16 4
++
++/* FIXME: to_ascii could be used instead of to_oct() and to_octal() from tar,
++ so it should be moved to paxutils too.
++ Allowed values for logbase are: 1 (binary), 2, 3 (octal), 4 (hex) */
++int
++to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase)
++{
++ static char codetab[] = "0123456789ABCDEF";
++ int i = digits;
++
++ do
++ {
++ where[--i] = codetab[(v & ((1 << logbase) - 1))];
++ v >>= logbase;
++ }
++ while (i);
++
++ return v != 0;
++}
++
++static void
++field_width_error (const char *filename, const char *fieldname)
++{
++ error (0, 0, _("%s: field width not sufficient for storing %s"),
++ filename, fieldname);
++}
++
++static void
++field_width_warning (const char *filename, const char *fieldname)
++{
++ if (warn_option & CPIO_WARN_TRUNCATE)
++ error (0, 0, _("%s: truncating %s"), filename, fieldname);
++}
+
+ void
+-write_out_header (struct new_cpio_header *file_hdr, int out_des)
++to_ascii_or_warn (char *where, uintmax_t n, size_t digits,
++ unsigned logbase,
++ const char *filename, const char *fieldname)
+ {
+- if (archive_format == arf_newascii || archive_format == arf_crcascii)
++ if (to_ascii (where, n, digits, logbase))
++ field_width_warning (filename, fieldname);
++}
++
++int
++to_ascii_or_error (char *where, uintmax_t n, size_t digits,
++ unsigned logbase,
++ const char *filename, const char *fieldname)
++{
++ if (to_ascii (where, n, digits, logbase))
+ {
+- char ascii_header[112];
+- char *magic_string;
++ field_width_error (filename, fieldname);
++ return 1;
++ }
++ return 0;
++}
+
+- if (archive_format == arf_crcascii)
+- magic_string = "070702";
+- else
+- magic_string = "070701";
+- sprintf (ascii_header,
+- "%6s%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx",
+- magic_string,
+- file_hdr->c_ino, file_hdr->c_mode, file_hdr->c_uid,
+- file_hdr->c_gid, file_hdr->c_nlink, file_hdr->c_mtime,
+- file_hdr->c_filesize, file_hdr->c_dev_maj, file_hdr->c_dev_min,
+- file_hdr->c_rdev_maj, file_hdr->c_rdev_min, file_hdr->c_namesize,
+- file_hdr->c_chksum);
+- tape_buffered_write (ascii_header, out_des, 110L);
+-
+- /* Write file name to output. */
+- tape_buffered_write (file_hdr->c_name, out_des, (long) file_hdr->c_namesize);
+- tape_pad_output (out_des, file_hdr->c_namesize + 110);
+- }
+- else if (archive_format == arf_oldascii || archive_format == arf_hpoldascii)
+- {
+- char ascii_header[78];
+- dev_t dev;
+- dev_t rdev;
++int
++write_out_new_ascii_header (const char *magic_string,
++ struct new_cpio_header *file_hdr, int out_des)
++{
++ char ascii_header[110];
++ char *p;
+
+- if (archive_format == arf_oldascii)
+- {
+- dev = makedev (file_hdr->c_dev_maj, file_hdr->c_dev_min);
+- rdev = makedev (file_hdr->c_rdev_maj, file_hdr->c_rdev_min);
+- }
+- else
+- {
+- /* HP/UX cpio creates archives that look just like ordinary archives,
+- but for devices it sets major = 0, minor = 1, and puts the
+- actual major/minor number in the filesize field. */
+- switch (file_hdr->c_mode & CP_IFMT)
+- {
+- case CP_IFCHR:
+- case CP_IFBLK:
++ (void)strncpy(ascii_header, magic_string, sizeof(ascii_header) - 1);
++ ascii_header[sizeof(ascii_header) -1] = '\0';
++ p = ascii_header + strlen(ascii_header);
++ to_ascii_or_warn (p, file_hdr->c_ino, 8, LG_16,
++ file_hdr->c_name, _("inode number"));
++ p += 8;
++ to_ascii_or_warn (p, file_hdr->c_mode, 8, LG_16, file_hdr->c_name,
++ _("file mode"));
++ p += 8;
++ to_ascii_or_warn (p, file_hdr->c_uid, 8, LG_16, file_hdr->c_name,
++ _("uid"));
++ p += 8;
++ to_ascii_or_warn (p, file_hdr->c_gid, 8, LG_16, file_hdr->c_name,
++ _("gid"));
++ p += 8;
++ to_ascii_or_warn (p, file_hdr->c_nlink, 8, LG_16, file_hdr->c_name,
++ _("number of links"));
++ p += 8;
++ to_ascii_or_warn (p, file_hdr->c_mtime, 8, LG_16, file_hdr->c_name,
++ _("modification time"));
++ p += 8;
++ if (to_ascii_or_error (p, file_hdr->c_filesize, 8, LG_16, file_hdr->c_name,
++ _("file size")))
++ return 1;
++ p += 8;
++ if (to_ascii_or_error (p, file_hdr->c_dev_maj, 8, LG_16, file_hdr->c_name,
++ _("device major number")))
++ return 1;
++ p += 8;
++ if (to_ascii_or_error (p, file_hdr->c_dev_min, 8, LG_16, file_hdr->c_name,
++ _("device minor number")))
++ return 1;
++ p += 8;
++ if (to_ascii_or_error (p, file_hdr->c_rdev_maj, 8, LG_16, file_hdr->c_name,
++ _("rdev major")))
++ return 1;
++ p += 8;
++ if (to_ascii_or_error (p, file_hdr->c_rdev_min, 8, LG_16, file_hdr->c_name,
++ _("rdev minor")))
++ return 1;
++ p += 8;
++ if (to_ascii_or_error (p, file_hdr->c_namesize, 8, LG_16, file_hdr->c_name,
++ _("name size")))
++ return 1;
++ p += 8;
++ to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16);
++
++ tape_buffered_write (ascii_header, out_des, sizeof ascii_header);
++
++ /* Write file name to output. */
++ tape_buffered_write (file_hdr->c_name, out_des, (long) file_hdr->c_namesize);
++ tape_pad_output (out_des, file_hdr->c_namesize + sizeof ascii_header);
++ return 0;
++}
++
++int
++write_out_old_ascii_header (dev_t dev, dev_t rdev,
++ struct new_cpio_header *file_hdr, int out_des)
++{
++ char ascii_header[76];
++ char *p = ascii_header;
++
++ to_ascii (p, file_hdr->c_magic, 6, LG_8);
++ p += 6;
++ to_ascii_or_warn (p, dev, 6, LG_8, file_hdr->c_name, _("device number"));
++ p += 6;
++ to_ascii_or_warn (p, file_hdr->c_ino, 6, LG_8, file_hdr->c_name,
++ _("inode number"));
++ p += 6;
++ to_ascii_or_warn (p, file_hdr->c_mode, 6, LG_8, file_hdr->c_name,
++ _("file mode"));
++ p += 6;
++ to_ascii_or_warn (p, file_hdr->c_uid, 6, LG_8, file_hdr->c_name, _("uid"));
++ p += 6;
++ to_ascii_or_warn (p, file_hdr->c_gid, 6, LG_8, file_hdr->c_name, _("gid"));
++ p += 6;
++ to_ascii_or_warn (p, file_hdr->c_nlink, 6, LG_8, file_hdr->c_name,
++ _("number of links"));
++ p += 6;
++ to_ascii_or_warn (p, rdev, 6, LG_8, file_hdr->c_name, _("rdev"));
++ p += 6;
++ to_ascii_or_warn (p, file_hdr->c_mtime, 11, LG_8, file_hdr->c_name,
++ _("modification time"));
++ p += 11;
++ if (to_ascii_or_error (p, file_hdr->c_namesize, 6, LG_8, file_hdr->c_name,
++ _("name size")))
++ return 1;
++ p += 6;
Home |
Main Index |
Thread Index |
Old Index