pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/archivers/gcpio Security fix for http://secunia.com/ad...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/c4aad843888f
branches:  trunk
changeset: 507970:c4aad843888f
user:      seb <seb%pkgsrc.org@localhost>
date:      Sun Feb 12 01:44:28 2006 +0000

description:
Security fix for http://secunia.com/advisories/18251/ (CVE-2005-4268)
adapted from patch attached in redhat bugzilla
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669

While here add test target support.

Bump PKGREVISION to 2.

diffstat:

 archivers/gcpio/Makefile         |    6 +-
 archivers/gcpio/distinfo         |    5 +-
 archivers/gcpio/patches/patch-ak |   13 +-
 archivers/gcpio/patches/patch-ap |  549 +++++++++++++++++++++++++++++++++++++++
 4 files changed, 567 insertions(+), 6 deletions(-)

diffs (truncated from 621 to 300 lines):

diff -r 63db9ece64ce -r c4aad843888f archivers/gcpio/Makefile
--- a/archivers/gcpio/Makefile  Sun Feb 12 00:52:20 2006 +0000
+++ b/archivers/gcpio/Makefile  Sun Feb 12 01:44:28 2006 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.28 2005/12/05 23:55:01 rillig Exp $
+# $NetBSD: Makefile,v 1.29 2006/02/12 01:44:28 seb Exp $
 #
 
 DISTNAME=       cpio-2.6
-PKGREVISION=   1
+PKGREVISION=   2
 PKGNAME=       g${DISTNAME}
 CATEGORIES=    archivers
 MASTER_SITES=   ${MASTER_SITE_GNU:=cpio/}
@@ -16,6 +16,8 @@
 GNU_CONFIGURE= yes
 USE_MAKEINFO=  yes
 
+TEST_TARGET=   check
+
 INFO_FILES=    cpio.info
 
 .include "../../mk/bsd.prefs.mk"
diff -r 63db9ece64ce -r c4aad843888f archivers/gcpio/distinfo
--- a/archivers/gcpio/distinfo  Sun Feb 12 00:52:20 2006 +0000
+++ b/archivers/gcpio/distinfo  Sun Feb 12 01:44:28 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2005/11/03 19:38:51 adrianp Exp $
+$NetBSD: distinfo,v 1.10 2006/02/12 01:44:28 seb Exp $
 
 SHA1 (cpio-2.6.tar.gz) = 5a4ea156519909994fe05933dc823abcf07e3e21
 RMD160 (cpio-2.6.tar.gz) = 8246bdd08ab8727f9a8042d33ddfe3a6332476b8
@@ -9,8 +9,9 @@
 SHA1 (patch-ah) = f7e17682c2f6783e72310ef1d82a1bfca376e5ce
 SHA1 (patch-ai) = c3ad35aa4fe9c82e5110c52c61ca3405915e19ab
 SHA1 (patch-aj) = 1a4f796692cdad64297590acea33f371c903fa66
-SHA1 (patch-ak) = fb1a4d78901b419e370609e28efe67bdb72cdbd5
+SHA1 (patch-ak) = 9f795bf2f600ec31cf760ea0e5a0fc1c014fd143
 SHA1 (patch-al) = 3c1e71ad7a10c80e8ec82718ee44d138641eb18e
 SHA1 (patch-am) = d380ee141b218c568abc69ad90def03add91cde5
 SHA1 (patch-an) = 943fe81aba7846bd8349cc2e31ab9525e019e99f
 SHA1 (patch-ao) = 53c7b6bc1e00a0203665e12807b3388204f838c3
+SHA1 (patch-ap) = cf1ca21394e4e437e64fc83837e08b0aba26d41e
diff -r 63db9ece64ce -r c4aad843888f archivers/gcpio/patches/patch-ak
--- a/archivers/gcpio/patches/patch-ak  Sun Feb 12 00:52:20 2006 +0000
+++ b/archivers/gcpio/patches/patch-ak  Sun Feb 12 01:44:28 2006 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-ak,v 1.1 2005/11/03 19:38:50 adrianp Exp $
+$NetBSD: patch-ak,v 1.2 2006/02/12 01:44:28 seb Exp $
 
---- src/extern.h.orig  2004-09-08 11:49:57.000000000 +0100
+--- src/extern.h.orig  2004-09-08 12:49:57.000000000 +0200
 +++ src/extern.h
 @@ -46,7 +46,7 @@ extern int no_chown_flag;
  extern int sparse_flag;
@@ -11,3 +11,12 @@
  extern unsigned int warn_option;
  
  /* Values for warn_option */
+@@ -112,7 +112,7 @@ void long_format P_((struct new_cpio_hea
+ void print_name_with_quoting P_((char *p));
+ 
+ /* copyout.c */
+-void write_out_header P_((struct new_cpio_header *file_hdr, int out_des));
++int write_out_header P_((struct new_cpio_header *file_hdr, int out_des));
+ void process_copy_out P_((void));
+ 
+ /* copypass.c */
diff -r 63db9ece64ce -r c4aad843888f archivers/gcpio/patches/patch-ap
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/gcpio/patches/patch-ap  Sun Feb 12 01:44:28 2006 +0000
@@ -0,0 +1,549 @@
+$NetBSD: patch-ap,v 1.1 2006/02/12 01:44:28 seb Exp $
+
+--- src/copyout.c.orig 2004-10-14 09:14:03.000000000 +0000
++++ src/copyout.c
+@@ -159,7 +159,7 @@ add_link_defer (struct new_cpio_header *
+ }
+ 
+ /* We are about to put a file into a newc or crc archive that is
+-   multiply linked.  We have already seen and defered all of the
++   multiply linked.  We have already seen and deferred all of the
+    other links to the file but haven't written them into the archive.
+    Write the other links into the archive, and remove them from the
+    deferouts list.  */
+@@ -231,8 +231,10 @@ writeout_defered_file (struct new_cpio_h
+                                          file_hdr.c_filesize,
+                                          header->c_name);
+ 
+-  write_out_header (&file_hdr, out_file_des);
+-  copy_files_disk_to_tape (in_file_des, out_file_des, file_hdr.c_filesize, header->c_name);
++  if (write_out_header (&file_hdr, out_file_des))
++    return;
++  copy_files_disk_to_tape (in_file_des, out_file_des, file_hdr.c_filesize,
++                         header->c_name);
+   warn_if_file_changed(header->c_name, file_hdr.c_filesize, file_hdr.c_mtime);
+ 
+   if (archive_format == arf_tar || archive_format == arf_ustar)
+@@ -288,153 +290,313 @@ writeout_final_defers (int out_des)
+     }
+ }
+ 
+-
+-/* Write out header FILE_HDR, including the file name, to file
+-   descriptor OUT_DES.  */
++/* FIXME: These two defines should be defined in paxutils */
++#define LG_8  3
++#define LG_16 4
++
++/* FIXME: to_ascii could be used instead of to_oct() and to_octal() from tar,
++   so it should be moved to paxutils too.
++   Allowed values for logbase are: 1 (binary), 2, 3 (octal), 4 (hex) */
++int
++to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase)
++{
++  static char codetab[] = "0123456789ABCDEF";
++  int i = digits;
++  
++  do
++    {
++      where[--i] = codetab[(v & ((1 << logbase) - 1))];
++      v >>= logbase;
++    }
++  while (i);
++
++  return v != 0;
++}
++
++static void
++field_width_error (const char *filename, const char *fieldname)
++{
++  error (0, 0, _("%s: field width not sufficient for storing %s"),
++       filename, fieldname);
++}
++
++static void
++field_width_warning (const char *filename, const char *fieldname)
++{
++  if (warn_option & CPIO_WARN_TRUNCATE)
++    error (0, 0, _("%s: truncating %s"), filename, fieldname);
++}
+ 
+ void
+-write_out_header (struct new_cpio_header *file_hdr, int out_des)
++to_ascii_or_warn (char *where, uintmax_t n, size_t digits,
++                unsigned logbase,
++                const char *filename, const char *fieldname)
+ {
+-  if (archive_format == arf_newascii || archive_format == arf_crcascii)
++  if (to_ascii (where, n, digits, logbase))
++    field_width_warning (filename, fieldname);
++}    
++
++int
++to_ascii_or_error (char *where, uintmax_t n, size_t digits,
++                 unsigned logbase,
++                 const char *filename, const char *fieldname)
++{
++  if (to_ascii (where, n, digits, logbase))
+     {
+-      char ascii_header[112];
+-      char *magic_string;
++      field_width_error (filename, fieldname);
++      return 1;
++    }
++  return 0;
++}    
+ 
+-      if (archive_format == arf_crcascii)
+-      magic_string = "070702";
+-      else
+-      magic_string = "070701";
+-      sprintf (ascii_header,
+-             "%6s%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx",
+-             magic_string,
+-             file_hdr->c_ino, file_hdr->c_mode, file_hdr->c_uid,
+-             file_hdr->c_gid, file_hdr->c_nlink, file_hdr->c_mtime,
+-           file_hdr->c_filesize, file_hdr->c_dev_maj, file_hdr->c_dev_min,
+-         file_hdr->c_rdev_maj, file_hdr->c_rdev_min, file_hdr->c_namesize,
+-             file_hdr->c_chksum);
+-      tape_buffered_write (ascii_header, out_des, 110L);
+-
+-      /* Write file name to output.  */
+-      tape_buffered_write (file_hdr->c_name, out_des, (long) file_hdr->c_namesize);
+-      tape_pad_output (out_des, file_hdr->c_namesize + 110);
+-    }
+-  else if (archive_format == arf_oldascii || archive_format == arf_hpoldascii)
+-    {
+-      char ascii_header[78];
+-      dev_t dev;
+-      dev_t rdev;
++int
++write_out_new_ascii_header (const char *magic_string,
++                          struct new_cpio_header *file_hdr, int out_des)
++{
++  char ascii_header[110];
++  char *p;
+ 
+-      if (archive_format == arf_oldascii)
+-      {
+-        dev = makedev (file_hdr->c_dev_maj, file_hdr->c_dev_min);
+-        rdev = makedev (file_hdr->c_rdev_maj, file_hdr->c_rdev_min);
+-      }
+-      else
+-      {
+-        /* HP/UX cpio creates archives that look just like ordinary archives,
+-           but for devices it sets major = 0, minor = 1, and puts the
+-           actual major/minor number in the filesize field.  */
+-        switch (file_hdr->c_mode & CP_IFMT)
+-          {
+-            case CP_IFCHR:
+-            case CP_IFBLK:
++  (void)strncpy(ascii_header, magic_string, sizeof(ascii_header) - 1);
++  ascii_header[sizeof(ascii_header) -1] = '\0';
++  p = ascii_header + strlen(ascii_header);
++  to_ascii_or_warn (p, file_hdr->c_ino, 8, LG_16,
++                  file_hdr->c_name, _("inode number"));
++  p += 8;
++  to_ascii_or_warn (p, file_hdr->c_mode, 8, LG_16, file_hdr->c_name,
++                  _("file mode"));
++  p += 8;
++  to_ascii_or_warn (p, file_hdr->c_uid, 8, LG_16, file_hdr->c_name,
++                  _("uid"));
++  p += 8;
++  to_ascii_or_warn (p, file_hdr->c_gid, 8, LG_16, file_hdr->c_name,
++                  _("gid"));
++  p += 8;
++  to_ascii_or_warn (p, file_hdr->c_nlink, 8, LG_16, file_hdr->c_name,
++                  _("number of links"));
++  p += 8;
++  to_ascii_or_warn (p, file_hdr->c_mtime, 8, LG_16, file_hdr->c_name,
++                  _("modification time"));
++  p += 8;
++  if (to_ascii_or_error (p, file_hdr->c_filesize, 8, LG_16, file_hdr->c_name,
++                       _("file size")))
++    return 1;
++  p += 8;
++  if (to_ascii_or_error (p, file_hdr->c_dev_maj, 8, LG_16, file_hdr->c_name,
++                       _("device major number")))
++    return 1;
++  p += 8;
++  if (to_ascii_or_error (p, file_hdr->c_dev_min, 8, LG_16, file_hdr->c_name,
++                       _("device minor number")))
++    return 1;
++  p += 8;
++  if (to_ascii_or_error (p, file_hdr->c_rdev_maj, 8, LG_16, file_hdr->c_name,
++                       _("rdev major")))
++    return 1;
++  p += 8;
++  if (to_ascii_or_error (p, file_hdr->c_rdev_min, 8, LG_16, file_hdr->c_name,
++                       _("rdev minor")))
++    return 1;
++  p += 8;
++  if (to_ascii_or_error (p, file_hdr->c_namesize, 8, LG_16, file_hdr->c_name,
++                       _("name size")))
++    return 1;
++  p += 8;
++  to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16);
++
++  tape_buffered_write (ascii_header, out_des, sizeof ascii_header);
++
++  /* Write file name to output.  */
++  tape_buffered_write (file_hdr->c_name, out_des, (long) file_hdr->c_namesize);
++  tape_pad_output (out_des, file_hdr->c_namesize + sizeof ascii_header);
++  return 0;
++}  
++
++int
++write_out_old_ascii_header (dev_t dev, dev_t rdev,
++                          struct new_cpio_header *file_hdr, int out_des)
++{
++  char ascii_header[76];
++  char *p = ascii_header;
++  
++  to_ascii (p, file_hdr->c_magic, 6, LG_8);
++  p += 6;
++  to_ascii_or_warn (p, dev, 6, LG_8, file_hdr->c_name, _("device number"));
++  p += 6;
++  to_ascii_or_warn (p, file_hdr->c_ino, 6, LG_8, file_hdr->c_name,
++                  _("inode number"));
++  p += 6;
++  to_ascii_or_warn (p, file_hdr->c_mode, 6, LG_8, file_hdr->c_name,
++                  _("file mode"));
++  p += 6;
++  to_ascii_or_warn (p, file_hdr->c_uid, 6, LG_8, file_hdr->c_name, _("uid"));
++  p += 6;
++  to_ascii_or_warn (p, file_hdr->c_gid, 6, LG_8, file_hdr->c_name, _("gid"));
++  p += 6;
++  to_ascii_or_warn (p, file_hdr->c_nlink, 6, LG_8, file_hdr->c_name,
++                  _("number of links"));
++  p += 6;
++  to_ascii_or_warn (p, rdev, 6, LG_8, file_hdr->c_name, _("rdev"));
++  p += 6;
++  to_ascii_or_warn (p, file_hdr->c_mtime, 11, LG_8, file_hdr->c_name,
++                  _("modification time"));
++  p += 11;
++  if (to_ascii_or_error (p, file_hdr->c_namesize, 6, LG_8, file_hdr->c_name,
++                       _("name size")))
++    return 1;
++  p += 6;



Home | Main Index | Thread Index | Old Index