pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/archivers/gtar-base Fix for CVE-2006-0300 via RedHat
details: https://anonhg.NetBSD.org/pkgsrc/rev/d5012b8726b8
branches: trunk
changeset: 518244:d5012b8726b8
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Sun Sep 03 17:24:16 2006 +0000
description:
Fix for CVE-2006-0300 via RedHat
diffstat:
archivers/gtar-base/Makefile | 4 +-
archivers/gtar-base/distinfo | 3 +-
archivers/gtar-base/patches/patch-ai | 123 +++++++++++++++++++++++++++++++++++
3 files changed, 127 insertions(+), 3 deletions(-)
diffs (156 lines):
diff -r 4e20c7936be3 -r d5012b8726b8 archivers/gtar-base/Makefile
--- a/archivers/gtar-base/Makefile Sun Sep 03 17:14:33 2006 +0000
+++ b/archivers/gtar-base/Makefile Sun Sep 03 17:24:16 2006 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.53 2006/06/18 07:04:16 rillig Exp $
+# $NetBSD: Makefile,v 1.54 2006/09/03 17:24:16 adrianp Exp $
#
DISTNAME= tar-1.15.1
PKGNAME= gtar-base-1.15.1
-PKGREVISION= 2
+PKGREVISION= 3
SVR4_PKGNAME= gtarb
CATEGORIES= archivers
MASTER_SITES= ${MASTER_SITE_GNU:=tar/}
diff -r 4e20c7936be3 -r d5012b8726b8 archivers/gtar-base/distinfo
--- a/archivers/gtar-base/distinfo Sun Sep 03 17:14:33 2006 +0000
+++ b/archivers/gtar-base/distinfo Sun Sep 03 17:24:16 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2006/01/28 02:03:57 rillig Exp $
+$NetBSD: distinfo,v 1.17 2006/09/03 17:24:16 adrianp Exp $
SHA1 (tar-1.15.1.tar.gz) = 21574ae5d39b698f7f577e2cecc91a5ec89b659c
RMD160 (tar-1.15.1.tar.gz) = 83f35ee090d05f0865ebd9915bbd1b649a6555c5
@@ -11,3 +11,4 @@
SHA1 (patch-af) = be20dafd1c65db4ca60a5aedbc7a972117cd7072
SHA1 (patch-ag) = dc39d490b0085e452664b8ea7af0329f01f630d5
SHA1 (patch-ah) = d8532a99bf2bd0c35a9d994101fbd722f52c9ead
+SHA1 (patch-ai) = 444d47a539427df39404fcf4996082de1d00a4df
diff -r 4e20c7936be3 -r d5012b8726b8 archivers/gtar-base/patches/patch-ai
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/gtar-base/patches/patch-ai Sun Sep 03 17:24:16 2006 +0000
@@ -0,0 +1,123 @@
+$NetBSD: patch-ai,v 1.1 2006/09/03 17:24:16 adrianp Exp $
+
+--- src/xheader.c.orig 2004-09-06 12:31:14.000000000 +0100
++++ src/xheader.c
+@@ -783,6 +783,32 @@ code_num (uintmax_t value, char const *k
+ xheader_print (xhdr, keyword, sbuf);
+ }
+
++static bool
++decode_num (uintmax_t *num, char const *arg, uintmax_t maxval,
++ char const *keyword)
++{
++ uintmax_t u;
++ char *arg_lim;
++
++ if (! (ISDIGIT (*arg)
++ && (errno = 0, u = strtoumax (arg, &arg_lim, 10), !*arg_lim)))
++ {
++ ERROR ((0, 0, _("Malformed extended header: invalid %s=%s"),
++ keyword, arg));
++ return false;
++ }
++
++ if (! (u <= maxval && errno != ERANGE))
++ {
++ ERROR ((0, 0, _("Extended header %s=%s is out of range"),
++ keyword, arg));
++ return false;
++ }
++
++ *num = u;
++ return true;
++}
++
+ static void
+ dummy_coder (struct tar_stat_info const *st __attribute__ ((unused)),
+ char const *keyword __attribute__ ((unused)),
+@@ -821,7 +847,7 @@ static void
+ gid_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (gid_t), "gid"))
+ st->stat.st_gid = u;
+ }
+
+@@ -903,7 +929,7 @@ static void
+ size_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "size"))
+ st->archive_file_size = st->stat.st_size = u;
+ }
+
+@@ -918,7 +944,7 @@ static void
+ uid_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (uid_t), "uid"))
+ st->stat.st_uid = u;
+ }
+
+@@ -946,7 +972,7 @@ static void
+ sparse_size_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.size"))
+ st->stat.st_size = u;
+ }
+
+@@ -962,10 +988,10 @@ static void
+ sparse_numblocks_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numblocks"))
+ {
+ st->sparse_map_size = u;
+- st->sparse_map = calloc(st->sparse_map_size, sizeof(st->sparse_map[0]));
++ st->sparse_map = xcalloc (u, sizeof st->sparse_map[0]);
+ st->sparse_map_avail = 0;
+ }
+ }
+@@ -982,8 +1008,14 @@ static void
+ sparse_offset_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.offset"))
++ {
++ if (st->sparse_map_avail < st->sparse_map_size)
+ st->sparse_map[st->sparse_map_avail].offset = u;
++ else
++ ERROR ((0, 0, _("Malformed extended header: excess %s=%s"),
++ "GNU.sparse.offset", arg));
++ }
+ }
+
+ static void
+@@ -998,15 +1030,13 @@ static void
+ sparse_numbytes_decoder (struct tar_stat_info *st, char const *arg)
+ {
+ uintmax_t u;
+- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
++ if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numbytes"))
+ {
+ if (st->sparse_map_avail == st->sparse_map_size)
+- {
+- st->sparse_map_size *= 2;
+- st->sparse_map = xrealloc (st->sparse_map,
+- st->sparse_map_size
+- * sizeof st->sparse_map[0]);
+- }
++ st->sparse_map = x2nrealloc (st->sparse_map,
++ &st->sparse_map_size,
++ sizeof st->sparse_map[0]);
++
+ st->sparse_map[st->sparse_map_avail++].numbytes = u;
+ }
+ }
Home |
Main Index |
Thread Index |
Old Index