pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2015Q1]: pkgsrc/sysutils/coreutils Pullup ticket #4661 - reque...
details: https://anonhg.NetBSD.org/pkgsrc/rev/a9cadeec9084
branches: pkgsrc-2015Q1
changeset: 649159:a9cadeec9084
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Tue Apr 14 19:04:38 2015 +0000
description:
Pullup ticket #4661 - requested by tnn
sysutils/coreutils - security fix
Revisions pulled up:
- sysutils/coreutils/Makefile 1.64
- sysutils/coreutils/distinfo 1.30
- sysutils/coreutils/patches/patch-lib_parse-datetime.c 1.1
---
Module Name: pkgsrc
Committed By: tnn
Date: Mon Apr 13 12:05:08 UTC 2015
Modified Files:
pkgsrc/sysutils/coreutils: Makefile distinfo
Added Files:
pkgsrc/sysutils/coreutils/patches: patch-lib_parse-datetime.c
Log Message:
Fix CVE-2014-9471 TZ parsing bug.
diffstat:
sysutils/coreutils/Makefile | 4 +-
sysutils/coreutils/distinfo | 3 +-
sysutils/coreutils/patches/patch-lib_parse-datetime.c | 32 +++++++++++++++++++
3 files changed, 36 insertions(+), 3 deletions(-)
diffs (65 lines):
diff -r acc3bb696922 -r a9cadeec9084 sysutils/coreutils/Makefile
--- a/sysutils/coreutils/Makefile Tue Apr 14 18:23:33 2015 +0000
+++ b/sysutils/coreutils/Makefile Tue Apr 14 19:04:38 2015 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.63 2014/05/29 23:37:27 wiz Exp $
+# $NetBSD: Makefile,v 1.63.8.1 2015/04/14 19:04:38 bsiegert Exp $
.include "../../sysutils/coreutils/Makefile.common"
-PKGREVISION= 1
+PKGREVISION= 2
CONFIGURE_ARGS+= --without-gmp
CONFLICTS= fileutils-[0-9]* gnuls-[0-9]* linuxls-[0-9]* sh-utils-[0-9]* textutils-[0-9]*
diff -r acc3bb696922 -r a9cadeec9084 sysutils/coreutils/distinfo
--- a/sysutils/coreutils/distinfo Tue Apr 14 18:23:33 2015 +0000
+++ b/sysutils/coreutils/distinfo Tue Apr 14 19:04:38 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.29 2014/06/29 06:53:23 obache Exp $
+$NetBSD: distinfo,v 1.29.8.1 2015/04/14 19:04:38 bsiegert Exp $
SHA1 (coreutils-8.22.tar.xz) = cc7fe47b21eb49dd2ee4cdb707570f42fb2c8cc6
RMD160 (coreutils-8.22.tar.xz) = c3da7ade1d3ac82e97ac4a24c70376af8b9b503b
@@ -6,4 +6,5 @@
SHA1 (patch-Makefile.in) = fce694c56777081a6a54d157dd0573945250f381
SHA1 (patch-lib-fflush.c) = 106e9c7d05fff290f24cb69e1b2c80d0077c62bd
SHA1 (patch-lib-fseeko.c) = 9f4b0294698648011c64869fc0e642f910e9d47f
+SHA1 (patch-lib_parse-datetime.c) = 9a2143f0d6e908c2b340a2520f2a280c5fb80e6d
SHA1 (patch-lib_string.in.h) = 37167af962d1cfe9196d11e4250d9e9628d9eb73
diff -r acc3bb696922 -r a9cadeec9084 sysutils/coreutils/patches/patch-lib_parse-datetime.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/coreutils/patches/patch-lib_parse-datetime.c Tue Apr 14 19:04:38 2015 +0000
@@ -0,0 +1,32 @@
+$NetBSD: patch-lib_parse-datetime.c,v 1.1.2.2 2015/04/14 19:04:38 bsiegert Exp $
+
+Fix CVE-2014-9471 TZ parsing bug.
+Via https://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872
+
+Note that we patch the generated parser instead of the
+bison grammar to avoid adding bison dependency here.
+
+--- lib/parse-datetime.c.orig 2013-12-09 14:43:39.000000000 +0000
++++ lib/parse-datetime.c
+@@ -3207,8 +3207,6 @@ parse_datetime (struct timespec *result,
+ char tz1buf[TZBUFSIZE];
+ bool large_tz = TZBUFSIZE < tzsize;
+ bool setenv_ok;
+- /* Free tz0, in case this is the 2nd or subsequent time through. */
+- free (tz0);
+ tz0 = get_tz (tz0buf);
+ z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf;
+ for (s = tzbase; *s != '"'; s++)
+@@ -3220,7 +3218,12 @@ parse_datetime (struct timespec *result,
+ if (!setenv_ok)
+ goto fail;
+ tz_was_altered = true;
++
+ p = s + 1;
++ while (c = *p, c_isspace (c))
++ p++;
++
++ break;
+ }
+ }
+
Home |
Main Index |
Thread Index |
Old Index