pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/archivers/zoo - Apply patch to fix CVE-2007-1669



details:   https://anonhg.NetBSD.org/pkgsrc/rev/2df908c6d223
branches:  trunk
changeset: 528735:2df908c6d223
user:      taca <taca%pkgsrc.org@localhost>
date:      Sun May 13 16:59:39 2007 +0000

description:
- Apply patch to fix CVE-2007-1669
- Stop using mktemp(3).

Bump PKGREVISION.

diffstat:

 archivers/zoo/Makefile         |   4 ++--
 archivers/zoo/distinfo         |   8 ++++++--
 archivers/zoo/patches/patch-ai |  38 ++++++++++++++++++++++++++++++++++----
 archivers/zoo/patches/patch-al |  35 +++++++++++++++++++++++++++++++++++
 archivers/zoo/patches/patch-am |  17 +++++++++++++++++
 archivers/zoo/patches/patch-an |  14 ++++++++++++++
 archivers/zoo/patches/patch-ao |  40 ++++++++++++++++++++++++++++++++++++++++
 7 files changed, 148 insertions(+), 8 deletions(-)

diffs (203 lines):

diff -r 25261b17c19a -r 2df908c6d223 archivers/zoo/Makefile
--- a/archivers/zoo/Makefile    Sun May 13 16:46:28 2007 +0000
+++ b/archivers/zoo/Makefile    Sun May 13 16:59:39 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.29 2006/10/01 21:08:26 rillig Exp $
+# $NetBSD: Makefile,v 1.30 2007/05/13 16:59:39 taca Exp $
 
 DISTNAME=      zoo-2.10pl1
 PKGNAME=       zoo-2.10.1
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    archivers
 MASTER_SITES=  ftp://ftp.kiarchive.ru/pub/unix/arcers/
 
diff -r 25261b17c19a -r 2df908c6d223 archivers/zoo/distinfo
--- a/archivers/zoo/distinfo    Sun May 13 16:46:28 2007 +0000
+++ b/archivers/zoo/distinfo    Sun May 13 16:59:39 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2006/10/01 21:08:26 rillig Exp $
+$NetBSD: distinfo,v 1.10 2007/05/13 16:59:39 taca Exp $
 
 SHA1 (zoo-2.10pl1.tar.gz) = c02d96148ee57df01596d0c8d07a3e327b821600
 RMD160 (zoo-2.10pl1.tar.gz) = 971d388b8cb29def1e4e31011463563e91c3d700
@@ -11,6 +11,10 @@
 SHA1 (patch-af) = f1489b0896a73df823f5623812a879a6bc47d572
 SHA1 (patch-ag) = 05b0a774e7aea3137917b2c714b46012fd401f6d
 SHA1 (patch-ah) = af3d79f9dd42f080863c6b672d9ca504c2bf79df
-SHA1 (patch-ai) = 87b3f07ec542b554a3ba1744f435e9be2200ed54
+SHA1 (patch-ai) = 9f6f815cb225dc6f81c66baf5f04ea50a9c345d6
 SHA1 (patch-aj) = a210f34c8d0ea713d3a92d187c395b7b6ef2c128
 SHA1 (patch-ak) = 40f83eccc77d54af5130d78bcd2d9af1d7cc54a9
+SHA1 (patch-al) = 7fe791ff692fd8b04e1a4d603204c2a2e34e95a0
+SHA1 (patch-am) = 0c35f8787f3d8c0f4f9a728ec6c85a143e0a816c
+SHA1 (patch-an) = 5530a9a6f56e12d21b12defa8e668b2229739703
+SHA1 (patch-ao) = cb4b567f1c78cd9299157bae5be92e2fb95d3894
diff -r 25261b17c19a -r 2df908c6d223 archivers/zoo/patches/patch-ai
--- a/archivers/zoo/patches/patch-ai    Sun May 13 16:46:28 2007 +0000
+++ b/archivers/zoo/patches/patch-ai    Sun May 13 16:59:39 2007 +0000
@@ -1,8 +1,38 @@
-$NetBSD: patch-ai,v 1.2 2005/05/21 11:35:01 rillig Exp $
+$NetBSD: patch-ai,v 1.3 2007/05/13 16:59:39 taca Exp $
 
---- ./zoolist.c        Sat Jul 20 00:57:27 1991
-+++ /usr/pkgsrc/archivers/zoo/work.i386.unpatched/zoolist.c    Fri Nov 12 06:19:38 1999
-@@ -539,10 +539,12 @@
+--- zoolist.c.orig     1991-07-20 07:57:27.000000000 +0900
++++ zoolist.c
+@@ -92,6 +92,7 @@ int genson = 1;                                      /* enable/disable ge
+ int show_mode = 0;                            /* show file protection */
+ #endif
+ int first_dir = 1;                            /* if first direntry -- to adjust dat_ofs */
++unsigned long zoo_pointer = 0;         /* Track our position in the file */
+ 
+ while (*option) {
+    switch (*option) {
+@@ -211,6 +212,9 @@ if (fiz_ofs != 0L) {                /* i
+               show_acmt (&zoo_header, zoo_file, 0);           /* show archive comment */
+       }
+ 
++   /* Begin tracking our position in the file */
++   zoo_pointer = zoo_header.zoo_start;
++
+    /* Seek to the beginning of the first directory entry */
+    if (zooseek (zoo_file, zoo_header.zoo_start, 0) != 0) {
+       ercount++;
+@@ -437,6 +441,11 @@ if (fiz_ofs != 0L) {                /* i
+          if (verb_list && !fast)
+             show_comment (&direntry, zoo_file, 0, (char *) NULL);
+       } /* end if (lots of conditions) */
++
++      /* Make sure we are not seeking to already processed data */
++      if (direntry.next <= zoo_pointer)
++               prterror ('f', "ZOO chain structure is corrupted\n");
++      zoo_pointer = direntry.next;
+    
+               /* ..seek to next dir entry */
+       zooseek (zoo_file, direntry.next, 0);
+@@ -539,10 +548,12 @@ int file_tz;
  {
        long gettz();
        int diff_tz;                            /* timezone difference */
diff -r 25261b17c19a -r 2df908c6d223 archivers/zoo/patches/patch-al
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/zoo/patches/patch-al    Sun May 13 16:59:39 2007 +0000
@@ -0,0 +1,35 @@
+$NetBSD: patch-al,v 1.1 2007/05/13 16:59:39 taca Exp $
+
+--- zooext.c.orig      1993-05-01 12:58:50.000000000 +0900
++++ zooext.c
+@@ -89,6 +89,7 @@ int alloc_size;                         
+ #endif
+ struct direntry direntry;                 /* directory entry */
+ int first_dir = 1;                                                            /* first dir entry seen? */
++unsigned long zoo_pointer = 0;            /* Track our position in the file */
+ 
+ static char extract_ver[] = "Zoo %d.%d is needed to extract %s.\n";
+ static char no_space[] = "Insufficient disk space to extract %s.\n";
+@@ -169,6 +170,9 @@ if (fiz_ofs != 0L) {                /* i
+               exit_status = 1;
+    }
+    zooseek (zoo_file, zoo_header.zoo_start, 0); /* seek to where data begins */
++
++   /* Begin tracking our position in the file */
++   zoo_pointer = zoo_header.zoo_start;
+ }
+ 
+ #ifndef PORTABLE
+@@ -597,6 +601,12 @@ bit 23==0 and bit 22==1. */
+    } /* end if */
+ 
+ loop_again:
++
++   /* Make sure we are not seeking to already processed data */
++   if (next_ptr <= zoo_pointer)
++          prterror ('f', "ZOO chain structure is corrupted\n");
++   zoo_pointer = next_ptr;
++
+    zooseek (zoo_file, next_ptr, 0); /* ..seek to next dir entry */
+ } /* end while */
+ 
diff -r 25261b17c19a -r 2df908c6d223 archivers/zoo/patches/patch-am
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/zoo/patches/patch-am    Sun May 13 16:59:39 2007 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-am,v 1.1 2007/05/13 16:59:39 taca Exp $
+
+--- portable.c.orig    1991-07-17 00:55:11.000000000 +0900
++++ portable.c
+@@ -87,6 +87,12 @@ ZOOFILE zoocreate (fname)
+ char *fname;
+ { return ((ZOOFILE) fopen (fname, Z_NEW)); }
+ 
++#ifndef USE_MKTEMP
++ZOOFILE zoocreate_fd (fd)
++int fd;
++{ return ((ZOOFILE) fdopen (fd, Z_NEW)); }
++#endif
++
+ #endif /* FIZ */
+ 
+ #ifndef zooseek
diff -r 25261b17c19a -r 2df908c6d223 archivers/zoo/patches/patch-an
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/zoo/patches/patch-an    Sun May 13 16:59:39 2007 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-an,v 1.1 2007/05/13 16:59:40 taca Exp $
+
+--- zooio.h.orig       1993-05-01 12:39:50.000000000 +0900
++++ zooio.h
+@@ -53,6 +53,9 @@ long zootell PARMS((ZOOFILE));
+ 
+ ZOOFILE zooopen PARMS((char *, char *));
+ ZOOFILE zoocreate PARMS((char *));
++#ifndef USE_MKTEMP
++ZOOFILE zoocreate_fd PARMS((int));
++#endif
+ int zooclose PARMS((ZOOFILE));
+ int zootrunc PARMS((ZOOFILE));
+ 
diff -r 25261b17c19a -r 2df908c6d223 archivers/zoo/patches/patch-ao
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/zoo/patches/patch-ao    Sun May 13 16:59:39 2007 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-ao,v 1.1 2007/05/13 16:59:40 taca Exp $
+
+--- zoopack.c.orig     1993-05-01 12:59:21.000000000 +0900
++++ zoopack.c
+@@ -32,7 +32,9 @@ Copyright (C) 1986, 1987 Rahul Dhesi -- 
+ #include <signal.h>
+ #endif
+ 
++#ifdef USE_MKTEMP
+ char *mktemp PARMS((char *));
++#endif
+ 
+ struct zoo_header zoo_header = {
+    TEXT,
+@@ -76,6 +78,7 @@ int bad_header = 0;                     
+ int latest_date = 0;                      /* latest date on any file moved */
+ int latest_time = 0;                      /*  ...likewise */
+ int curr_dir = 0;                                                                     /* create backup in curr dir */
++static int fd;
+ static char partial_msg[] =
+    "Partially packed archive left in %s.\n";
+ 
+@@ -171,9 +174,16 @@ if (!curr_dir) {
+ } else {
+    strcpy (temp_file, xes);
+ }
++#ifdef USE_MKTEMP
++fd = 0;
+ mktemp (temp_file);                    /* ... and make unique */
+ new_file = zoocreate (temp_file);
+-if (new_file == NOFILE)
++#else
++fd = mkstemp (temp_file);
++if (fd >= 0)
++   new_file = zoocreate (temp_file);
++#endif
++if (fd < 0 || new_file == NOFILE)
+    prterror ('f', "Could not create temporary file %s.\n", temp_file);
+ 
+ /*



Home | Main Index | Thread Index | Old Index