pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/archivers/zoo - Apply patch to fix CVE-2007-1669
details: https://anonhg.NetBSD.org/pkgsrc/rev/2df908c6d223
branches: trunk
changeset: 528735:2df908c6d223
user: taca <taca%pkgsrc.org@localhost>
date: Sun May 13 16:59:39 2007 +0000
description:
- Apply patch to fix CVE-2007-1669
- Stop using mktemp(3).
Bump PKGREVISION.
diffstat:
archivers/zoo/Makefile | 4 ++--
archivers/zoo/distinfo | 8 ++++++--
archivers/zoo/patches/patch-ai | 38 ++++++++++++++++++++++++++++++++++----
archivers/zoo/patches/patch-al | 35 +++++++++++++++++++++++++++++++++++
archivers/zoo/patches/patch-am | 17 +++++++++++++++++
archivers/zoo/patches/patch-an | 14 ++++++++++++++
archivers/zoo/patches/patch-ao | 40 ++++++++++++++++++++++++++++++++++++++++
7 files changed, 148 insertions(+), 8 deletions(-)
diffs (203 lines):
diff -r 25261b17c19a -r 2df908c6d223 archivers/zoo/Makefile
--- a/archivers/zoo/Makefile Sun May 13 16:46:28 2007 +0000
+++ b/archivers/zoo/Makefile Sun May 13 16:59:39 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.29 2006/10/01 21:08:26 rillig Exp $
+# $NetBSD: Makefile,v 1.30 2007/05/13 16:59:39 taca Exp $
DISTNAME= zoo-2.10pl1
PKGNAME= zoo-2.10.1
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= archivers
MASTER_SITES= ftp://ftp.kiarchive.ru/pub/unix/arcers/
diff -r 25261b17c19a -r 2df908c6d223 archivers/zoo/distinfo
--- a/archivers/zoo/distinfo Sun May 13 16:46:28 2007 +0000
+++ b/archivers/zoo/distinfo Sun May 13 16:59:39 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2006/10/01 21:08:26 rillig Exp $
+$NetBSD: distinfo,v 1.10 2007/05/13 16:59:39 taca Exp $
SHA1 (zoo-2.10pl1.tar.gz) = c02d96148ee57df01596d0c8d07a3e327b821600
RMD160 (zoo-2.10pl1.tar.gz) = 971d388b8cb29def1e4e31011463563e91c3d700
@@ -11,6 +11,10 @@
SHA1 (patch-af) = f1489b0896a73df823f5623812a879a6bc47d572
SHA1 (patch-ag) = 05b0a774e7aea3137917b2c714b46012fd401f6d
SHA1 (patch-ah) = af3d79f9dd42f080863c6b672d9ca504c2bf79df
-SHA1 (patch-ai) = 87b3f07ec542b554a3ba1744f435e9be2200ed54
+SHA1 (patch-ai) = 9f6f815cb225dc6f81c66baf5f04ea50a9c345d6
SHA1 (patch-aj) = a210f34c8d0ea713d3a92d187c395b7b6ef2c128
SHA1 (patch-ak) = 40f83eccc77d54af5130d78bcd2d9af1d7cc54a9
+SHA1 (patch-al) = 7fe791ff692fd8b04e1a4d603204c2a2e34e95a0
+SHA1 (patch-am) = 0c35f8787f3d8c0f4f9a728ec6c85a143e0a816c
+SHA1 (patch-an) = 5530a9a6f56e12d21b12defa8e668b2229739703
+SHA1 (patch-ao) = cb4b567f1c78cd9299157bae5be92e2fb95d3894
diff -r 25261b17c19a -r 2df908c6d223 archivers/zoo/patches/patch-ai
--- a/archivers/zoo/patches/patch-ai Sun May 13 16:46:28 2007 +0000
+++ b/archivers/zoo/patches/patch-ai Sun May 13 16:59:39 2007 +0000
@@ -1,8 +1,38 @@
-$NetBSD: patch-ai,v 1.2 2005/05/21 11:35:01 rillig Exp $
+$NetBSD: patch-ai,v 1.3 2007/05/13 16:59:39 taca Exp $
---- ./zoolist.c Sat Jul 20 00:57:27 1991
-+++ /usr/pkgsrc/archivers/zoo/work.i386.unpatched/zoolist.c Fri Nov 12 06:19:38 1999
-@@ -539,10 +539,12 @@
+--- zoolist.c.orig 1991-07-20 07:57:27.000000000 +0900
++++ zoolist.c
+@@ -92,6 +92,7 @@ int genson = 1; /* enable/disable ge
+ int show_mode = 0; /* show file protection */
+ #endif
+ int first_dir = 1; /* if first direntry -- to adjust dat_ofs */
++unsigned long zoo_pointer = 0; /* Track our position in the file */
+
+ while (*option) {
+ switch (*option) {
+@@ -211,6 +212,9 @@ if (fiz_ofs != 0L) { /* i
+ show_acmt (&zoo_header, zoo_file, 0); /* show archive comment */
+ }
+
++ /* Begin tracking our position in the file */
++ zoo_pointer = zoo_header.zoo_start;
++
+ /* Seek to the beginning of the first directory entry */
+ if (zooseek (zoo_file, zoo_header.zoo_start, 0) != 0) {
+ ercount++;
+@@ -437,6 +441,11 @@ if (fiz_ofs != 0L) { /* i
+ if (verb_list && !fast)
+ show_comment (&direntry, zoo_file, 0, (char *) NULL);
+ } /* end if (lots of conditions) */
++
++ /* Make sure we are not seeking to already processed data */
++ if (direntry.next <= zoo_pointer)
++ prterror ('f', "ZOO chain structure is corrupted\n");
++ zoo_pointer = direntry.next;
+
+ /* ..seek to next dir entry */
+ zooseek (zoo_file, direntry.next, 0);
+@@ -539,10 +548,12 @@ int file_tz;
{
long gettz();
int diff_tz; /* timezone difference */
diff -r 25261b17c19a -r 2df908c6d223 archivers/zoo/patches/patch-al
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/zoo/patches/patch-al Sun May 13 16:59:39 2007 +0000
@@ -0,0 +1,35 @@
+$NetBSD: patch-al,v 1.1 2007/05/13 16:59:39 taca Exp $
+
+--- zooext.c.orig 1993-05-01 12:58:50.000000000 +0900
++++ zooext.c
+@@ -89,6 +89,7 @@ int alloc_size;
+ #endif
+ struct direntry direntry; /* directory entry */
+ int first_dir = 1; /* first dir entry seen? */
++unsigned long zoo_pointer = 0; /* Track our position in the file */
+
+ static char extract_ver[] = "Zoo %d.%d is needed to extract %s.\n";
+ static char no_space[] = "Insufficient disk space to extract %s.\n";
+@@ -169,6 +170,9 @@ if (fiz_ofs != 0L) { /* i
+ exit_status = 1;
+ }
+ zooseek (zoo_file, zoo_header.zoo_start, 0); /* seek to where data begins */
++
++ /* Begin tracking our position in the file */
++ zoo_pointer = zoo_header.zoo_start;
+ }
+
+ #ifndef PORTABLE
+@@ -597,6 +601,12 @@ bit 23==0 and bit 22==1. */
+ } /* end if */
+
+ loop_again:
++
++ /* Make sure we are not seeking to already processed data */
++ if (next_ptr <= zoo_pointer)
++ prterror ('f', "ZOO chain structure is corrupted\n");
++ zoo_pointer = next_ptr;
++
+ zooseek (zoo_file, next_ptr, 0); /* ..seek to next dir entry */
+ } /* end while */
+
diff -r 25261b17c19a -r 2df908c6d223 archivers/zoo/patches/patch-am
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/zoo/patches/patch-am Sun May 13 16:59:39 2007 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-am,v 1.1 2007/05/13 16:59:39 taca Exp $
+
+--- portable.c.orig 1991-07-17 00:55:11.000000000 +0900
++++ portable.c
+@@ -87,6 +87,12 @@ ZOOFILE zoocreate (fname)
+ char *fname;
+ { return ((ZOOFILE) fopen (fname, Z_NEW)); }
+
++#ifndef USE_MKTEMP
++ZOOFILE zoocreate_fd (fd)
++int fd;
++{ return ((ZOOFILE) fdopen (fd, Z_NEW)); }
++#endif
++
+ #endif /* FIZ */
+
+ #ifndef zooseek
diff -r 25261b17c19a -r 2df908c6d223 archivers/zoo/patches/patch-an
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/zoo/patches/patch-an Sun May 13 16:59:39 2007 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-an,v 1.1 2007/05/13 16:59:40 taca Exp $
+
+--- zooio.h.orig 1993-05-01 12:39:50.000000000 +0900
++++ zooio.h
+@@ -53,6 +53,9 @@ long zootell PARMS((ZOOFILE));
+
+ ZOOFILE zooopen PARMS((char *, char *));
+ ZOOFILE zoocreate PARMS((char *));
++#ifndef USE_MKTEMP
++ZOOFILE zoocreate_fd PARMS((int));
++#endif
+ int zooclose PARMS((ZOOFILE));
+ int zootrunc PARMS((ZOOFILE));
+
diff -r 25261b17c19a -r 2df908c6d223 archivers/zoo/patches/patch-ao
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/zoo/patches/patch-ao Sun May 13 16:59:39 2007 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-ao,v 1.1 2007/05/13 16:59:40 taca Exp $
+
+--- zoopack.c.orig 1993-05-01 12:59:21.000000000 +0900
++++ zoopack.c
+@@ -32,7 +32,9 @@ Copyright (C) 1986, 1987 Rahul Dhesi --
+ #include <signal.h>
+ #endif
+
++#ifdef USE_MKTEMP
+ char *mktemp PARMS((char *));
++#endif
+
+ struct zoo_header zoo_header = {
+ TEXT,
+@@ -76,6 +78,7 @@ int bad_header = 0;
+ int latest_date = 0; /* latest date on any file moved */
+ int latest_time = 0; /* ...likewise */
+ int curr_dir = 0; /* create backup in curr dir */
++static int fd;
+ static char partial_msg[] =
+ "Partially packed archive left in %s.\n";
+
+@@ -171,9 +174,16 @@ if (!curr_dir) {
+ } else {
+ strcpy (temp_file, xes);
+ }
++#ifdef USE_MKTEMP
++fd = 0;
+ mktemp (temp_file); /* ... and make unique */
+ new_file = zoocreate (temp_file);
+-if (new_file == NOFILE)
++#else
++fd = mkstemp (temp_file);
++if (fd >= 0)
++ new_file = zoocreate (temp_file);
++#endif
++if (fd < 0 || new_file == NOFILE)
+ prterror ('f', "Could not create temporary file %s.\n", temp_file);
+
+ /*
Home |
Main Index |
Thread Index |
Old Index