pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/archivers/libarchive Update to 1.3.1
details: https://anonhg.NetBSD.org/pkgsrc/rev/bda938eec773
branches: trunk
changeset: 521365:bda938eec773
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Fri Nov 10 00:29:44 2006 +0000
description:
Update to 1.3.1
Sep 05, 2006: libarchive 1.3.1 released
Sep 5, 2006: Bump version to 1.3 for new I/O wrappers.
Sep 4, 2006: New memory and FILE read/write wrappers.
Sep 4, 2006: libarchive test harness is now minimally functional;
it's located a few minor bugs in error-handling logic
Fix a denial of service security issue via FreeBSD:
If the end of an archive is reached while attempting to "skip" past a
region of an archive, libarchive will enter an infinite loop wherein it
repeatedly attempts (and fails) to read further data.
diffstat:
archivers/libarchive/Makefile | 4 +-
archivers/libarchive/distinfo | 9 +++--
archivers/libarchive/patches/patch-ac | 52 +++++++++++++++++++++++++++++++++++
3 files changed, 59 insertions(+), 6 deletions(-)
diffs (84 lines):
diff -r 64929f355b71 -r bda938eec773 archivers/libarchive/Makefile
--- a/archivers/libarchive/Makefile Fri Nov 10 00:26:00 2006 +0000
+++ b/archivers/libarchive/Makefile Fri Nov 10 00:29:44 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.14 2006/08/20 14:56:03 joerg Exp $
+# $NetBSD: Makefile,v 1.15 2006/11/10 00:29:44 adrianp Exp $
#
-DISTNAME= libarchive-1.2.57
+DISTNAME= libarchive-1.3.1
CATEGORIES= archivers
MASTER_SITES= http://people.freebsd.org/~kientzle/libarchive/src/
diff -r 64929f355b71 -r bda938eec773 archivers/libarchive/distinfo
--- a/archivers/libarchive/distinfo Fri Nov 10 00:26:00 2006 +0000
+++ b/archivers/libarchive/distinfo Fri Nov 10 00:29:44 2006 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.12 2006/08/20 14:56:03 joerg Exp $
+$NetBSD: distinfo,v 1.13 2006/11/10 00:29:44 adrianp Exp $
-SHA1 (libarchive-1.2.57.tar.gz) = 70bf5a0a6a8af4cefda412db5a2ba53724e9e3e8
-RMD160 (libarchive-1.2.57.tar.gz) = 238a44ec554aa4fc5ae795c1af3640d253f36445
-Size (libarchive-1.2.57.tar.gz) = 536128 bytes
+SHA1 (libarchive-1.3.1.tar.gz) = aed6eda15b012adbb88af0f0d76887920ffe7bbf
+RMD160 (libarchive-1.3.1.tar.gz) = e518f802d9a50afcfede6dd7cbb4f42b2cbe12a1
+Size (libarchive-1.3.1.tar.gz) = 901173 bytes
SHA1 (patch-ab) = 5e92405b0898123d8240f332475d13abe85f8ad3
+SHA1 (patch-ac) = 5775e26d19ace2b94c870c0e8de8e6efbe4b5c63
diff -r 64929f355b71 -r bda938eec773 archivers/libarchive/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/libarchive/patches/patch-ac Fri Nov 10 00:29:44 2006 +0000
@@ -0,0 +1,52 @@
+$NetBSD: patch-ac,v 1.1 2006/11/10 00:29:44 adrianp Exp $
+
+--- libarchive/archive_read_support_compression_none.c.orig 2006-09-05 07:00:47.000000000 +0100
++++ libarchive/archive_read_support_compression_none.c
+@@ -257,7 +257,9 @@ archive_decompressor_none_read_consume(s
+ }
+
+ /*
+- * Skip at most request bytes. Skipped data is marked as consumed.
++ * Skip forward by exactly the requested bytes or else return
++ * ARCHIVE_FATAL. Note that this differs from the contract for
++ * read_ahead, which does not gaurantee a minimum count.
+ */
+ static ssize_t
+ archive_decompressor_none_skip(struct archive *a, size_t request)
+@@ -287,9 +289,7 @@ archive_decompressor_none_skip(struct ar
+ if (request == 0)
+ return (total_bytes_skipped);
+ /*
+- * If no client_skipper is provided, just read the old way. It is very
+- * likely that after skipping, the request has not yet been fully
+- * satisfied (and is still > 0). In that case, read as well.
++ * If a client_skipper was provided, try that first.
+ */
+ if (a->client_skipper != NULL) {
+ bytes_skipped = (a->client_skipper)(a, a->client_data,
+@@ -307,6 +307,12 @@ archive_decompressor_none_skip(struct ar
+ a->raw_position += bytes_skipped;
+ state->client_avail = state->client_total = 0;
+ }
++ /*
++ * Note that client_skipper will usually not satisfy the
++ * full request (due to low-level blocking concerns),
++ * so even if client_skipper is provided, we may still
++ * have to use ordinary reads to finish out the request.
++ */
+ while (request > 0) {
+ const void* dummy_buffer;
+ ssize_t bytes_read;
+@@ -314,6 +320,12 @@ archive_decompressor_none_skip(struct ar
+ &dummy_buffer, request);
+ if (bytes_read < 0)
+ return (bytes_read);
++ if (bytes_read == 0) {
++ /* We hit EOF before we satisfied the skip request. */
++ archive_set_error(a, ARCHIVE_ERRNO_MISC,
++ "Truncated input file (need to skip %d bytes)", (int)request);
++ return (ARCHIVE_FATAL);
++ }
+ assert(bytes_read >= 0); /* precondition for cast below */
+ min = minimum((size_t)bytes_read, request);
+ bytes_read = archive_decompressor_none_read_consume(a, min);
Home |
Main Index |
Thread Index |
Old Index