update to mpack 1.6 plus various patches from Sebastian Pipping:
- SECURITY: don't create world readable files. CVE-2011-4919 - avoid conflicting prototypes
This commit is contained in:
parent
0b7f7a5fee
commit
2476a2db73
@ -1,34 +1,22 @@
|
||||
# $OpenBSD: Makefile,v 1.22 2010/10/23 22:01:30 sthen Exp $
|
||||
# $OpenBSD: Makefile,v 1.23 2012/01/08 00:12:12 sthen Exp $
|
||||
|
||||
COMMENT= external MIME packer/unpacker
|
||||
|
||||
V= 1.5
|
||||
DISTNAME= mpack-${V}-src
|
||||
PKGNAME= mpack-${V}
|
||||
REVISION= 1
|
||||
DISTNAME= mpack-1.6
|
||||
CATEGORIES= converters mail news
|
||||
|
||||
# License: BSD
|
||||
# BSD
|
||||
PERMIT_PACKAGE_CDROM= Yes
|
||||
PERMIT_PACKAGE_FTP= Yes
|
||||
PERMIT_DISTFILES_CDROM= Yes
|
||||
PERMIT_DISTFILES_FTP= Yes
|
||||
|
||||
WANTLIB= c
|
||||
WANTLIB += c
|
||||
|
||||
MASTER_SITES= ftp://ftp.andrew.cmu.edu/pub/mpack/
|
||||
EXTRACT_SUFX= .tar.Z
|
||||
MASTER_SITES= http://ftp.andrew.cmu.edu/pub/mpack/ \
|
||||
ftp://ftp.andrew.cmu.edu/pub/mpack/
|
||||
|
||||
WRKDIST= ${WRKDIR}/mpack
|
||||
MAKE_ENV= CC="${CC}" CFLAGS="${CFLAGS}"
|
||||
|
||||
USE_GROFF = Yes
|
||||
CONFIGURE_STYLE= gnu
|
||||
NO_REGRESS= Yes
|
||||
|
||||
do-install:
|
||||
${INSTALL_PROGRAM} ${WRKBUILD}/mpack ${PREFIX}/bin
|
||||
${INSTALL_PROGRAM} ${WRKBUILD}/munpack ${PREFIX}/bin
|
||||
${INSTALL_MAN} ${WRKSRC}/unixpk.man ${PREFIX}/man/man1/mpack.1
|
||||
${INSTALL_MAN} ${WRKSRC}/unixunpk.man ${PREFIX}/man/man1/munpack.1
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
@ -1,5 +1,5 @@
|
||||
MD5 (mpack-1.5-src.tar.Z) = 9B+Koq6S2Q4awDKRlz5l5A==
|
||||
RMD160 (mpack-1.5-src.tar.Z) = YUw1sfY8KmAnyXiUaUHNh1XLp3Q=
|
||||
SHA1 (mpack-1.5-src.tar.Z) = HFCB7dnHFS0qjEWFryxaP8nxfWA=
|
||||
SHA256 (mpack-1.5-src.tar.Z) = eLRCzzeInVaxGzaMrebj6+SbJ9Skb87BWGafsLjvHPk=
|
||||
SIZE (mpack-1.5-src.tar.Z) = 285360
|
||||
MD5 (mpack-1.6.tar.gz) = pw+lr6dlOamvtwudgVaP6A==
|
||||
RMD160 (mpack-1.6.tar.gz) = qDMwqhVDfcPKZHXL9uNbCauc7wc=
|
||||
SHA1 (mpack-1.6.tar.gz) = f9OnPg8TFBKSC2/zSHLn5/oD4Ds=
|
||||
SHA256 (mpack-1.6.tar.gz) = J0EIuzo5mCpO/BT7OmUpjmbI5xNnw9q/STOBYtIHqUw=
|
||||
SIZE (mpack-1.6.tar.gz) = 179850
|
||||
|
@ -1,23 +0,0 @@
|
||||
$OpenBSD: patch-Makefile,v 1.3 2005/10/06 21:09:22 aanriot Exp $
|
||||
--- Makefile.orig Thu Feb 16 22:39:41 1995
|
||||
+++ Makefile Fri Aug 9 02:49:07 2002
|
||||
@@ -1,5 +1,5 @@
|
||||
-CFLAGS=$(OPT) $(DEFINES)
|
||||
-OPT=-O
|
||||
+#CFLAGS=$(OPT) $(DEFINES)
|
||||
+#OPT=-O
|
||||
|
||||
|
||||
#Uncomment the following line if your system does not have strchr()
|
||||
@@ -24,9 +24,9 @@ OPT=-O
|
||||
|
||||
|
||||
PACKOBJS = unixpk.o encode.o codes.o magic.o unixos.o string.o \
|
||||
- xmalloc.o md5c.o getopt.o
|
||||
+ xmalloc.o
|
||||
UNPACKOBJS = unixunpk.o decode.o uudecode.o codes.o unixos.o string.o \
|
||||
- part.o xmalloc.o md5c.o getopt.o
|
||||
+ part.o xmalloc.o
|
||||
|
||||
DESTDIR=/usr/local
|
||||
|
@ -1,7 +1,7 @@
|
||||
$OpenBSD: patch-codes_c,v 1.3 2005/10/06 21:09:22 aanriot Exp $
|
||||
--- codes.c.orig Fri Aug 9 02:55:28 2002
|
||||
+++ codes.c Fri Aug 9 02:56:20 2002
|
||||
@@ -38,8 +38,8 @@ WITHOUT ANY EXPRESS OR IMPLIED WARRANTIE
|
||||
$OpenBSD: patch-codes_c,v 1.4 2012/01/08 00:12:12 sthen Exp $
|
||||
--- codes.c.orig Mon Jul 21 21:51:08 2003
|
||||
+++ codes.c Sun Jan 8 00:00:40 2012
|
||||
@@ -38,8 +38,8 @@ WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. */
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <ctype.h>
|
||||
@ -9,5 +9,5 @@ $OpenBSD: patch-codes_c,v 1.3 2005/10/06 21:09:22 aanriot Exp $
|
||||
#include "xmalloc.h"
|
||||
-#include "md5.h"
|
||||
|
||||
void output64chunk(int c1, int c2, int c3, int pads, FILE *outfile);
|
||||
static char basis_64[] =
|
||||
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
||||
|
@ -1,63 +1,27 @@
|
||||
$OpenBSD: patch-decode_c,v 1.3 2005/10/06 21:09:22 aanriot Exp $
|
||||
--- decode.c.orig Thu Feb 16 22:39:44 1995
|
||||
+++ decode.c Fri Aug 9 03:03:32 2002
|
||||
@@ -28,10 +28,10 @@
|
||||
$OpenBSD: patch-decode_c,v 1.4 2012/01/08 00:12:12 sthen Exp $
|
||||
--- decode.c.orig Mon Jul 21 21:47:54 2003
|
||||
+++ decode.c Sun Jan 8 00:02:59 2012
|
||||
@@ -28,10 +28,11 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <ctype.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <md5.h>
|
||||
#include "xmalloc.h"
|
||||
#include "common.h"
|
||||
#include "part.h"
|
||||
-#include "md5.h"
|
||||
|
||||
extern char *os_idtodir();
|
||||
extern FILE *os_newtypedfile();
|
||||
@@ -416,6 +416,15 @@ char **headerp;
|
||||
}
|
||||
if (*header) *header++ = '\0';
|
||||
extern char *os_idtodir(char *id);
|
||||
extern FILE *os_newtypedfile(char *fname, char *contentType, int flags, params contentParams);
|
||||
@@ -545,8 +546,8 @@ getDispositionFilename(char *disposition)
|
||||
SkipWhitespace(&disposition);
|
||||
if (!disposition) return 0;
|
||||
|
||||
- /* If we're looking at a ";", we found what we're looking for */
|
||||
- if (*disposition++ == ';') break;
|
||||
+ /* If we're looking at a "=", we found what we're looking for */
|
||||
+ if (*disposition++ == '=') break;
|
||||
}
|
||||
+
|
||||
+ /*
|
||||
+ * Debian fix: if there was only an empty parameter list (a bare
|
||||
+ * semicolon) then there is no guarantee that param[nparam] exists.
|
||||
+ * Therefore, treat it as if there is no parameter list.
|
||||
+ */
|
||||
+ if (nparam == 0)
|
||||
+ return 0;
|
||||
+
|
||||
param[nparam] = 0;
|
||||
return param;
|
||||
}
|
||||
@@ -466,6 +475,7 @@ char *key;
|
||||
while (*from && *from != '\"') {
|
||||
if (!--left) {
|
||||
alloced += VALUEGROWSIZE;
|
||||
+ left += VALUEGROWSIZE;
|
||||
value = xrealloc(value, alloced);
|
||||
to = value + alloced - left - 2;
|
||||
}
|
||||
@@ -482,6 +492,7 @@ char *key;
|
||||
while (*from && !isspace(*from)) {
|
||||
if (!--left) {
|
||||
alloced += VALUEGROWSIZE;
|
||||
+ left += VALUEGROWSIZE;
|
||||
value = xrealloc(value, alloced);
|
||||
to = value + alloced - left - 2;
|
||||
}
|
||||
@@ -571,6 +582,7 @@ char *disposition;
|
||||
while (*disposition && *disposition != '\"') {
|
||||
if (!--left) {
|
||||
alloced += VALUEGROWSIZE;
|
||||
+ left += VALUEGROWSIZE;
|
||||
value = xrealloc(value, alloced);
|
||||
to = value + alloced - left - 2;
|
||||
}
|
||||
@@ -588,6 +600,7 @@ char *disposition;
|
||||
*disposition != '(') {
|
||||
if (!--left) {
|
||||
alloced += VALUEGROWSIZE;
|
||||
+ left += VALUEGROWSIZE;
|
||||
value = xrealloc(value, alloced);
|
||||
to = value + alloced - left - 2;
|
||||
}
|
||||
|
||||
SkipWhitespace(&disposition);
|
||||
|
11
converters/mpack/patches/patch-encode_c
Normal file
11
converters/mpack/patches/patch-encode_c
Normal file
@ -0,0 +1,11 @@
|
||||
$OpenBSD: patch-encode_c,v 1.1 2012/01/08 00:12:13 sthen Exp $
|
||||
--- encode.c.orig Sun Jan 8 00:03:01 2012
|
||||
+++ encode.c Sun Jan 8 00:03:09 2012
|
||||
@@ -24,6 +24,7 @@
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
+#include <stdlib.h>
|
||||
|
||||
extern char *magic_look(FILE *infile);
|
||||
extern char *os_genid(void);
|
11
converters/mpack/patches/patch-part_c
Normal file
11
converters/mpack/patches/patch-part_c
Normal file
@ -0,0 +1,11 @@
|
||||
$OpenBSD: patch-part_c,v 1.1 2012/01/08 00:12:13 sthen Exp $
|
||||
--- part.c.orig Sun Jan 8 00:03:35 2012
|
||||
+++ part.c Sun Jan 8 00:03:42 2012
|
||||
@@ -28,6 +28,7 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
+#include <stdlib.h>
|
||||
|
||||
#include "part.h"
|
||||
#include "xmalloc.h"
|
@ -1,34 +1,38 @@
|
||||
$OpenBSD: patch-unixos_c,v 1.3 2005/10/06 21:09:22 aanriot Exp $
|
||||
--- unixos.c.orig Thu Feb 16 22:39:50 1995
|
||||
+++ unixos.c Fri Aug 9 02:58:47 2002
|
||||
@@ -36,7 +36,9 @@
|
||||
$OpenBSD: patch-unixos_c,v 1.4 2012/01/08 00:12:13 sthen Exp $
|
||||
|
||||
Fixes from Sebastian Pipping
|
||||
http://git.goodpoint.de/?p=mpack.git;a=commitdiff;h=0c87201f64491575350b18d04c62ec142e119d1f
|
||||
|
||||
--- unixos.c.orig Mon Jul 21 21:54:05 2003
|
||||
+++ unixos.c Sun Jan 8 00:06:09 2012
|
||||
@@ -30,6 +30,7 @@
|
||||
#include <sys/param.h>
|
||||
#include <netdb.h>
|
||||
#include <fcntl.h>
|
||||
+#include <stdlib.h>
|
||||
#include "xmalloc.h"
|
||||
#include "common.h"
|
||||
#include "part.h"
|
||||
@@ -38,10 +39,6 @@
|
||||
#define MAXHOSTNAMELEN 64
|
||||
#endif
|
||||
|
||||
+#ifndef errno
|
||||
extern int errno;
|
||||
+#endif
|
||||
extern char *malloc();
|
||||
extern char *getenv();
|
||||
-extern int errno;
|
||||
-extern char *malloc();
|
||||
-extern char *getenv();
|
||||
-
|
||||
int overwrite_files = 0;
|
||||
int didchat;
|
||||
|
||||
@@ -89,7 +91,7 @@ char *id;
|
||||
strcpy(buf, getenv("TMPDIR"));
|
||||
}
|
||||
else {
|
||||
- strcpy(buf, "/usr/tmp");
|
||||
+ strcpy(buf, "/var/tmp");
|
||||
}
|
||||
strcat(buf, "/m-prts-");
|
||||
p = getenv("USER");
|
||||
@@ -159,6 +161,11 @@ params contentParams;
|
||||
@@ -137,9 +134,9 @@ FILE *os_createnewfile(char *fname)
|
||||
FILE *ret;
|
||||
|
||||
#ifdef O_EXCL
|
||||
- fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0644);
|
||||
+ fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0600);
|
||||
#else
|
||||
- fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0644);
|
||||
+ fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0600);
|
||||
#endif
|
||||
|
||||
/* Get rid of leading ~ or ~/ */
|
||||
while (*fname == '~' || *fname == '/') fname++;
|
||||
+
|
||||
+ /* Debian fix: the loop below handles internal "/../" but not
|
||||
+ * leading "../" */
|
||||
+ /* Get rid of leading "../" */
|
||||
+ while (!strncmp(fname, "../", 3)) fname += 3;
|
||||
|
||||
/* Clean out bad characters, create directories along path */
|
||||
for (p=fname; *p; p++) {
|
||||
if (fd == -1)
|
||||
|
@ -1,8 +1,17 @@
|
||||
$OpenBSD: patch-unixpk_c,v 1.3 2005/10/06 21:09:22 aanriot Exp $
|
||||
--- unixpk.c.orig Thu Feb 16 22:39:50 1995
|
||||
+++ unixpk.c Mon Aug 5 12:30:30 2002
|
||||
@@ -165,7 +165,7 @@ char **argv;
|
||||
strcpy(fnamebuf, "/tmp");
|
||||
$OpenBSD: patch-unixpk_c,v 1.4 2012/01/08 00:12:13 sthen Exp $
|
||||
--- unixpk.c.orig Mon Jul 21 21:50:41 2003
|
||||
+++ unixpk.c Sun Jan 8 00:04:20 2012
|
||||
@@ -25,6 +25,8 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <unistd.h>
|
||||
#include "common.h"
|
||||
#include "version.h"
|
||||
#include "xmalloc.h"
|
||||
@@ -167,7 +169,7 @@ int main(int argc, char **argv)
|
||||
strcpy(fnamebuf, "/usr/tmp");
|
||||
}
|
||||
strcat(fnamebuf, "/mpackXXXXXX");
|
||||
- mktemp(fnamebuf);
|
||||
|
@ -1,7 +1,7 @@
|
||||
$OpenBSD: patch-unixpk_man,v 1.1 2002/08/09 01:15:19 naddy Exp $
|
||||
--- unixpk.man.orig Thu Feb 16 22:39:50 1995
|
||||
+++ unixpk.man Mon Aug 5 12:30:30 2002
|
||||
@@ -136,7 +136,7 @@ Mail the generated messages to the speci
|
||||
$OpenBSD: patch-unixpk_man,v 1.2 2012/01/08 00:12:13 sthen Exp $
|
||||
--- unixpk.man.orig Thu Feb 16 21:39:50 1995
|
||||
+++ unixpk.man Sun Jan 8 00:00:40 2012
|
||||
@@ -136,7 +136,7 @@ Mail the generated messages to the specified addresses
|
||||
.SH ENVIRONMENT
|
||||
.TP
|
||||
.B TMPDIR
|
||||
|
@ -1,9 +1,17 @@
|
||||
$OpenBSD: patch-unixunpk_c,v 1.3 2005/10/06 21:09:22 aanriot Exp $
|
||||
--- unixunpk.c.orig Fri Aug 9 02:44:18 2002
|
||||
+++ unixunpk.c Fri Aug 9 02:44:38 2002
|
||||
@@ -100,7 +100,7 @@ char **argv;
|
||||
$OpenBSD: patch-unixunpk_c,v 1.4 2012/01/08 00:12:13 sthen Exp $
|
||||
--- unixunpk.c.orig Mon Jul 21 21:51:55 2003
|
||||
+++ unixunpk.c Sun Jan 8 00:04:32 2012
|
||||
@@ -23,6 +23,7 @@
|
||||
* SOFTWARE.
|
||||
*/
|
||||
#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
#include "version.h"
|
||||
#include "part.h"
|
||||
|
||||
usage() {
|
||||
@@ -100,7 +101,7 @@ int main(int argc, char **argv)
|
||||
|
||||
void usage(void) {
|
||||
fprintf(stderr, "munpack version %s\n", MPACK_VERSION);
|
||||
- fprintf(stderr, "usage: munpack [-f] [-q] [-C directory] [files...]\n");
|
||||
+ fprintf(stderr, "usage: munpack [-f] [-q] [-t] [-C directory] [files...]\n");
|
||||
|
12
converters/mpack/patches/patch-xmalloc_c
Normal file
12
converters/mpack/patches/patch-xmalloc_c
Normal file
@ -0,0 +1,12 @@
|
||||
$OpenBSD: patch-xmalloc_c,v 1.1 2012/01/08 00:12:13 sthen Exp $
|
||||
--- xmalloc.c.orig Sun Jan 8 00:04:35 2012
|
||||
+++ xmalloc.c Sun Jan 8 00:04:44 2012
|
||||
@@ -24,7 +24,7 @@
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
-extern char *malloc(), *realloc();
|
||||
+#include <stdlib.h>
|
||||
|
||||
char *xmalloc (int size)
|
||||
{
|
Loading…
Reference in New Issue
Block a user