SECURITY update to 2.11 for CVE-2010-0624:
Heap-based buffer overflow allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested. with jasper@
This commit is contained in:
naddy
parent
b66bcb7642
commit
a77479079d
@ -1,9 +1,9 @@
|
||||
# $OpenBSD: Makefile,v 1.16 2009/06/09 15:09:44 ajacoutot Exp $
|
||||
# $OpenBSD: Makefile,v 1.17 2010/04/05 16:58:59 naddy Exp $
|
||||
|
||||
COMMENT= GNU copy-in/out (cpio)
|
||||
|
||||
DISTNAME= cpio-2.9
|
||||
PKGNAME= g${DISTNAME}p1
|
||||
DISTNAME= cpio-2.11
|
||||
PKGNAME= g${DISTNAME}
|
||||
CATEGORIES= archivers
|
||||
|
||||
HOMEPAGE= http://www.gnu.org/software/cpio/
|
||||
@ -21,6 +21,7 @@ WANTLIB= c
|
||||
|
||||
CONFIGURE_STYLE=gnu
|
||||
CONFIGURE_ARGS= --program-prefix="g" \
|
||||
--disable-silent-rules \
|
||||
--with-rmt=/etc/rmt
|
||||
MODGNU_CONFIG_GUESS_DIRS=${WRKSRC}/build-aux
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
MD5 (cpio-2.9.tar.gz) = K7mXozVV1Nx51F0M3wLO3Q==
|
||||
RMD160 (cpio-2.9.tar.gz) = 1f/AeriESWihQnyS2IEYX/pDorI=
|
||||
SHA1 (cpio-2.9.tar.gz) = T940UDbIzGLjClCtX6YVa1o5wis=
|
||||
SHA256 (cpio-2.9.tar.gz) = 5Y/mZUvuqdyfvuEVRCwMw9uGTgYa3tavFOs00S1ruI4=
|
||||
SIZE (cpio-2.9.tar.gz) = 977105
|
||||
MD5 (cpio-2.11.tar.gz) = ERK7bEWGNGi1SWuhKHkvbA==
|
||||
RMD160 (cpio-2.11.tar.gz) = FELI3PB9jvn82gt3J6q1L+hBYbo=
|
||||
SHA1 (cpio-2.11.tar.gz) = LESkQZXt8VcGDLCzNaAe4OzjFpo=
|
||||
SHA256 (cpio-2.11.tar.gz) = YBsdd0zW5M05QWIDyR7Fnb1l3SfXnXXhqbiUl+pkOXg=
|
||||
SIZE (cpio-2.11.tar.gz) = 1428330
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-configure,v 1.3 2007/07/09 17:38:42 naddy Exp $
|
||||
--- configure.orig Fri Jul 6 18:05:57 2007
|
||||
+++ configure Fri Jul 6 18:06:13 2007
|
||||
@@ -36091,7 +36091,7 @@ for ac_last_try in false false false false false :; do
|
||||
INTL_MACOSX_LIBS!$INTL_MACOSX_LIBS$ac_delim
|
||||
LIBICONV!$LIBICONV$ac_delim
|
||||
LTLIBICONV!$LTLIBICONV$ac_delim
|
||||
-INTLLIBS!$INTLLIBS$ac_delim
|
||||
+INTLLIBS!$LTLIBINTL$ac_delim
|
||||
POSUB!$POSUB$ac_delim
|
||||
AUTOM4TE!$AUTOM4TE$ac_delim
|
||||
LIBOBJS!$LIBOBJS$ac_delim
|
||||
@ -1,89 +0,0 @@
|
||||
$OpenBSD: patch-lib_paxnames_c,v 1.1 2009/01/16 16:58:05 naddy Exp $
|
||||
--- lib/paxnames.c.orig Wed Jun 27 15:49:45 2007
|
||||
+++ lib/paxnames.c Fri Jan 16 17:45:04 2009
|
||||
@@ -36,15 +36,27 @@ hash_string_compare (void const *name1, void const *na
|
||||
return strcmp (name1, name2) == 0;
|
||||
}
|
||||
|
||||
-/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
|
||||
- copy of STRING to TABLE and return 1. */
|
||||
-bool
|
||||
-hash_string_insert (Hash_table **table, char const *string)
|
||||
+/* Return zero if TABLE contains a LEN-character long prefix of STRING,
|
||||
+ otherwise, insert a newly allocated copy of this prefix to TABLE and
|
||||
+ return 1. If RETURN_PREFIX is not NULL, point it to the allocated
|
||||
+ copy. */
|
||||
+static bool
|
||||
+hash_string_insert_prefix (Hash_table **table, char const *string, size_t len,
|
||||
+ const char **return_prefix)
|
||||
{
|
||||
Hash_table *t = *table;
|
||||
- char *s = xstrdup (string);
|
||||
+ char *s;
|
||||
char *e;
|
||||
|
||||
+ if (len)
|
||||
+ {
|
||||
+ s = xmalloc (len + 1);
|
||||
+ memcpy (s, string, len);
|
||||
+ s[len] = 0;
|
||||
+ }
|
||||
+ else
|
||||
+ s = xstrdup (string);
|
||||
+
|
||||
if (! ((t
|
||||
|| (*table = t = hash_initialize (0, 0, hash_string_hasher,
|
||||
hash_string_compare, 0)))
|
||||
@@ -52,7 +64,11 @@ hash_string_insert (Hash_table **table, char const *st
|
||||
xalloc_die ();
|
||||
|
||||
if (e == s)
|
||||
- return 1;
|
||||
+ {
|
||||
+ if (return_prefix)
|
||||
+ *return_prefix = s;
|
||||
+ return 1;
|
||||
+ }
|
||||
else
|
||||
{
|
||||
free (s);
|
||||
@@ -60,6 +76,14 @@ hash_string_insert (Hash_table **table, char const *st
|
||||
}
|
||||
}
|
||||
|
||||
+/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
|
||||
+ copy of STRING to TABLE and return 1. */
|
||||
+bool
|
||||
+hash_string_insert (Hash_table **table, char const *string)
|
||||
+{
|
||||
+ return hash_string_insert_prefix (table, string, 0, NULL);
|
||||
+}
|
||||
+
|
||||
/* Return 1 if TABLE contains STRING. */
|
||||
bool
|
||||
hash_string_lookup (Hash_table const *table, char const *string)
|
||||
@@ -88,7 +112,8 @@ removed_prefixes_p (void)
|
||||
If ABSOLUTE_NAMES is 0, strip filesystem prefix from the file name. */
|
||||
|
||||
char *
|
||||
-safer_name_suffix (char const *file_name, bool link_target, bool absolute_names)
|
||||
+safer_name_suffix (char const *file_name, bool link_target,
|
||||
+ bool absolute_names)
|
||||
{
|
||||
char const *p;
|
||||
|
||||
@@ -121,11 +146,9 @@ safer_name_suffix (char const *file_name, bool link_ta
|
||||
|
||||
if (prefix_len)
|
||||
{
|
||||
- char *prefix = alloca (prefix_len + 1);
|
||||
- memcpy (prefix, file_name, prefix_len);
|
||||
- prefix[prefix_len] = '\0';
|
||||
-
|
||||
- if (hash_string_insert (&prefix_table[link_target], prefix))
|
||||
+ const char *prefix;
|
||||
+ if (hash_string_insert_prefix (&prefix_table[link_target], file_name,
|
||||
+ prefix_len, &prefix))
|
||||
{
|
||||
static char const *const diagnostic[] =
|
||||
{
|
||||
@ -1,14 +0,0 @@
|
||||
$OpenBSD: patch-tests_argcv_c,v 1.1 2007/07/09 17:38:42 naddy Exp $
|
||||
--- tests/argcv.c.orig Sat May 12 10:01:50 2007
|
||||
+++ tests/argcv.c Sat May 12 10:02:02 2007
|
||||
@@ -15,6 +15,10 @@
|
||||
License along with this library; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
|
||||
|
||||
+#ifdef HAVE_CONFIG_H
|
||||
+#include <config.h>
|
||||
+#endif
|
||||
+
|
||||
#include <ctype.h>
|
||||
|
||||
#include <argcv.h>
|
||||
@ -1,26 +1,27 @@
|
||||
@comment $OpenBSD: PLIST,v 1.7 2009/01/16 16:58:05 naddy Exp $
|
||||
@comment $OpenBSD: PLIST,v 1.8 2010/04/05 16:58:59 naddy Exp $
|
||||
@bin bin/gcpio
|
||||
@info info/cpio.info
|
||||
@comment lib/charset.alias
|
||||
@man man/man1/gcpio.1
|
||||
@comment @man man/man1/gmt.1
|
||||
share/locale/da/LC_MESSAGES/cpio.mo
|
||||
share/locale/de/LC_MESSAGES/cpio.mo
|
||||
share/locale/es/LC_MESSAGES/cpio.mo
|
||||
share/locale/fi/LC_MESSAGES/cpio.mo
|
||||
share/locale/fr/LC_MESSAGES/cpio.mo
|
||||
share/locale/ga/LC_MESSAGES/cpio.mo
|
||||
share/locale/gl/LC_MESSAGES/cpio.mo
|
||||
share/locale/hu/LC_MESSAGES/cpio.mo
|
||||
share/locale/id/LC_MESSAGES/cpio.mo
|
||||
share/locale/ko/LC_MESSAGES/cpio.mo
|
||||
share/locale/nl/LC_MESSAGES/cpio.mo
|
||||
share/locale/pl/LC_MESSAGES/cpio.mo
|
||||
share/locale/pt_BR/LC_MESSAGES/cpio.mo
|
||||
share/locale/ro/LC_MESSAGES/cpio.mo
|
||||
share/locale/ru/LC_MESSAGES/cpio.mo
|
||||
share/locale/rw/
|
||||
share/locale/rw/LC_MESSAGES/
|
||||
share/locale/rw/LC_MESSAGES/cpio.mo
|
||||
share/locale/sv/LC_MESSAGES/cpio.mo
|
||||
share/locale/tr/LC_MESSAGES/cpio.mo
|
||||
share/locale/uk/LC_MESSAGES/cpio.mo
|
||||
share/locale/vi/LC_MESSAGES/cpio.mo
|
||||
share/locale/zh_CN/LC_MESSAGES/cpio.mo
|
||||
share/locale/zh_TW/LC_MESSAGES/cpio.mo
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user