summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2004-09-29 14:19:29 +0000
committerMike Frysinger <vapier@gentoo.org>2004-09-29 14:19:29 +0000
commit7ac7c8aee502f7e5600671ef993c0261a841a6fe (patch)
tree3d9f869677d374524012da030feaa3f2714e09a9 /app-arch
parentrename patch (diff)
downloadhistorical-7ac7c8aee502f7e5600671ef993c0261a841a6fe.tar.gz
historical-7ac7c8aee502f7e5600671ef993c0261a841a6fe.tar.bz2
historical-7ac7c8aee502f7e5600671ef993c0261a841a6fe.zip
fix some buffer overflows #65773
Diffstat (limited to 'app-arch')
-rw-r--r--app-arch/sharutils/ChangeLog8
-rw-r--r--app-arch/sharutils/Manifest11
-rw-r--r--app-arch/sharutils/files/digest-sharutils-4.2.1-r101
-rw-r--r--app-arch/sharutils/files/sharutils-4.2.1-buffer-limits.patch60
-rw-r--r--app-arch/sharutils/sharutils-4.2.1-r10.ebuild64
5 files changed, 139 insertions, 5 deletions
diff --git a/app-arch/sharutils/ChangeLog b/app-arch/sharutils/ChangeLog
index db94114fdd92..ba305a3d29b8 100644
--- a/app-arch/sharutils/ChangeLog
+++ b/app-arch/sharutils/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for app-arch/sharutils
# Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/sharutils/ChangeLog,v 1.16 2004/06/24 21:36:05 agriffis Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-arch/sharutils/ChangeLog,v 1.17 2004/09/29 14:19:29 vapier Exp $
+
+*sharutils-4.2.1-r10 (29 Sep 2004)
+
+ 29 Sep 2004; Mike Frysinger <vapier@gentoo.org>
+ +files/sharutils-4.2.1-buffer-limits.patch, +sharutils-4.2.1-r10.ebuild:
+ Add patch from Debian/Florian Schilhabel to fix some buffer overflows #65773.
16 May 2004; Luca Barbato <lu_zero@gentoo.org> sharutils-4.2.1-r9.ebuild:
Marked ppc
diff --git a/app-arch/sharutils/Manifest b/app-arch/sharutils/Manifest
index e4075b68227f..70ebae8cd9b8 100644
--- a/app-arch/sharutils/Manifest
+++ b/app-arch/sharutils/Manifest
@@ -1,21 +1,24 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-MD5 9136157dad90f211f016fc86705dc7cf ChangeLog 3984
+MD5 52182f2ad282d96e3056b09c488132ac ChangeLog 4224
MD5 7d313fd6562f5fd1ac6c4e2661261a1d sharutils-4.2.1-r6.ebuild 1357
MD5 6852f6aad3472c6c3421c8f6e182aff7 sharutils-4.2.1-r7.ebuild 1239
MD5 9f3f9b2fae7ccd2869380755a6b6a398 sharutils-4.2.1-r8.ebuild 1359
MD5 2bf8431a4672f447fe8f386469bb28d5 sharutils-4.2.1-r9.ebuild 1362
+MD5 319fcb491d5d8021de8c0c533b3c3fbf sharutils-4.2.1-r10.ebuild 1427
MD5 a0ed4cfc65c5d37392c6b3816d3fbdbe files/digest-sharutils-4.2.1-r6 67
+MD5 a0ed4cfc65c5d37392c6b3816d3fbdbe files/digest-sharutils-4.2.1-r10 67
MD5 a0ed4cfc65c5d37392c6b3816d3fbdbe files/digest-sharutils-4.2.1-r7 67
MD5 a0ed4cfc65c5d37392c6b3816d3fbdbe files/digest-sharutils-4.2.1-r8 67
MD5 aeb2dc437bac48b13e8ebc1d632013ad files/sharutils-4.2.1-buffer-check.patch 2416
MD5 a0ed4cfc65c5d37392c6b3816d3fbdbe files/digest-sharutils-4.2.1-r9 67
MD5 7d4e2f6e03e950c25babc22219bee53d files/sharutils-4.2.1-gentoo.patch 3253
+MD5 567118e62dd91c695bdffe56281a5324 files/sharutils-4.2.1-buffer-limits.patch 1980
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.9.10 (GNU/Linux)
-iD8DBQFBWsPKHTu7gpaalycRAnfKAJ9OAz16Ra9yyzPjRZ6gZ2NN3MNhTwCcC1gS
-Z/2xe0zQ37FjgctdQHEEESc=
-=FjWF
+iD8DBQFBWsSBHTu7gpaalycRAkUQAJwNjJdVACF78BisbKrTO4KouHvyqQCeKrCW
+hOk0QdfHjV10jUkVdc2sLls=
+=EdBP
-----END PGP SIGNATURE-----
diff --git a/app-arch/sharutils/files/digest-sharutils-4.2.1-r10 b/app-arch/sharutils/files/digest-sharutils-4.2.1-r10
new file mode 100644
index 000000000000..afb942300ec9
--- /dev/null
+++ b/app-arch/sharutils/files/digest-sharutils-4.2.1-r10
@@ -0,0 +1 @@
+MD5 b8ba1d409f07edcb335ff72a27bd9828 sharutils-4.2.1.tar.gz 306022
diff --git a/app-arch/sharutils/files/sharutils-4.2.1-buffer-limits.patch b/app-arch/sharutils/files/sharutils-4.2.1-buffer-limits.patch
new file mode 100644
index 000000000000..974677156496
--- /dev/null
+++ b/app-arch/sharutils/files/sharutils-4.2.1-buffer-limits.patch
@@ -0,0 +1,60 @@
+diff -Naur ./sharutils-4.2.1/src/shar.c ./sharutils-4.2.1_new/src/shar.c
+--- ./sharutils-4.2.1/src/shar.c 1999-09-10 21:20:41.000000000 +0200
++++ ./sharutils-4.2.1_new/src/shar.c 2004-09-29 15:09:40.790061000 +0200
+@@ -1571,7 +1571,7 @@
+ sprintf (command, "%s '%s'", CHARACTER_COUNT_COMMAND, local_name);
+ if (pfp = popen (command, "r"), pfp)
+ {
+- char wc[BUFSIZ];
++ char wc[BUFSIZ], tempform[50];
+ const char *prefix = "";
+
+ if (did_md5)
+@@ -1579,8 +1579,8 @@
+ fputs (" else\n", output);
+ prefix = " ";
+ }
+-
+- fscanf (pfp, "%s", wc);
++ sprintf (tempform, "%%%ds", BUFSIZ - 1);
++ fscanf (pfp, tempform, wc);
+ fprintf (output, "\
+ %s shar_count=\"`%s '%s'`\"\n\
+ %s test %s -eq \"$shar_count\" ||\n\
+diff -Naur ./sharutils-4.2.1/src/unshar.c ./sharutils-4.2.1_new/src/unshar.c
+--- ./sharutils-4.2.1/src/unshar.c 1995-11-21 17:22:14.000000000 +0100
++++ ./sharutils-4.2.1_new/src/unshar.c 2004-09-29 15:09:44.682469264 +0200
+@@ -346,8 +346,8 @@
+ {
+ size_t size_read;
+ FILE *file;
+- char name_buffer[NAME_BUFFER_SIZE];
+- char copy_buffer[NAME_BUFFER_SIZE];
++ char name_buffer[NAME_BUFFER_SIZE] = {'\0'};
++ char copy_buffer[NAME_BUFFER_SIZE] = {'\0'};
+ int optchar;
+
+ program_name = argv[0];
+@@ -409,14 +409,14 @@
+ if (optind < argc)
+ for (; optind < argc; optind++)
+ {
+- if (argv[optind][0] == '/')
+- stpcpy (name_buffer, argv[optind]);
+- else
+- {
+- char *cp = stpcpy (name_buffer, current_directory);
+- *cp++ = '/';
+- stpcpy (cp, argv[optind]);
+- }
++ if (argv[optind][0] == '/') {
++ strncpy (name_buffer, argv[optind], sizeof(name_buffer));
++ name_buffer[sizeof(name_buffer)-1] = '\0';
++ }
++ else {
++ snprintf(name_buffer, sizeof(name_buffer),"%s/%s", current_directory, argv[optind]);
++ name_buffer[sizeof(name_buffer)-1] = '\0';
++ }
+ if (file = fopen (name_buffer, "r"), !file)
+ error (EXIT_FAILURE, errno, name_buffer);
+ unarchive_shar_file (name_buffer, file);
diff --git a/app-arch/sharutils/sharutils-4.2.1-r10.ebuild b/app-arch/sharutils/sharutils-4.2.1-r10.ebuild
new file mode 100644
index 000000000000..9e1ada9bbf0d
--- /dev/null
+++ b/app-arch/sharutils/sharutils-4.2.1-r10.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-arch/sharutils/sharutils-4.2.1-r10.ebuild,v 1.1 2004/09/29 14:19:29 vapier Exp $
+
+inherit eutils
+
+DESCRIPTION="Tools to deal with shar archives"
+HOMEPAGE="http://www.gnu.org/software/sharutils/"
+SRC_URI="mirror://gentoo/${P}.tar.gz
+ mirror://gnu/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="nls"
+
+RDEPEND="sys-apps/texinfo
+ nls? ( >=sys-devel/gettext-0.10.35 )"
+DEPEND="${RDEPEND}
+ >=sys-apps/sed-4"
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+ epatch ${FILESDIR}/${P}-r6-gentoo.diff
+ epatch ${FILESDIR}/${P}-buffer-check.patch #46998
+ epatch ${FILESDIR}/${P}-buffer-limits.patch #65773
+
+ cd ${S}/po
+ cp ja_JP.EUC.po ja.po
+ cp ja_JP.EUC.gmo ja.gmo
+ sed -i \
+ -e 's/aangemaakt/aangemaakt\\n/' nl.po \
+ || die "sed nl.po failed"
+ sed -i \
+ -e 's/de %dk/de %dk\\n/' pt.po \
+ || die "sed pt.po failed"
+}
+
+src_compile() {
+ econf `use_enable nls` || die
+ emake || die "emake failed"
+}
+
+src_install() {
+ local x=
+
+ einstall \
+ localedir=${D}/usr/share/locale \
+ || die
+
+ doman doc/*.[15]
+ # Remove some strange locales
+ cd ${D}/usr/share/locale
+ for x in *.
+ do
+ rm -rf ${x}
+ done
+ rm -rf ${D}/usr/lib
+
+ cd ${S}
+ dodoc AUTHORS BACKLOG ChangeLog ChangeLog.OLD \
+ NEWS README README.OLD THANKS TODO
+}