[pkgsrc/trunk]: pkgsrc/archivers/zziplib Add a patch to prevent possible buff...

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/beb033a01db0
branches:  trunk
changeset: 528509:beb033a01db0
user:      taca <taca%pkgsrc.org@localhost>
date:      Sun May 06 00:28:57 2007 +0000

description:
Add a patch to prevent possible buffer overflow by using strcpy()
in zzip_open_shared_io(), it was reported as CVE-2007-1614.

Bump PKGREVISION.

diffstat:

 archivers/zziplib/Makefile         |   4 ++--
 archivers/zziplib/distinfo         |   3 ++-
 archivers/zziplib/patches/patch-ab |  15 +++++++++++++++
 3 files changed, 19 insertions(+), 3 deletions(-)

diffs (45 lines):

diff -r e76a96b6a2b6 -r beb033a01db0 archivers/zziplib/Makefile
--- a/archivers/zziplib/Makefile        Sat May 05 22:15:06 2007 +0000
+++ b/archivers/zziplib/Makefile        Sun May 06 00:28:57 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.13 2006/08/11 12:50:40 taca Exp $
+# $NetBSD: Makefile,v 1.14 2007/05/06 00:28:57 taca Exp $
 #
 
 DISTNAME=      zziplib-0.10.82
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    archivers
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=zziplib/}
 EXTRACT_SUFX=  .tar.bz2
diff -r e76a96b6a2b6 -r beb033a01db0 archivers/zziplib/distinfo
--- a/archivers/zziplib/distinfo        Sat May 05 22:15:06 2007 +0000
+++ b/archivers/zziplib/distinfo        Sun May 06 00:28:57 2007 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.3 2006/08/11 12:50:40 taca Exp $
+$NetBSD: distinfo,v 1.4 2007/05/06 00:28:57 taca Exp $
 
 SHA1 (zziplib-0.10.82.tar.bz2) = 7f9e07a200a52e38b9011acefcbed9fff0e4b6d3
 RMD160 (zziplib-0.10.82.tar.bz2) = 58be317eda7657e7e9d4a26e3070a70134d416a0
 Size (zziplib-0.10.82.tar.bz2) = 572573 bytes
 SHA1 (patch-aa) = b72e1fb94e1c91f5c3f920d0aa6e1e450bf7eace
+SHA1 (patch-ab) = 166bbab7eb90e0d756f8eada2fdc67eee6ac0e51
diff -r e76a96b6a2b6 -r beb033a01db0 archivers/zziplib/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/zziplib/patches/patch-ab        Sun May 06 00:28:57 2007 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.1 2007/05/06 00:28:57 taca Exp $
+
+--- zzip/file.c.orig   2003-07-29 04:52:49.000000000 +0900
++++ zzip/file.c
+@@ -708,7 +708,9 @@ zzip_open_shared_io (ZZIP_FILE* stream,
+     /* see if we can open a file that is a zip file */
+     { char basename[PATH_MAX];
+       char* p;
+-      strcpy (basename, filename);
++      int filename_len = strlen (filename);
++      if (filename_len >= PATH_MAX) { errno = ENAMETOOLONG; return 0; }
++      memcpy (basename, filename, filename_len+1);
+ 
+       /* see if we can share the same zip directory */
+       if (stream && stream->dir && stream->dir->realname)