pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2006Q3]: pkgsrc/archivers/lha Pullup ticket 1932 - requested b...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/7806a9ad6259
branches:  pkgsrc-2006Q3
changeset: 519221:7806a9ad6259
user:      ghen <ghen%pkgsrc.org@localhost>
date:      Tue Dec 05 07:57:12 2006 +0000

description:
Pullup ticket 1932 - requested by obache
security fix for lha

- pkgsrc/archivers/lha/Makefile                 1.30
- pkgsrc/archivers/lha/distinfo                 1.9
- pkgsrc/archivers/lha/patches/patch-aa         1.4
- pkgsrc/archivers/lha/patches/patch-ab         1.6
- pkgsrc/archivers/lha/patches/patch-al         1.2

   Module Name: pkgsrc
   Committed By:        obache
   Date:                Sun Dec  3 03:09:46 UTC 2006

   Modified Files:
        pkgsrc/archivers/lha: Makefile distinfo
        pkgsrc/archivers/lha/patches: patch-al
   Added Files:
        pkgsrc/archivers/lha/patches: patch-aa patch-ab

   Log Message:
   Applied the security patch for the CVE-2006-4335, CVE-2006-4337 and
   CVE-2006-4338 via LHa for UNIX autoconfiscated version.

   Bump PKGREVISION.

diffstat:

 archivers/lha/Makefile         |   4 +-
 archivers/lha/distinfo         |   6 ++-
 archivers/lha/patches/patch-aa |  58 ++++++++++++++++++++++++++++++++++++++
 archivers/lha/patches/patch-ab |  64 ++++++++++++++++++++++++++++++++++++++++++
 archivers/lha/patches/patch-al |  13 +++++++-
 5 files changed, 139 insertions(+), 6 deletions(-)

diffs (190 lines):

diff -r ec9b687b058e -r 7806a9ad6259 archivers/lha/Makefile
--- a/archivers/lha/Makefile    Tue Dec 05 07:50:05 2006 +0000
+++ b/archivers/lha/Makefile    Tue Dec 05 07:57:12 2006 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.29 2006/07/23 14:25:46 rillig Exp $
+# $NetBSD: Makefile,v 1.29.2.1 2006/12/05 07:57:12 ghen Exp $
 
 DISTNAME=      lha-114i
 PKGNAME=       lha-114.9
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    archivers
 MASTER_SITES=  http://www2m.biglobe.ne.jp/~dolphin/lha/prog/ \
                ftp://ftp.win.ne.jp/pub/misc/
diff -r ec9b687b058e -r 7806a9ad6259 archivers/lha/distinfo
--- a/archivers/lha/distinfo    Tue Dec 05 07:50:05 2006 +0000
+++ b/archivers/lha/distinfo    Tue Dec 05 07:57:12 2006 +0000
@@ -1,8 +1,10 @@
-$NetBSD: distinfo,v 1.8 2005/10/03 11:20:55 joerg Exp $
+$NetBSD: distinfo,v 1.8.8.1 2006/12/05 07:57:13 ghen Exp $
 
 SHA1 (lha-114i.tar.gz) = 79e35271f2cf783f946db3f22e304fef72dbac99
 RMD160 (lha-114i.tar.gz) = c561e0758b467a61f45d287582effc53df29f01d
 Size (lha-114i.tar.gz) = 64608 bytes
+SHA1 (patch-aa) = 945856fde42c3e98bb2b00f8633babc2daf0437c
+SHA1 (patch-ab) = 4b5cce4fd83a5a65cb152183d23f430da1e5aa21
 SHA1 (patch-ad) = a3169c55c462d4eb54e52709744ef7084a94bcb4
 SHA1 (patch-ae) = a53647ccf72511ecd2b5306e23da1219fa5e7264
 SHA1 (patch-af) = 0c2f6d5bf23c3c98b102487abe3dd1190470f50c
@@ -11,4 +13,4 @@
 SHA1 (patch-ai) = d988b7d048656080d14bfad1da89c9888c9ddf90
 SHA1 (patch-aj) = 6331fce7f55eef1c2003e693f165dd0565e7172e
 SHA1 (patch-ak) = fa6de630a7414b73dec8b75be0bfbb3493c4192f
-SHA1 (patch-al) = c6e5a9f4101d9e15dcb033b6c64ecc9903342df3
+SHA1 (patch-al) = 836de0f424efbc8b803d7c542ec0e3103381d5c4
diff -r ec9b687b058e -r 7806a9ad6259 archivers/lha/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/lha/patches/patch-aa    Tue Dec 05 07:57:12 2006 +0000
@@ -0,0 +1,58 @@
+$NetBSD: patch-aa,v 1.3.24.1 2006/12/05 07:57:13 ghen Exp $
+
+--- src/huf.c.orig     2000-10-06 02:35:49.000000000 +0900
++++ src/huf.c
+@@ -332,7 +332,7 @@ read_pt_len(nn, nbit, i_special)
+       }
+       else {
+               i = 0;
+-              while (i < n) {
++              while (i < MIN(n, NPT)) {
+                       c = bitbuf >> (16 - 3);
+                       if (c == 7) {
+                               unsigned short  mask = 1 << (16 - 4);
+@@ -345,7 +345,7 @@ read_pt_len(nn, nbit, i_special)
+                       pt_len[i++] = c;
+                       if (i == i_special) {
+                               c = getbits(2);
+-                              while (--c >= 0)
++                              while (--c >= 0 && i < NPT)
+                                       pt_len[i++] = 0;
+                       }
+               }
+@@ -370,7 +370,7 @@ read_c_len( /* void */ )
+                       c_table[i] = c;
+       } else {
+               i = 0;
+-              while (i < n) {
++              while (i < MIN(n,NC)) {
+                       c = pt_table[bitbuf >> (16 - 8)];
+                       if (c >= NT) {
+                               unsigned short  mask = 1 << (16 - 9);
+@@ -380,7 +380,7 @@ read_c_len( /* void */ )
+                                       else
+                                               c = left[c];
+                                       mask >>= 1;
+-                              } while (c >= NT);
++                              } while (c >= NT && (mask || c!= left[c])); /* CVE-2006-4338 */
+                       }
+                       fillbuf(pt_len[c]);
+                       if (c <= 2) {
+@@ -427,7 +427,7 @@ decode_c_st1( /*void*/ )
+                       else
+                               j = left[j];
+                       mask >>= 1;
+-              } while (j >= NC);
++              } while (j >= NC && (mask || j != left[j])); /* CVE-2006-4338 */
+               fillbuf(c_len[j] - 12);
+       }
+       return j;
+@@ -451,7 +451,7 @@ decode_p_st1( /* void */ )
+                       else
+                               j = left[j];
+                       mask >>= 1;
+-              } while (j >= np);
++              } while (j >= np && (mask || j != left[j])); /* CVE-2006-4338 */
+               fillbuf(pt_len[j] - 8);
+       }
+       if (j != 0)
diff -r ec9b687b058e -r 7806a9ad6259 archivers/lha/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/lha/patches/patch-ab    Tue Dec 05 07:57:12 2006 +0000
@@ -0,0 +1,64 @@
+$NetBSD: patch-ab,v 1.5.24.1 2006/12/05 07:57:13 ghen Exp $
+
+--- src/maketbl.c.orig 2000-10-04 23:57:38.000000000 +0900
++++ src/maketbl.c
+@@ -32,8 +32,15 @@ make_table(nchar, bitlen, tablebits, tab
+       }
+ 
+       /* count */
+-      for (i = 0; i < nchar; i++)
+-              count[bitlen[i]]++;
++      for (i = 0; i < nchar; i++) {
++              if (bitlen[i] > 16) {
++                      /* CVE-2006-4335 */
++                      error("Bad table (case a)");
++                      exit(1);
++              }
++              else
++                      count[bitlen[i]]++;
++      }
+ 
+       /* calculate first code */
+       total = 0;
+@@ -41,8 +48,10 @@ make_table(nchar, bitlen, tablebits, tab
+               start[i] = total;
+               total += weight[i] * count[i];
+       }
+-      if ((total & 0xffff) != 0)
++      if ((total & 0xffff) != 0 || tablebits > 16) { /* 16 for weight below */
+               error("make_table()", "Bad table (5)\n");
++              exit(1);
++      }
+ 
+       /* shift data for make table. */
+       m = 16 - tablebits;
+@@ -53,7 +62,7 @@ make_table(nchar, bitlen, tablebits, tab
+ 
+       /* initialize */
+       j = start[tablebits + 1] >> m;
+-      k = 1 << tablebits;
++      k = MIN(1 << tablebits, 4096);
+       if (j != 0)
+               for (i = j; i < k; i++)
+                       table[i] = 0;
+@@ -66,12 +75,19 @@ make_table(nchar, bitlen, tablebits, tab
+               l = start[k] + weight[k];
+               if (k <= tablebits) {
+                       /* code in table */
++                      l = MIN(l, 4096);
+                       for (i = start[k]; i < l; i++)
+                               table[i] = j;
+               }
+               else {
+                       /* code not in table */
+-                      p = &table[(i = start[k]) >> m];
++                      i = start[k];
++                      if ((i >> m) > 4096) {
++                              /* CVE-2006-4337 */
++                              error("Bad table (case c)");
++                              exit(1);
++                      }
++                      p = &table[i >> m];
+                       i <<= tablebits;
+                       n = k - tablebits;
+                       /* make tree (n length) */
diff -r ec9b687b058e -r 7806a9ad6259 archivers/lha/patches/patch-al
--- a/archivers/lha/patches/patch-al    Tue Dec 05 07:50:05 2006 +0000
+++ b/archivers/lha/patches/patch-al    Tue Dec 05 07:57:12 2006 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-al,v 1.1 2005/10/03 11:20:55 joerg Exp $
+$NetBSD: patch-al,v 1.1.8.1 2006/12/05 07:57:13 ghen Exp $
 
---- src/lha_macro.h.orig       2005-07-22 14:26:32.000000000 +0000
+--- src/lha_macro.h.orig       2000-10-04 23:57:38.000000000 +0900
 +++ src/lha_macro.h
 @@ -68,7 +68,6 @@ extern char    *realloc();
  #endif
@@ -10,3 +10,12 @@
  
  #define       FALSE                   0
  #define TRUE                  1
+@@ -324,6 +323,8 @@ typedef short                              node;
+ /* Individual macro define                                                                                                    */
+ /* ------------------------------------------------------------------------ */
+ 
++#define MIN(a,b) ((a) <= (b) ? (a) : (b))
++
+ /* from crcio.c */
+ #define CRCPOLY                       0xA001          /* CRC-16 */
+ #define UPDATE_CRC(c) crc = crctable[(crc ^ (c)) & 0xFF] ^ (crc >> CHAR_BIT)



Home | Main Index | Thread Index | Old Index