pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2006Q3]: pkgsrc/archivers/libarchive Pullup ticket 1908 - requ...
details:   https://anonhg.NetBSD.org/pkgsrc/rev/40713a796b95
branches:  pkgsrc-2006Q3
changeset: 519185:40713a796b95
user:      salo <salo%pkgsrc.org@localhost>
date:      Fri Nov 10 09:40:19 2006 +0000
description:
Pullup ticket 1908 - requested by adrianp
security update for libarchive
Revisions pulled up:
- pkgsrc/archivers/libarchive/Makefile                  1.15
- pkgsrc/archivers/libarchive/distinfo                  1.13
- pkgsrc/archivers/libarchive/patches/patch-ac          1.1
   Module Name:         pkgsrc
   Committed By:        adrianp
   Date:                Fri Nov 10 00:29:44 UTC 2006
   Modified Files:
        pkgsrc/archivers/libarchive: Makefile distinfo
   Added Files:
        pkgsrc/archivers/libarchive/patches: patch-ac
   Log Message:
   Update to 1.3.1
   Sep 05, 2006: libarchive 1.3.1 released
   Sep 5, 2006: Bump version to 1.3 for new I/O wrappers.
   Sep 4, 2006: New memory and FILE read/write wrappers.
   Sep 4, 2006: libarchive test harness is now minimally functional;
       it's located a few minor bugs in error-handling logic
   Fix a denial of service security issue via FreeBSD:
   If the end of an archive is reached while attempting to "skip" past a
   region of an archive, libarchive will enter an infinite loop wherein it
   repeatedly attempts (and fails) to read further data.
diffstat:
 archivers/libarchive/Makefile         |   4 +-
 archivers/libarchive/distinfo         |   9 +++--
 archivers/libarchive/patches/patch-ac |  52 +++++++++++++++++++++++++++++++++++
 3 files changed, 59 insertions(+), 6 deletions(-)
diffs (84 lines):
diff -r fe2b880475d7 -r 40713a796b95 archivers/libarchive/Makefile
--- a/archivers/libarchive/Makefile     Thu Nov 09 11:49:22 2006 +0000
+++ b/archivers/libarchive/Makefile     Fri Nov 10 09:40:19 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.14 2006/08/20 14:56:03 joerg Exp $
+# $NetBSD: Makefile,v 1.14.2.1 2006/11/10 09:40:19 salo Exp $
 #
 
-DISTNAME=      libarchive-1.2.57
+DISTNAME=      libarchive-1.3.1
 CATEGORIES=    archivers
 MASTER_SITES=  http://people.freebsd.org/~kientzle/libarchive/src/
 
diff -r fe2b880475d7 -r 40713a796b95 archivers/libarchive/distinfo
--- a/archivers/libarchive/distinfo     Thu Nov 09 11:49:22 2006 +0000
+++ b/archivers/libarchive/distinfo     Fri Nov 10 09:40:19 2006 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.12 2006/08/20 14:56:03 joerg Exp $
+$NetBSD: distinfo,v 1.12.2.1 2006/11/10 09:40:19 salo Exp $
 
-SHA1 (libarchive-1.2.57.tar.gz) = 70bf5a0a6a8af4cefda412db5a2ba53724e9e3e8
-RMD160 (libarchive-1.2.57.tar.gz) = 238a44ec554aa4fc5ae795c1af3640d253f36445
-Size (libarchive-1.2.57.tar.gz) = 536128 bytes
+SHA1 (libarchive-1.3.1.tar.gz) = aed6eda15b012adbb88af0f0d76887920ffe7bbf
+RMD160 (libarchive-1.3.1.tar.gz) = e518f802d9a50afcfede6dd7cbb4f42b2cbe12a1
+Size (libarchive-1.3.1.tar.gz) = 901173 bytes
 SHA1 (patch-ab) = 5e92405b0898123d8240f332475d13abe85f8ad3
+SHA1 (patch-ac) = 5775e26d19ace2b94c870c0e8de8e6efbe4b5c63
diff -r fe2b880475d7 -r 40713a796b95 archivers/libarchive/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/libarchive/patches/patch-ac     Fri Nov 10 09:40:19 2006 +0000
@@ -0,0 +1,52 @@
+$NetBSD: patch-ac,v 1.1.2.2 2006/11/10 09:40:19 salo Exp $
+
+--- libarchive/archive_read_support_compression_none.c.orig    2006-09-05 07:00:47.000000000 +0100
++++ libarchive/archive_read_support_compression_none.c
+@@ -257,7 +257,9 @@ archive_decompressor_none_read_consume(s
+ }
+ 
+ /*
+- * Skip at most request bytes. Skipped data is marked as consumed.
++ * Skip forward by exactly the requested bytes or else return
++ * ARCHIVE_FATAL.  Note that this differs from the contract for
++ * read_ahead, which does not gaurantee a minimum count.
+  */
+ static ssize_t
+ archive_decompressor_none_skip(struct archive *a, size_t request)
+@@ -287,9 +289,7 @@ archive_decompressor_none_skip(struct ar
+       if (request == 0)
+               return (total_bytes_skipped);
+       /*
+-       * If no client_skipper is provided, just read the old way. It is very
+-       * likely that after skipping, the request has not yet been fully
+-       * satisfied (and is still > 0). In that case, read as well.
++       * If a client_skipper was provided, try that first.
+        */
+       if (a->client_skipper != NULL) {
+               bytes_skipped = (a->client_skipper)(a, a->client_data,
+@@ -307,6 +307,12 @@ archive_decompressor_none_skip(struct ar
+               a->raw_position += bytes_skipped;
+               state->client_avail = state->client_total = 0;
+       }
++      /*
++       * Note that client_skipper will usually not satisfy the
++       * full request (due to low-level blocking concerns),
++       * so even if client_skipper is provided, we may still
++       * have to use ordinary reads to finish out the request.
++       */
+       while (request > 0) {
+               const void* dummy_buffer;
+               ssize_t bytes_read;
+@@ -314,6 +320,12 @@ archive_decompressor_none_skip(struct ar
+                   &dummy_buffer, request);
+               if (bytes_read < 0)
+                       return (bytes_read);
++              if (bytes_read == 0) {
++                      /* We hit EOF before we satisfied the skip request. */
++                      archive_set_error(a, ARCHIVE_ERRNO_MISC,
++                          "Truncated input file (need to skip %d bytes)", (int)request);
++                      return (ARCHIVE_FATAL);
++              }
+               assert(bytes_read >= 0); /* precondition for cast below */
+               min = minimum((size_t)bytes_read, request);
+               bytes_read = archive_decompressor_none_read_consume(a, min);
Home |
Main Index |
Thread Index |
Old Index