pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/archivers/gtar-base
Module Name: pkgsrc
Committed By: spz
Date: Sun Mar 26 09:18:48 UTC 2023
Modified Files:
pkgsrc/archivers/gtar-base: Makefile distinfo
Added Files:
pkgsrc/archivers/gtar-base/patches: patch-CVE-2022-48303
Log Message:
add the patch for CVE-2022-48303 from the gtar git
To generate a diff of this commit:
cvs rdiff -u -r1.95 -r1.96 pkgsrc/archivers/gtar-base/Makefile
cvs rdiff -u -r1.48 -r1.49 pkgsrc/archivers/gtar-base/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/archivers/gtar-base/patches/patch-CVE-2022-48303
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/archivers/gtar-base/Makefile
diff -u pkgsrc/archivers/gtar-base/Makefile:1.95 pkgsrc/archivers/gtar-base/Makefile:1.96
--- pkgsrc/archivers/gtar-base/Makefile:1.95 Sun Feb 24 15:18:45 2019
+++ pkgsrc/archivers/gtar-base/Makefile Sun Mar 26 09:18:48 2023
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.95 2019/02/24 15:18:45 wiz Exp $
+# $NetBSD: Makefile,v 1.96 2023/03/26 09:18:48 spz Exp $
.include "../../archivers/gtar/Makefile.common"
@@ -6,6 +6,8 @@ PKGNAME= ${DISTNAME:S/tar/gtar-base/}
COMMENT= The GNU tape archiver with remote magnetic tape support
LICENSE= gnu-gpl-v3
+PKGREVISION= 1
+
CONFLICTS= gcpio-[0-9]*
USE_PKGLOCALEDIR= yes
Index: pkgsrc/archivers/gtar-base/distinfo
diff -u pkgsrc/archivers/gtar-base/distinfo:1.48 pkgsrc/archivers/gtar-base/distinfo:1.49
--- pkgsrc/archivers/gtar-base/distinfo:1.48 Tue Oct 26 09:57:06 2021
+++ pkgsrc/archivers/gtar-base/distinfo Sun Mar 26 09:18:48 2023
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.48 2021/10/26 09:57:06 nia Exp $
+$NetBSD: distinfo,v 1.49 2023/03/26 09:18:48 spz Exp $
BLAKE2s (tar-1.34.tar.bz2) = 515de781af9339884ea983aa2a2b77a88cd4dd69b70f138847b5a9ed6f8e7f49
SHA512 (tar-1.34.tar.bz2) = 31865930401b1d9497421fa79cfb41a1a47f3bf59fcdde86b28ed4f53d7a3ceaf88d57c1dba0332d3cd76e82a3aeb31b1e4e3af54fc0d0c0ad17c9f239e8d45d
Size (tar-1.34.tar.bz2) = 3017795 bytes
+SHA1 (patch-CVE-2022-48303) = 859c17e68a9cf521ff9f04ad47d1af677d43e521
SHA1 (patch-Makefile.in) = 78cc142b9370317c52215c106ea1e7217e71f9b5
SHA1 (patch-gnu_readlinkat.c) = 49127fa6533ecf67b2da704da321da0d46b0ddeb
SHA1 (patch-lib_xattr-at.c) = 03a62c67a8c107a8eb929e87d19560c1a1270766
Added files:
Index: pkgsrc/archivers/gtar-base/patches/patch-CVE-2022-48303
diff -u /dev/null pkgsrc/archivers/gtar-base/patches/patch-CVE-2022-48303:1.1
--- /dev/null Sun Mar 26 09:18:49 2023
+++ pkgsrc/archivers/gtar-base/patches/patch-CVE-2022-48303 Sun Mar 26 09:18:48 2023
@@ -0,0 +1,19 @@
+$NetBSD: patch-CVE-2022-48303,v 1.1 2023/03/26 09:18:48 spz Exp $
+
+fix for CVE-2022-48303
+from git.savannah.gnu.org commit 3da78400eafcccb97e2f2fd4b227ea40d794ede8
+
+--- src/list.c.orig 2021-02-04 14:00:33.000000000 +0000
++++ src/list.c
+@@ -874,8 +874,9 @@ from_header (char const *where0, size_t
+ where++;
+ }
+ }
+- else if (*where == '\200' /* positive base-256 */
+- || *where == '\377' /* negative base-256 */)
++ else if (where <= lim - 2
++ && (*where == '\200' /* positive base-256 */
++ || *where == '\377' /* negative base-256 */))
+ {
+ /* Parse base-256 output. A nonnegative number N is
+ represented as (256**DIGS)/2 + N; a negative number -N is
Home |
Main Index |
Thread Index |
Old Index