head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.2 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.1.0.66 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.64 pkgsrc-2012Q4-base:1.1 pkgsrc-2012Q3:1.1.0.62 pkgsrc-2012Q3-base:1.1 pkgsrc-2012Q2:1.1.0.60 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.58 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.56 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.54 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.52 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.50 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.48 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.46 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.44 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.42 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.40 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.38 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.36 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.34 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.32 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.30 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.28 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.26 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.24 pkgsrc-2008Q1:1.1.0.22 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.20 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.18 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.16 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.14 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.12 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.10 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.8 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.6 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.4 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2013.06.09.14.35.12; author ryoon; state dead; branches; next 1.1; commitid udOnIwGPtyKJSWSw; 1.1 date 2005.11.03.19.38.50; author adrianp; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.11.03.19.38.50; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.11.03.22.11.27; author salo; state Exp; branches; next ; desc @@ 1.2 log @Update to 2.11 * Update LICENSE to gnu-gpl-v3 Changelog: 2.11: Fix mt build. In copy-in mode, if directory attributes do not permit writing to it, setting them is delayed until the end of run. This allows to correctly extract files in such directories. In copy-in mode, permissions of a directory are restored if it appears in the file list after files in it (e.g. in listings produced by find . -depth). This fixes debian bug #458079. Fix possible memory overflow in the rmt client code (CVE-2010-0624). 2.10: Ensure record headers are properly packed (fix builds on ARM). Fix exit codes to reliably indicate success or failure of the operation. Fix large file support. Support MinGW builds. Minor bugfixes. 2.9: Licensed under the GPLv3. Bugfixes Honor umask when creating intermediate directories, not specified in the archive (debian bug #430053). 2.8: Option --owner can be used in copy-out mode, allowing to uniformly override the ownership of the files being added to the archive. Bugfixes: Symlinks were handled incorrectly in copy-out mode. Fix handling of large files. Fix setting the file permissions in copy-out mode. Fix CAN-2005-1111 2.7: Improved error checking and diagnostics Fixed CAN-1999-1572 Allow to use --sparse in both copy-in and copy-pass. Fix bug that eventually caused copying out the same hard-linked file several times to archive. Fix several LFS-related issues. Fix Debian bug #335580. @ text @$NetBSD: patch-ai,v 1.1 2005/11/03 19:38:50 adrianp Exp $ --- src/copyin.c.orig 2005-11-03 19:08:29.000000000 +0000 +++ src/copyin.c @@@@ -25,6 +25,7 @@@@ #include "dstring.h" #include "extern.h" #include "defer.h" +#include "dirname.h" #include #ifndef FNM_PATHNAME #include @@@@ -389,19 +390,26 @@@@ create_final_defers () continue; } - if (close (out_file_des) < 0) - error (0, errno, "%s", d->header.c_name); - + /* + * Avoid race condition. + * Set chown and chmod before closing the file desc. + * pvrabec@@redhat.com + */ + /* File is now copied; set attributes. */ if (!no_chown_flag) - if ((chown (d->header.c_name, + if ((fchown (out_file_des, set_owner_flag ? set_owner : d->header.c_uid, set_group_flag ? set_group : d->header.c_gid) < 0) && errno != EPERM) error (0, errno, "%s", d->header.c_name); /* chown may have turned off some permissions we wanted. */ - if (chmod (d->header.c_name, (int) d->header.c_mode) < 0) + if (fchmod (out_file_des, (int) d->header.c_mode) < 0) error (0, errno, "%s", d->header.c_name); + + if (close (out_file_des) < 0) + error (0, errno, "%s", d->header.c_name); + if (retain_time_flag) { times.actime = times.modtime = d->header.c_mtime; @@@@ -557,6 +565,25 @@@@ copyin_regular_file (struct new_cpio_hea write (out_file_des, "", 1); delayed_seek_count = 0; } + + /* + * Avoid race condition. + * Set chown and chmod before closing the file desc. + * pvrabec@@redhat.com + */ + + /* File is now copied; set attributes. */ + if (!no_chown_flag) + if ((fchown (out_file_des, + set_owner_flag ? set_owner : file_hdr->c_uid, + set_group_flag ? set_group : file_hdr->c_gid) < 0) + && errno != EPERM) + error (0, errno, "%s", file_hdr->c_name); + + /* chown may have turned off some permissions we wanted. */ + if (fchmod (out_file_des, (int) file_hdr->c_mode) < 0) + error (0, errno, "%s", file_hdr->c_name); + if (close (out_file_des) < 0) error (0, errno, "%s", file_hdr->c_name); @@@@ -567,18 +594,6 @@@@ copyin_regular_file (struct new_cpio_hea file_hdr->c_name, crc, file_hdr->c_chksum); } - /* File is now copied; set attributes. */ - if (!no_chown_flag) - if ((chown (file_hdr->c_name, - set_owner_flag ? set_owner : file_hdr->c_uid, - set_group_flag ? set_group : file_hdr->c_gid) < 0) - && errno != EPERM) - error (0, errno, "%s", file_hdr->c_name); - - /* chown may have turned off some permissions we wanted. */ - if (chmod (file_hdr->c_name, (int) file_hdr->c_mode) < 0) - error (0, errno, "%s", file_hdr->c_name); - if (retain_time_flag) { struct utimbuf times; /* For setting file times. */ @@@@ -589,7 +604,7 @@@@ copyin_regular_file (struct new_cpio_hea if (utime (file_hdr->c_name, ×) < 0) error (0, errno, "%s", file_hdr->c_name); } - + tape_skip_padding (in_file_des, file_hdr->c_filesize); if (file_hdr->c_nlink > 1 && (archive_format == arf_newascii || archive_format == arf_crcascii) ) @@@@ -1335,6 +1350,53 @@@@ swab_array (char *ptr, int count) } } +/* Return a safer suffix of FILE_NAME, or "." if it has no safer + suffix. Check for fully specified file names and other atrocities. */ + +static const char * +safer_name_suffix (char const *file_name) +{ + char const *p; + + /* Skip file system prefixes, leading file name components that contain + "..", and leading slashes. */ + + size_t prefix_len = FILE_SYSTEM_PREFIX_LEN (file_name); + + for (p = file_name + prefix_len; *p;) + { + if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2])) + prefix_len = p + 2 - file_name; + + do + { + char c = *p++; + if (ISSLASH (c)) + break; + } + while (*p); + } + + for (p = file_name + prefix_len; ISSLASH (*p); p++) + continue; + prefix_len = p - file_name; + + if (prefix_len) + { + char *prefix = alloca (prefix_len + 1); + memcpy (prefix, file_name, prefix_len); + prefix[prefix_len] = '\0'; + + + error (0, 0, _("Removing leading `%s' from member names"), prefix); + } + + if (!*p) + p = "."; + + return p; +} + /* Read the collection from standard input and create files in the file system. */ @@@@ -1445,18 +1507,11 @@@@ process_copy_in () /* Do we have to ignore absolute paths, and if so, does the filename have an absolute path? */ - if (no_abs_paths_flag && file_hdr.c_name && file_hdr.c_name [0] == '/') + if (!abs_paths_flag && file_hdr.c_name && file_hdr.c_name [0]) { - char *p; + const char *p = safer_name_suffix (file_hdr.c_name); - p = file_hdr.c_name; - while (*p == '/') - ++p; - if (*p == '\0') - { - strcpy (file_hdr.c_name, "."); - } - else + if (p != file_hdr.c_name) { /* Debian hack: file_hrd.c_name is sometimes set to point to static memory by code in tar.c. This @ 1.1 log @Fixes for CAN-2005-1111 and CAN-2005-1229 @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ai was added on branch pkgsrc-2005Q3 on 2005-11-03 19:38:50 +0000 @ text @d1 174 @ 1.1.2.2 log @Pullup ticket 887 - requested by Adrian Portelli security update for gcpio Revisions pulled up: - pkgsrc/archivers/gcpio/Makefile 1.26 - pkgsrc/archivers/gcpio/PLIST 1.6 - pkgsrc/archivers/gcpio/distinfo 1.9 - pkgsrc/archivers/gcpio/patches/patch-aa removed - pkgsrc/archivers/gcpio/patches/patch-ab removed - pkgsrc/archivers/gcpio/patches/patch-ac 1.4 - pkgsrc/archivers/gcpio/patches/patch-ad removed - pkgsrc/archivers/gcpio/patches/patch-ae 1.2 - pkgsrc/archivers/gcpio/patches/patch-af removed - pkgsrc/archivers/gcpio/patches/patch-ag 1.2 - pkgsrc/archivers/gcpio/patches/patch-ah 1.2 - pkgsrc/archivers/gcpio/patches/patch-ai 1.1 - pkgsrc/archivers/gcpio/patches/patch-aj 1.1 - pkgsrc/archivers/gcpio/patches/patch-ak 1.1 - pkgsrc/archivers/gcpio/patches/patch-al 1.1 - pkgsrc/archivers/gcpio/patches/patch-am 1.1 - pkgsrc/archivers/gcpio/patches/patch-an 1.1 - pkgsrc/archivers/gcpio/patches/patch-ao 1.1 Module Name: pkgsrc Committed By: adrianp Date: Thu Nov 3 19:38:51 UTC 2005 Modified Files: pkgsrc/archivers/gcpio: Makefile PLIST distinfo pkgsrc/archivers/gcpio/patches: patch-ac patch-ae patch-ag patch-ah Added Files: pkgsrc/archivers/gcpio/patches: patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao Removed Files: pkgsrc/archivers/gcpio/patches: patch-aa patch-ab Log Message: Fixes for CAN-2005-1111 and CAN-2005-1229 --- Module Name: pkgsrc Committed By: adrianp Date: Thu Nov 3 19:40:12 UTC 2005 Removed Files: pkgsrc/archivers/gcpio/patches: patch-ad patch-af Log Message: Remove obsolete patches @ text @a0 174 $NetBSD: patch-ai,v 1.1.2.1 2005/11/03 22:11:27 salo Exp $ --- src/copyin.c.orig 2005-11-03 19:08:29.000000000 +0000 +++ src/copyin.c @@@@ -25,6 +25,7 @@@@ #include "dstring.h" #include "extern.h" #include "defer.h" +#include "dirname.h" #include #ifndef FNM_PATHNAME #include @@@@ -389,19 +390,26 @@@@ create_final_defers () continue; } - if (close (out_file_des) < 0) - error (0, errno, "%s", d->header.c_name); - + /* + * Avoid race condition. + * Set chown and chmod before closing the file desc. + * pvrabec@@redhat.com + */ + /* File is now copied; set attributes. */ if (!no_chown_flag) - if ((chown (d->header.c_name, + if ((fchown (out_file_des, set_owner_flag ? set_owner : d->header.c_uid, set_group_flag ? set_group : d->header.c_gid) < 0) && errno != EPERM) error (0, errno, "%s", d->header.c_name); /* chown may have turned off some permissions we wanted. */ - if (chmod (d->header.c_name, (int) d->header.c_mode) < 0) + if (fchmod (out_file_des, (int) d->header.c_mode) < 0) error (0, errno, "%s", d->header.c_name); + + if (close (out_file_des) < 0) + error (0, errno, "%s", d->header.c_name); + if (retain_time_flag) { times.actime = times.modtime = d->header.c_mtime; @@@@ -557,6 +565,25 @@@@ copyin_regular_file (struct new_cpio_hea write (out_file_des, "", 1); delayed_seek_count = 0; } + + /* + * Avoid race condition. + * Set chown and chmod before closing the file desc. + * pvrabec@@redhat.com + */ + + /* File is now copied; set attributes. */ + if (!no_chown_flag) + if ((fchown (out_file_des, + set_owner_flag ? set_owner : file_hdr->c_uid, + set_group_flag ? set_group : file_hdr->c_gid) < 0) + && errno != EPERM) + error (0, errno, "%s", file_hdr->c_name); + + /* chown may have turned off some permissions we wanted. */ + if (fchmod (out_file_des, (int) file_hdr->c_mode) < 0) + error (0, errno, "%s", file_hdr->c_name); + if (close (out_file_des) < 0) error (0, errno, "%s", file_hdr->c_name); @@@@ -567,18 +594,6 @@@@ copyin_regular_file (struct new_cpio_hea file_hdr->c_name, crc, file_hdr->c_chksum); } - /* File is now copied; set attributes. */ - if (!no_chown_flag) - if ((chown (file_hdr->c_name, - set_owner_flag ? set_owner : file_hdr->c_uid, - set_group_flag ? set_group : file_hdr->c_gid) < 0) - && errno != EPERM) - error (0, errno, "%s", file_hdr->c_name); - - /* chown may have turned off some permissions we wanted. */ - if (chmod (file_hdr->c_name, (int) file_hdr->c_mode) < 0) - error (0, errno, "%s", file_hdr->c_name); - if (retain_time_flag) { struct utimbuf times; /* For setting file times. */ @@@@ -589,7 +604,7 @@@@ copyin_regular_file (struct new_cpio_hea if (utime (file_hdr->c_name, ×) < 0) error (0, errno, "%s", file_hdr->c_name); } - + tape_skip_padding (in_file_des, file_hdr->c_filesize); if (file_hdr->c_nlink > 1 && (archive_format == arf_newascii || archive_format == arf_crcascii) ) @@@@ -1335,6 +1350,53 @@@@ swab_array (char *ptr, int count) } } +/* Return a safer suffix of FILE_NAME, or "." if it has no safer + suffix. Check for fully specified file names and other atrocities. */ + +static const char * +safer_name_suffix (char const *file_name) +{ + char const *p; + + /* Skip file system prefixes, leading file name components that contain + "..", and leading slashes. */ + + size_t prefix_len = FILE_SYSTEM_PREFIX_LEN (file_name); + + for (p = file_name + prefix_len; *p;) + { + if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2])) + prefix_len = p + 2 - file_name; + + do + { + char c = *p++; + if (ISSLASH (c)) + break; + } + while (*p); + } + + for (p = file_name + prefix_len; ISSLASH (*p); p++) + continue; + prefix_len = p - file_name; + + if (prefix_len) + { + char *prefix = alloca (prefix_len + 1); + memcpy (prefix, file_name, prefix_len); + prefix[prefix_len] = '\0'; + + + error (0, 0, _("Removing leading `%s' from member names"), prefix); + } + + if (!*p) + p = "."; + + return p; +} + /* Read the collection from standard input and create files in the file system. */ @@@@ -1445,18 +1507,11 @@@@ process_copy_in () /* Do we have to ignore absolute paths, and if so, does the filename have an absolute path? */ - if (no_abs_paths_flag && file_hdr.c_name && file_hdr.c_name [0] == '/') + if (!abs_paths_flag && file_hdr.c_name && file_hdr.c_name [0]) { - char *p; + const char *p = safer_name_suffix (file_hdr.c_name); - p = file_hdr.c_name; - while (*p == '/') - ++p; - if (*p == '\0') - { - strcpy (file_hdr.c_name, "."); - } - else + if (p != file_hdr.c_name) { /* Debian hack: file_hrd.c_name is sometimes set to point to static memory by code in tar.c. This @