head 1.5; access; symbols pkgsrc-2013Q2:1.5.0.8 pkgsrc-2013Q2-base:1.5 pkgsrc-2012Q4:1.5.0.6 pkgsrc-2012Q4-base:1.5 pkgsrc-2011Q4:1.5.0.4 pkgsrc-2011Q4-base:1.5 pkgsrc-2011Q2:1.5.0.2 pkgsrc-2011Q2-base:1.5 pkgsrc-2009Q4:1.4.0.8 pkgsrc-2009Q4-base:1.4 pkgsrc-2009Q3:1.4.0.6 pkgsrc-2009Q3-base:1.4 pkgsrc-2009Q2:1.4.0.4 pkgsrc-2009Q2-base:1.4 pkgsrc-2009Q1:1.4.0.2 pkgsrc-2009Q1-base:1.4 pkgsrc-2008Q4:1.3.0.8 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.6 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.4 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.2 pkgsrc-2008Q2-base:1.3 pkgsrc-2008Q1:1.2.0.12 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.10 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.8 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.6 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.4 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.2 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.1.0.4 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.2; locks; strict; comment @# @; 1.5 date 2010.03.23.19.00.10; author tez; state dead; branches; next 1.4; 1.4 date 2009.01.20.00.33.56; author tnn; state Exp; branches; next 1.3; 1.3 date 2008.05.18.01.48.09; author tnn; state dead; branches; next 1.2; 1.2 date 2006.11.27.22.05.34; author tv; state Exp; branches; next 1.1; 1.1 date 2006.09.03.17.24.16; author adrianp; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2006.09.03.17.24.16; author ghen; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2006.09.11.11.18.03; author ghen; state Exp; branches; next ; desc @@ 1.5 log @Update gtar to 1.23 - fixes CVE2010-0624 Also: # Improved record size autodetection # Use of lseek on seekable archives # New command line option --warning # New command line option --level # Improved behavior if some files were removed during incremental dumps # Modification times of PAX extended headers # Time references in the --pax-option argument # Augmented environment of the --to-command script # Bugfixes: * Fix handling of hard link targets by -c --transform * Fix hard links recognition with -c --remove-files * Fix restoring files from backup (debian bug #508199) * Correctly restore modes and permissions on existing directories * The --remove-files option removes files only if they were succesfully stored in the archive * Fix storing and listing of the volume labels in POSIX format * Improve algorithm for splitting long file names (ustar format) @ text @$NetBSD: patch-ai,v 1.4 2009/01/20 00:33:56 tnn Exp $ --- lib/mktime.c.orig 2007-10-30 21:48:29.000000000 +0100 +++ lib/mktime.c @@@@ -167,8 +167,12 @@@@ ydhms_diff (long int year1, long int yda int year0, int yday0, int hour0, int min0, int sec0) { verify (C99_integer_division, -1 / 2 == 0); +#ifdef __NetBSD__ +#warning this might break with 64-bit time_t on 32-bit hosts +#else verify (long_int_year_and_yday_are_wide_enough, INT_MAX <= LONG_MAX / 2 || TIME_T_MAX <= UINT_MAX); +#endif /* Compute intervening leap days correctly even if year is negative. Take care to avoid integer overflow here. */ @ 1.4 log @64-bit time_t fallout: gtar cowardly refuses to build if time_t doesn't fit in "long int", as happens to be the case now on 32-bit NetBSD hosts. Supress the error and turn it into a warning instead. "make test" still OK @ text @d1 1 a1 1 $NetBSD$ @ 1.3 log @Update to GNU tar 1.20. All self-tests pass under NetBSD-current. Changes: 3.5 years worth of development; too much to list here. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.2 2006/11/27 22:05:34 tv Exp $ d3 11 a13 8 --- src/xheader.c.orig 2004-09-06 07:31:14.000000000 -0400 +++ src/xheader.c @@@@ -24,6 +24,10 @@@@ #include #include +#ifndef SIZE_MAX +# define SIZE_MAX ((size_t) -1) a14 72 + #include "common.h" #define obstack_chunk_alloc xmalloc @@@@ -783,6 +787,32 @@@@ code_num (uintmax_t value, char const *k xheader_print (xhdr, keyword, sbuf); } +static bool +decode_num (uintmax_t *num, char const *arg, uintmax_t maxval, + char const *keyword) +{ + uintmax_t u; + char *arg_lim; + + if (! (ISDIGIT (*arg) + && (errno = 0, u = strtoumax (arg, &arg_lim, 10), !*arg_lim))) + { + ERROR ((0, 0, _("Malformed extended header: invalid %s=%s"), + keyword, arg)); + return false; + } + + if (! (u <= maxval && errno != ERANGE)) + { + ERROR ((0, 0, _("Extended header %s=%s is out of range"), + keyword, arg)); + return false; + } + + *num = u; + return true; +} + static void dummy_coder (struct tar_stat_info const *st __attribute__ ((unused)), char const *keyword __attribute__ ((unused)), @@@@ -821,7 +851,7 @@@@ static void gid_decoder (struct tar_stat_info *st, char const *arg) { uintmax_t u; - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) + if (decode_num (&u, arg, TYPE_MAXIMUM (gid_t), "gid")) st->stat.st_gid = u; } @@@@ -903,7 +933,7 @@@@ static void size_decoder (struct tar_stat_info *st, char const *arg) { uintmax_t u; - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) + if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "size")) st->archive_file_size = st->stat.st_size = u; } @@@@ -918,7 +948,7 @@@@ static void uid_decoder (struct tar_stat_info *st, char const *arg) { uintmax_t u; - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) + if (decode_num (&u, arg, TYPE_MAXIMUM (uid_t), "uid")) st->stat.st_uid = u; } @@@@ -946,7 +976,7 @@@@ static void sparse_size_decoder (struct tar_stat_info *st, char const *arg) { uintmax_t u; - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) + if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.size")) st->stat.st_size = u; } d16 2 a17 50 @@@@ -962,10 +992,10 @@@@ static void sparse_numblocks_decoder (struct tar_stat_info *st, char const *arg) { uintmax_t u; - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) + if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numblocks")) { st->sparse_map_size = u; - st->sparse_map = calloc(st->sparse_map_size, sizeof(st->sparse_map[0])); + st->sparse_map = xcalloc (u, sizeof st->sparse_map[0]); st->sparse_map_avail = 0; } } @@@@ -982,8 +1012,14 @@@@ static void sparse_offset_decoder (struct tar_stat_info *st, char const *arg) { uintmax_t u; - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) + if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.offset")) + { + if (st->sparse_map_avail < st->sparse_map_size) st->sparse_map[st->sparse_map_avail].offset = u; + else + ERROR ((0, 0, _("Malformed extended header: excess %s=%s"), + "GNU.sparse.offset", arg)); + } } static void @@@@ -998,15 +1034,13 @@@@ static void sparse_numbytes_decoder (struct tar_stat_info *st, char const *arg) { uintmax_t u; - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) + if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numbytes")) { if (st->sparse_map_avail == st->sparse_map_size) - { - st->sparse_map_size *= 2; - st->sparse_map = xrealloc (st->sparse_map, - st->sparse_map_size - * sizeof st->sparse_map[0]); - } + st->sparse_map = x2nrealloc (st->sparse_map, + &st->sparse_map_size, + sizeof st->sparse_map[0]); + st->sparse_map[st->sparse_map_avail++].numbytes = u; } } @ 1.2 log @Make build on Interix - security fix was assuming that SIZE_MAX is defined; copy #ifndef...#define...#endif block used in other source files. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Fix for CVE-2006-0300 via RedHat @ text @d3 1 a3 1 --- src/xheader.c.orig 2004-09-06 12:31:14.000000000 +0100 d5 12 a16 1 @@@@ -783,6 +783,32 @@@@ code_num (uintmax_t value, char const *k d49 1 a49 1 @@@@ -821,7 +847,7 @@@@ static void d58 1 a58 1 @@@@ -903,7 +929,7 @@@@ static void d67 1 a67 1 @@@@ -918,7 +944,7 @@@@ static void d76 1 a76 1 @@@@ -946,7 +972,7 @@@@ static void d85 1 a85 1 @@@@ -962,10 +988,10 @@@@ static void d98 1 a98 1 @@@@ -982,8 +1008,14 @@@@ static void d114 1 a114 1 @@@@ -998,15 +1030,13 @@@@ static void @ 1.1.2.1 log @file patch-ai was added on branch pkgsrc-2006Q2 on 2006-09-03 17:24:16 +0000 @ text @d1 123 @ 1.1.2.2 log @Pullup ticket 1821 - requested by adrianp security fix for gtar Revisions pulled up: - pkgsrc/archivers/gtar-base/Makefile 1.54 - pkgsrc/archivers/gtar-base/distinfo 1.17 - pkgsrc/archivers/gtar-base/patches/patch-ai 1.1 Module Name: pkgsrc Committed By: adrianp Date: Sun Sep 3 17:24:16 UTC 2006 Modified Files: pkgsrc/archivers/gtar-base: Makefile distinfo Added Files: pkgsrc/archivers/gtar-base/patches: patch-ai Log Message: Fix for CVE-2006-0300 via RedHat @ text @a0 123 $NetBSD: patch-ai,v 1.1.2.1 2006/09/11 11:18:03 ghen Exp $ --- src/xheader.c.orig 2004-09-06 12:31:14.000000000 +0100 +++ src/xheader.c @@@@ -783,6 +783,32 @@@@ code_num (uintmax_t value, char const *k xheader_print (xhdr, keyword, sbuf); } +static bool +decode_num (uintmax_t *num, char const *arg, uintmax_t maxval, + char const *keyword) +{ + uintmax_t u; + char *arg_lim; + + if (! (ISDIGIT (*arg) + && (errno = 0, u = strtoumax (arg, &arg_lim, 10), !*arg_lim))) + { + ERROR ((0, 0, _("Malformed extended header: invalid %s=%s"), + keyword, arg)); + return false; + } + + if (! (u <= maxval && errno != ERANGE)) + { + ERROR ((0, 0, _("Extended header %s=%s is out of range"), + keyword, arg)); + return false; + } + + *num = u; + return true; +} + static void dummy_coder (struct tar_stat_info const *st __attribute__ ((unused)), char const *keyword __attribute__ ((unused)), @@@@ -821,7 +847,7 @@@@ static void gid_decoder (struct tar_stat_info *st, char const *arg) { uintmax_t u; - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) + if (decode_num (&u, arg, TYPE_MAXIMUM (gid_t), "gid")) st->stat.st_gid = u; } @@@@ -903,7 +929,7 @@@@ static void size_decoder (struct tar_stat_info *st, char const *arg) { uintmax_t u; - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) + if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "size")) st->archive_file_size = st->stat.st_size = u; } @@@@ -918,7 +944,7 @@@@ static void uid_decoder (struct tar_stat_info *st, char const *arg) { uintmax_t u; - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) + if (decode_num (&u, arg, TYPE_MAXIMUM (uid_t), "uid")) st->stat.st_uid = u; } @@@@ -946,7 +972,7 @@@@ static void sparse_size_decoder (struct tar_stat_info *st, char const *arg) { uintmax_t u; - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) + if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.size")) st->stat.st_size = u; } @@@@ -962,10 +988,10 @@@@ static void sparse_numblocks_decoder (struct tar_stat_info *st, char const *arg) { uintmax_t u; - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) + if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numblocks")) { st->sparse_map_size = u; - st->sparse_map = calloc(st->sparse_map_size, sizeof(st->sparse_map[0])); + st->sparse_map = xcalloc (u, sizeof st->sparse_map[0]); st->sparse_map_avail = 0; } } @@@@ -982,8 +1008,14 @@@@ static void sparse_offset_decoder (struct tar_stat_info *st, char const *arg) { uintmax_t u; - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) + if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.offset")) + { + if (st->sparse_map_avail < st->sparse_map_size) st->sparse_map[st->sparse_map_avail].offset = u; + else + ERROR ((0, 0, _("Malformed extended header: excess %s=%s"), + "GNU.sparse.offset", arg)); + } } static void @@@@ -998,15 +1030,13 @@@@ static void sparse_numbytes_decoder (struct tar_stat_info *st, char const *arg) { uintmax_t u; - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) + if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numbytes")) { if (st->sparse_map_avail == st->sparse_map_size) - { - st->sparse_map_size *= 2; - st->sparse_map = xrealloc (st->sparse_map, - st->sparse_map_size - * sizeof st->sparse_map[0]); - } + st->sparse_map = x2nrealloc (st->sparse_map, + &st->sparse_map_size, + sizeof st->sparse_map[0]); + st->sparse_map[st->sparse_map_avail++].numbytes = u; } } @