head 1.5; access; symbols pkgsrc-2020Q3:1.4.0.116 pkgsrc-2020Q3-base:1.4 pkgsrc-2020Q2:1.4.0.112 pkgsrc-2020Q2-base:1.4 pkgsrc-2020Q1:1.4.0.92 pkgsrc-2020Q1-base:1.4 pkgsrc-2019Q4:1.4.0.114 pkgsrc-2019Q4-base:1.4 pkgsrc-2019Q3:1.4.0.110 pkgsrc-2019Q3-base:1.4 pkgsrc-2019Q2:1.4.0.108 pkgsrc-2019Q2-base:1.4 pkgsrc-2019Q1:1.4.0.106 pkgsrc-2019Q1-base:1.4 pkgsrc-2018Q4:1.4.0.104 pkgsrc-2018Q4-base:1.4 pkgsrc-2018Q3:1.4.0.102 pkgsrc-2018Q3-base:1.4 pkgsrc-2018Q2:1.4.0.100 pkgsrc-2018Q2-base:1.4 pkgsrc-2018Q1:1.4.0.98 pkgsrc-2018Q1-base:1.4 pkgsrc-2017Q4:1.4.0.96 pkgsrc-2017Q4-base:1.4 pkgsrc-2017Q3:1.4.0.94 pkgsrc-2017Q3-base:1.4 pkgsrc-2017Q2:1.4.0.90 pkgsrc-2017Q2-base:1.4 pkgsrc-2017Q1:1.4.0.88 pkgsrc-2017Q1-base:1.4 pkgsrc-2016Q4:1.4.0.86 pkgsrc-2016Q4-base:1.4 pkgsrc-2016Q3:1.4.0.84 pkgsrc-2016Q3-base:1.4 pkgsrc-2016Q2:1.4.0.82 pkgsrc-2016Q2-base:1.4 pkgsrc-2016Q1:1.4.0.80 pkgsrc-2016Q1-base:1.4 pkgsrc-2015Q4:1.4.0.78 pkgsrc-2015Q4-base:1.4 pkgsrc-2015Q3:1.4.0.76 pkgsrc-2015Q3-base:1.4 pkgsrc-2015Q2:1.4.0.74 pkgsrc-2015Q2-base:1.4 pkgsrc-2015Q1:1.4.0.72 pkgsrc-2015Q1-base:1.4 pkgsrc-2014Q4:1.4.0.70 pkgsrc-2014Q4-base:1.4 pkgsrc-2014Q3:1.4.0.68 pkgsrc-2014Q3-base:1.4 pkgsrc-2014Q2:1.4.0.66 pkgsrc-2014Q2-base:1.4 pkgsrc-2014Q1:1.4.0.64 pkgsrc-2014Q1-base:1.4 pkgsrc-2013Q4:1.4.0.62 pkgsrc-2013Q4-base:1.4 pkgsrc-2013Q3:1.4.0.60 pkgsrc-2013Q3-base:1.4 pkgsrc-2013Q2:1.4.0.58 pkgsrc-2013Q2-base:1.4 pkgsrc-2013Q1:1.4.0.56 pkgsrc-2013Q1-base:1.4 pkgsrc-2012Q4:1.4.0.54 pkgsrc-2012Q4-base:1.4 pkgsrc-2012Q3:1.4.0.52 pkgsrc-2012Q3-base:1.4 pkgsrc-2012Q2:1.4.0.50 pkgsrc-2012Q2-base:1.4 pkgsrc-2012Q1:1.4.0.48 pkgsrc-2012Q1-base:1.4 pkgsrc-2011Q4:1.4.0.46 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q3:1.4.0.44 pkgsrc-2011Q3-base:1.4 pkgsrc-2011Q2:1.4.0.42 pkgsrc-2011Q2-base:1.4 pkgsrc-2011Q1:1.4.0.40 pkgsrc-2011Q1-base:1.4 pkgsrc-2010Q4:1.4.0.38 pkgsrc-2010Q4-base:1.4 pkgsrc-2010Q3:1.4.0.36 pkgsrc-2010Q3-base:1.4 pkgsrc-2010Q2:1.4.0.34 pkgsrc-2010Q2-base:1.4 pkgsrc-2010Q1:1.4.0.32 pkgsrc-2010Q1-base:1.4 pkgsrc-2009Q4:1.4.0.30 pkgsrc-2009Q4-base:1.4 pkgsrc-2009Q3:1.4.0.28 pkgsrc-2009Q3-base:1.4 pkgsrc-2009Q2:1.4.0.26 pkgsrc-2009Q2-base:1.4 pkgsrc-2009Q1:1.4.0.24 pkgsrc-2009Q1-base:1.4 pkgsrc-2008Q4:1.4.0.22 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.20 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.18 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.16 pkgsrc-2008Q2-base:1.4 cwrapper:1.4.0.14 pkgsrc-2008Q1:1.4.0.12 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.10 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.8 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.4.0.6 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.4 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.2 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.3.0.24 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.22 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.20 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.3.0.18 pkgsrc-2005Q4-base:1.3 pkgsrc-2005Q3:1.3.0.16 pkgsrc-2005Q3-base:1.3 pkgsrc-2005Q2:1.3.0.14 pkgsrc-2005Q2-base:1.3 pkgsrc-2005Q1:1.3.0.12 pkgsrc-2005Q1-base:1.3 pkgsrc-2004Q4:1.3.0.10 pkgsrc-2004Q4-base:1.3 pkgsrc-2004Q3:1.3.0.8 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.3.0.6 pkgsrc-2004Q2-base:1.3 pkgsrc-2004Q1:1.3.0.4 pkgsrc-2004Q1-base:1.3 pkgsrc-2003Q4:1.3.0.2 pkgsrc-2003Q4-base:1.3 buildlink2-base:1.3 netbsd-1-4-RELEASE:1.2 netbsd-1-3-PATCH003:1.2 netbsd-1-3-PATCH002:1.1.1.1 FreeBSD-current-1997-09-25:1.1.1.1 FREEBSD:1.1.1; locks; strict; comment @# @; 1.5 date 2020.12.19.15.03.14; author rhialto; state dead; branches; next 1.4; commitid 0GliTZr7Vo1SDmAC; 1.4 date 2006.12.03.03.09.46; author obache; state Exp; branches; next 1.3; 1.3 date 99.05.22.20.11.33; author tv; state dead; branches 1.3.24.1; next 1.2; 1.2 date 98.08.07.10.35.50; author agc; state Exp; branches; next 1.1; 1.1 date 97.10.27.02.19.01; author hubertf; state Exp; branches 1.1.1.1; next ; 1.3.24.1 date 2006.12.05.07.57.13; author ghen; state Exp; branches; next ; 1.1.1.1 date 97.10.27.02.19.01; author hubertf; state Exp; branches; next ; desc @@ 1.5 log @archivers/lha: distfile unavailable, so switch to maintained version elsewhere. Documentation is mostly in Japanese (which I don't read) so no changelog is available. - Previous patches have ~all been integrated - Configuration with autotools - Is still maintained from time to time @ text @$NetBSD: patch-aa,v 1.4 2006/12/03 03:09:46 obache Exp $ --- src/huf.c.orig 2000-10-06 02:35:49.000000000 +0900 +++ src/huf.c @@@@ -332,7 +332,7 @@@@ read_pt_len(nn, nbit, i_special) } else { i = 0; - while (i < n) { + while (i < MIN(n, NPT)) { c = bitbuf >> (16 - 3); if (c == 7) { unsigned short mask = 1 << (16 - 4); @@@@ -345,7 +345,7 @@@@ read_pt_len(nn, nbit, i_special) pt_len[i++] = c; if (i == i_special) { c = getbits(2); - while (--c >= 0) + while (--c >= 0 && i < NPT) pt_len[i++] = 0; } } @@@@ -370,7 +370,7 @@@@ read_c_len( /* void */ ) c_table[i] = c; } else { i = 0; - while (i < n) { + while (i < MIN(n,NC)) { c = pt_table[bitbuf >> (16 - 8)]; if (c >= NT) { unsigned short mask = 1 << (16 - 9); @@@@ -380,7 +380,7 @@@@ read_c_len( /* void */ ) else c = left[c]; mask >>= 1; - } while (c >= NT); + } while (c >= NT && (mask || c!= left[c])); /* CVE-2006-4338 */ } fillbuf(pt_len[c]); if (c <= 2) { @@@@ -427,7 +427,7 @@@@ decode_c_st1( /*void*/ ) else j = left[j]; mask >>= 1; - } while (j >= NC); + } while (j >= NC && (mask || j != left[j])); /* CVE-2006-4338 */ fillbuf(c_len[j] - 12); } return j; @@@@ -451,7 +451,7 @@@@ decode_p_st1( /* void */ ) else j = left[j]; mask >>= 1; - } while (j >= np); + } while (j >= np && (mask || j != left[j])); /* CVE-2006-4338 */ fillbuf(pt_len[j] - 8); } if (j != 0) @ 1.4 log @Applied the security patch for the CVE-2006-4335, CVE-2006-4337 and CVE-2006-4338 via LHa for UNIX autoconfiscated version. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.3 log @Clean up a bit, and remove FreeBSD Id now that we're quite divergent. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.2 1998/08/07 10:35:50 agc Exp $ d3 56 a58 57 *** Makefile.orig Fri Mar 1 17:59:19 1996 --- Makefile Sun Dec 15 11:00:17 1996 *************** *** 11,35 **** #----------------------------------------------------------------------- SHELL=/bin/sh ! MAKE = make #CC = cc ! CC = gcc ! SWITCHES = -DNEED_INCREMENTAL_INDICATOR \ ! -DTMP_FILENAME_TEMPLATE="\"/tmp/lhXXXXXX\"" #MACHINE = -DSYSTIME_HAS_NO_TM -DFTIME -DEUC ! MACHINE = -DSYSTIME_HAS_NO_TM -DEUC -DFTIME #OPTIMIZE = -O2 -fstrength-reduce -fomit-frame-pointer -mv8 #OPTIMIZE = -O2 -fstrength-reduce -fomit-frame-pointer ! OPTIMIZE = -O2 -fstrength-reduce -fomit-frame-pointer ! BINDIR = /usr/local/bin ! MANDIR = /usr/local/man ! MANSECT = n ! INSTALL = install ! INSTALLBIN = -s -m 755 ! INSTALLMAN = -m 644 SUBDIRS = src man --- 11,37 ---- #----------------------------------------------------------------------- SHELL=/bin/sh ! #MAKE = make #CC = cc ! #CC = gcc ! SWITCHES = -DNEED_INCREMENTAL_INDICATOR #MACHINE = -DSYSTIME_HAS_NO_TM -DFTIME -DEUC ! MACHINE = -DSYSTIME_HAS_NO_TM -DTIMELOCAL -DUSESTRCASECMP \ ! -DSYSV_SYSTEM_DIR #OPTIMIZE = -O2 -fstrength-reduce -fomit-frame-pointer -mv8 #OPTIMIZE = -O2 -fstrength-reduce -fomit-frame-pointer ! #OPTIMIZE = -O2 -fstrength-reduce -fomit-frame-pointer ! OPTIMIZE = ${CFLAGS} ! PREFIX ?= /usr/local ! BINDIR = ${PREFIX}/bin ! MANDIR = ${PREFIX}/man/ja_JP.EUC ! MANSECT = 1 ! #INSTALL = install ! INSTALLBIN = -c -s -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} ! INSTALLMAN = -m 444 -o bin -g bin -c SUBDIRS = src man @ 1.3.24.1 log @Pullup ticket 1932 - requested by obache security fix for lha - pkgsrc/archivers/lha/Makefile 1.30 - pkgsrc/archivers/lha/distinfo 1.9 - pkgsrc/archivers/lha/patches/patch-aa 1.4 - pkgsrc/archivers/lha/patches/patch-ab 1.6 - pkgsrc/archivers/lha/patches/patch-al 1.2 Module Name: pkgsrc Committed By: obache Date: Sun Dec 3 03:09:46 UTC 2006 Modified Files: pkgsrc/archivers/lha: Makefile distinfo pkgsrc/archivers/lha/patches: patch-al Added Files: pkgsrc/archivers/lha/patches: patch-aa patch-ab Log Message: Applied the security patch for the CVE-2006-4335, CVE-2006-4337 and CVE-2006-4338 via LHa for UNIX autoconfiscated version. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d3 57 a59 56 --- src/huf.c.orig 2000-10-06 02:35:49.000000000 +0900 +++ src/huf.c @@@@ -332,7 +332,7 @@@@ read_pt_len(nn, nbit, i_special) } else { i = 0; - while (i < n) { + while (i < MIN(n, NPT)) { c = bitbuf >> (16 - 3); if (c == 7) { unsigned short mask = 1 << (16 - 4); @@@@ -345,7 +345,7 @@@@ read_pt_len(nn, nbit, i_special) pt_len[i++] = c; if (i == i_special) { c = getbits(2); - while (--c >= 0) + while (--c >= 0 && i < NPT) pt_len[i++] = 0; } } @@@@ -370,7 +370,7 @@@@ read_c_len( /* void */ ) c_table[i] = c; } else { i = 0; - while (i < n) { + while (i < MIN(n,NC)) { c = pt_table[bitbuf >> (16 - 8)]; if (c >= NT) { unsigned short mask = 1 << (16 - 9); @@@@ -380,7 +380,7 @@@@ read_c_len( /* void */ ) else c = left[c]; mask >>= 1; - } while (c >= NT); + } while (c >= NT && (mask || c!= left[c])); /* CVE-2006-4338 */ } fillbuf(pt_len[c]); if (c <= 2) { @@@@ -427,7 +427,7 @@@@ decode_c_st1( /*void*/ ) else j = left[j]; mask >>= 1; - } while (j >= NC); + } while (j >= NC && (mask || j != left[j])); /* CVE-2006-4338 */ fillbuf(c_len[j] - 12); } return j; @@@@ -451,7 +451,7 @@@@ decode_p_st1( /* void */ ) else j = left[j]; mask >>= 1; - } while (j >= np); + } while (j >= np && (mask || j != left[j])); /* CVE-2006-4338 */ fillbuf(pt_len[j] - 8); } if (j != 0) @ 1.2 log @Add NetBSD RCS Ids. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Initial revision @ text @d1 2 @ 1.1.1.1 log @File archivers, ports from FreeBSD @ text @@