head 1.7; access; symbols pkgsrc-2020Q3:1.6.0.116 pkgsrc-2020Q3-base:1.6 pkgsrc-2020Q2:1.6.0.112 pkgsrc-2020Q2-base:1.6 pkgsrc-2020Q1:1.6.0.92 pkgsrc-2020Q1-base:1.6 pkgsrc-2019Q4:1.6.0.114 pkgsrc-2019Q4-base:1.6 pkgsrc-2019Q3:1.6.0.110 pkgsrc-2019Q3-base:1.6 pkgsrc-2019Q2:1.6.0.108 pkgsrc-2019Q2-base:1.6 pkgsrc-2019Q1:1.6.0.106 pkgsrc-2019Q1-base:1.6 pkgsrc-2018Q4:1.6.0.104 pkgsrc-2018Q4-base:1.6 pkgsrc-2018Q3:1.6.0.102 pkgsrc-2018Q3-base:1.6 pkgsrc-2018Q2:1.6.0.100 pkgsrc-2018Q2-base:1.6 pkgsrc-2018Q1:1.6.0.98 pkgsrc-2018Q1-base:1.6 pkgsrc-2017Q4:1.6.0.96 pkgsrc-2017Q4-base:1.6 pkgsrc-2017Q3:1.6.0.94 pkgsrc-2017Q3-base:1.6 pkgsrc-2017Q2:1.6.0.90 pkgsrc-2017Q2-base:1.6 pkgsrc-2017Q1:1.6.0.88 pkgsrc-2017Q1-base:1.6 pkgsrc-2016Q4:1.6.0.86 pkgsrc-2016Q4-base:1.6 pkgsrc-2016Q3:1.6.0.84 pkgsrc-2016Q3-base:1.6 pkgsrc-2016Q2:1.6.0.82 pkgsrc-2016Q2-base:1.6 pkgsrc-2016Q1:1.6.0.80 pkgsrc-2016Q1-base:1.6 pkgsrc-2015Q4:1.6.0.78 pkgsrc-2015Q4-base:1.6 pkgsrc-2015Q3:1.6.0.76 pkgsrc-2015Q3-base:1.6 pkgsrc-2015Q2:1.6.0.74 pkgsrc-2015Q2-base:1.6 pkgsrc-2015Q1:1.6.0.72 pkgsrc-2015Q1-base:1.6 pkgsrc-2014Q4:1.6.0.70 pkgsrc-2014Q4-base:1.6 pkgsrc-2014Q3:1.6.0.68 pkgsrc-2014Q3-base:1.6 pkgsrc-2014Q2:1.6.0.66 pkgsrc-2014Q2-base:1.6 pkgsrc-2014Q1:1.6.0.64 pkgsrc-2014Q1-base:1.6 pkgsrc-2013Q4:1.6.0.62 pkgsrc-2013Q4-base:1.6 pkgsrc-2013Q3:1.6.0.60 pkgsrc-2013Q3-base:1.6 pkgsrc-2013Q2:1.6.0.58 pkgsrc-2013Q2-base:1.6 pkgsrc-2013Q1:1.6.0.56 pkgsrc-2013Q1-base:1.6 pkgsrc-2012Q4:1.6.0.54 pkgsrc-2012Q4-base:1.6 pkgsrc-2012Q3:1.6.0.52 pkgsrc-2012Q3-base:1.6 pkgsrc-2012Q2:1.6.0.50 pkgsrc-2012Q2-base:1.6 pkgsrc-2012Q1:1.6.0.48 pkgsrc-2012Q1-base:1.6 pkgsrc-2011Q4:1.6.0.46 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q3:1.6.0.44 pkgsrc-2011Q3-base:1.6 pkgsrc-2011Q2:1.6.0.42 pkgsrc-2011Q2-base:1.6 pkgsrc-2011Q1:1.6.0.40 pkgsrc-2011Q1-base:1.6 pkgsrc-2010Q4:1.6.0.38 pkgsrc-2010Q4-base:1.6 pkgsrc-2010Q3:1.6.0.36 pkgsrc-2010Q3-base:1.6 pkgsrc-2010Q2:1.6.0.34 pkgsrc-2010Q2-base:1.6 pkgsrc-2010Q1:1.6.0.32 pkgsrc-2010Q1-base:1.6 pkgsrc-2009Q4:1.6.0.30 pkgsrc-2009Q4-base:1.6 pkgsrc-2009Q3:1.6.0.28 pkgsrc-2009Q3-base:1.6 pkgsrc-2009Q2:1.6.0.26 pkgsrc-2009Q2-base:1.6 pkgsrc-2009Q1:1.6.0.24 pkgsrc-2009Q1-base:1.6 pkgsrc-2008Q4:1.6.0.22 pkgsrc-2008Q4-base:1.6 pkgsrc-2008Q3:1.6.0.20 pkgsrc-2008Q3-base:1.6 cube-native-xorg:1.6.0.18 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.16 pkgsrc-2008Q2-base:1.6 cwrapper:1.6.0.14 pkgsrc-2008Q1:1.6.0.12 pkgsrc-2008Q1-base:1.6 pkgsrc-2007Q4:1.6.0.10 pkgsrc-2007Q4-base:1.6 pkgsrc-2007Q3:1.6.0.8 pkgsrc-2007Q3-base:1.6 pkgsrc-2007Q2:1.6.0.6 pkgsrc-2007Q2-base:1.6 pkgsrc-2007Q1:1.6.0.4 pkgsrc-2007Q1-base:1.6 pkgsrc-2006Q4:1.6.0.2 pkgsrc-2006Q4-base:1.6 pkgsrc-2006Q3:1.5.0.24 pkgsrc-2006Q3-base:1.5 pkgsrc-2006Q2:1.5.0.22 pkgsrc-2006Q2-base:1.5 pkgsrc-2006Q1:1.5.0.20 pkgsrc-2006Q1-base:1.5 pkgsrc-2005Q4:1.5.0.18 pkgsrc-2005Q4-base:1.5 pkgsrc-2005Q3:1.5.0.16 pkgsrc-2005Q3-base:1.5 pkgsrc-2005Q2:1.5.0.14 pkgsrc-2005Q2-base:1.5 pkgsrc-2005Q1:1.5.0.12 pkgsrc-2005Q1-base:1.5 pkgsrc-2004Q4:1.5.0.10 pkgsrc-2004Q4-base:1.5 pkgsrc-2004Q3:1.5.0.8 pkgsrc-2004Q3-base:1.5 pkgsrc-2004Q2:1.5.0.6 pkgsrc-2004Q2-base:1.5 pkgsrc-2004Q1:1.5.0.4 pkgsrc-2004Q1-base:1.5 pkgsrc-2003Q4:1.5.0.2 pkgsrc-2003Q4-base:1.5 buildlink2-base:1.5 comdex-fall-1999:1.4 netbsd-1-4-PATCH001:1.4 netbsd-1-4-RELEASE:1.3 netbsd-1-3-PATCH003:1.3 netbsd-1-3-PATCH002:1.2 FreeBSD-current-1997-09-25:1.1.1.1 FREEBSD:1.1.1; locks; strict; comment @# @; 1.7 date 2020.12.19.15.03.14; author rhialto; state dead; branches; next 1.6; commitid 0GliTZr7Vo1SDmAC; 1.6 date 2006.12.03.03.09.46; author obache; state Exp; branches; next 1.5; 1.5 date 99.11.30.01.54.14; author sakamoto; state dead; branches 1.5.24.1; next 1.4; 1.4 date 99.05.22.20.11.33; author tv; state Exp; branches; next 1.3; 1.3 date 98.08.07.10.35.50; author agc; state Exp; branches; next 1.2; 1.2 date 97.11.19.09.16.51; author agc; state Exp; branches; next 1.1; 1.1 date 97.10.27.02.19.01; author hubertf; state Exp; branches 1.1.1.1; next ; 1.5.24.1 date 2006.12.05.07.57.13; author ghen; state Exp; branches; next ; 1.1.1.1 date 97.10.27.02.19.01; author hubertf; state Exp; branches; next ; desc @@ 1.7 log @archivers/lha: distfile unavailable, so switch to maintained version elsewhere. Documentation is mostly in Japanese (which I don't read) so no changelog is available. - Previous patches have ~all been integrated - Configuration with autotools - Is still maintained from time to time @ text @$NetBSD: patch-ab,v 1.6 2006/12/03 03:09:46 obache Exp $ --- src/maketbl.c.orig 2000-10-04 23:57:38.000000000 +0900 +++ src/maketbl.c @@@@ -32,8 +32,15 @@@@ make_table(nchar, bitlen, tablebits, tab } /* count */ - for (i = 0; i < nchar; i++) - count[bitlen[i]]++; + for (i = 0; i < nchar; i++) { + if (bitlen[i] > 16) { + /* CVE-2006-4335 */ + error("Bad table (case a)"); + exit(1); + } + else + count[bitlen[i]]++; + } /* calculate first code */ total = 0; @@@@ -41,8 +48,10 @@@@ make_table(nchar, bitlen, tablebits, tab start[i] = total; total += weight[i] * count[i]; } - if ((total & 0xffff) != 0) + if ((total & 0xffff) != 0 || tablebits > 16) { /* 16 for weight below */ error("make_table()", "Bad table (5)\n"); + exit(1); + } /* shift data for make table. */ m = 16 - tablebits; @@@@ -53,7 +62,7 @@@@ make_table(nchar, bitlen, tablebits, tab /* initialize */ j = start[tablebits + 1] >> m; - k = 1 << tablebits; + k = MIN(1 << tablebits, 4096); if (j != 0) for (i = j; i < k; i++) table[i] = 0; @@@@ -66,12 +75,19 @@@@ make_table(nchar, bitlen, tablebits, tab l = start[k] + weight[k]; if (k <= tablebits) { /* code in table */ + l = MIN(l, 4096); for (i = start[k]; i < l; i++) table[i] = j; } else { /* code not in table */ - p = &table[(i = start[k]) >> m]; + i = start[k]; + if ((i >> m) > 4096) { + /* CVE-2006-4337 */ + error("Bad table (case c)"); + exit(1); + } + p = &table[i >> m]; i <<= tablebits; n = k - tablebits; /* make tree (n length) */ @ 1.6 log @Applied the security patch for the CVE-2006-4335, CVE-2006-4337 and CVE-2006-4338 via LHa for UNIX autoconfiscated version. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.5 log @Update lha to 114f. Change MASTER_SITES. Changes 114c to 114f: some bugfix. support -lh6-. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.4 1999/05/22 20:11:33 tv Exp $ d3 62 a64 13 --- src/lharc.c.orig Fri Mar 8 01:09:06 1996 +++ src/lharc.c Sat May 22 15:55:50 1999 @@@@ -318,7 +318,9 @@@@ cmd_filec = 0; if ((xfilev = (char **) malloc(sizeof(char *) * xfilec)) == NULL) fatal_error("Virtual memory exhausted\n"); - while (gets(inpbuf)) { + while (fgets(inpbuf, sizeof(inpbuf), stdin)) { + if ((p = strchr(inpbuf, '\n'))) + *p = '\0'; if (cmd_filec >= xfilec) { xfilec += 256; cmd_filev = (char **) realloc(xfilev, @ 1.5.24.1 log @Pullup ticket 1932 - requested by obache security fix for lha - pkgsrc/archivers/lha/Makefile 1.30 - pkgsrc/archivers/lha/distinfo 1.9 - pkgsrc/archivers/lha/patches/patch-aa 1.4 - pkgsrc/archivers/lha/patches/patch-ab 1.6 - pkgsrc/archivers/lha/patches/patch-al 1.2 Module Name: pkgsrc Committed By: obache Date: Sun Dec 3 03:09:46 UTC 2006 Modified Files: pkgsrc/archivers/lha: Makefile distinfo pkgsrc/archivers/lha/patches: patch-al Added Files: pkgsrc/archivers/lha/patches: patch-aa patch-ab Log Message: Applied the security patch for the CVE-2006-4335, CVE-2006-4337 and CVE-2006-4338 via LHa for UNIX autoconfiscated version. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d3 13 a15 62 --- src/maketbl.c.orig 2000-10-04 23:57:38.000000000 +0900 +++ src/maketbl.c @@@@ -32,8 +32,15 @@@@ make_table(nchar, bitlen, tablebits, tab } /* count */ - for (i = 0; i < nchar; i++) - count[bitlen[i]]++; + for (i = 0; i < nchar; i++) { + if (bitlen[i] > 16) { + /* CVE-2006-4335 */ + error("Bad table (case a)"); + exit(1); + } + else + count[bitlen[i]]++; + } /* calculate first code */ total = 0; @@@@ -41,8 +48,10 @@@@ make_table(nchar, bitlen, tablebits, tab start[i] = total; total += weight[i] * count[i]; } - if ((total & 0xffff) != 0) + if ((total & 0xffff) != 0 || tablebits > 16) { /* 16 for weight below */ error("make_table()", "Bad table (5)\n"); + exit(1); + } /* shift data for make table. */ m = 16 - tablebits; @@@@ -53,7 +62,7 @@@@ make_table(nchar, bitlen, tablebits, tab /* initialize */ j = start[tablebits + 1] >> m; - k = 1 << tablebits; + k = MIN(1 << tablebits, 4096); if (j != 0) for (i = j; i < k; i++) table[i] = 0; @@@@ -66,12 +75,19 @@@@ make_table(nchar, bitlen, tablebits, tab l = start[k] + weight[k]; if (k <= tablebits) { /* code in table */ + l = MIN(l, 4096); for (i = start[k]; i < l; i++) table[i] = j; } else { /* code not in table */ - p = &table[(i = start[k]) >> m]; + i = start[k]; + if ((i >> m) > 4096) { + /* CVE-2006-4337 */ + error("Bad table (case c)"); + exit(1); + } + p = &table[i >> m]; i <<= tablebits; n = k - tablebits; /* make tree (n length) */ @ 1.4 log @Clean up a bit, and remove FreeBSD Id now that we're quite divergent. @ text @d1 1 a1 1 $NetBSD$ @ 1.3 log @Add NetBSD RCS Ids. @ text @d3 13 a15 32 *** src/lharc.c.bak Fri Mar 8 09:09:06 1996 --- src/lharc.c Wed Aug 28 21:13:02 1996 *************** *** 318,324 **** cmd_filec = 0; if ((xfilev = (char **) malloc(sizeof(char *) * xfilec)) == NULL) fatal_error("Virtual memory exhausted\n"); ! while (gets(inpbuf)) { if (cmd_filec >= xfilec) { xfilec += 256; cmd_filev = (char **) realloc(xfilev, --- 318,326 ---- cmd_filec = 0; if ((xfilev = (char **) malloc(sizeof(char *) * xfilec)) == NULL) fatal_error("Virtual memory exhausted\n"); ! while (fgets(inpbuf, sizeof(inpbuf), stdin)) { ! if ((p = strchr(inpbuf, '\n'))) ! *p = '\0'; if (cmd_filec >= xfilec) { xfilec += 256; cmd_filev = (char **) realloc(xfilev, --- man/Makefile 1997/11/14 16:39:56 1.1 +++ man/Makefile 1997/11/14 16:42:32 @@@@ -8,7 +8,7 @@@@ nroff -man lha.n > lha.man install: - $(INSTALL) $(INSTALLMAN) lha.n $(MANDIR)/man$(MANSECT)/lha.$(MANSECT) + ${INSTALL} -c -m 0444 -o ${BINOWN} -g ${BINGRP} lha.n ${MANDIR}/man${MANSECT}/lha.${MANSECT} clean: rm -f *~ @ 1.2 log @Oops - forgot to commit this. Install man pages using the values passed via the environment. @ text @d1 2 @ 1.1 log @Initial revision @ text @d22 11 @ 1.1.1.1 log @File archivers, ports from FreeBSD @ text @@