head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.24
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.22
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.20
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.18
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.16
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.14
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.12
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.10
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.8
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.2.0.6
	pkgsrc-2008Q1-base:1.2
	pkgsrc-2007Q4:1.2.0.4
	pkgsrc-2007Q4-base:1.2
	pkgsrc-2007Q3:1.2.0.2
	pkgsrc-2007Q3-base:1.2
	pkgsrc-2007Q2:1.1.0.8
	pkgsrc-2007Q2-base:1.1
	pkgsrc-2007Q1:1.1.0.6
	pkgsrc-2007Q1-base:1.1
	pkgsrc-2006Q4:1.1.0.4
	pkgsrc-2006Q4-base:1.1
	pkgsrc-2006Q3:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2007.07.29.17.35.14;	author joerg;	state dead;
branches;
next	1.1;

1.1
date	2006.11.10.00.29.44;	author adrianp;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2006.11.10.00.29.44;	author salo;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2006.11.10.09.40.19;	author salo;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update libarchive to 2.2.5. Biggest changes are:
- massive performance improvements, up to 40% for bsdtar compared to 1.x
- support for external (de)compressors, ar-chives and many other goodies.
@
text
@$NetBSD: patch-ac,v 1.1 2006/11/10 00:29:44 adrianp Exp $

--- libarchive/archive_read_support_compression_none.c.orig	2006-09-05 07:00:47.000000000 +0100
+++ libarchive/archive_read_support_compression_none.c
@@@@ -257,7 +257,9 @@@@ archive_decompressor_none_read_consume(s
 }
 
 /*
- * Skip at most request bytes. Skipped data is marked as consumed.
+ * Skip forward by exactly the requested bytes or else return
+ * ARCHIVE_FATAL.  Note that this differs from the contract for
+ * read_ahead, which does not gaurantee a minimum count.
  */
 static ssize_t
 archive_decompressor_none_skip(struct archive *a, size_t request)
@@@@ -287,9 +289,7 @@@@ archive_decompressor_none_skip(struct ar
 	if (request == 0)
 		return (total_bytes_skipped);
 	/*
-	 * If no client_skipper is provided, just read the old way. It is very
-	 * likely that after skipping, the request has not yet been fully
-	 * satisfied (and is still > 0). In that case, read as well.
+	 * If a client_skipper was provided, try that first.
 	 */
 	if (a->client_skipper != NULL) {
 		bytes_skipped = (a->client_skipper)(a, a->client_data,
@@@@ -307,6 +307,12 @@@@ archive_decompressor_none_skip(struct ar
 		a->raw_position += bytes_skipped;
 		state->client_avail = state->client_total = 0;
 	}
+	/*
+	 * Note that client_skipper will usually not satisfy the
+	 * full request (due to low-level blocking concerns),
+	 * so even if client_skipper is provided, we may still
+	 * have to use ordinary reads to finish out the request.
+	 */
 	while (request > 0) {
 		const void* dummy_buffer;
 		ssize_t bytes_read;
@@@@ -314,6 +320,12 @@@@ archive_decompressor_none_skip(struct ar
 		    &dummy_buffer, request);
 		if (bytes_read < 0)
 			return (bytes_read);
+		if (bytes_read == 0) {
+			/* We hit EOF before we satisfied the skip request. */
+			archive_set_error(a, ARCHIVE_ERRNO_MISC,
+			    "Truncated input file (need to skip %d bytes)", (int)request);
+			return (ARCHIVE_FATAL);
+		}
 		assert(bytes_read >= 0); /* precondition for cast below */
 		min = minimum((size_t)bytes_read, request);
 		bytes_read = archive_decompressor_none_read_consume(a, min);
@


1.1
log
@Update to 1.3.1
Sep 05, 2006: libarchive 1.3.1 released
Sep 5, 2006: Bump version to 1.3 for new I/O wrappers.
Sep 4, 2006: New memory and FILE read/write wrappers.
Sep 4, 2006: libarchive test harness is now minimally functional;
    it's located a few minor bugs in error-handling logic

Fix a denial of service security issue via FreeBSD:
If the end of an archive is reached while attempting to "skip" past a
region of an archive, libarchive will enter an infinite loop wherein it
repeatedly attempts (and fails) to read further data.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-ac was added on branch pkgsrc-2006Q3 on 2006-11-10 00:29:44 +0000
@
text
@d1 52
@


1.1.2.2
log
@Pullup ticket 1908 - requested by adrianp
security update for libarchive

Revisions pulled up:
- pkgsrc/archivers/libarchive/Makefile			1.15
- pkgsrc/archivers/libarchive/distinfo			1.13
- pkgsrc/archivers/libarchive/patches/patch-ac		1.1

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Fri Nov 10 00:29:44 UTC 2006

   Modified Files:
   	pkgsrc/archivers/libarchive: Makefile distinfo
   Added Files:
   	pkgsrc/archivers/libarchive/patches: patch-ac

   Log Message:
   Update to 1.3.1
   Sep 05, 2006: libarchive 1.3.1 released
   Sep 5, 2006: Bump version to 1.3 for new I/O wrappers.
   Sep 4, 2006: New memory and FILE read/write wrappers.
   Sep 4, 2006: libarchive test harness is now minimally functional;
       it's located a few minor bugs in error-handling logic

   Fix a denial of service security issue via FreeBSD:
   If the end of an archive is reached while attempting to "skip" past a
   region of an archive, libarchive will enter an infinite loop wherein it
   repeatedly attempts (and fails) to read further data.
@
text
@a0 52
$NetBSD: patch-ac,v 1.1.2.1 2006/11/10 09:40:19 salo Exp $

--- libarchive/archive_read_support_compression_none.c.orig	2006-09-05 07:00:47.000000000 +0100
+++ libarchive/archive_read_support_compression_none.c
@@@@ -257,7 +257,9 @@@@ archive_decompressor_none_read_consume(s
 }
 
 /*
- * Skip at most request bytes. Skipped data is marked as consumed.
+ * Skip forward by exactly the requested bytes or else return
+ * ARCHIVE_FATAL.  Note that this differs from the contract for
+ * read_ahead, which does not gaurantee a minimum count.
  */
 static ssize_t
 archive_decompressor_none_skip(struct archive *a, size_t request)
@@@@ -287,9 +289,7 @@@@ archive_decompressor_none_skip(struct ar
 	if (request == 0)
 		return (total_bytes_skipped);
 	/*
-	 * If no client_skipper is provided, just read the old way. It is very
-	 * likely that after skipping, the request has not yet been fully
-	 * satisfied (and is still > 0). In that case, read as well.
+	 * If a client_skipper was provided, try that first.
 	 */
 	if (a->client_skipper != NULL) {
 		bytes_skipped = (a->client_skipper)(a, a->client_data,
@@@@ -307,6 +307,12 @@@@ archive_decompressor_none_skip(struct ar
 		a->raw_position += bytes_skipped;
 		state->client_avail = state->client_total = 0;
 	}
+	/*
+	 * Note that client_skipper will usually not satisfy the
+	 * full request (due to low-level blocking concerns),
+	 * so even if client_skipper is provided, we may still
+	 * have to use ordinary reads to finish out the request.
+	 */
 	while (request > 0) {
 		const void* dummy_buffer;
 		ssize_t bytes_read;
@@@@ -314,6 +320,12 @@@@ archive_decompressor_none_skip(struct ar
 		    &dummy_buffer, request);
 		if (bytes_read < 0)
 			return (bytes_read);
+		if (bytes_read == 0) {
+			/* We hit EOF before we satisfied the skip request. */
+			archive_set_error(a, ARCHIVE_ERRNO_MISC,
+			    "Truncated input file (need to skip %d bytes)", (int)request);
+			return (ARCHIVE_FATAL);
+		}
 		assert(bytes_read >= 0); /* precondition for cast below */
 		min = minimum((size_t)bytes_read, request);
 		bytes_read = archive_decompressor_none_read_consume(a, min);
@