summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrey A. Chernov <ache@FreeBSD.org>2008-04-02 15:04:46 +0000
committerAndrey A. Chernov <ache@FreeBSD.org>2008-04-02 15:04:46 +0000
commitd775f2b68c60ce318520671e6c5f7cb34e7fc244 (patch)
tree532188edeb6264e3391a68d510f8d83f6cc2b377
parentAdd pkg-message (diff)
Security fixes adopted/reimplemented from Debian:
CVE-2008-0888, CVE-2005-4667, CAN-2005-2475 Enable ACORN_FTYPE_NFS and WILD_STOP_AT_DIR options PR: 122367 Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
-rw-r--r--archivers/unzip/Makefile5
-rw-r--r--archivers/unzip/files/patch-contsts.h14
-rw-r--r--archivers/unzip/files/patch-fileio.c14
-rw-r--r--archivers/unzip/files/patch-inflate.c50
-rw-r--r--archivers/unzip/files/patch-process.c30
-rw-r--r--archivers/unzip/files/patch-unix_unix.c122
-rw-r--r--archivers/unzip/files/patch-unzpriv.h30
7 files changed, 241 insertions, 24 deletions
diff --git a/archivers/unzip/Makefile b/archivers/unzip/Makefile
index 00fa3ecf1e95..77e30e665b97 100644
--- a/archivers/unzip/Makefile
+++ b/archivers/unzip/Makefile
@@ -7,7 +7,7 @@
PORTNAME= unzip
PORTVERSION= 5.52
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES?= archivers
MASTER_SITES= ftp://ftp.info-zip.org/pub/infozip/src/ ${MASTER_SITE_TEX_CTAN}
MASTER_SITE_SUBDIR= tools/zip/info-zip/src
@@ -27,7 +27,8 @@ CFLAGS+= -D_FILE_OFFSET_BITS=64
.if defined(WITH_UNZIP_UNREDUCE)
DISTFILES= ${DISTNAME}${EXTRACT_SUFX} unreduce_full.zip
EXTRACT_ONLY= ${PORTNAME}552.tar.gz
-MAKE_ENV= LOCAL_UNZIP="${CFLAGS} -DUSE_UNSHRINK -DUSE_SMITH_CODE"
+MAKE_ENV= LOCAL_UNZIP="${CFLAGS} \
+ -DUSE_UNSHRINK -DUSE_SMITH_CODE -DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR"
.endif
.ifdef USE_UNZIP
diff --git a/archivers/unzip/files/patch-contsts.h b/archivers/unzip/files/patch-contsts.h
new file mode 100644
index 000000000000..e3947732d0dc
--- /dev/null
+++ b/archivers/unzip/files/patch-contsts.h
@@ -0,0 +1,14 @@
+--- unzip-5.52.orig/consts.h
++++ consts.h
+@@ -34,9 +34,9 @@
+ "error: expected central file header signature not found (file #%lu).\n";
+ ZCONST char Far SeekMsg[] =
+ "error [%s]: attempt to seek before beginning of zipfile\n%s";
+-ZCONST char Far FilenameNotMatched[] = "caution: filename not matched: %s\n";
++ZCONST char Far FilenameNotMatched[] = "caution: filename not matched: %.512s\n";
+ ZCONST char Far ExclFilenameNotMatched[] =
+- "caution: excluded filename not matched: %s\n";
++ "caution: excluded filename not matched: %.512s\n";
+
+ #ifdef VMS
+ ZCONST char Far ReportMsg[] = "\
diff --git a/archivers/unzip/files/patch-fileio.c b/archivers/unzip/files/patch-fileio.c
new file mode 100644
index 000000000000..880db03dc700
--- /dev/null
+++ b/archivers/unzip/files/patch-fileio.c
@@ -0,0 +1,14 @@
+--- unzip-5.52.orig/fileio.c
++++ fileio.c
+@@ -413,7 +413,11 @@
+ #endif /* NOVELL_BUG_FAILSAFE */
+ Trace((stderr, "open_outfile: doing fopen(%s) for writing\n",
+ FnFilter1(G.filename)));
++#if defined(SYMLINKS) || defined(QLZIP)
++ if ((G.outfile = fopen(G.filename, FOPWR)) == (FILE *)NULL) {
++#else
+ if ((G.outfile = fopen(G.filename, FOPW)) == (FILE *)NULL) {
++#endif
+ Info(slide, 0x401, ((char *)slide, LoadFarString(CannotCreateFile),
+ FnFilter1(G.filename)));
+ return 1;
diff --git a/archivers/unzip/files/patch-inflate.c b/archivers/unzip/files/patch-inflate.c
new file mode 100644
index 000000000000..e6d751d20dc7
--- /dev/null
+++ b/archivers/unzip/files/patch-inflate.c
@@ -0,0 +1,50 @@
+--- unzip-5.52.orig/inflate.c
++++ inflate.c
+@@ -983,6 +983,7 @@
+ unsigned l; /* last length */
+ unsigned m; /* mask for bit lengths table */
+ unsigned n; /* number of lengths to get */
++ struct huft *tlp;
+ struct huft *tl; /* literal/length code table */
+ struct huft *td; /* distance code table */
+ unsigned bl; /* lookup bits for tl */
+@@ -996,6 +997,8 @@
+ int retval = 0; /* error code returned: initialized to "no error" */
+
+
++ td = tlp = tl = (struct huft *)NULL;
++
+ /* make local bit buffer */
+ Trace((stderr, "\ndynamic block"));
+ b = G.bb;
+@@ -1047,9 +1050,9 @@
+ while (i < n)
+ {
+ NEEDBITS(bl)
+- j = (td = tl + ((unsigned)b & m))->b;
++ j = (tlp = tl + ((unsigned)b & m))->b;
+ DUMPBITS(j)
+- j = td->v.n;
++ j = tlp->v.n;
+ if (j < 16) /* length of code in bits (0..15) */
+ ll[i++] = l = j; /* save last length in l */
+ else if (j == 16) /* repeat last length 3 to 6 times */
+@@ -1141,6 +1144,7 @@
+ huft_free(td);
+ }
+ huft_free(tl);
++
+ return retval;
+ }
+
+@@ -1149,8 +1153,8 @@
+
+ cleanup_and_exit:
+ /* free the decoding tables, return */
+- huft_free(tl);
+- huft_free(td);
++ if (tl) huft_free(tl);
++ if (td) huft_free(td);
+ return retval;
+ }
+
diff --git a/archivers/unzip/files/patch-process.c b/archivers/unzip/files/patch-process.c
new file mode 100644
index 000000000000..62e51b6ce9b6
--- /dev/null
+++ b/archivers/unzip/files/patch-process.c
@@ -0,0 +1,30 @@
+--- unzip-5.52.orig/process.c
++++ process.c
+@@ -74,20 +74,20 @@
+ /* do_seekable() strings */
+ # ifdef UNIX
+ static ZCONST char Far CannotFindZipfileDirMsg[] =
+- "%s: cannot find zipfile directory in one of %s or\n\
+- %s%s.zip, and cannot find %s, period.\n";
++ "%s: cannot find zipfile directory in one of %.512s or\n\
++ %s%.512s.zip, and cannot find %.512s, period.\n";
+ static ZCONST char Far CannotFindEitherZipfile[] =
+- "%s: cannot find or open %s, %s.zip or %s.\n";
++ "%s: cannot find or open %.512s, %.512s.zip or %.512s.\n";
+ # else /* !UNIX */
+ # ifndef AMIGA
+ static ZCONST char Far CannotFindWildcardMatch[] =
+- "%s: cannot find any matches for wildcard specification \"%s\".\n";
++ "%s: cannot find any matches for wildcard specification \"%.512s\".\n";
+ # endif /* !AMIGA */
+ static ZCONST char Far CannotFindZipfileDirMsg[] =
+- "%s: cannot find zipfile directory in %s,\n\
+- %sand cannot find %s, period.\n";
++ "%s: cannot find zipfile directory in %.512s,\n\
++ %sand cannot find %.512s, period.\n";
+ static ZCONST char Far CannotFindEitherZipfile[] =
+- "%s: cannot find either %s or %s.\n";
++ "%s: cannot find either %.512s or %.512s.\n";
+ # endif /* ?UNIX */
+ extern ZCONST char Far Zipnfo[]; /* in unzip.c */
+ #ifndef WINDLL
diff --git a/archivers/unzip/files/patch-unix_unix.c b/archivers/unzip/files/patch-unix_unix.c
index 97d346bd953b..cf04c3b118e4 100644
--- a/archivers/unzip/files/patch-unix_unix.c
+++ b/archivers/unzip/files/patch-unix_unix.c
@@ -1,36 +1,114 @@
---- unix/unix.c.orig Sat Feb 26 16:43:42 2005
-+++ unix/unix.c Fri Sep 9 14:36:35 2005
-@@ -1042,6 +1042,16 @@
+--- unzip-5.52.orig/unix/unix.c
++++ unix/unix.c
+@@ -1042,8 +1042,6 @@
ush z_uidgid[2];
int have_uidgid_flg;
+- fclose(G.outfile);
+-
+ /*---------------------------------------------------------------------------
+ If symbolic links are supported, allocate storage for a symlink control
+ structure, put the uncompressed "data" and other required info in it, and
+@@ -1063,6 +1061,7 @@
+ Info(slide, 0x201, ((char *)slide,
+ "warning: symbolic link (%s) failed: mem alloc overflow\n",
+ FnFilter1(G.filename)));
++ fclose(G.outfile);
+ return;
+ }
+
+@@ -1070,6 +1069,7 @@
+ Info(slide, 0x201, ((char *)slide,
+ "warning: symbolic link (%s) failed: no mem\n",
+ FnFilter1(G.filename)));
++ fclose(G.outfile);
+ return;
+ }
+ slnk_entry->next = NULL;
+@@ -1079,11 +1079,10 @@
+ slnk_entry->fname = slnk_entry->target + ucsize + 1;
+ strcpy(slnk_entry->fname, G.filename);
+
+- /* reopen the "link data" file for reading */
+- G.outfile = fopen(G.filename, FOPR);
++ /* move back to the start of the file to re-read the "link data" */
++ rewind(G.outfile);
+
+- if (!G.outfile ||
+- fread(slnk_entry->target, 1, ucsize, G.outfile) != (int)ucsize)
++ if (fread(slnk_entry->target, 1, ucsize, G.outfile) != (int)ucsize)
+ {
+ Info(slide, 0x201, ((char *)slide,
+ "warning: symbolic link (%s) failed\n",
+@@ -1115,12 +1114,20 @@
+ }
+ #endif
+
++#if (defined(NO_FCHOWN) || defined(NO_FCHMOD))
++ fclose(G.outfile);
++#endif
++
+ have_uidgid_flg = get_extattribs(__G__ &(zt.t3), z_uidgid);
+
+ /* if -X option was specified and we have UID/GID info, restore it */
+ if (have_uidgid_flg) {
+ TTrace((stderr, "close_outfile: restoring Unix UID/GID info\n"));
++#if (defined(NO_FCHOWN) || defined(NO_FCHMOD))
+ if (chown(G.filename, (uid_t)z_uidgid[0], (gid_t)z_uidgid[1]))
++#else
++ if (fchown(fileno(G.outfile), (uid_t)z_uidgid[0], (gid_t)z_uidgid[1]))
++#endif
+ {
+ if (uO.qflag)
+ Info(slide, 0x201, ((char *)slide,
+@@ -1133,6 +1140,18 @@
+ }
+ }
+
++#if (!defined(NO_FCHOWN) && !defined(NO_FCHMOD))
+/*---------------------------------------------------------------------------
+ Change the file permissions from default ones to those stored in the
+ zipfile.
+ ---------------------------------------------------------------------------*/
-+
-+#ifndef NO_CHMOD
++
+ if (fchmod(fileno(G.outfile), filtattr(__G__ G.pInfo->file_attr)))
-+ perror("fchmod (file attributes) error");
-+#endif
++ perror("chmod (file attributes) error");
+
- fclose(G.outfile);
-
- /*---------------------------------------------------------------------------
-@@ -1150,16 +1160,6 @@
- " (warning) cannot set times"));
++ fclose(G.outfile);
++#endif /* !NO_FCHOWN && !NO_FCHMOD */
++
+ /* set the file's access and modification times */
+ if (utime(G.filename, &(zt.t2))) {
+ #ifdef AOS_VS
+@@ -1151,6 +1170,7 @@
#endif /* ?AOS_VS */
}
--
--/*---------------------------------------------------------------------------
-- Change the file permissions from default ones to those stored in the
-- zipfile.
-- ---------------------------------------------------------------------------*/
--
--#ifndef NO_CHMOD
-- if (chmod(G.filename, filtattr(__G__ G.pInfo->file_attr)))
-- perror("chmod (file attributes) error");
--#endif
+
++#if (defined(NO_FCHOWN) || defined(NO_FCHMOD))
+ /*---------------------------------------------------------------------------
+ Change the file permissions from default ones to those stored in the
+ zipfile.
+@@ -1160,6 +1180,7 @@
+ if (chmod(G.filename, filtattr(__G__ G.pInfo->file_attr)))
+ perror("chmod (file attributes) error");
+ #endif
++#endif /* NO_FCHOWN || NO_FCHMOD */
} /* end function close_outfile() */
+@@ -1640,7 +1661,6 @@
+
+ if ((long)LG(dlen) > 0)
+ {
+- G.outfile = fopen(G.filename,"r+");
+ fseek(G.outfile, -8, SEEK_END);
+ fread(&ntc, 8, 1, G.outfile);
+ if(ntc.id != *(long *)"XTcc")
+@@ -1650,7 +1670,6 @@
+ fwrite (&ntc, 8, 1, G.outfile);
+ }
+ Info(slide, 0x201, ((char *)slide, "QData = %d", LG(dlen)));
+- fclose(G.outfile);
+ }
+ return; /* finished, cancel further extra field scanning */
+ }
diff --git a/archivers/unzip/files/patch-unzpriv.h b/archivers/unzip/files/patch-unzpriv.h
new file mode 100644
index 000000000000..a7902b2aa3f9
--- /dev/null
+++ b/archivers/unzip/files/patch-unzpriv.h
@@ -0,0 +1,30 @@
+--- unzip-5.52.orig/unzpriv.h
++++ unzpriv.h
+@@ -1081,6 +1081,7 @@
+ # define FOPR "r","ctx=stm"
+ # define FOPM "r+","ctx=stm","rfm=fix","mrs=512"
+ # define FOPW "w","ctx=stm","rfm=fix","mrs=512"
++# define FOPWR "w+","ctx=stm","rfm=fix","mrs=512"
+ #endif /* VMS */
+
+ #ifdef CMS_MVS
+@@ -1117,6 +1118,9 @@
+ # ifndef FOPWT
+ # define FOPWT "wt"
+ # endif
++# ifndef FOPWR
++# define FOPWR "w+b"
++# endif
+ #else /* !MODERN */
+ # ifndef FOPR
+ # define FOPR "r"
+@@ -1130,6 +1134,9 @@
+ # ifndef FOPWT
+ # define FOPWT "w"
+ # endif
++# ifndef FOPWR
++# define FOPWR "w+b"
++# endif
+ #endif /* ?MODERN */
+
+ /*