diff options
author | Andrey A. Chernov <ache@FreeBSD.org> | 2008-04-02 15:04:46 +0000 |
---|---|---|
committer | Andrey A. Chernov <ache@FreeBSD.org> | 2008-04-02 15:04:46 +0000 |
commit | d775f2b68c60ce318520671e6c5f7cb34e7fc244 (patch) | |
tree | 532188edeb6264e3391a68d510f8d83f6cc2b377 | |
parent | Add pkg-message (diff) |
Security fixes adopted/reimplemented from Debian:
CVE-2008-0888, CVE-2005-4667, CAN-2005-2475
Enable ACORN_FTYPE_NFS and WILD_STOP_AT_DIR options
PR: 122367
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
-rw-r--r-- | archivers/unzip/Makefile | 5 | ||||
-rw-r--r-- | archivers/unzip/files/patch-contsts.h | 14 | ||||
-rw-r--r-- | archivers/unzip/files/patch-fileio.c | 14 | ||||
-rw-r--r-- | archivers/unzip/files/patch-inflate.c | 50 | ||||
-rw-r--r-- | archivers/unzip/files/patch-process.c | 30 | ||||
-rw-r--r-- | archivers/unzip/files/patch-unix_unix.c | 122 | ||||
-rw-r--r-- | archivers/unzip/files/patch-unzpriv.h | 30 |
7 files changed, 241 insertions, 24 deletions
diff --git a/archivers/unzip/Makefile b/archivers/unzip/Makefile index 00fa3ecf1e95..77e30e665b97 100644 --- a/archivers/unzip/Makefile +++ b/archivers/unzip/Makefile @@ -7,7 +7,7 @@ PORTNAME= unzip PORTVERSION= 5.52 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES?= archivers MASTER_SITES= ftp://ftp.info-zip.org/pub/infozip/src/ ${MASTER_SITE_TEX_CTAN} MASTER_SITE_SUBDIR= tools/zip/info-zip/src @@ -27,7 +27,8 @@ CFLAGS+= -D_FILE_OFFSET_BITS=64 .if defined(WITH_UNZIP_UNREDUCE) DISTFILES= ${DISTNAME}${EXTRACT_SUFX} unreduce_full.zip EXTRACT_ONLY= ${PORTNAME}552.tar.gz -MAKE_ENV= LOCAL_UNZIP="${CFLAGS} -DUSE_UNSHRINK -DUSE_SMITH_CODE" +MAKE_ENV= LOCAL_UNZIP="${CFLAGS} \ + -DUSE_UNSHRINK -DUSE_SMITH_CODE -DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR" .endif .ifdef USE_UNZIP diff --git a/archivers/unzip/files/patch-contsts.h b/archivers/unzip/files/patch-contsts.h new file mode 100644 index 000000000000..e3947732d0dc --- /dev/null +++ b/archivers/unzip/files/patch-contsts.h @@ -0,0 +1,14 @@ +--- unzip-5.52.orig/consts.h ++++ consts.h +@@ -34,9 +34,9 @@ + "error: expected central file header signature not found (file #%lu).\n"; + ZCONST char Far SeekMsg[] = + "error [%s]: attempt to seek before beginning of zipfile\n%s"; +-ZCONST char Far FilenameNotMatched[] = "caution: filename not matched: %s\n"; ++ZCONST char Far FilenameNotMatched[] = "caution: filename not matched: %.512s\n"; + ZCONST char Far ExclFilenameNotMatched[] = +- "caution: excluded filename not matched: %s\n"; ++ "caution: excluded filename not matched: %.512s\n"; + + #ifdef VMS + ZCONST char Far ReportMsg[] = "\ diff --git a/archivers/unzip/files/patch-fileio.c b/archivers/unzip/files/patch-fileio.c new file mode 100644 index 000000000000..880db03dc700 --- /dev/null +++ b/archivers/unzip/files/patch-fileio.c @@ -0,0 +1,14 @@ +--- unzip-5.52.orig/fileio.c ++++ fileio.c +@@ -413,7 +413,11 @@ + #endif /* NOVELL_BUG_FAILSAFE */ + Trace((stderr, "open_outfile: doing fopen(%s) for writing\n", + FnFilter1(G.filename))); ++#if defined(SYMLINKS) || defined(QLZIP) ++ if ((G.outfile = fopen(G.filename, FOPWR)) == (FILE *)NULL) { ++#else + if ((G.outfile = fopen(G.filename, FOPW)) == (FILE *)NULL) { ++#endif + Info(slide, 0x401, ((char *)slide, LoadFarString(CannotCreateFile), + FnFilter1(G.filename))); + return 1; diff --git a/archivers/unzip/files/patch-inflate.c b/archivers/unzip/files/patch-inflate.c new file mode 100644 index 000000000000..e6d751d20dc7 --- /dev/null +++ b/archivers/unzip/files/patch-inflate.c @@ -0,0 +1,50 @@ +--- unzip-5.52.orig/inflate.c ++++ inflate.c +@@ -983,6 +983,7 @@ + unsigned l; /* last length */ + unsigned m; /* mask for bit lengths table */ + unsigned n; /* number of lengths to get */ ++ struct huft *tlp; + struct huft *tl; /* literal/length code table */ + struct huft *td; /* distance code table */ + unsigned bl; /* lookup bits for tl */ +@@ -996,6 +997,8 @@ + int retval = 0; /* error code returned: initialized to "no error" */ + + ++ td = tlp = tl = (struct huft *)NULL; ++ + /* make local bit buffer */ + Trace((stderr, "\ndynamic block")); + b = G.bb; +@@ -1047,9 +1050,9 @@ + while (i < n) + { + NEEDBITS(bl) +- j = (td = tl + ((unsigned)b & m))->b; ++ j = (tlp = tl + ((unsigned)b & m))->b; + DUMPBITS(j) +- j = td->v.n; ++ j = tlp->v.n; + if (j < 16) /* length of code in bits (0..15) */ + ll[i++] = l = j; /* save last length in l */ + else if (j == 16) /* repeat last length 3 to 6 times */ +@@ -1141,6 +1144,7 @@ + huft_free(td); + } + huft_free(tl); ++ + return retval; + } + +@@ -1149,8 +1153,8 @@ + + cleanup_and_exit: + /* free the decoding tables, return */ +- huft_free(tl); +- huft_free(td); ++ if (tl) huft_free(tl); ++ if (td) huft_free(td); + return retval; + } + diff --git a/archivers/unzip/files/patch-process.c b/archivers/unzip/files/patch-process.c new file mode 100644 index 000000000000..62e51b6ce9b6 --- /dev/null +++ b/archivers/unzip/files/patch-process.c @@ -0,0 +1,30 @@ +--- unzip-5.52.orig/process.c ++++ process.c +@@ -74,20 +74,20 @@ + /* do_seekable() strings */ + # ifdef UNIX + static ZCONST char Far CannotFindZipfileDirMsg[] = +- "%s: cannot find zipfile directory in one of %s or\n\ +- %s%s.zip, and cannot find %s, period.\n"; ++ "%s: cannot find zipfile directory in one of %.512s or\n\ ++ %s%.512s.zip, and cannot find %.512s, period.\n"; + static ZCONST char Far CannotFindEitherZipfile[] = +- "%s: cannot find or open %s, %s.zip or %s.\n"; ++ "%s: cannot find or open %.512s, %.512s.zip or %.512s.\n"; + # else /* !UNIX */ + # ifndef AMIGA + static ZCONST char Far CannotFindWildcardMatch[] = +- "%s: cannot find any matches for wildcard specification \"%s\".\n"; ++ "%s: cannot find any matches for wildcard specification \"%.512s\".\n"; + # endif /* !AMIGA */ + static ZCONST char Far CannotFindZipfileDirMsg[] = +- "%s: cannot find zipfile directory in %s,\n\ +- %sand cannot find %s, period.\n"; ++ "%s: cannot find zipfile directory in %.512s,\n\ ++ %sand cannot find %.512s, period.\n"; + static ZCONST char Far CannotFindEitherZipfile[] = +- "%s: cannot find either %s or %s.\n"; ++ "%s: cannot find either %.512s or %.512s.\n"; + # endif /* ?UNIX */ + extern ZCONST char Far Zipnfo[]; /* in unzip.c */ + #ifndef WINDLL diff --git a/archivers/unzip/files/patch-unix_unix.c b/archivers/unzip/files/patch-unix_unix.c index 97d346bd953b..cf04c3b118e4 100644 --- a/archivers/unzip/files/patch-unix_unix.c +++ b/archivers/unzip/files/patch-unix_unix.c @@ -1,36 +1,114 @@ ---- unix/unix.c.orig Sat Feb 26 16:43:42 2005 -+++ unix/unix.c Fri Sep 9 14:36:35 2005 -@@ -1042,6 +1042,16 @@ +--- unzip-5.52.orig/unix/unix.c ++++ unix/unix.c +@@ -1042,8 +1042,6 @@ ush z_uidgid[2]; int have_uidgid_flg; +- fclose(G.outfile); +- + /*--------------------------------------------------------------------------- + If symbolic links are supported, allocate storage for a symlink control + structure, put the uncompressed "data" and other required info in it, and +@@ -1063,6 +1061,7 @@ + Info(slide, 0x201, ((char *)slide, + "warning: symbolic link (%s) failed: mem alloc overflow\n", + FnFilter1(G.filename))); ++ fclose(G.outfile); + return; + } + +@@ -1070,6 +1069,7 @@ + Info(slide, 0x201, ((char *)slide, + "warning: symbolic link (%s) failed: no mem\n", + FnFilter1(G.filename))); ++ fclose(G.outfile); + return; + } + slnk_entry->next = NULL; +@@ -1079,11 +1079,10 @@ + slnk_entry->fname = slnk_entry->target + ucsize + 1; + strcpy(slnk_entry->fname, G.filename); + +- /* reopen the "link data" file for reading */ +- G.outfile = fopen(G.filename, FOPR); ++ /* move back to the start of the file to re-read the "link data" */ ++ rewind(G.outfile); + +- if (!G.outfile || +- fread(slnk_entry->target, 1, ucsize, G.outfile) != (int)ucsize) ++ if (fread(slnk_entry->target, 1, ucsize, G.outfile) != (int)ucsize) + { + Info(slide, 0x201, ((char *)slide, + "warning: symbolic link (%s) failed\n", +@@ -1115,12 +1114,20 @@ + } + #endif + ++#if (defined(NO_FCHOWN) || defined(NO_FCHMOD)) ++ fclose(G.outfile); ++#endif ++ + have_uidgid_flg = get_extattribs(__G__ &(zt.t3), z_uidgid); + + /* if -X option was specified and we have UID/GID info, restore it */ + if (have_uidgid_flg) { + TTrace((stderr, "close_outfile: restoring Unix UID/GID info\n")); ++#if (defined(NO_FCHOWN) || defined(NO_FCHMOD)) + if (chown(G.filename, (uid_t)z_uidgid[0], (gid_t)z_uidgid[1])) ++#else ++ if (fchown(fileno(G.outfile), (uid_t)z_uidgid[0], (gid_t)z_uidgid[1])) ++#endif + { + if (uO.qflag) + Info(slide, 0x201, ((char *)slide, +@@ -1133,6 +1140,18 @@ + } + } + ++#if (!defined(NO_FCHOWN) && !defined(NO_FCHMOD)) +/*--------------------------------------------------------------------------- + Change the file permissions from default ones to those stored in the + zipfile. + ---------------------------------------------------------------------------*/ -+ -+#ifndef NO_CHMOD ++ + if (fchmod(fileno(G.outfile), filtattr(__G__ G.pInfo->file_attr))) -+ perror("fchmod (file attributes) error"); -+#endif ++ perror("chmod (file attributes) error"); + - fclose(G.outfile); - - /*--------------------------------------------------------------------------- -@@ -1150,16 +1160,6 @@ - " (warning) cannot set times")); ++ fclose(G.outfile); ++#endif /* !NO_FCHOWN && !NO_FCHMOD */ ++ + /* set the file's access and modification times */ + if (utime(G.filename, &(zt.t2))) { + #ifdef AOS_VS +@@ -1151,6 +1170,7 @@ #endif /* ?AOS_VS */ } -- --/*--------------------------------------------------------------------------- -- Change the file permissions from default ones to those stored in the -- zipfile. -- ---------------------------------------------------------------------------*/ -- --#ifndef NO_CHMOD -- if (chmod(G.filename, filtattr(__G__ G.pInfo->file_attr))) -- perror("chmod (file attributes) error"); --#endif + ++#if (defined(NO_FCHOWN) || defined(NO_FCHMOD)) + /*--------------------------------------------------------------------------- + Change the file permissions from default ones to those stored in the + zipfile. +@@ -1160,6 +1180,7 @@ + if (chmod(G.filename, filtattr(__G__ G.pInfo->file_attr))) + perror("chmod (file attributes) error"); + #endif ++#endif /* NO_FCHOWN || NO_FCHMOD */ } /* end function close_outfile() */ +@@ -1640,7 +1661,6 @@ + + if ((long)LG(dlen) > 0) + { +- G.outfile = fopen(G.filename,"r+"); + fseek(G.outfile, -8, SEEK_END); + fread(&ntc, 8, 1, G.outfile); + if(ntc.id != *(long *)"XTcc") +@@ -1650,7 +1670,6 @@ + fwrite (&ntc, 8, 1, G.outfile); + } + Info(slide, 0x201, ((char *)slide, "QData = %d", LG(dlen))); +- fclose(G.outfile); + } + return; /* finished, cancel further extra field scanning */ + } diff --git a/archivers/unzip/files/patch-unzpriv.h b/archivers/unzip/files/patch-unzpriv.h new file mode 100644 index 000000000000..a7902b2aa3f9 --- /dev/null +++ b/archivers/unzip/files/patch-unzpriv.h @@ -0,0 +1,30 @@ +--- unzip-5.52.orig/unzpriv.h ++++ unzpriv.h +@@ -1081,6 +1081,7 @@ + # define FOPR "r","ctx=stm" + # define FOPM "r+","ctx=stm","rfm=fix","mrs=512" + # define FOPW "w","ctx=stm","rfm=fix","mrs=512" ++# define FOPWR "w+","ctx=stm","rfm=fix","mrs=512" + #endif /* VMS */ + + #ifdef CMS_MVS +@@ -1117,6 +1118,9 @@ + # ifndef FOPWT + # define FOPWT "wt" + # endif ++# ifndef FOPWR ++# define FOPWR "w+b" ++# endif + #else /* !MODERN */ + # ifndef FOPR + # define FOPR "r" +@@ -1130,6 +1134,9 @@ + # ifndef FOPWT + # define FOPWT "w" + # endif ++# ifndef FOPWR ++# define FOPWR "w+b" ++# endif + #endif /* ?MODERN */ + + /* |