Date: Saturday, May 22, 2010 @ 07:23:58 Author: allan Revision: 80798
upgpkg: tar 1.23-2 patch to fix buffer overflow Added: tar/trunk/tar-1.22-fortifysourcessigabrt.patch Modified: tar/trunk/PKGBUILD --------------------------------------+ PKGBUILD | 11 +++++++---- tar-1.22-fortifysourcessigabrt.patch | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 4 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2010-05-22 10:22:59 UTC (rev 80797) +++ PKGBUILD 2010-05-22 11:23:58 UTC (rev 80798) @@ -4,7 +4,7 @@ pkgname=tar pkgver=1.23 -pkgrel=1 +pkgrel=2 pkgdesc="Utility used to store, backup, and transport files" arch=('i686' 'x86_64') url="http://www.gnu.org/software/tar/tar.html" @@ -13,9 +13,12 @@ depends=('glibc' 'sh') options=('!emptydirs') install=tar.install -source=(ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.bz2 tar.1) +source=(ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.bz2 + tar.1 + tar-1.22-fortifysourcessigabrt.patch) md5sums=('41e2ca4b924ec7860e51b43ad06cdb7e' - 'e0538778516a284e3558c454b2576c2f') + 'e0538778516a284e3558c454b2576c2f' + 'ab85070f3b950789900adfbaac3b28da') build() { cd ${srcdir}/$pkgname-$pkgver @@ -26,5 +29,5 @@ package() { cd ${srcdir}/$pkgname-$pkgver make DESTDIR=${pkgdir} install - install -D -m644 ../tar.1 ${pkgdir}/usr/share/man/man1/tar.1 + install -Dm644 ${srcdir}/tar.1 ${pkgdir}/usr/share/man/man1/tar.1 } Added: tar-1.22-fortifysourcessigabrt.patch =================================================================== --- tar-1.22-fortifysourcessigabrt.patch (rev 0) +++ tar-1.22-fortifysourcessigabrt.patch 2010-05-22 11:23:58 UTC (rev 80798) @@ -0,0 +1,32 @@ +diff -urNp tar-1.22-orig/src/create.c tar-1.22/src/create.c +--- tar-1.22-orig/src/create.c 2009-07-09 18:38:37.000000000 +0200 ++++ tar-1.22/src/create.c 2009-07-09 18:43:44.000000000 +0200 +@@ -578,7 +578,10 @@ write_gnu_long_link (struct tar_stat_inf + GNAME_TO_CHARS (tmpname, header->header.gname); + free (tmpname); + +- strcpy (header->header.magic, OLDGNU_MAGIC); ++ /* OLDGNU_MAGIC is string with 7 chars + NULL */ ++ strncpy (header->header.magic, OLDGNU_MAGIC, sizeof(header->header.magic)); ++ strncpy (header->header.version, OLDGNU_MAGIC+sizeof(header->header.magic), ++ sizeof(header->header.version)); + header->header.typeflag = type; + finish_header (st, header, -1); + +@@ -908,9 +911,13 @@ start_header (struct tar_stat_info *st) + break; + + case OLDGNU_FORMAT: +- case GNU_FORMAT: /*FIXME?*/ +- /* Overwrite header->header.magic and header.version in one blow. */ +- strcpy (header->header.magic, OLDGNU_MAGIC); ++ case GNU_FORMAT: ++ /* OLDGNU_MAGIC is string with 7 chars + NULL */ ++ strncpy (header->header.magic, OLDGNU_MAGIC, ++ sizeof(header->header.magic)); ++ strncpy (header->header.version, ++ OLDGNU_MAGIC+sizeof(header->header.magic), ++ sizeof(header->header.version)); + break; + + case POSIX_FORMAT: