# cd /usr/src
# signify -Vep /etc/signify/openbsd-57-base.pub -x /tmp/errata/007_tar.patch.sig -m - | \ > patch -p0 Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- | |OpenBSD 5.7 errata 7, Apr 30, 2015: | |tar/pax/cpio had multiple issues: | * extracting a malicious archive could create files outside of the | current directory without using pre-existing symlinks to 'escape', | and could change the timestamps and modes on preexisting files | | * tar without -P would permit extraction of paths with ".." components | | * there was a buffer overflow in the handling of pax extension headers, | |Apply by doing: | cd /usr/src | signify -Vep /etc/signify/openbsd-57-base.pub -x 007_tar.patch.sig -m - | \ | patch -p0 | |Then build and install pax: | | cd /usr/src/bin/pax | make obj | make | make install | | |Index: bin/pax/ar_subs.c |=================================================================== |RCS file: /cvs/src/bin/pax/ar_subs.c,v |retrieving revision 1.41 |diff -u -p -r1.41 ar_subs.c |--- bin/pax/ar_subs.c 21 Feb 2015 22:48:23 -0000 1.41 |+++ bin/pax/ar_subs.c 30 Apr 2015 05:13:05 -0000 -------------------------- Patching file bin/pax/ar_subs.c using Plan A... Hunk #1 succeeded at 184 (offset 19 lines). Hunk #2 succeeded at 338 (offset -24 lines). Hunk #3 succeeded at 779 (offset 18 lines). Hunk #4 succeeded at 935 (offset -39 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: bin/pax/extern.h |=================================================================== |RCS file: /cvs/src/bin/pax/extern.h,v |retrieving revision 1.49 |diff -u -p -r1.49 extern.h |--- bin/pax/extern.h 21 Feb 2015 22:48:23 -0000 1.49 |+++ bin/pax/extern.h 30 Apr 2015 05:13:05 -0000 -------------------------- Patching file bin/pax/extern.h using Plan A... Hunk #1 succeeded at 149 (offset 2 lines). Hunk #2 succeeded at 204 (offset 2 lines). Hunk #3 failed at 266. 1 out of 3 hunks failed--saving rejects to bin/pax/extern.h.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: bin/pax/file_subs.c |=================================================================== |RCS file: /cvs/src/bin/pax/file_subs.c,v |retrieving revision 1.44 |diff -u -p -r1.44 file_subs.c |--- bin/pax/file_subs.c 21 Feb 2015 22:48:23 -0000 1.44 |+++ bin/pax/file_subs.c 30 Apr 2015 05:13:06 -0000 -------------------------- Patching file bin/pax/file_subs.c using Plan A... Hunk #1 succeeded at 56. Hunk #2 succeeded at 166. Hunk #3 succeeded at 184. Hunk #4 succeeded at 299. Hunk #5 succeeded at 353. Hunk #6 succeeded at 413. Hunk #7 succeeded at 481. Hunk #8 succeeded at 492. Hunk #9 succeeded at 565. Hunk #10 succeeded at 850 with fuzz 1 (offset 57 lines). Hunk #11 failed at 1095. 1 out of 11 hunks failed--saving rejects to bin/pax/file_subs.c.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: bin/pax/ftree.c |=================================================================== |RCS file: /cvs/src/bin/pax/ftree.c,v |retrieving revision 1.36 |diff -u -p -r1.36 ftree.c |--- bin/pax/ftree.c 21 Feb 2015 22:48:23 -0000 1.36 |+++ bin/pax/ftree.c 30 Apr 2015 05:13:06 -0000 -------------------------- Patching file bin/pax/ftree.c using Plan A... Hunk #1 succeeded at 337. Hunk #2 succeeded at 391. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: bin/pax/pat_rep.c |=================================================================== |RCS file: /cvs/src/bin/pax/pat_rep.c,v |retrieving revision 1.37 |diff -u -p -r1.37 pat_rep.c |--- bin/pax/pat_rep.c 21 Feb 2015 22:48:23 -0000 1.37 |+++ bin/pax/pat_rep.c 30 Apr 2015 05:13:06 -0000 -------------------------- Patching file bin/pax/pat_rep.c using Plan A... Hunk #1 succeeded at 621 (offset 38 lines). Hunk #2 succeeded at 687 with fuzz 1 (offset 38 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: bin/pax/pax.c |=================================================================== |RCS file: /cvs/src/bin/pax/pax.c,v |retrieving revision 1.40 |diff -u -p -r1.40 pax.c |--- bin/pax/pax.c 21 Feb 2015 22:48:23 -0000 1.40 |+++ bin/pax/pax.c 30 Apr 2015 05:13:06 -0000 -------------------------- Patching file bin/pax/pax.c using Plan A... Hunk #1 succeeded at 311. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: bin/pax/pax.h |=================================================================== |RCS file: /cvs/src/bin/pax/pax.h,v |retrieving revision 1.24 |diff -u -p -r1.24 pax.h |--- bin/pax/pax.h 21 Feb 2015 22:48:23 -0000 1.24 |+++ bin/pax/pax.h 30 Apr 2015 05:13:06 -0000 -------------------------- Patching file bin/pax/pax.h using Plan A... Hunk #1 succeeded at 243 with fuzz 1 (offset 32 lines). Hunk #2 succeeded at 274 with fuzz 2 (offset 32 lines). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: bin/pax/tables.c |=================================================================== |RCS file: /cvs/src/bin/pax/tables.c,v |retrieving revision 1.44 |diff -u -p -r1.44 tables.c |--- bin/pax/tables.c 21 Feb 2015 22:48:23 -0000 1.44 |+++ bin/pax/tables.c 30 Apr 2015 05:13:07 -0000 -------------------------- Patching file bin/pax/tables.c using Plan A... Hunk #1 succeeded at 37. Hunk #2 succeeded at 74. Hunk #3 succeeded at 799 with fuzz 1 (offset 337 lines). Hunk #4 succeeded at 1280 (offset 337 lines). Hunk #5 succeeded at 1321 (offset 337 lines). Hunk #6 succeeded at 1548 (offset 337 lines). Hunk #7 succeeded at 1615 (offset 337 lines). Hunk #8 succeeded at 1309 (offset 1 line). Hunk #9 failed at 1327. Hunk #10 succeeded at 1692 (offset 337 lines). Hunk #11 succeeded at 1374 (offset 1 line). Hunk #12 succeeded at 1722 (offset 337 lines). Hunk #13 succeeded at 1418 (offset 1 line). Hunk #14 failed at 1487. Hunk #15 succeeded at 1842 (offset 339 lines). Hunk #16 succeeded at 1552 (offset 1 line). 2 out of 16 hunks failed--saving rejects to bin/pax/tables.c.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: bin/pax/tables.h |=================================================================== |RCS file: /cvs/src/bin/pax/tables.h,v |retrieving revision 1.14 |diff -u -p -r1.14 tables.h |--- bin/pax/tables.h 21 Feb 2015 22:48:23 -0000 1.14 |+++ bin/pax/tables.h 30 Apr 2015 05:13:07 -0000 -------------------------- Patching file bin/pax/tables.h using Plan A... Hunk #1 succeeded at 50. Hunk #2 succeeded at 144. Hunk #3 succeeded at 159. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |Index: bin/pax/tar.c |=================================================================== |RCS file: /cvs/src/bin/pax/tar.c,v |retrieving revision 1.55 |diff -u -p -r1.55 tar.c |--- bin/pax/tar.c 21 Feb 2015 22:48:23 -0000 1.55 |+++ bin/pax/tar.c 30 Apr 2015 05:13:07 -0000 -------------------------- Patching file bin/pax/tar.c using Plan A... Hunk #1 succeeded at 58. Hunk #2 succeeded at 734. Hunk #3 succeeded at 746. Hunk #4 succeeded at 1204 (offset -1 lines). Hunk #5 succeeded at 1290 (offset -1 lines). Hmm... Ignoring the trailing garbage. done # cd /usr/src/bin/pax # make obj /usr/src/bin/pax/obj -> /usr/obj/bin/pax # make cc -O2 -pipe -Werror-implicit-function-declaration -c /usr/src/bin/pax/ar_io.c In file included from /usr/src/bin/pax/ar_io.c:51: /usr/src/bin/pax/pax.h:237: error: redefinition of 'struct file_times' /usr/src/bin/pax/pax.h:251: error: redefinition of 'struct file_times' *** Error 1 in /usr/src/bin/pax (<sys.mk>:87 'ar_io.o')
