Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.2.git;a=commitdiff;h=56dc8b83b2af45a2a2cce619a64e6dbfeaedd0cb
commit 56dc8b83b2af45a2a2cce619a64e6dbfeaedd0cb Author: Miklos Vajna <vmik...@frugalware.org> Date: Tue Mar 9 00:20:38 2010 +0100 xar-1.5.2-2locris1-i686 - add CVE-2010-0055.patch - closes #4128 (cherry picked from commit 8f360e92c970da92767c452b82622b60ec061e32) diff --git a/source/apps-extra/xar/CVE-2010-0055.patch b/source/apps-extra/xar/CVE-2010-0055.patch new file mode 100644 index 0000000..8be4389 --- /dev/null +++ b/source/apps-extra/xar/CVE-2010-0055.patch @@ -0,0 +1,49 @@ +Index: xar/lib/archive.c +=================================================================== +--- xar/lib/archive.c (revision 224) ++++ xar/lib/archive.c (revision 225) +@@ -330,6 +330,44 @@ + + EVP_DigestFinal(&XAR(ret)->toc_ctx, toccksum, &tlen); + ++ const char *value; ++ uint64_t offset = 0; ++ uint64_t length = tlen; ++ if( xar_prop_get( XAR_FILE(ret) , "checksum/offset", &value) == 0 ) { ++ errno = 0; ++ offset = strtoull( value, (char **)NULL, 10); ++ if( errno != 0 ) { ++ xar_close(ret); ++ return NULL; ++ } ++ } else if( xar_signature_first(ret) != NULL ) { ++ // All archives that have a signature also specify the location ++ // of the checksum. If the location isn't specified, error out. ++ xar_close(ret); ++ return NULL; ++ } ++ ++ XAR(ret)->heap_offset = xar_get_heap_offset(ret) + offset; ++ if( lseek(XAR(ret)->fd, XAR(ret)->heap_offset, SEEK_SET) == -1 ) { ++ xar_close(ret); ++ return NULL; ++ } ++ if( xar_prop_get( XAR_FILE(ret) , "checksum/size", &value) == 0 ) { ++ errno = 0; ++ length = strtoull( value, (char **)NULL, 10); ++ if( errno != 0 ) { ++ xar_close(ret); ++ return NULL; ++ } ++ } else if( xar_signature_first(ret) != NULL ) { ++ xar_close(ret); ++ return NULL; ++ } ++ if( length != tlen ) { ++ xar_close(ret); ++ return NULL; ++ } ++ + xar_read_fd(XAR(ret)->fd, cval, tlen); + XAR(ret)->heap_offset += tlen; + if( memcmp(cval, toccksum, tlen) != 0 ) { diff --git a/source/apps-extra/xar/FrugalBuild b/source/apps-extra/xar/FrugalBuild index 3c7948b..0fb83fa 100644 --- a/source/apps-extra/xar/FrugalBuild +++ b/source/apps-extra/xar/FrugalBuild @@ -3,14 +3,21 @@ pkgname=xar pkgver=1.5.2 -pkgrel=1 +pkgrel=2locris1 pkgdesc="eXtensible ARchiver" Finclude googlecode depends=('libxml2' 'openssl' 'zlib' 'bzip2') groups=('apps-extra') archs=('i686' 'x86_64') up2date="Flasttar $url/downloads/list" # up2date from Finclude googlecode does not work :/ -sha1sums=('eb411a92167387aa5d06a81970f7e929ec3087c9') -Fconfopts="${fconfop...@]} --prefix=$Fdestdir/usr" +source=($source CVE-2010-0055.patch) +sha1sums=('eb411a92167387aa5d06a81970f7e929ec3087c9' \ + '984835c3d232d83a84bbb08f2abe11be08bcb72e') + +build() +{ + Fmake --host=$CARCH-frugalware-linux-gnu + Fmakeinstall DESTDIR=$Fdestdir +} # optimization OK _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git