Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.2.git;a=commitdiff;h=56dc8b83b2af45a2a2cce619a64e6dbfeaedd0cb
commit 56dc8b83b2af45a2a2cce619a64e6dbfeaedd0cb
Author: Miklos Vajna <vmik...@frugalware.org>
Date: Tue Mar 9 00:20:38 2010 +0100
xar-1.5.2-2locris1-i686
- add CVE-2010-0055.patch
- closes #4128
(cherry picked from commit 8f360e92c970da92767c452b82622b60ec061e32)
diff --git a/source/apps-extra/xar/CVE-2010-0055.patch
b/source/apps-extra/xar/CVE-2010-0055.patch
new file mode 100644
index 0000000..8be4389
--- /dev/null
+++ b/source/apps-extra/xar/CVE-2010-0055.patch
@@ -0,0 +1,49 @@
+Index: xar/lib/archive.c
+===================================================================
+--- xar/lib/archive.c (revision 224)
++++ xar/lib/archive.c (revision 225)
+@@ -330,6 +330,44 @@
+
+ EVP_DigestFinal(&XAR(ret)->toc_ctx, toccksum, &tlen);
+
++ const char *value;
++ uint64_t offset = 0;
++ uint64_t length = tlen;
++ if( xar_prop_get( XAR_FILE(ret) , "checksum/offset", &value) ==
0 ) {
++ errno = 0;
++ offset = strtoull( value, (char **)NULL, 10);
++ if( errno != 0 ) {
++ xar_close(ret);
++ return NULL;
++ }
++ } else if( xar_signature_first(ret) != NULL ) {
++ // All archives that have a signature also specify the
location
++ // of the checksum. If the location isn't specified,
error out.
++ xar_close(ret);
++ return NULL;
++ }
++
++ XAR(ret)->heap_offset = xar_get_heap_offset(ret) + offset;
++ if( lseek(XAR(ret)->fd, XAR(ret)->heap_offset, SEEK_SET) == -1
) {
++ xar_close(ret);
++ return NULL;
++ }
++ if( xar_prop_get( XAR_FILE(ret) , "checksum/size", &value) == 0
) {
++ errno = 0;
++ length = strtoull( value, (char **)NULL, 10);
++ if( errno != 0 ) {
++ xar_close(ret);
++ return NULL;
++ }
++ } else if( xar_signature_first(ret) != NULL ) {
++ xar_close(ret);
++ return NULL;
++ }
++ if( length != tlen ) {
++ xar_close(ret);
++ return NULL;
++ }
++
+ xar_read_fd(XAR(ret)->fd, cval, tlen);
+ XAR(ret)->heap_offset += tlen;
+ if( memcmp(cval, toccksum, tlen) != 0 ) {
diff --git a/source/apps-extra/xar/FrugalBuild
b/source/apps-extra/xar/FrugalBuild
index 3c7948b..0fb83fa 100644
--- a/source/apps-extra/xar/FrugalBuild
+++ b/source/apps-extra/xar/FrugalBuild
@@ -3,14 +3,21 @@
pkgname=xar
pkgver=1.5.2
-pkgrel=1
+pkgrel=2locris1
pkgdesc="eXtensible ARchiver"
Finclude googlecode
depends=('libxml2' 'openssl' 'zlib' 'bzip2')
groups=('apps-extra')
archs=('i686' 'x86_64')
up2date="Flasttar $url/downloads/list" # up2date from Finclude googlecode does
not work :/
-sha1sums=('eb411a92167387aa5d06a81970f7e929ec3087c9')
-Fconfopts="${fconfop...@]} --prefix=$Fdestdir/usr"
+source=($source CVE-2010-0055.patch)
+sha1sums=('eb411a92167387aa5d06a81970f7e929ec3087c9' \
+ '984835c3d232d83a84bbb08f2abe11be08bcb72e')
+
+build()
+{
+ Fmake --host=$CARCH-frugalware-linux-gnu
+ Fmakeinstall DESTDIR=$Fdestdir
+}
# optimization OK
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git
