OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 05-Mar-2006 19:53:57 Branch: HEAD Handle: 2006030518535600 Modified files: openpkg-src/tar tar.patch tar.spec Log: Security Fixes (CVE-2006-0300) Summary: Revision Changes Path 1.11 +127 -0 openpkg-src/tar/tar.patch 1.50 +1 -1 openpkg-src/tar/tar.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/tar/tar.patch ============================================================================ $ cvs diff -u -r1.10 -r1.11 tar.patch --- openpkg-src/tar/tar.patch 31 Jan 2005 20:37:23 -0000 1.10 +++ openpkg-src/tar/tar.patch 5 Mar 2006 18:53:56 -0000 1.11 @@ -92,3 +92,130 @@ if (size < 0) { readlink_diag (p); + +----------------------------------------------------------------------------- + +Security Fixes (CVE-2006-0300) + +Index: src/xheader.c +--- src/xheader.c.orig 2006-03-05 09:35:35 +0100 ++++ src/xheader.c 2006-03-05 09:38:10 +0100 +@@ -784,6 +784,32 @@ + xheader_print (xhdr, keyword, sbuf); + } + ++static bool ++decode_num (uintmax_t *num, char const *arg, uintmax_t maxval, ++ char const *keyword) ++{ ++ uintmax_t u; ++ char *arg_lim; ++ ++ if (! (ISDIGIT (*arg) ++ && (errno = 0, xstrtoumax (arg, &arg_lim, 10, &u, ""), !*arg_lim))) ++ { ++ ERROR ((0, 0, _("Malformed extended header: invalid %s=%s"), ++ keyword, arg)); ++ return false; ++ } ++ ++ if (! (u <= maxval && errno != ERANGE)) ++ { ++ ERROR ((0, 0, _("Extended header %s=%s is out of range"), ++ keyword, arg)); ++ return false; ++ } ++ ++ *num = u; ++ return true; ++} ++ + static void + dummy_coder (struct tar_stat_info const *st __attribute__ ((unused)), + char const *keyword __attribute__ ((unused)), +@@ -822,7 +848,7 @@ + gid_decoder (struct tar_stat_info *st, char const *arg) + { + uintmax_t u; +- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) ++ if (decode_num (&u, arg, TYPE_MAXIMUM (gid_t), "gid")) + st->stat.st_gid = u; + } + +@@ -904,7 +930,7 @@ + size_decoder (struct tar_stat_info *st, char const *arg) + { + uintmax_t u; +- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) ++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "size")) + st->archive_file_size = st->stat.st_size = u; + } + +@@ -919,7 +945,7 @@ + uid_decoder (struct tar_stat_info *st, char const *arg) + { + uintmax_t u; +- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) ++ if (decode_num (&u, arg, TYPE_MAXIMUM (uid_t), "uid")) + st->stat.st_uid = u; + } + +@@ -947,7 +973,7 @@ + sparse_size_decoder (struct tar_stat_info *st, char const *arg) + { + uintmax_t u; +- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) ++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.size")) + st->stat.st_size = u; + } + +@@ -963,10 +989,10 @@ + sparse_numblocks_decoder (struct tar_stat_info *st, char const *arg) + { + uintmax_t u; +- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) ++ if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numblocks")) + { + st->sparse_map_size = u; +- st->sparse_map = calloc(st->sparse_map_size, sizeof(st->sparse_map[0])); ++ st->sparse_map = xcalloc (u, sizeof st->sparse_map[0]); + st->sparse_map_avail = 0; + } + } +@@ -983,8 +1009,14 @@ + sparse_offset_decoder (struct tar_stat_info *st, char const *arg) + { + uintmax_t u; +- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) ++ if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.offset")) ++ { ++ if (st->sparse_map_avail < st->sparse_map_size) + st->sparse_map[st->sparse_map_avail].offset = u; ++ else ++ ERROR ((0, 0, _("Malformed extended header: excess %s=%s"), ++ "GNU.sparse.offset", arg)); ++ } + } + + static void +@@ -999,15 +1031,13 @@ + sparse_numbytes_decoder (struct tar_stat_info *st, char const *arg) + { + uintmax_t u; +- if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK) ++ if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numbytes")) + { + if (st->sparse_map_avail == st->sparse_map_size) +- { +- st->sparse_map_size *= 2; +- st->sparse_map = xrealloc (st->sparse_map, +- st->sparse_map_size +- * sizeof st->sparse_map[0]); +- } ++ st->sparse_map = x2nrealloc (st->sparse_map, ++ &st->sparse_map_size, ++ sizeof st->sparse_map[0]); ++ + st->sparse_map[st->sparse_map_avail++].numbytes = u; + } + } @@ . patch -p0 <<'@@ .' Index: openpkg-src/tar/tar.spec ============================================================================ $ cvs diff -u -r1.49 -r1.50 tar.spec --- openpkg-src/tar/tar.spec 1 Jan 2006 13:23:01 -0000 1.49 +++ openpkg-src/tar/tar.spec 5 Mar 2006 18:53:56 -0000 1.50 @@ -33,7 +33,7 @@ Group: Archiver License: GPL Version: 1.15.1 -Release: 20050131 +Release: 20060305 # list of sources Source0: ftp://ftp.gnu.org/gnu/tar/tar-%{version}.tar.gz @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org