[arch-commits] Commit in tar/trunk (PKGBUILD tar-1.22-fortifysourcessigabrt.patch)
Allan McRae
allan at archlinux.org
Sat May 22 11:23:58 UTC 2010
Date: Saturday, May 22, 2010 @ 07:23:58
Author: allan
Revision: 80798
upgpkg: tar 1.23-2
patch to fix buffer overflow
Added:
tar/trunk/tar-1.22-fortifysourcessigabrt.patch
Modified:
tar/trunk/PKGBUILD
--------------------------------------+
PKGBUILD | 11 +++++++----
tar-1.22-fortifysourcessigabrt.patch | 32 ++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+), 4 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2010-05-22 10:22:59 UTC (rev 80797)
+++ PKGBUILD 2010-05-22 11:23:58 UTC (rev 80798)
@@ -4,7 +4,7 @@
pkgname=tar
pkgver=1.23
-pkgrel=1
+pkgrel=2
pkgdesc="Utility used to store, backup, and transport files"
arch=('i686' 'x86_64')
url="http://www.gnu.org/software/tar/tar.html"
@@ -13,9 +13,12 @@
depends=('glibc' 'sh')
options=('!emptydirs')
install=tar.install
-source=(ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.bz2 tar.1)
+source=(ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.bz2
+ tar.1
+ tar-1.22-fortifysourcessigabrt.patch)
md5sums=('41e2ca4b924ec7860e51b43ad06cdb7e'
- 'e0538778516a284e3558c454b2576c2f')
+ 'e0538778516a284e3558c454b2576c2f'
+ 'ab85070f3b950789900adfbaac3b28da')
build() {
cd ${srcdir}/$pkgname-$pkgver
@@ -26,5 +29,5 @@
package() {
cd ${srcdir}/$pkgname-$pkgver
make DESTDIR=${pkgdir} install
- install -D -m644 ../tar.1 ${pkgdir}/usr/share/man/man1/tar.1
+ install -Dm644 ${srcdir}/tar.1 ${pkgdir}/usr/share/man/man1/tar.1
}
Added: tar-1.22-fortifysourcessigabrt.patch
===================================================================
--- tar-1.22-fortifysourcessigabrt.patch (rev 0)
+++ tar-1.22-fortifysourcessigabrt.patch 2010-05-22 11:23:58 UTC (rev 80798)
@@ -0,0 +1,32 @@
+diff -urNp tar-1.22-orig/src/create.c tar-1.22/src/create.c
+--- tar-1.22-orig/src/create.c 2009-07-09 18:38:37.000000000 +0200
++++ tar-1.22/src/create.c 2009-07-09 18:43:44.000000000 +0200
+@@ -578,7 +578,10 @@ write_gnu_long_link (struct tar_stat_inf
+ GNAME_TO_CHARS (tmpname, header->header.gname);
+ free (tmpname);
+
+- strcpy (header->header.magic, OLDGNU_MAGIC);
++ /* OLDGNU_MAGIC is string with 7 chars + NULL */
++ strncpy (header->header.magic, OLDGNU_MAGIC, sizeof(header->header.magic));
++ strncpy (header->header.version, OLDGNU_MAGIC+sizeof(header->header.magic),
++ sizeof(header->header.version));
+ header->header.typeflag = type;
+ finish_header (st, header, -1);
+
+@@ -908,9 +911,13 @@ start_header (struct tar_stat_info *st)
+ break;
+
+ case OLDGNU_FORMAT:
+- case GNU_FORMAT: /*FIXME?*/
+- /* Overwrite header->header.magic and header.version in one blow. */
+- strcpy (header->header.magic, OLDGNU_MAGIC);
++ case GNU_FORMAT:
++ /* OLDGNU_MAGIC is string with 7 chars + NULL */
++ strncpy (header->header.magic, OLDGNU_MAGIC,
++ sizeof(header->header.magic));
++ strncpy (header->header.version,
++ OLDGNU_MAGIC+sizeof(header->header.magic),
++ sizeof(header->header.version));
+ break;
+
+ case POSIX_FORMAT:
More information about the arch-commits
mailing list