[arch-commits] Commit in tar/trunk (PKGBUILD tar-1.22-fortifysourcessigabrt.patch)

Allan McRae allan at archlinux.org
Sat May 22 11:23:58 UTC 2010 

    Date: Saturday, May 22, 2010 @ 07:23:58
  Author: allan
Revision: 80798

upgpkg: tar 1.23-2
patch to fix buffer overflow

Added:
  tar/trunk/tar-1.22-fortifysourcessigabrt.patch
Modified:
  tar/trunk/PKGBUILD

--------------------------------------+
 PKGBUILD                             |   11 +++++++----
 tar-1.22-fortifysourcessigabrt.patch |   32 ++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 4 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2010-05-22 10:22:59 UTC (rev 80797)
+++ PKGBUILD	2010-05-22 11:23:58 UTC (rev 80798)
@@ -4,7 +4,7 @@
 
 pkgname=tar
 pkgver=1.23
-pkgrel=1
+pkgrel=2
 pkgdesc="Utility used to store, backup, and transport files"
 arch=('i686' 'x86_64')
 url="http://www.gnu.org/software/tar/tar.html"
@@ -13,9 +13,12 @@
 depends=('glibc' 'sh')
 options=('!emptydirs')
 install=tar.install
-source=(ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.bz2 tar.1)
+source=(ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.bz2
+        tar.1
+        tar-1.22-fortifysourcessigabrt.patch)
 md5sums=('41e2ca4b924ec7860e51b43ad06cdb7e'
-         'e0538778516a284e3558c454b2576c2f')
+         'e0538778516a284e3558c454b2576c2f'
+         'ab85070f3b950789900adfbaac3b28da')
 
 build() {
   cd ${srcdir}/$pkgname-$pkgver
@@ -26,5 +29,5 @@
 package() {
   cd ${srcdir}/$pkgname-$pkgver
   make DESTDIR=${pkgdir} install
-  install -D -m644 ../tar.1 ${pkgdir}/usr/share/man/man1/tar.1
+  install -Dm644 ${srcdir}/tar.1 ${pkgdir}/usr/share/man/man1/tar.1
 }

Added: tar-1.22-fortifysourcessigabrt.patch
===================================================================
--- tar-1.22-fortifysourcessigabrt.patch	                        (rev 0)
+++ tar-1.22-fortifysourcessigabrt.patch	2010-05-22 11:23:58 UTC (rev 80798)
@@ -0,0 +1,32 @@
+diff -urNp tar-1.22-orig/src/create.c tar-1.22/src/create.c
+--- tar-1.22-orig/src/create.c	2009-07-09 18:38:37.000000000 +0200
++++ tar-1.22/src/create.c	2009-07-09 18:43:44.000000000 +0200
+@@ -578,7 +578,10 @@ write_gnu_long_link (struct tar_stat_inf
+   GNAME_TO_CHARS (tmpname, header->header.gname);
+   free (tmpname);
+ 
+-  strcpy (header->header.magic, OLDGNU_MAGIC);
++  /* OLDGNU_MAGIC is string with 7 chars + NULL */
++  strncpy (header->header.magic, OLDGNU_MAGIC, sizeof(header->header.magic));
++  strncpy (header->header.version, OLDGNU_MAGIC+sizeof(header->header.magic),
++           sizeof(header->header.version));
+   header->header.typeflag = type;
+   finish_header (st, header, -1);
+ 
+@@ -908,9 +911,13 @@ start_header (struct tar_stat_info *st)
+       break;
+ 
+     case OLDGNU_FORMAT:
+-    case GNU_FORMAT:   /*FIXME?*/
+-      /* Overwrite header->header.magic and header.version in one blow.  */
+-      strcpy (header->header.magic, OLDGNU_MAGIC);
++    case GNU_FORMAT:
++      /* OLDGNU_MAGIC is string with 7 chars + NULL */
++      strncpy (header->header.magic, OLDGNU_MAGIC,
++               sizeof(header->header.magic));
++      strncpy (header->header.version,
++               OLDGNU_MAGIC+sizeof(header->header.magic),
++               sizeof(header->header.version));
+       break;
+ 
+     case POSIX_FORMAT:

More information about the arch-commits mailing list