diff options
author | Ben Lutgens <lamer@gentoo.org> | 2001-07-12 19:43:49 +0000 |
---|---|---|
committer | Ben Lutgens <lamer@gentoo.org> | 2001-07-12 19:43:49 +0000 |
commit | ecdb58b09896ef22fd4ffe45b6a2a51a9b60c837 (patch) | |
tree | 903bbed15c508f003253726c818d51f22cfa5bed | |
parent | fixed doc installs. (diff) | |
download | gentoo-2-ecdb58b09896ef22fd4ffe45b6a2a51a9b60c837.tar.gz gentoo-2-ecdb58b09896ef22fd4ffe45b6a2a51a9b60c837.tar.bz2 gentoo-2-ecdb58b09896ef22fd4ffe45b6a2a51a9b60c837.zip |
Some security fixes and some touch ups. tar and unzip are both prone to
undesirable directory traversal (nothing like leaving .. unlinked *shudder*) I
package.masked unzip-5.42 since thier server is busted and I can't test it yet.
http://www.security.nnov.ru/advisories <-- is the advisories. rar is also
suceptible. Remeber you should run archivers under a privleged UID.
-rw-r--r-- | app-arch/unzip/files/unzip-5.42.patch | 31 | ||||
-rw-r--r-- | app-arch/unzip/unzip-5.42.ebuild | 40 | ||||
-rw-r--r-- | gnome-apps/gnome-pilot/gnome-pilot-0.1.54.ebuild | 7 | ||||
-rw-r--r-- | gnome-extra/gnome-pilot/gnome-pilot-0.1.54.ebuild | 7 | ||||
-rw-r--r-- | net-misc/x11-ssh-askpass/x11-ssh-askpass-1.2.2.ebuild | 4 | ||||
-rw-r--r-- | profiles/package.mask | 2 | ||||
-rw-r--r-- | sys-apps/tar/files/digest-tar-1.13.19 | 1 | ||||
-rw-r--r-- | sys-apps/tar/files/tar-1.13.19.patch | 40 | ||||
-rw-r--r-- | sys-apps/tar/tar-1.13.19.ebuild | 61 |
9 files changed, 182 insertions, 11 deletions
diff --git a/app-arch/unzip/files/unzip-5.42.patch b/app-arch/unzip/files/unzip-5.42.patch new file mode 100644 index 000000000000..a39d3c7d137e --- /dev/null +++ b/app-arch/unzip/files/unzip-5.42.patch @@ -0,0 +1,31 @@ +*** extract.orig Sun Jan 14 00:40:20 2001 +--- extract.c Mon Jul 9 14:45:42 2001 +*************** +*** 154,159 **** +--- 154,161 ---- + #ifndef WINDLL + static ZCONST char Far ReplaceQuery[] = + "replace %s? [y]es, [n]o, [A]ll, [N]one, [r]ename: "; ++ static ZCONST char Far TraversalWarning[] = ++ "%s skipped because of directory traversal\n"; + static ZCONST char Far AssumeNone[] = " NULL\n(assuming [N]one)\n"; + static ZCONST char Far NewNameQuery[] = "new name: "; + static ZCONST char Far InvalidResponse[] = "error: invalid response [%c]\n"; +*************** +*** 877,882 **** +--- 879,893 ---- + } /* end switch (*answerbuf) */ + #endif /* ?WINDLL */ + } /* end if (query) */ ++ if(*__G__ G.filename=='/' || !strncmp(__G__ G.filename, "../", 3) ++ || strstr(__G__ G.filename,"/../")){ ++ skip_entry = SKIP_Y_EXISTING; ++ #ifndef WINDLL ++ Info(slide, 0x81, ((char *)slide, ++ LoadFarString(TraversalWarning), ++ FnFilter1(G.filename))); ++ #endif ++ } + if (skip_entry != SKIP_NO) { + #ifdef WINDLL + if (skip_entry == SKIP_Y_EXISTING) { diff --git a/app-arch/unzip/unzip-5.42.ebuild b/app-arch/unzip/unzip-5.42.ebuild new file mode 100644 index 000000000000..eddd5e509403 --- /dev/null +++ b/app-arch/unzip/unzip-5.42.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2000 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or later +# Author Achim Gottinger <achim@gentoo.org> +# $Header: /var/cvsroot/gentoo-x86/app-arch/unzip/unzip-5.42.ebuild,v 1.1 2001/07/12 19:43:49 lamer Exp $ + +A=unzip542.tar.gz +S=${WORKDIR}/${P} +DESCRIPTION="Unzipper for pkzip-compressed files" +SRC_URI="ftp://ftp.freesoftware.com/pub/infozip/src/${A}" +HOMEPAGE="ftp://ftp.info-zip.org/pub/infozip/UnZip.html" + +DEPEND="virtual/glibc" + +src_unpack() { + unpack ${A} + cd ${S} + patch -p0 < ${FILEDIR}/unzip-5.42.patch +} + + +src_compile() { + + cp unix/Makefile unix/Makefile.orig + sed -e "s:-O3:${CFLAGS}:" unix/Makefile.orig > unix/Makefile + + try make -f unix/Makefile linux + +} + +src_install() { + + dobin unzip funzip unzipsfx unix/zipgrep + doman man/*.1 + dodoc BUGS COPYING History* LICENSE README ToDo WHERE + + +} + + + diff --git a/gnome-apps/gnome-pilot/gnome-pilot-0.1.54.ebuild b/gnome-apps/gnome-pilot/gnome-pilot-0.1.54.ebuild index 938b545287a7..3b5b2b05b2e1 100644 --- a/gnome-apps/gnome-pilot/gnome-pilot-0.1.54.ebuild +++ b/gnome-apps/gnome-pilot/gnome-pilot-0.1.54.ebuild @@ -1,7 +1,7 @@ # Copyright 1999-2000 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License, v2 or later # Author Your Name <your email> -# $Header: /var/cvsroot/gentoo-x86/gnome-apps/gnome-pilot/gnome-pilot-0.1.54.ebuild,v 1.1 2001/06/28 14:52:27 lamer Exp $ +# $Header: /var/cvsroot/gentoo-x86/gnome-apps/gnome-pilot/gnome-pilot-0.1.54.ebuild,v 1.2 2001/07/12 19:43:49 lamer Exp $ #P= A=${P}.tar.gz @@ -13,12 +13,11 @@ HOMEPAGE="http://www.gnome.org/gnome-pilot/" DEPEND=">=gnome-base/gnome-core-1.4.0.4 >=gnome-base/gnome-env-1.0 >=gnome-base/control-center-1.4.0.1 - >=dev-libs/pilot-link-0.9.3" + >=dev-libs/pilot-link-0.9.5" src_compile() { - try ./configure --prefix=/opt/gnome --with-oaf\ - --with-gnome-libs=/opt/gnome/lib\ + try ./configure --prefix=/opt/gnome --with-gnome-libs=/opt/gnome/lib\ --sysconfdir=/etc/opt/gnome --enable-usb-visor=yes --host=${CHOST} try make diff --git a/gnome-extra/gnome-pilot/gnome-pilot-0.1.54.ebuild b/gnome-extra/gnome-pilot/gnome-pilot-0.1.54.ebuild index 16a328b4d21d..1279c0703b63 100644 --- a/gnome-extra/gnome-pilot/gnome-pilot-0.1.54.ebuild +++ b/gnome-extra/gnome-pilot/gnome-pilot-0.1.54.ebuild @@ -1,7 +1,7 @@ # Copyright 1999-2000 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License, v2 or later # Author Your Name <your email> -# $Header: /var/cvsroot/gentoo-x86/gnome-extra/gnome-pilot/gnome-pilot-0.1.54.ebuild,v 1.1 2001/06/28 14:52:27 lamer Exp $ +# $Header: /var/cvsroot/gentoo-x86/gnome-extra/gnome-pilot/gnome-pilot-0.1.54.ebuild,v 1.2 2001/07/12 19:43:49 lamer Exp $ #P= A=${P}.tar.gz @@ -13,12 +13,11 @@ HOMEPAGE="http://www.gnome.org/gnome-pilot/" DEPEND=">=gnome-base/gnome-core-1.4.0.4 >=gnome-base/gnome-env-1.0 >=gnome-base/control-center-1.4.0.1 - >=dev-libs/pilot-link-0.9.3" + >=dev-libs/pilot-link-0.9.5" src_compile() { - try ./configure --prefix=/opt/gnome --with-oaf\ - --with-gnome-libs=/opt/gnome/lib\ + try ./configure --prefix=/opt/gnome --with-gnome-libs=/opt/gnome/lib\ --sysconfdir=/etc/opt/gnome --enable-usb-visor=yes --host=${CHOST} try make diff --git a/net-misc/x11-ssh-askpass/x11-ssh-askpass-1.2.2.ebuild b/net-misc/x11-ssh-askpass/x11-ssh-askpass-1.2.2.ebuild index e44bc4627e84..b4b1c826e51a 100644 --- a/net-misc/x11-ssh-askpass/x11-ssh-askpass-1.2.2.ebuild +++ b/net-misc/x11-ssh-askpass/x11-ssh-askpass-1.2.2.ebuild @@ -15,8 +15,8 @@ RDEPEND=">=net-misc/openssh-2.3.0 virtual/x11" src_compile() { try ./configure --prefix=/usr --libexecdir=/usr/lib/misc try xmkmf - try make includes - try make + try make $MAKEOPTS includes + try make } diff --git a/profiles/package.mask b/profiles/package.mask index 8b6f38e1ec31..f385d3297618 100644 --- a/profiles/package.mask +++ b/profiles/package.mask @@ -49,7 +49,7 @@ app-editors/gtk-xemacs >=media-libs/freetype-2.0.4 >=dev-db/unixODBC-2.0.8 =sys-devel/spython-2.0-r5 - +=app-arch/unzip-5.42 #OK, I assume that the XFS in 2.4.4-r5 is hosed; alkaline? =sys-kernel/linux-sources-2.4.4-r5 diff --git a/sys-apps/tar/files/digest-tar-1.13.19 b/sys-apps/tar/files/digest-tar-1.13.19 new file mode 100644 index 000000000000..5c266195c6f9 --- /dev/null +++ b/sys-apps/tar/files/digest-tar-1.13.19 @@ -0,0 +1 @@ +MD5 ff10ade59f5b312869ffb2f229177e14 tar-1.13.19.tar.gz diff --git a/sys-apps/tar/files/tar-1.13.19.patch b/sys-apps/tar/files/tar-1.13.19.patch new file mode 100644 index 000000000000..26c0d63bedc1 --- /dev/null +++ b/sys-apps/tar/files/tar-1.13.19.patch @@ -0,0 +1,40 @@ +*** misc.c.orig Sat Jan 13 08:59:29 2001 +--- misc.c Mon Jul 9 15:45:09 2001 +*************** +*** 201,217 **** + { + char const *p = name + FILESYSTEM_PREFIX_LEN (name); + + for (;;) + { +! if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2])) + return 1; + + do + { +! if (! *p++) + return 0; + } +! while (! ISSLASH (*p)); + } + } + +--- 201,218 ---- + { + char const *p = name + FILESYSTEM_PREFIX_LEN (name); + ++ if(ISSLASH (*p) ) return 1; + for (;;) + { +! if (p[0] == '.' && p[1] == '.' && (!p[2] || ISSLASH (p[2]))) + return 1; + + do + { +! if (! *p) + return 0; + } +! while (! ISSLASH (*p++)); + } + } + diff --git a/sys-apps/tar/tar-1.13.19.ebuild b/sys-apps/tar/tar-1.13.19.ebuild new file mode 100644 index 000000000000..cd32405d9a99 --- /dev/null +++ b/sys-apps/tar/tar-1.13.19.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2000 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or later +# Author Achim Gottinger <achim@gentoo.org> +# $Header: /var/cvsroot/gentoo-x86/sys-apps/tar/tar-1.13.19.ebuild,v 1.1 2001/07/12 19:43:49 lamer Exp $ + +A=${P}.tar.gz +S=${WORKDIR}/${P} + +DESCRIPTION="Use this to try make tarballs :)" +SRC_URI="ftp://alpha.gnu.org/gnu/tar/"${A} +HOMEPAGE="http://www.gnu.org/software/tar/" + +DEPEND="virtual/glibc + nls? ( sys-devel/gettext-0.10.35 )" + +RDEPEND="virtual/glibc" + +src_unpack() { + unpack ${A} + cd ${S}/src + patch -p0 < ${FILESDIR}/tar-1.13.19.patch +} + +src_compile() { + + local myconf + if [ -z "`use nls`" ] + then + myconf="--disable-nls" + fi + try ./configure --prefix=/usr --bindir=/bin --libexecdir=/usr/lib/misc \ + --infodir=/usr/share/info --host=${CHOST} ${myconf} + + if [ -z "`use static`" ] + then + try make ${MAKEOPTS} + else + try make ${MAKEOPTS} LDFLAGS=-static + fi +} + +src_install() { + try make DESTDIR=${D} install + #FHS 2.1 stuff + dodir /usr/sbin + cd ${D} + mv usr/lib/misc/rmt usr/sbin/rmt.gnu + dosym rmt.gnu /usr/sbin/rmt + if [ -z "`use build`" ] + then + dodoc AUTHORS ChangeLog* COPYING NEWS README* PORTS THANKS + + #we're using Schilly's enhanced rmt command included with star +# rm -rf ${D}/usr/lib + else + rm -rf ${D}/usr/share/info + fi + +} + + |