Subversion Repositories libtar

Compare Revisions

Ignore whitespace Rev 26 → Rev 6

/trunk/debian/control
2,12 → 2,9
Section: libs
Priority: optional
Maintainer: Magnus Holmgren <holmgren@debian.org>
Build-Depends: dpkg-dev (>= 1.15.7), debhelper (>= 7), dh-autoreconf,
autoconf, libtool
Standards-Version: 3.9.5
Build-Depends: debhelper (>= 7), dh-autoreconf, autoconf, libtool
Standards-Version: 3.9.2
Homepage: http://www.feep.net/libtar/
Vcs-Browser: http://svn.kibibyte.se/libtar
Vcs-Svn: svn://svn.kibibyte.se/libtar/trunk
 
Package: libtar-dev
Architecture: any
/trunk/debian/changelog
1,52 → 1,3
libtar (1.2.20-2) unstable; urgency=low
 
* no_static_buffers.patch: avoid using a static buffer in
th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch.
* maxpathlen.patch: Fix FTBFS on Hurd by dynamically allocating path
names (Closes: #657116). Thanks to Svante Signell and Petter
Reinholdtsen.
* [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any
pathname prefix containing ".." components (Closes: #731860). This is
done in th_get_pathname() (as well as to symlink targets when
extracting symlinks), not merely when extracting files, which means
applications calling that function will not see the stored
filename. There is no way to disable this behaviour, but it can be
expected that one will be provided when the issue is solved upstream.
* Bump Standards-Version to 3.9.5.
 
-- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 21:49:37 +0100
 
libtar (1.2.20-1) unstable; urgency=high
 
* [SECURITY] New upstream release. Fixes CVE-2013-4397: Integer
overflow (Closes: #725938).
* Bump Standards-Version to 3.9.4.
 
-- Magnus Holmgren <holmgren@debian.org> Thu, 10 Oct 2013 19:20:49 +0200
 
libtar (1.2.19-1) unstable; urgency=low
 
* New upstream release.
 
-- Magnus Holmgren <holmgren@debian.org> Sun, 05 May 2013 17:59:29 +0200
 
libtar (1.2.16-1) unstable; urgency=low
 
* New upstream: Chris Frey has stepped up with the consent of the
original author, Mark Roth, and published an "official unofficial" git
repo at http://repo.or.cz/w/libtar.git, which I will use for the time
being.
* Updated debian/watch to look for tags and corresponding snapshot
tarballs at above URL.
* All patches have been incorporated or (in the case of
autoreconf.patch) made obsolete upstream.
* debian/rules: Add build-indep and build-arch targets.
* Updated debian/copyright.
* Use dpkg-buildflags to set CFLAGS et al.
* debian/control: Add VCS fields; bump Standards-Version to 3.9.3.
 
-- Magnus Holmgren <holmgren@debian.org> Sat, 23 Jun 2012 01:03:41 +0200
 
libtar (1.2.11-8) unstable; urgency=low
 
* libtool.patch: Set SHELL to the configured shell in those Makefile.in
/trunk/debian/patches/no_static_buffers.patch
File deleted
/trunk/debian/patches/no_maxpathlen.patch
File deleted
/trunk/debian/patches/CVE-2013-4420.patch
File deleted
/trunk/debian/patches/man_hyphen_minus.patch
0,0 → 1,102
Description: Escape hyphens that should be minus signs in man pages.
 
--- a/doc/tar_append_file.3
+++ b/doc/tar_append_file.3
@@ -31,7 +31,7 @@ The \fBtar_append_eof\fP() function writ
all zeros) to the tar file associated with \fIt\fP.
.SH RETURN VALUES
On successful completion, these functions will return 0. On failure,
-they will return -1 and set \fIerrno\fP to an appropriate value.
+they will return \-1 and set \fIerrno\fP to an appropriate value.
.SH ERRORS
The \fBtar_append_*\fP() functions will fail if:
.IP \fBEINVAL\fP
--- a/doc/tar_extract_all.3
+++ b/doc/tar_extract_all.3
@@ -30,7 +30,7 @@ are modified by replacing \fIrealdir\fP
files will be extracted into \fIsavedir\fP.
.SH RETURN VALUES
On successful completion, these functions will return 0. On failure,
-they will return -1 and set \fIerrno\fP to an appropriate value.
+they will return \-1 and set \fIerrno\fP to an appropriate value.
.SH ERRORS
These functions will fail under the same conditions that the
\fBtar_skip_regfile\fP(), \fBtar_extract_regfile\fP(), \fBopendir\fP(),
--- a/doc/tar_extract_file.3
+++ b/doc/tar_extract_file.3
@@ -48,7 +48,7 @@ other \fBtar_extract_*\fP() functions di
\fBtar_set_file_perms\fP() manually if this behavior is desired.
.SH RETURN VALUES
On successful completion, the functions documented here will
-return 0. On failure, they will return -1 and set \fIerrno\fP to an
+return 0. On failure, they will return \-1 and set \fIerrno\fP to an
appropriate value.
The \fBtar_extract_dir\fP() function will return 1 if the directory
--- a/doc/th_print_long_ls.3
+++ b/doc/th_print_long_ls.3
@@ -12,7 +12,7 @@ This man page documents version 1.2 of \
.SH DESCRIPTION
The \fBth_print_long_ls\fP() function prints a line to \fIstdout\fP which
describes the file pointed to by the current file header associated with
-the \fITAR\fP handle \fIt\fP. The output is similar to that of "ls -l".
+the \fITAR\fP handle \fIt\fP. The output is similar to that of "ls \-l".
The \fBth_print\fP() function prints the value of each field of the
current file header associated with the \fITAR\fP handle \fIt\fP to
--- a/doc/th_read.3
+++ b/doc/th_read.3
@@ -20,7 +20,7 @@ tar header associated with \fIt\fP to th
with \fIt\fP.
.SH RETURN VALUE
On successful completion, \fBth_read\fP() and \fBth_write\fP() will
-return 0. On failure, they will return -1 and set \fIerrno\fP to an
+return 0. On failure, they will return \-1 and set \fIerrno\fP to an
appropriate value.
On \fIEOF\fP, \fBth_read\fP() will return 1.
--- a/doc/tar_open.3
+++ b/doc/tar_open.3
@@ -79,7 +79,7 @@ with the \fITAR\fP handle \fIt\fP and fr
memory.
.SH RETURN VALUE
The \fBtar_open\fP(), \fBtar_fdopen\fP(), and \fBtar_close\fP() functions
-return 0 on success. On failure, they return -1 and set \fIerrno\fP.
+return 0 on success. On failure, they return \-1 and set \fIerrno\fP.
The \fBtar_fd\fP() function returns the file descriptor associated with
the \fITAR\fP handle \fIt\fP.
--- a/listhash/hash_new.3.in
+++ b/listhash/hash_new.3.in
@@ -39,7 +39,7 @@ used to iterate through the hash. The \
has two fields: \fIbucket\fP, which indicates the current bucket in the
hash, and \fInode\fP, which is a pointer to the current node in the current
bucket. To start at the beginning or end of the hash, the caller should
-initialize \fIhp.bucket\fP to -1 and \fIhp.node\fP to \fINULL\fP.
+initialize \fIhp.bucket\fP to \-1 and \fIhp.node\fP to \fINULL\fP.
The \fB@LISTHASH_PREFIX@_hash_search\fP() function searches iteratively through the
hash \fIh\fP until it finds a node whose contents match \fIdata\fP using
@@ -65,10 +65,10 @@ return 1 when valid data is returned, an
The \fB@LISTHASH_PREFIX@_hash_getkey\fP() and \fB@LISTHASH_PREFIX@_hash_search\fP() functions
return 1 when a match is found, or 0 otherwise.
-The \fB@LISTHASH_PREFIX@_hash_add\fP() function returns 0 on success, or -1 on
+The \fB@LISTHASH_PREFIX@_hash_add\fP() function returns 0 on success, or \-1 on
error (and sets \fIerrno\fP).
-The \fB@LISTHASH_PREFIX@_hash_del\fP() function returns 0 on success, or -1 on
+The \fB@LISTHASH_PREFIX@_hash_del\fP() function returns 0 on success, or \-1 on
error (and sets \fIerrno\fP).
.SH SEE ALSO
.BR @LISTHASH_PREFIX@_list_new (3)
--- a/listhash/list_new.3.in
+++ b/listhash/list_new.3.in
@@ -81,6 +81,6 @@ The \fB@LISTHASH_PREFIX@_list_next\fP(),
returned, or 0 otherwise.
The \fB@LISTHASH_PREFIX@_list_add\fP() and \fB@LISTHASH_PREFIX@_list_add_str\fP() functions
-return 0 on success, or -1 on error.
+return 0 on success, or \-1 on error.
.SH SEE ALSO
.BR @LISTHASH_PREFIX@_hash_new (3)
/trunk/debian/patches/libtool.patch
0,0 → 1,223
Author: Glenn McGrath <bug1@optushome.com.au>
Description: Use libtool to build dynamic library
 
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,6 @@
dnl ### Normal initialization. ######################################
AC_INIT([libtar], [1.2.11])
-AC_PREREQ([2.57])
+AC_PREREQ([2.61])
AC_CONFIG_AUX_DIR([autoconf])
AC_CONFIG_HEADERS([config.h])
AC_COPYRIGHT([[
@@ -26,15 +26,15 @@ AC_SUBST([MKDIR])
dnl ### Check for compiler et al. ###################################
+AC_USE_SYSTEM_EXTENSIONS
AC_PROG_CC
-AC_PROG_RANLIB
+AC_PROG_LIBTOOL
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
dnl ### Compiler characteristics. ##################################
-AC_AIX
AC_C_CONST
--- a/lib/Makefile.in
+++ b/lib/Makefile.in
@@ -3,6 +3,7 @@
### Path settings
srcdir = @srcdir@
top_srcdir = @top_srcdir@
+top_builddir = @top_builddir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
@@ -14,6 +15,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
@ENCAP_DEFS@
+SHELL = @SHELL@
+
### Installation programs and flags
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@ -s
@@ -23,6 +26,7 @@ MKDIR = @MKDIR@
### Compiler and link options
CC = @CC@
+LIBTOOL = @LIBTOOL@
CPPFLAGS = -I. \
-I.. \
-I${srcdir} \
@@ -32,7 +36,7 @@ CPPFLAGS = -I. \
CFLAGS = @CFLAGS@
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
-LIBOBJS = @LIBOBJS@
+LTLIBOBJS = @LTLIBOBJS@
RANLIB = @RANLIB@
@SET_MAKE@
VPATH = @srcdir@:@top_srcdir@/compat:../listhash
@@ -40,24 +44,26 @@ VPATH = @srcdir@:@top_srcdir@/compat:..
### Makefile rules - no user-servicable parts below
-LIBTAR_OBJS = append.o \
- block.o \
- decode.o \
- encode.o \
- extract.o \
- handle.o \
- libtar_hash.o \
- libtar_list.o \
- output.o \
- util.o \
- wrapper.o
+LIBTAR_OBJS = append.lo \
+ block.lo \
+ decode.lo \
+ encode.lo \
+ extract.lo \
+ handle.lo \
+ libtar_hash.lo \
+ libtar_list.lo \
+ output.lo \
+ util.lo \
+ wrapper.lo
LIBTAR_HDRS = ../config.h \
${top_srcdir}/compat/compat.h \
${srcdir}/libtar.h \
${srcdir}/internal.h \
../listhash/libtar_listhash.h
-LIBTAR_LIBS = ./libtar.a
-ALL = libtar.a
+LIBTAR_LIBS = ./libtar.la
+ALL = libtar.la
+LDFLAGS = @LDFLAGS@
+CFLAGS = @CFLAGS@
DISTCLEANFILES = ../listhash/libtar_listhash.h \
../listhash/libtar_list.c \
@@ -68,24 +74,31 @@ all: ${ALL}
.PHONY: clean distclean install
-libtar.a: ${LIBTAR_OBJS} ${LIBOBJS}
- ${AR} rc libtar.a ${LIBTAR_OBJS} ${LIBOBJS}
- ${RANLIB} libtar.a
+libtar.la: ${LIBTAR_OBJS} ${LTLIBOBJS}
+ $(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o libtar.la $(LIBTAR_OBJS) $(LTLIBOBJS) -rpath $(libdir)
+# ${AR} rc libtar.a ${LIBTAR_OBJS} ${LIBOBJS}
+# ${RANLIB} libtar.a
${LIBTAR_OBJS}: ${LIBTAR_HDRS}
-.c.o:
- ${CC} ${CFLAGS} ${CPPFLAGS} -c -o $@ $<
+%.lo: $(srcdir)/%.c
+ $(LIBTOOL) --mode=compile ${CC} ${CFLAGS} ${CPPFLAGS} -c -o $@ $<
+
+%.lo: listhash/%.c
+ $(LIBTOOL) --mode=compile ${CC} ${CFLAGS} ${CPPFLAGS} -c -o $@ $<
+
+%.lo: compat/%.c
+ $(LIBTOOL) --mode=compile ${CC} ${CFLAGS} ${CPPFLAGS} -c -o $@ $<
clean:
- rm -f *~ *.o ${ALL} core
+ rm -rf *~ *.o $(LIBTAR_OBJS) ${ALL} core .libs $(LTLIBOBJS)
distclean: clean
rm -f Makefile ${DISTCLEANFILES}
install: ${ALL}
${MKDIR} ${DESTDIR}${libdir}
- ${INSTALL_DATA} libtar.a ${DESTDIR}${libdir}
+ $(LIBTOOL) --mode=install ${INSTALL_DATA} libtar.la ${DESTDIR}${libdir}
${MKDIR} ${DESTDIR}${includedir}
${INSTALL_DATA} ${srcdir}/libtar.h ${DESTDIR}${includedir}
${INSTALL_DATA} ../listhash/libtar_listhash.h ${DESTDIR}${includedir}
--- a/libtar/Makefile.in
+++ b/libtar/Makefile.in
@@ -3,6 +3,7 @@
### Path settings
srcdir = @srcdir@
top_srcdir = @top_srcdir@
+top_builddir = @top_builddir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
@@ -14,6 +15,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
@ENCAP_DEFS@
+SHELL = @SHELL@
+
### Installation programs and flags
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@ -s
@@ -23,6 +26,7 @@ MKDIR = @MKDIR@
### Compiler and link options
CC = @CC@
+LIBTOOL = @LIBTOOL@
CPPFLAGS = -I.. \
-I../lib \
-I../listhash \
@@ -31,7 +35,7 @@ CPPFLAGS = -I.. \
@CPPFLAGS@
CFLAGS = @CFLAGS@
LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
+LIBS = @LIBS@ -ltar
LIBOBJS = @LIBOBJS@
RANLIB = @RANLIB@
@SET_MAKE@
@@ -40,12 +44,12 @@ VPATH = @srcdir@
### Makefile rules - no user-servicable parts below
-LIBTAR_OBJS = libtar.o
+LIBTAR_OBJS = libtar.lo
LIBTAR_HDRS = ../config.h \
${top_srcdir}/compat/compat.h \
${top_srcdir}/lib/libtar.h \
../listhash/libtar_listhash.h
-LIBTAR_LIBS = ../lib/libtar.a
+LIBTAR_LIBS = $(top_builddir)/lib
ALL = libtar
@@ -54,20 +58,20 @@ all: ${ALL}
.PHONY: clean distclean install
libtar: ${LIBTAR_OBJS} ${LIBTAR_LIBS} ${LIBTAR_HDRS}
- ${CC} ${CFLAGS} ${LDFLAGS} -o libtar libtar.o ${LIBTAR_LIBS} ${LIBS}
+ $(LIBTOOL) --mode=link ${CC} ${CFLAGS} ${LDFLAGS} -o libtar $(LIBTAR_OBJS) -L${LIBTAR_LIBS} ${LIBS}
${LIBTAR_OBJS}: ${LIBTAR_HDRS}
-.c.o:
- ${CC} ${CFLAGS} ${CPPFLAGS} -c -o $@ $<
+%.lo: %.c
+ $(LIBTOOL) --mode=compile ${CC} ${CFLAGS} ${CPPFLAGS} -c -o $@ $<
clean:
- rm -f *~ *.o ${ALL} core
+ rm -rf *~ *.o ${ALL} $(LIBTAR_OBJS) core .libs
distclean: clean
rm -f Makefile
install: ${ALL}
${MKDIR} ${DESTDIR}${bindir}
- ${INSTALL_PROGRAM} libtar ${DESTDIR}${bindir}
+ $(LIBTOOL) --mode=install ${INSTALL_PROGRAM} libtar ${DESTDIR}${bindir}
/trunk/debian/patches/series
1,3 → 1,6
no_static_buffers.patch
no_maxpathlen.patch
CVE-2013-4420.patch
libtool.patch
autoreconf.patch
memleak2.patch
#memleak.patch
bad_ptrtoint.patch
man_hyphen_minus.patch
/trunk/debian/patches/autoreconf.patch
0,0 → 1,46
Author: Julien Danjou <acid@debian.org>
Author: James Westby <james.westby@canonical.com>
Description: Changes to upstream source needed to call autoreconf
Bug-Debian: http://bugs.debian.org/511741
 
--- a/configure.ac
+++ b/configure.ac
@@ -3,6 +3,7 @@ AC_INIT([libtar], [1.2.11])
AC_PREREQ([2.61])
AC_CONFIG_AUX_DIR([autoconf])
AC_CONFIG_HEADERS([config.h])
+AC_CONFIG_MACRO_DIR([m4])
AC_COPYRIGHT([[
Copyright (c) 1998-2003 University of Illinois Board of Trustees
Copyright (c) 1998-2003 Mark D. Roth
@@ -93,9 +94,9 @@ COMPAT_FUNC_MAKEDEV
COMPAT_FUNC_SNPRINTF
COMPAT_FUNC_STRDUP
AC_FUNC_STRFTIME
-COMPAT_FUNC_STRLCPY
COMPAT_FUNC_STRMODE
-COMPAT_FUNC_STRSEP
+dnl COMPAT_FUNC_STRLCPY converted by compat/modules.ac
+dnl COMPAT_FUNC_STRSEP
dnl ### Check for libraries. #######################################
--- /dev/null
+++ b/aclocal.m4
@@ -0,0 +1,8 @@
+m4_include([autoconf/ac_path_generic.m4])
+m4_include([autoconf/encap.m4])
+m4_include([autoconf/aclocal.m4])
+m4_include([/usr/share/aclocal/ltoptions.m4])
+m4_include([/usr/share/aclocal/lt~obsolete.m4])
+m4_include([/usr/share/aclocal/libtool.m4])
+m4_include([/usr/share/aclocal/ltversion.m4])
+m4_include([/usr/share/aclocal/ltsugar.m4])
--- a/autoconf/aclocal.m4
+++ b/autoconf/aclocal.m4
@@ -1,5 +1,3 @@
-m4_include([encap.m4])
-m4_include([ac_path_generic.m4])
# PSG_LIB_READLINE
/trunk/debian/patches/bad_ptrtoint.patch
0,0 → 1,25
Author: James Morrison <phython@debian.org>
Description: Document stupidity of tartype_t in libtar.c.
Bug-Debian: http://bugs.debian.org/309945
 
--- a/libtar/libtar.c
+++ b/libtar/libtar.c
@@ -19,6 +19,7 @@
#include <sys/param.h>
#ifdef STDC_HEADERS
+# include <stdlib.h>
# include <string.h>
#endif
@@ -91,6 +92,10 @@ gzopen_frontend(char *pathname, int ofla
return -1;
}
+ /* This is a bad thing to do on big-endian lp64 systems, where the
+ size and placement of integers is different than pointers.
+ However, to fix the problem 4 wrapper functions would be needed and
+ an extra bit of data associating GZF with the wrapper functions. */
return (int)gzf;
}
/trunk/debian/patches/memleak.patch
0,0 → 1,496
Description: Fix memory leaks related to th_get_pathname()
Author: James Morrison <phython@debian.org>
Author: Martin Gadbois <martin.gadbois@colubris.com>
Author: Magnus Holmgren <holmgren@debian.org>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libtar/+bug/41804
 
--- a/lib/wrapper.c
+++ b/lib/wrapper.c
@@ -18,6 +18,7 @@
#include <errno.h>
#ifdef STDC_HEADERS
+# include <stdlib.h>
# include <string.h>
#endif
@@ -35,7 +36,10 @@ tar_extract_glob(TAR *t, char *globname,
if (fnmatch(globname, filename, FNM_PATHNAME | FNM_PERIOD))
{
if (TH_ISREG(t) && tar_skip_regfile(t))
+ {
+ free(filename);
return -1;
+ }
continue;
}
if (t->options & TAR_VERBOSE)
@@ -45,7 +49,11 @@ tar_extract_glob(TAR *t, char *globname,
else
strlcpy(buf, filename, sizeof(buf));
if (tar_extract_file(t, filename) != 0)
+ {
+ free(filename);
return -1;
+ }
+ free(filename);
}
return (i == 1 ? 0 : -1);
@@ -76,12 +84,17 @@ tar_extract_all(TAR *t, char *prefix)
snprintf(buf, sizeof(buf), "%s/%s", prefix, filename);
else
strlcpy(buf, filename, sizeof(buf));
+ free(filename);
#ifdef DEBUG
printf(" tar_extract_all(): calling tar_extract_file(t, "
"\"%s\")\n", buf);
#endif
if (tar_extract_file(t, buf) != 0)
+ {
+ free(filename);
return -1;
+ }
+ free(filename);
}
return (i == 1 ? 0 : -1);
--- a/lib/extract.c
+++ b/lib/extract.c
@@ -21,6 +21,7 @@
#ifdef STDC_HEADERS
# include <stdlib.h>
+# include <string.h>
#endif
#ifdef HAVE_UNISTD_H
@@ -43,9 +44,10 @@ tar_set_file_perms(TAR *t, char *realnam
uid_t uid;
gid_t gid;
struct utimbuf ut;
- char *filename;
+ char *filename,*pathname;
- filename = (realname ? realname : th_get_pathname(t));
+ pathname = th_get_pathname(t);
+ filename = (realname ? realname : pathname);
mode = th_get_mode(t);
uid = th_get_uid(t);
gid = th_get_gid(t);
@@ -68,6 +70,7 @@ tar_set_file_perms(TAR *t, char *realnam
filename, uid, gid, strerror(errno));
# endif
#endif /* HAVE_LCHOWN */
+ free(pathname);
return -1;
}
@@ -77,6 +80,7 @@ tar_set_file_perms(TAR *t, char *realnam
#ifdef DEBUG
perror("utime()");
#endif
+ free(pathname);
return -1;
}
@@ -86,9 +90,10 @@ tar_set_file_perms(TAR *t, char *realnam
#ifdef DEBUG
perror("chmod()");
#endif
+ free(pathname);
return -1;
}
-
+ free(pathname);
return 0;
}
@@ -99,6 +104,7 @@ tar_extract_file(TAR *t, char *realname)
{
int i;
linkname_t *lnp;
+ char *pathname;
if (t->options & TAR_NOOVERWRITE)
{
@@ -140,12 +146,14 @@ tar_extract_file(TAR *t, char *realname)
lnp = (linkname_t *)calloc(1, sizeof(linkname_t));
if (lnp == NULL)
return -1;
- strlcpy(lnp->ln_save, th_get_pathname(t), sizeof(lnp->ln_save));
+ pathname = th_get_pathname(t);
+ strlcpy(lnp->ln_save, pathname, sizeof(lnp->ln_save));
strlcpy(lnp->ln_real, realname, sizeof(lnp->ln_real));
#ifdef DEBUG
printf("tar_extract_file(): calling libtar_hash_add(): key=\"%s\", "
- "value=\"%s\"\n", th_get_pathname(t), realname);
+ "value=\"%s\"\n", pathname, realname);
#endif
+ free(pathname);
if (libtar_hash_add(t->h, lnp) != 0)
return -1;
@@ -164,7 +172,7 @@ tar_extract_regfile(TAR *t, char *realna
int fdout;
int i, k;
char buf[T_BLOCKSIZE];
- char *filename;
+ char *filename,*pathname;
#ifdef DEBUG
printf("==> tar_extract_regfile(t=0x%lx, realname=\"%s\")\n", t,
@@ -176,15 +184,18 @@ tar_extract_regfile(TAR *t, char *realna
errno = EINVAL;
return -1;
}
-
- filename = (realname ? realname : th_get_pathname(t));
+ pathname = th_get_pathname(t);
+ filename = (realname ? realname : pathname);
mode = th_get_mode(t);
size = th_get_size(t);
uid = th_get_uid(t);
gid = th_get_gid(t);
if (mkdirhier(dirname(filename)) == -1)
+ {
+ free(pathname);
return -1;
+ }
#ifdef DEBUG
printf(" ==> extracting: %s (mode %04o, uid %d, gid %d, %d bytes)\n",
@@ -200,6 +211,7 @@ tar_extract_regfile(TAR *t, char *realna
#ifdef DEBUG
perror("open()");
#endif
+ free(pathname);
return -1;
}
@@ -231,23 +243,30 @@ tar_extract_regfile(TAR *t, char *realna
{
if (k != -1)
errno = EINVAL;
+ free(pathname);
return -1;
}
/* write block to output file */
if (write(fdout, buf,
((i > T_BLOCKSIZE) ? T_BLOCKSIZE : i)) == -1)
+ {
+ free(pathname);
return -1;
+ }
}
/* close output file */
if (close(fdout) == -1)
+ {
+ free(pathname);
return -1;
+ }
#ifdef DEBUG
printf("### done extracting %s\n", filename);
#endif
-
+ free(pathname);
return 0;
}
@@ -286,7 +305,7 @@ tar_skip_regfile(TAR *t)
int
tar_extract_hardlink(TAR * t, char *realname)
{
- char *filename;
+ char *filename,*pathname;
char *linktgt = NULL;
linkname_t *lnp;
libtar_hashptr_t hp;
@@ -296,10 +315,14 @@ tar_extract_hardlink(TAR * t, char *real
errno = EINVAL;
return -1;
}
-
- filename = (realname ? realname : th_get_pathname(t));
+
+ pathname = th_get_pathname(t);
+ filename = (realname ? realname : pathname);
if (mkdirhier(dirname(filename)) == -1)
+ {
+ free(pathname);
return -1;
+ }
libtar_hashptr_reset(&hp);
if (libtar_hash_getkey(t->h, &hp, th_get_linkname(t),
(libtar_matchfunc_t)libtar_str_match) != 0)
@@ -318,9 +341,10 @@ tar_extract_hardlink(TAR * t, char *real
#ifdef DEBUG
perror("link()");
#endif
+ free(pathname);
return -1;
}
-
+ free(pathname);
return 0;
}
@@ -329,7 +353,7 @@ tar_extract_hardlink(TAR * t, char *real
int
tar_extract_symlink(TAR *t, char *realname)
{
- char *filename;
+ char *filename,*pathname;
if (!TH_ISSYM(t))
{
@@ -337,12 +361,19 @@ tar_extract_symlink(TAR *t, char *realna
return -1;
}
- filename = (realname ? realname : th_get_pathname(t));
+ pathname = th_get_pathname(t);
+ filename = (realname ? realname : pathname);
if (mkdirhier(dirname(filename)) == -1)
+ {
+ free(pathname);
return -1;
+ }
if (unlink(filename) == -1 && errno != ENOENT)
+ {
+ free(pathname);
return -1;
+ }
#ifdef DEBUG
printf(" ==> extracting: %s (symlink to %s)\n",
@@ -353,9 +384,10 @@ tar_extract_symlink(TAR *t, char *realna
#ifdef DEBUG
perror("symlink()");
#endif
+ free(pathname);
return -1;
}
-
+ free(pathname);
return 0;
}
@@ -366,7 +398,7 @@ tar_extract_chardev(TAR *t, char *realna
{
mode_t mode;
unsigned long devmaj, devmin;
- char *filename;
+ char *filename,*pathname;
if (!TH_ISCHR(t))
{
@@ -374,13 +406,17 @@ tar_extract_chardev(TAR *t, char *realna
return -1;
}
- filename = (realname ? realname : th_get_pathname(t));
+ pathname = th_get_pathname(t);
+ filename = (realname ? realname : pathname);
mode = th_get_mode(t);
devmaj = th_get_devmajor(t);
devmin = th_get_devminor(t);
if (mkdirhier(dirname(filename)) == -1)
+ {
+ free(pathname);
return -1;
+ }
#ifdef DEBUG
printf(" ==> extracting: %s (character device %ld,%ld)\n",
@@ -392,9 +428,10 @@ tar_extract_chardev(TAR *t, char *realna
#ifdef DEBUG
perror("mknod()");
#endif
+ free(pathname);
return -1;
}
-
+ free(pathname);
return 0;
}
@@ -405,7 +442,7 @@ tar_extract_blockdev(TAR *t, char *realn
{
mode_t mode;
unsigned long devmaj, devmin;
- char *filename;
+ char *filename,*pathname;
if (!TH_ISBLK(t))
{
@@ -413,13 +450,17 @@ tar_extract_blockdev(TAR *t, char *realn
return -1;
}
- filename = (realname ? realname : th_get_pathname(t));
+ pathname = th_get_pathname(t);
+ filename = (realname ? realname : pathname);
mode = th_get_mode(t);
devmaj = th_get_devmajor(t);
devmin = th_get_devminor(t);
if (mkdirhier(dirname(filename)) == -1)
+ {
+ free(pathname);
return -1;
+ }
#ifdef DEBUG
printf(" ==> extracting: %s (block device %ld,%ld)\n",
@@ -431,9 +472,10 @@ tar_extract_blockdev(TAR *t, char *realn
#ifdef DEBUG
perror("mknod()");
#endif
+ free(pathname);
return -1;
}
-
+ free(pathname);
return 0;
}
@@ -443,7 +485,7 @@ int
tar_extract_dir(TAR *t, char *realname)
{
mode_t mode;
- char *filename;
+ char *filename,*pathname;
if (!TH_ISDIR(t))
{
@@ -451,11 +493,15 @@ tar_extract_dir(TAR *t, char *realname)
return -1;
}
- filename = (realname ? realname : th_get_pathname(t));
+ pathname = th_get_pathname(t);
+ filename = (realname ? realname : pathname);
mode = th_get_mode(t);
if (mkdirhier(dirname(filename)) == -1)
+ {
+ free(pathname);
return -1;
+ }
#ifdef DEBUG
printf(" ==> extracting: %s (mode %04o, directory)\n", filename,
@@ -470,6 +516,7 @@ tar_extract_dir(TAR *t, char *realname)
#ifdef DEBUG
perror("chmod()");
#endif
+ free(pathname);
return -1;
}
else
@@ -477,6 +524,7 @@ tar_extract_dir(TAR *t, char *realname)
#ifdef DEBUG
puts(" *** using existing directory");
#endif
+ free(pathname);
return 1;
}
}
@@ -485,10 +533,11 @@ tar_extract_dir(TAR *t, char *realname)
#ifdef DEBUG
perror("mkdir()");
#endif
+ free(pathname);
return -1;
}
}
-
+ free(pathname);
return 0;
}
@@ -498,7 +547,7 @@ int
tar_extract_fifo(TAR *t, char *realname)
{
mode_t mode;
- char *filename;
+ char *filename,*pathname;
if (!TH_ISFIFO(t))
{
@@ -506,11 +555,15 @@ tar_extract_fifo(TAR *t, char *realname)
return -1;
}
- filename = (realname ? realname : th_get_pathname(t));
+ pathname = th_get_pathname(t);
+ filename = (realname ? realname : pathname);
mode = th_get_mode(t);
if (mkdirhier(dirname(filename)) == -1)
+ {
+ free(pathname);
return -1;
+ }
#ifdef DEBUG
printf(" ==> extracting: %s (fifo)\n", filename);
@@ -520,9 +573,11 @@ tar_extract_fifo(TAR *t, char *realname)
#ifdef DEBUG
perror("mkfifo()");
#endif
+ free(pathname);
return -1;
}
+ free(pathname);
return 0;
}
--- a/lib/output.c
+++ b/lib/output.c
@@ -20,6 +20,7 @@
#include <sys/param.h>
#ifdef STDC_HEADERS
+# include <stdlib.h>
# include <string.h>
#endif
@@ -71,6 +72,7 @@ th_print_long_ls(TAR *t)
char groupname[_POSIX_LOGIN_NAME_MAX];
time_t mtime;
struct tm *mtm;
+ char *pathname;
#ifdef HAVE_STRFTIME
char timebuf[18];
@@ -114,7 +116,9 @@ th_print_long_ls(TAR *t)
mtm->tm_mday, mtm->tm_hour, mtm->tm_min, mtm->tm_year + 1900);
#endif
- printf(" %s", th_get_pathname(t));
+ pathname = th_get_pathname(t);
+ printf(" %s", pathname);
+ free(pathname);
if (TH_ISSYM(t) || TH_ISLNK(t))
{
--- a/lib/decode.c
+++ b/lib/decode.c
@@ -29,7 +29,7 @@ th_get_pathname(TAR *t)
char filename[MAXPATHLEN];
if (t->th_buf.gnu_longname)
- return t->th_buf.gnu_longname;
+ return strdup(t->th_buf.gnu_longname);
if (t->th_buf.prefix[0] != '\0')
{
/trunk/debian/patches/memleak2.patch
0,0 → 1,31
Description: Fix memory leak in th_get_pathname
by making the buffer, where prefix and filename are concatenated, static
and returning that instead of a pointer to a copy of a local buffer.
Author: Per Lidén <per@fukt.bth.se>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libtar/+bug/41804
 
--- a/lib/decode.c
+++ b/lib/decode.c
@@ -26,7 +26,7 @@
char *
th_get_pathname(TAR *t)
{
- char filename[MAXPATHLEN];
+ static char filename[MAXPATHLEN];
if (t->th_buf.gnu_longname)
return t->th_buf.gnu_longname;
@@ -35,11 +35,11 @@ th_get_pathname(TAR *t)
{
snprintf(filename, sizeof(filename), "%.155s/%.100s",
t->th_buf.prefix, t->th_buf.name);
- return strdup(filename);
+ return filename;
}
snprintf(filename, sizeof(filename), "%.100s", t->th_buf.name);
- return strdup(filename);
+ return filename;
}
/trunk/debian/watch
1,6 → 1,3
version=3
 
#ftp://ftp.feep.net/pub/software/libtar/libtar-(.*).tar.gz
 
opts=downloadurlmangle=s/tag/snapshot/,filenamemangle=s/.*\/v([\d\.]+)$/libtar-$1.tar.gz/ \
http://repo.or.cz/w/libtar.git/shortlog ^.*/v([\d\.]+)
ftp://ftp.feep.net/pub/software/libtar/libtar-(.*).tar.gz
/trunk/debian/rules
8,12 → 8,9
[ -f debian/autoreconf.before ] || dh_autoreconf
./configure \
--prefix=/usr \
--mandir=\$${prefix}/share/man \
$(shell dpkg-buildflags --export=configure)
--mandir=\$${prefix}/share/man
touch configure-stamp
 
build-arch: build
build-indep:
build: build-stamp
build-stamp: configure-stamp
dh_testdir
36,7 → 33,7
 
$(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
 
binary-indep:
binary-indep: build install
 
binary-arch: install
dh_testdir
/trunk/debian/copyright
1,15 → 1,13
This package was debianized by Glenn McGrath <bug1@debian.org> on
Sat, 5 Jan 2002 13:24:37 +1100.
 
It was downloaded from http://repo.or.cz/w/libtar.git; previously from
http://www.feep.net/libtar/
It was downloaded from http://www-dev.cites.uiuc.edu/libtar/
 
Upstream Authors: Mark D. Roth <roth@uiuc.edu> and Chris Frey
<cdfrey@foursquare.net>
Upstream Author: Mark D. Roth <roth@uiuc.edu>
 
Copyright:
Copyright (c) 1998-2003 University of Illinois Board of Trustees
Copyright (c) 1998-2003 Mark D. Roth
Copyright (c) 1998-2002 University of Illinois Board of Trustees
Copyright (c) 1998-2002 Mark D. Roth
All rights reserved.
 
Developed by: Campus Information Technologies and Educational Services,
43,3 → 41,4
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.