/trunk/debian/control |
---|
2,12 → 2,9 |
Section: libs |
Priority: optional |
Maintainer: Magnus Holmgren <holmgren@debian.org> |
Build-Depends: dpkg-dev (>= 1.15.7), debhelper (>= 7), dh-autoreconf, |
autoconf, libtool |
Standards-Version: 3.9.5 |
Build-Depends: debhelper (>= 7), dh-autoreconf, autoconf, libtool |
Standards-Version: 3.9.2 |
Homepage: http://www.feep.net/libtar/ |
Vcs-Browser: http://svn.kibibyte.se/libtar |
Vcs-Svn: svn://svn.kibibyte.se/libtar/trunk |
Package: libtar-dev |
Architecture: any |
/trunk/debian/changelog |
---|
1,71 → 1,3 |
libtar (1.2.20-3) unstable; urgency=low |
* no_maxpathlen.patch: Fix two grave bugs in the patch. First, |
th_get_pathname would only allocate as much memory as was needed for |
the first filename encountered, causing heap corruption when/if |
encountering longer filenames later. Second, two variables were mixed |
up in tar_append_tree(). Also, fix a potential memory leak and trim |
the patch a bit. |
* [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the |
safer_name_suffix() function should certainly be applied to the |
combination of it and the name field, not just on the name field. |
* th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the |
result from oct_to_int() to unsigned int. This is the right fix for |
bug #725938 on 64-bit systems, where a specially crafted tar file |
would not cause an integer overflow, but a memory allocation of almost |
16 exbibytes, which would certainly fail outright without harm. |
-- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 23:51:51 +0100 |
libtar (1.2.20-2) unstable; urgency=low |
* no_static_buffers.patch: avoid using a static buffer in |
th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch. |
* no_maxpathlen.patch: Fix FTBFS on Hurd by dynamically allocating path |
names (Closes: #657116). Thanks to Svante Signell and Petter |
Reinholdtsen. |
* [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any |
pathname prefix containing ".." components (Closes: #731860). This is |
done in th_get_pathname() (as well as to symlink targets when |
extracting symlinks), not merely when extracting files, which means |
applications calling that function will not see the stored |
filename. There is no way to disable this behaviour, but it can be |
expected that one will be provided when the issue is solved upstream. |
* Bump Standards-Version to 3.9.5. |
-- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 21:49:37 +0100 |
libtar (1.2.20-1) unstable; urgency=high |
* [SECURITY] New upstream release. Fixes CVE-2013-4397: Integer |
overflow (Closes: #725938). |
* Bump Standards-Version to 3.9.4. |
-- Magnus Holmgren <holmgren@debian.org> Thu, 10 Oct 2013 19:20:49 +0200 |
libtar (1.2.19-1) unstable; urgency=low |
* New upstream release. |
-- Magnus Holmgren <holmgren@debian.org> Sun, 05 May 2013 17:59:29 +0200 |
libtar (1.2.16-1) unstable; urgency=low |
* New upstream: Chris Frey has stepped up with the consent of the |
original author, Mark Roth, and published an "official unofficial" git |
repo at http://repo.or.cz/w/libtar.git, which I will use for the time |
being. |
* Updated debian/watch to look for tags and corresponding snapshot |
tarballs at above URL. |
* All patches have been incorporated or (in the case of |
autoreconf.patch) made obsolete upstream. |
* debian/rules: Add build-indep and build-arch targets. |
* Updated debian/copyright. |
* Use dpkg-buildflags to set CFLAGS et al. |
* debian/control: Add VCS fields; bump Standards-Version to 3.9.3. |
-- Magnus Holmgren <holmgren@debian.org> Sat, 23 Jun 2012 01:03:41 +0200 |
libtar (1.2.11-8) unstable; urgency=low |
* libtool.patch: Set SHELL to the configured shell in those Makefile.in |
/trunk/debian/patches/no_static_buffers.patch |
---|
File deleted |
/trunk/debian/patches/no_maxpathlen.patch |
---|
File deleted |
/trunk/debian/patches/th_get_size-unsigned-int.patch |
---|
File deleted |
/trunk/debian/patches/CVE-2013-4420.patch |
---|
File deleted |
/trunk/debian/patches/man_hyphen_minus.patch |
---|
0,0 → 1,102 |
Description: Escape hyphens that should be minus signs in man pages. |
--- a/doc/tar_append_file.3 |
+++ b/doc/tar_append_file.3 |
@@ -31,7 +31,7 @@ The \fBtar_append_eof\fP() function writ |
all zeros) to the tar file associated with \fIt\fP. |
.SH RETURN VALUES |
On successful completion, these functions will return 0. On failure, |
-they will return -1 and set \fIerrno\fP to an appropriate value. |
+they will return \-1 and set \fIerrno\fP to an appropriate value. |
.SH ERRORS |
The \fBtar_append_*\fP() functions will fail if: |
.IP \fBEINVAL\fP |
--- a/doc/tar_extract_all.3 |
+++ b/doc/tar_extract_all.3 |
@@ -30,7 +30,7 @@ are modified by replacing \fIrealdir\fP |
files will be extracted into \fIsavedir\fP. |
.SH RETURN VALUES |
On successful completion, these functions will return 0. On failure, |
-they will return -1 and set \fIerrno\fP to an appropriate value. |
+they will return \-1 and set \fIerrno\fP to an appropriate value. |
.SH ERRORS |
These functions will fail under the same conditions that the |
\fBtar_skip_regfile\fP(), \fBtar_extract_regfile\fP(), \fBopendir\fP(), |
--- a/doc/tar_extract_file.3 |
+++ b/doc/tar_extract_file.3 |
@@ -48,7 +48,7 @@ other \fBtar_extract_*\fP() functions di |
\fBtar_set_file_perms\fP() manually if this behavior is desired. |
.SH RETURN VALUES |
On successful completion, the functions documented here will |
-return 0. On failure, they will return -1 and set \fIerrno\fP to an |
+return 0. On failure, they will return \-1 and set \fIerrno\fP to an |
appropriate value. |
The \fBtar_extract_dir\fP() function will return 1 if the directory |
--- a/doc/th_print_long_ls.3 |
+++ b/doc/th_print_long_ls.3 |
@@ -12,7 +12,7 @@ This man page documents version 1.2 of \ |
.SH DESCRIPTION |
The \fBth_print_long_ls\fP() function prints a line to \fIstdout\fP which |
describes the file pointed to by the current file header associated with |
-the \fITAR\fP handle \fIt\fP. The output is similar to that of "ls -l". |
+the \fITAR\fP handle \fIt\fP. The output is similar to that of "ls \-l". |
The \fBth_print\fP() function prints the value of each field of the |
current file header associated with the \fITAR\fP handle \fIt\fP to |
--- a/doc/th_read.3 |
+++ b/doc/th_read.3 |
@@ -20,7 +20,7 @@ tar header associated with \fIt\fP to th |
with \fIt\fP. |
.SH RETURN VALUE |
On successful completion, \fBth_read\fP() and \fBth_write\fP() will |
-return 0. On failure, they will return -1 and set \fIerrno\fP to an |
+return 0. On failure, they will return \-1 and set \fIerrno\fP to an |
appropriate value. |
On \fIEOF\fP, \fBth_read\fP() will return 1. |
--- a/doc/tar_open.3 |
+++ b/doc/tar_open.3 |
@@ -79,7 +79,7 @@ with the \fITAR\fP handle \fIt\fP and fr |
memory. |
.SH RETURN VALUE |
The \fBtar_open\fP(), \fBtar_fdopen\fP(), and \fBtar_close\fP() functions |
-return 0 on success. On failure, they return -1 and set \fIerrno\fP. |
+return 0 on success. On failure, they return \-1 and set \fIerrno\fP. |
The \fBtar_fd\fP() function returns the file descriptor associated with |
the \fITAR\fP handle \fIt\fP. |
--- a/listhash/hash_new.3.in |
+++ b/listhash/hash_new.3.in |
@@ -39,7 +39,7 @@ used to iterate through the hash. The \ |
has two fields: \fIbucket\fP, which indicates the current bucket in the |
hash, and \fInode\fP, which is a pointer to the current node in the current |
bucket. To start at the beginning or end of the hash, the caller should |
-initialize \fIhp.bucket\fP to -1 and \fIhp.node\fP to \fINULL\fP. |
+initialize \fIhp.bucket\fP to \-1 and \fIhp.node\fP to \fINULL\fP. |
The \fB@LISTHASH_PREFIX@_hash_search\fP() function searches iteratively through the |
hash \fIh\fP until it finds a node whose contents match \fIdata\fP using |
@@ -65,10 +65,10 @@ return 1 when valid data is returned, an |
The \fB@LISTHASH_PREFIX@_hash_getkey\fP() and \fB@LISTHASH_PREFIX@_hash_search\fP() functions |
return 1 when a match is found, or 0 otherwise. |
-The \fB@LISTHASH_PREFIX@_hash_add\fP() function returns 0 on success, or -1 on |
+The \fB@LISTHASH_PREFIX@_hash_add\fP() function returns 0 on success, or \-1 on |
error (and sets \fIerrno\fP). |
-The \fB@LISTHASH_PREFIX@_hash_del\fP() function returns 0 on success, or -1 on |
+The \fB@LISTHASH_PREFIX@_hash_del\fP() function returns 0 on success, or \-1 on |
error (and sets \fIerrno\fP). |
.SH SEE ALSO |
.BR @LISTHASH_PREFIX@_list_new (3) |
--- a/listhash/list_new.3.in |
+++ b/listhash/list_new.3.in |
@@ -81,6 +81,6 @@ The \fB@LISTHASH_PREFIX@_list_next\fP(), |
returned, or 0 otherwise. |
The \fB@LISTHASH_PREFIX@_list_add\fP() and \fB@LISTHASH_PREFIX@_list_add_str\fP() functions |
-return 0 on success, or -1 on error. |
+return 0 on success, or \-1 on error. |
.SH SEE ALSO |
.BR @LISTHASH_PREFIX@_hash_new (3) |
/trunk/debian/patches/libtool.patch |
---|
0,0 → 1,223 |
Author: Glenn McGrath <bug1@optushome.com.au> |
Description: Use libtool to build dynamic library |
--- a/configure.ac |
+++ b/configure.ac |
@@ -1,6 +1,6 @@ |
dnl ### Normal initialization. ###################################### |
AC_INIT([libtar], [1.2.11]) |
-AC_PREREQ([2.57]) |
+AC_PREREQ([2.61]) |
AC_CONFIG_AUX_DIR([autoconf]) |
AC_CONFIG_HEADERS([config.h]) |
AC_COPYRIGHT([[ |
@@ -26,15 +26,15 @@ AC_SUBST([MKDIR]) |
dnl ### Check for compiler et al. ################################### |
+AC_USE_SYSTEM_EXTENSIONS |
AC_PROG_CC |
-AC_PROG_RANLIB |
+AC_PROG_LIBTOOL |
AC_PROG_INSTALL |
AC_PROG_LN_S |
AC_PROG_MAKE_SET |
dnl ### Compiler characteristics. ################################## |
-AC_AIX |
AC_C_CONST |
--- a/lib/Makefile.in |
+++ b/lib/Makefile.in |
@@ -3,6 +3,7 @@ |
### Path settings |
srcdir = @srcdir@ |
top_srcdir = @top_srcdir@ |
+top_builddir = @top_builddir@ |
prefix = @prefix@ |
exec_prefix = @exec_prefix@ |
bindir = @bindir@ |
@@ -14,6 +15,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ |
@ENCAP_DEFS@ |
+SHELL = @SHELL@ |
+ |
### Installation programs and flags |
INSTALL = @INSTALL@ |
INSTALL_PROGRAM = @INSTALL_PROGRAM@ -s |
@@ -23,6 +26,7 @@ MKDIR = @MKDIR@ |
### Compiler and link options |
CC = @CC@ |
+LIBTOOL = @LIBTOOL@ |
CPPFLAGS = -I. \ |
-I.. \ |
-I${srcdir} \ |
@@ -32,7 +36,7 @@ CPPFLAGS = -I. \ |
CFLAGS = @CFLAGS@ |
LDFLAGS = @LDFLAGS@ |
LIBS = @LIBS@ |
-LIBOBJS = @LIBOBJS@ |
+LTLIBOBJS = @LTLIBOBJS@ |
RANLIB = @RANLIB@ |
@SET_MAKE@ |
VPATH = @srcdir@:@top_srcdir@/compat:../listhash |
@@ -40,24 +44,26 @@ VPATH = @srcdir@:@top_srcdir@/compat:.. |
### Makefile rules - no user-servicable parts below |
-LIBTAR_OBJS = append.o \ |
- block.o \ |
- decode.o \ |
- encode.o \ |
- extract.o \ |
- handle.o \ |
- libtar_hash.o \ |
- libtar_list.o \ |
- output.o \ |
- util.o \ |
- wrapper.o |
+LIBTAR_OBJS = append.lo \ |
+ block.lo \ |
+ decode.lo \ |
+ encode.lo \ |
+ extract.lo \ |
+ handle.lo \ |
+ libtar_hash.lo \ |
+ libtar_list.lo \ |
+ output.lo \ |
+ util.lo \ |
+ wrapper.lo |
LIBTAR_HDRS = ../config.h \ |
${top_srcdir}/compat/compat.h \ |
${srcdir}/libtar.h \ |
${srcdir}/internal.h \ |
../listhash/libtar_listhash.h |
-LIBTAR_LIBS = ./libtar.a |
-ALL = libtar.a |
+LIBTAR_LIBS = ./libtar.la |
+ALL = libtar.la |
+LDFLAGS = @LDFLAGS@ |
+CFLAGS = @CFLAGS@ |
DISTCLEANFILES = ../listhash/libtar_listhash.h \ |
../listhash/libtar_list.c \ |
@@ -68,24 +74,31 @@ all: ${ALL} |
.PHONY: clean distclean install |
-libtar.a: ${LIBTAR_OBJS} ${LIBOBJS} |
- ${AR} rc libtar.a ${LIBTAR_OBJS} ${LIBOBJS} |
- ${RANLIB} libtar.a |
+libtar.la: ${LIBTAR_OBJS} ${LTLIBOBJS} |
+ $(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o libtar.la $(LIBTAR_OBJS) $(LTLIBOBJS) -rpath $(libdir) |
+# ${AR} rc libtar.a ${LIBTAR_OBJS} ${LIBOBJS} |
+# ${RANLIB} libtar.a |
${LIBTAR_OBJS}: ${LIBTAR_HDRS} |
-.c.o: |
- ${CC} ${CFLAGS} ${CPPFLAGS} -c -o $@ $< |
+%.lo: $(srcdir)/%.c |
+ $(LIBTOOL) --mode=compile ${CC} ${CFLAGS} ${CPPFLAGS} -c -o $@ $< |
+ |
+%.lo: listhash/%.c |
+ $(LIBTOOL) --mode=compile ${CC} ${CFLAGS} ${CPPFLAGS} -c -o $@ $< |
+ |
+%.lo: compat/%.c |
+ $(LIBTOOL) --mode=compile ${CC} ${CFLAGS} ${CPPFLAGS} -c -o $@ $< |
clean: |
- rm -f *~ *.o ${ALL} core |
+ rm -rf *~ *.o $(LIBTAR_OBJS) ${ALL} core .libs $(LTLIBOBJS) |
distclean: clean |
rm -f Makefile ${DISTCLEANFILES} |
install: ${ALL} |
${MKDIR} ${DESTDIR}${libdir} |
- ${INSTALL_DATA} libtar.a ${DESTDIR}${libdir} |
+ $(LIBTOOL) --mode=install ${INSTALL_DATA} libtar.la ${DESTDIR}${libdir} |
${MKDIR} ${DESTDIR}${includedir} |
${INSTALL_DATA} ${srcdir}/libtar.h ${DESTDIR}${includedir} |
${INSTALL_DATA} ../listhash/libtar_listhash.h ${DESTDIR}${includedir} |
--- a/libtar/Makefile.in |
+++ b/libtar/Makefile.in |
@@ -3,6 +3,7 @@ |
### Path settings |
srcdir = @srcdir@ |
top_srcdir = @top_srcdir@ |
+top_builddir = @top_builddir@ |
prefix = @prefix@ |
exec_prefix = @exec_prefix@ |
bindir = @bindir@ |
@@ -14,6 +15,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ |
@ENCAP_DEFS@ |
+SHELL = @SHELL@ |
+ |
### Installation programs and flags |
INSTALL = @INSTALL@ |
INSTALL_PROGRAM = @INSTALL_PROGRAM@ -s |
@@ -23,6 +26,7 @@ MKDIR = @MKDIR@ |
### Compiler and link options |
CC = @CC@ |
+LIBTOOL = @LIBTOOL@ |
CPPFLAGS = -I.. \ |
-I../lib \ |
-I../listhash \ |
@@ -31,7 +35,7 @@ CPPFLAGS = -I.. \ |
@CPPFLAGS@ |
CFLAGS = @CFLAGS@ |
LDFLAGS = @LDFLAGS@ |
-LIBS = @LIBS@ |
+LIBS = @LIBS@ -ltar |
LIBOBJS = @LIBOBJS@ |
RANLIB = @RANLIB@ |
@SET_MAKE@ |
@@ -40,12 +44,12 @@ VPATH = @srcdir@ |
### Makefile rules - no user-servicable parts below |
-LIBTAR_OBJS = libtar.o |
+LIBTAR_OBJS = libtar.lo |
LIBTAR_HDRS = ../config.h \ |
${top_srcdir}/compat/compat.h \ |
${top_srcdir}/lib/libtar.h \ |
../listhash/libtar_listhash.h |
-LIBTAR_LIBS = ../lib/libtar.a |
+LIBTAR_LIBS = $(top_builddir)/lib |
ALL = libtar |
@@ -54,20 +58,20 @@ all: ${ALL} |
.PHONY: clean distclean install |
libtar: ${LIBTAR_OBJS} ${LIBTAR_LIBS} ${LIBTAR_HDRS} |
- ${CC} ${CFLAGS} ${LDFLAGS} -o libtar libtar.o ${LIBTAR_LIBS} ${LIBS} |
+ $(LIBTOOL) --mode=link ${CC} ${CFLAGS} ${LDFLAGS} -o libtar $(LIBTAR_OBJS) -L${LIBTAR_LIBS} ${LIBS} |
${LIBTAR_OBJS}: ${LIBTAR_HDRS} |
-.c.o: |
- ${CC} ${CFLAGS} ${CPPFLAGS} -c -o $@ $< |
+%.lo: %.c |
+ $(LIBTOOL) --mode=compile ${CC} ${CFLAGS} ${CPPFLAGS} -c -o $@ $< |
clean: |
- rm -f *~ *.o ${ALL} core |
+ rm -rf *~ *.o ${ALL} $(LIBTAR_OBJS) core .libs |
distclean: clean |
rm -f Makefile |
install: ${ALL} |
${MKDIR} ${DESTDIR}${bindir} |
- ${INSTALL_PROGRAM} libtar ${DESTDIR}${bindir} |
+ $(LIBTOOL) --mode=install ${INSTALL_PROGRAM} libtar ${DESTDIR}${bindir} |
/trunk/debian/patches/series |
---|
1,4 → 1,6 |
no_static_buffers.patch |
no_maxpathlen.patch |
CVE-2013-4420.patch |
th_get_size-unsigned-int.patch |
libtool.patch |
autoreconf.patch |
memleak2.patch |
#memleak.patch |
bad_ptrtoint.patch |
man_hyphen_minus.patch |
/trunk/debian/patches/autoreconf.patch |
---|
0,0 → 1,46 |
Author: Julien Danjou <acid@debian.org> |
Author: James Westby <james.westby@canonical.com> |
Description: Changes to upstream source needed to call autoreconf |
Bug-Debian: http://bugs.debian.org/511741 |
--- a/configure.ac |
+++ b/configure.ac |
@@ -3,6 +3,7 @@ AC_INIT([libtar], [1.2.11]) |
AC_PREREQ([2.61]) |
AC_CONFIG_AUX_DIR([autoconf]) |
AC_CONFIG_HEADERS([config.h]) |
+AC_CONFIG_MACRO_DIR([m4]) |
AC_COPYRIGHT([[ |
Copyright (c) 1998-2003 University of Illinois Board of Trustees |
Copyright (c) 1998-2003 Mark D. Roth |
@@ -93,9 +94,9 @@ COMPAT_FUNC_MAKEDEV |
COMPAT_FUNC_SNPRINTF |
COMPAT_FUNC_STRDUP |
AC_FUNC_STRFTIME |
-COMPAT_FUNC_STRLCPY |
COMPAT_FUNC_STRMODE |
-COMPAT_FUNC_STRSEP |
+dnl COMPAT_FUNC_STRLCPY converted by compat/modules.ac |
+dnl COMPAT_FUNC_STRSEP |
dnl ### Check for libraries. ####################################### |
--- /dev/null |
+++ b/aclocal.m4 |
@@ -0,0 +1,8 @@ |
+m4_include([autoconf/ac_path_generic.m4]) |
+m4_include([autoconf/encap.m4]) |
+m4_include([autoconf/aclocal.m4]) |
+m4_include([/usr/share/aclocal/ltoptions.m4]) |
+m4_include([/usr/share/aclocal/lt~obsolete.m4]) |
+m4_include([/usr/share/aclocal/libtool.m4]) |
+m4_include([/usr/share/aclocal/ltversion.m4]) |
+m4_include([/usr/share/aclocal/ltsugar.m4]) |
--- a/autoconf/aclocal.m4 |
+++ b/autoconf/aclocal.m4 |
@@ -1,5 +1,3 @@ |
-m4_include([encap.m4]) |
-m4_include([ac_path_generic.m4]) |
# PSG_LIB_READLINE |
/trunk/debian/patches/bad_ptrtoint.patch |
---|
0,0 → 1,25 |
Author: James Morrison <phython@debian.org> |
Description: Document stupidity of tartype_t in libtar.c. |
Bug-Debian: http://bugs.debian.org/309945 |
--- a/libtar/libtar.c |
+++ b/libtar/libtar.c |
@@ -19,6 +19,7 @@ |
#include <sys/param.h> |
#ifdef STDC_HEADERS |
+# include <stdlib.h> |
# include <string.h> |
#endif |
@@ -91,6 +92,10 @@ gzopen_frontend(char *pathname, int ofla |
return -1; |
} |
+ /* This is a bad thing to do on big-endian lp64 systems, where the |
+ size and placement of integers is different than pointers. |
+ However, to fix the problem 4 wrapper functions would be needed and |
+ an extra bit of data associating GZF with the wrapper functions. */ |
return (int)gzf; |
} |
/trunk/debian/patches/memleak.patch |
---|
0,0 → 1,496 |
Description: Fix memory leaks related to th_get_pathname() |
Author: James Morrison <phython@debian.org> |
Author: Martin Gadbois <martin.gadbois@colubris.com> |
Author: Magnus Holmgren <holmgren@debian.org> |
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libtar/+bug/41804 |
--- a/lib/wrapper.c |
+++ b/lib/wrapper.c |
@@ -18,6 +18,7 @@ |
#include <errno.h> |
#ifdef STDC_HEADERS |
+# include <stdlib.h> |
# include <string.h> |
#endif |
@@ -35,7 +36,10 @@ tar_extract_glob(TAR *t, char *globname, |
if (fnmatch(globname, filename, FNM_PATHNAME | FNM_PERIOD)) |
{ |
if (TH_ISREG(t) && tar_skip_regfile(t)) |
+ { |
+ free(filename); |
return -1; |
+ } |
continue; |
} |
if (t->options & TAR_VERBOSE) |
@@ -45,7 +49,11 @@ tar_extract_glob(TAR *t, char *globname, |
else |
strlcpy(buf, filename, sizeof(buf)); |
if (tar_extract_file(t, filename) != 0) |
+ { |
+ free(filename); |
return -1; |
+ } |
+ free(filename); |
} |
return (i == 1 ? 0 : -1); |
@@ -76,12 +84,17 @@ tar_extract_all(TAR *t, char *prefix) |
snprintf(buf, sizeof(buf), "%s/%s", prefix, filename); |
else |
strlcpy(buf, filename, sizeof(buf)); |
+ free(filename); |
#ifdef DEBUG |
printf(" tar_extract_all(): calling tar_extract_file(t, " |
"\"%s\")\n", buf); |
#endif |
if (tar_extract_file(t, buf) != 0) |
+ { |
+ free(filename); |
return -1; |
+ } |
+ free(filename); |
} |
return (i == 1 ? 0 : -1); |
--- a/lib/extract.c |
+++ b/lib/extract.c |
@@ -21,6 +21,7 @@ |
#ifdef STDC_HEADERS |
# include <stdlib.h> |
+# include <string.h> |
#endif |
#ifdef HAVE_UNISTD_H |
@@ -43,9 +44,10 @@ tar_set_file_perms(TAR *t, char *realnam |
uid_t uid; |
gid_t gid; |
struct utimbuf ut; |
- char *filename; |
+ char *filename,*pathname; |
- filename = (realname ? realname : th_get_pathname(t)); |
+ pathname = th_get_pathname(t); |
+ filename = (realname ? realname : pathname); |
mode = th_get_mode(t); |
uid = th_get_uid(t); |
gid = th_get_gid(t); |
@@ -68,6 +70,7 @@ tar_set_file_perms(TAR *t, char *realnam |
filename, uid, gid, strerror(errno)); |
# endif |
#endif /* HAVE_LCHOWN */ |
+ free(pathname); |
return -1; |
} |
@@ -77,6 +80,7 @@ tar_set_file_perms(TAR *t, char *realnam |
#ifdef DEBUG |
perror("utime()"); |
#endif |
+ free(pathname); |
return -1; |
} |
@@ -86,9 +90,10 @@ tar_set_file_perms(TAR *t, char *realnam |
#ifdef DEBUG |
perror("chmod()"); |
#endif |
+ free(pathname); |
return -1; |
} |
- |
+ free(pathname); |
return 0; |
} |
@@ -99,6 +104,7 @@ tar_extract_file(TAR *t, char *realname) |
{ |
int i; |
linkname_t *lnp; |
+ char *pathname; |
if (t->options & TAR_NOOVERWRITE) |
{ |
@@ -140,12 +146,14 @@ tar_extract_file(TAR *t, char *realname) |
lnp = (linkname_t *)calloc(1, sizeof(linkname_t)); |
if (lnp == NULL) |
return -1; |
- strlcpy(lnp->ln_save, th_get_pathname(t), sizeof(lnp->ln_save)); |
+ pathname = th_get_pathname(t); |
+ strlcpy(lnp->ln_save, pathname, sizeof(lnp->ln_save)); |
strlcpy(lnp->ln_real, realname, sizeof(lnp->ln_real)); |
#ifdef DEBUG |
printf("tar_extract_file(): calling libtar_hash_add(): key=\"%s\", " |
- "value=\"%s\"\n", th_get_pathname(t), realname); |
+ "value=\"%s\"\n", pathname, realname); |
#endif |
+ free(pathname); |
if (libtar_hash_add(t->h, lnp) != 0) |
return -1; |
@@ -164,7 +172,7 @@ tar_extract_regfile(TAR *t, char *realna |
int fdout; |
int i, k; |
char buf[T_BLOCKSIZE]; |
- char *filename; |
+ char *filename,*pathname; |
#ifdef DEBUG |
printf("==> tar_extract_regfile(t=0x%lx, realname=\"%s\")\n", t, |
@@ -176,15 +184,18 @@ tar_extract_regfile(TAR *t, char *realna |
errno = EINVAL; |
return -1; |
} |
- |
- filename = (realname ? realname : th_get_pathname(t)); |
+ pathname = th_get_pathname(t); |
+ filename = (realname ? realname : pathname); |
mode = th_get_mode(t); |
size = th_get_size(t); |
uid = th_get_uid(t); |
gid = th_get_gid(t); |
if (mkdirhier(dirname(filename)) == -1) |
+ { |
+ free(pathname); |
return -1; |
+ } |
#ifdef DEBUG |
printf(" ==> extracting: %s (mode %04o, uid %d, gid %d, %d bytes)\n", |
@@ -200,6 +211,7 @@ tar_extract_regfile(TAR *t, char *realna |
#ifdef DEBUG |
perror("open()"); |
#endif |
+ free(pathname); |
return -1; |
} |
@@ -231,23 +243,30 @@ tar_extract_regfile(TAR *t, char *realna |
{ |
if (k != -1) |
errno = EINVAL; |
+ free(pathname); |
return -1; |
} |
/* write block to output file */ |
if (write(fdout, buf, |
((i > T_BLOCKSIZE) ? T_BLOCKSIZE : i)) == -1) |
+ { |
+ free(pathname); |
return -1; |
+ } |
} |
/* close output file */ |
if (close(fdout) == -1) |
+ { |
+ free(pathname); |
return -1; |
+ } |
#ifdef DEBUG |
printf("### done extracting %s\n", filename); |
#endif |
- |
+ free(pathname); |
return 0; |
} |
@@ -286,7 +305,7 @@ tar_skip_regfile(TAR *t) |
int |
tar_extract_hardlink(TAR * t, char *realname) |
{ |
- char *filename; |
+ char *filename,*pathname; |
char *linktgt = NULL; |
linkname_t *lnp; |
libtar_hashptr_t hp; |
@@ -296,10 +315,14 @@ tar_extract_hardlink(TAR * t, char *real |
errno = EINVAL; |
return -1; |
} |
- |
- filename = (realname ? realname : th_get_pathname(t)); |
+ |
+ pathname = th_get_pathname(t); |
+ filename = (realname ? realname : pathname); |
if (mkdirhier(dirname(filename)) == -1) |
+ { |
+ free(pathname); |
return -1; |
+ } |
libtar_hashptr_reset(&hp); |
if (libtar_hash_getkey(t->h, &hp, th_get_linkname(t), |
(libtar_matchfunc_t)libtar_str_match) != 0) |
@@ -318,9 +341,10 @@ tar_extract_hardlink(TAR * t, char *real |
#ifdef DEBUG |
perror("link()"); |
#endif |
+ free(pathname); |
return -1; |
} |
- |
+ free(pathname); |
return 0; |
} |
@@ -329,7 +353,7 @@ tar_extract_hardlink(TAR * t, char *real |
int |
tar_extract_symlink(TAR *t, char *realname) |
{ |
- char *filename; |
+ char *filename,*pathname; |
if (!TH_ISSYM(t)) |
{ |
@@ -337,12 +361,19 @@ tar_extract_symlink(TAR *t, char *realna |
return -1; |
} |
- filename = (realname ? realname : th_get_pathname(t)); |
+ pathname = th_get_pathname(t); |
+ filename = (realname ? realname : pathname); |
if (mkdirhier(dirname(filename)) == -1) |
+ { |
+ free(pathname); |
return -1; |
+ } |
if (unlink(filename) == -1 && errno != ENOENT) |
+ { |
+ free(pathname); |
return -1; |
+ } |
#ifdef DEBUG |
printf(" ==> extracting: %s (symlink to %s)\n", |
@@ -353,9 +384,10 @@ tar_extract_symlink(TAR *t, char *realna |
#ifdef DEBUG |
perror("symlink()"); |
#endif |
+ free(pathname); |
return -1; |
} |
- |
+ free(pathname); |
return 0; |
} |
@@ -366,7 +398,7 @@ tar_extract_chardev(TAR *t, char *realna |
{ |
mode_t mode; |
unsigned long devmaj, devmin; |
- char *filename; |
+ char *filename,*pathname; |
if (!TH_ISCHR(t)) |
{ |
@@ -374,13 +406,17 @@ tar_extract_chardev(TAR *t, char *realna |
return -1; |
} |
- filename = (realname ? realname : th_get_pathname(t)); |
+ pathname = th_get_pathname(t); |
+ filename = (realname ? realname : pathname); |
mode = th_get_mode(t); |
devmaj = th_get_devmajor(t); |
devmin = th_get_devminor(t); |
if (mkdirhier(dirname(filename)) == -1) |
+ { |
+ free(pathname); |
return -1; |
+ } |
#ifdef DEBUG |
printf(" ==> extracting: %s (character device %ld,%ld)\n", |
@@ -392,9 +428,10 @@ tar_extract_chardev(TAR *t, char *realna |
#ifdef DEBUG |
perror("mknod()"); |
#endif |
+ free(pathname); |
return -1; |
} |
- |
+ free(pathname); |
return 0; |
} |
@@ -405,7 +442,7 @@ tar_extract_blockdev(TAR *t, char *realn |
{ |
mode_t mode; |
unsigned long devmaj, devmin; |
- char *filename; |
+ char *filename,*pathname; |
if (!TH_ISBLK(t)) |
{ |
@@ -413,13 +450,17 @@ tar_extract_blockdev(TAR *t, char *realn |
return -1; |
} |
- filename = (realname ? realname : th_get_pathname(t)); |
+ pathname = th_get_pathname(t); |
+ filename = (realname ? realname : pathname); |
mode = th_get_mode(t); |
devmaj = th_get_devmajor(t); |
devmin = th_get_devminor(t); |
if (mkdirhier(dirname(filename)) == -1) |
+ { |
+ free(pathname); |
return -1; |
+ } |
#ifdef DEBUG |
printf(" ==> extracting: %s (block device %ld,%ld)\n", |
@@ -431,9 +472,10 @@ tar_extract_blockdev(TAR *t, char *realn |
#ifdef DEBUG |
perror("mknod()"); |
#endif |
+ free(pathname); |
return -1; |
} |
- |
+ free(pathname); |
return 0; |
} |
@@ -443,7 +485,7 @@ int |
tar_extract_dir(TAR *t, char *realname) |
{ |
mode_t mode; |
- char *filename; |
+ char *filename,*pathname; |
if (!TH_ISDIR(t)) |
{ |
@@ -451,11 +493,15 @@ tar_extract_dir(TAR *t, char *realname) |
return -1; |
} |
- filename = (realname ? realname : th_get_pathname(t)); |
+ pathname = th_get_pathname(t); |
+ filename = (realname ? realname : pathname); |
mode = th_get_mode(t); |
if (mkdirhier(dirname(filename)) == -1) |
+ { |
+ free(pathname); |
return -1; |
+ } |
#ifdef DEBUG |
printf(" ==> extracting: %s (mode %04o, directory)\n", filename, |
@@ -470,6 +516,7 @@ tar_extract_dir(TAR *t, char *realname) |
#ifdef DEBUG |
perror("chmod()"); |
#endif |
+ free(pathname); |
return -1; |
} |
else |
@@ -477,6 +524,7 @@ tar_extract_dir(TAR *t, char *realname) |
#ifdef DEBUG |
puts(" *** using existing directory"); |
#endif |
+ free(pathname); |
return 1; |
} |
} |
@@ -485,10 +533,11 @@ tar_extract_dir(TAR *t, char *realname) |
#ifdef DEBUG |
perror("mkdir()"); |
#endif |
+ free(pathname); |
return -1; |
} |
} |
- |
+ free(pathname); |
return 0; |
} |
@@ -498,7 +547,7 @@ int |
tar_extract_fifo(TAR *t, char *realname) |
{ |
mode_t mode; |
- char *filename; |
+ char *filename,*pathname; |
if (!TH_ISFIFO(t)) |
{ |
@@ -506,11 +555,15 @@ tar_extract_fifo(TAR *t, char *realname) |
return -1; |
} |
- filename = (realname ? realname : th_get_pathname(t)); |
+ pathname = th_get_pathname(t); |
+ filename = (realname ? realname : pathname); |
mode = th_get_mode(t); |
if (mkdirhier(dirname(filename)) == -1) |
+ { |
+ free(pathname); |
return -1; |
+ } |
#ifdef DEBUG |
printf(" ==> extracting: %s (fifo)\n", filename); |
@@ -520,9 +573,11 @@ tar_extract_fifo(TAR *t, char *realname) |
#ifdef DEBUG |
perror("mkfifo()"); |
#endif |
+ free(pathname); |
return -1; |
} |
+ free(pathname); |
return 0; |
} |
--- a/lib/output.c |
+++ b/lib/output.c |
@@ -20,6 +20,7 @@ |
#include <sys/param.h> |
#ifdef STDC_HEADERS |
+# include <stdlib.h> |
# include <string.h> |
#endif |
@@ -71,6 +72,7 @@ th_print_long_ls(TAR *t) |
char groupname[_POSIX_LOGIN_NAME_MAX]; |
time_t mtime; |
struct tm *mtm; |
+ char *pathname; |
#ifdef HAVE_STRFTIME |
char timebuf[18]; |
@@ -114,7 +116,9 @@ th_print_long_ls(TAR *t) |
mtm->tm_mday, mtm->tm_hour, mtm->tm_min, mtm->tm_year + 1900); |
#endif |
- printf(" %s", th_get_pathname(t)); |
+ pathname = th_get_pathname(t); |
+ printf(" %s", pathname); |
+ free(pathname); |
if (TH_ISSYM(t) || TH_ISLNK(t)) |
{ |
--- a/lib/decode.c |
+++ b/lib/decode.c |
@@ -29,7 +29,7 @@ th_get_pathname(TAR *t) |
char filename[MAXPATHLEN]; |
if (t->th_buf.gnu_longname) |
- return t->th_buf.gnu_longname; |
+ return strdup(t->th_buf.gnu_longname); |
if (t->th_buf.prefix[0] != '\0') |
{ |
/trunk/debian/patches/memleak2.patch |
---|
0,0 → 1,31 |
Description: Fix memory leak in th_get_pathname |
by making the buffer, where prefix and filename are concatenated, static |
and returning that instead of a pointer to a copy of a local buffer. |
Author: Per Lidén <per@fukt.bth.se> |
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libtar/+bug/41804 |
--- a/lib/decode.c |
+++ b/lib/decode.c |
@@ -26,7 +26,7 @@ |
char * |
th_get_pathname(TAR *t) |
{ |
- char filename[MAXPATHLEN]; |
+ static char filename[MAXPATHLEN]; |
if (t->th_buf.gnu_longname) |
return t->th_buf.gnu_longname; |
@@ -35,11 +35,11 @@ th_get_pathname(TAR *t) |
{ |
snprintf(filename, sizeof(filename), "%.155s/%.100s", |
t->th_buf.prefix, t->th_buf.name); |
- return strdup(filename); |
+ return filename; |
} |
snprintf(filename, sizeof(filename), "%.100s", t->th_buf.name); |
- return strdup(filename); |
+ return filename; |
} |
/trunk/debian/watch |
---|
1,6 → 1,3 |
version=3 |
#ftp://ftp.feep.net/pub/software/libtar/libtar-(.*).tar.gz |
opts=downloadurlmangle=s/tag/snapshot/,filenamemangle=s/.*\/v([\d\.]+)$/libtar-$1.tar.gz/ \ |
http://repo.or.cz/w/libtar.git/shortlog ^.*/v([\d\.]+) |
ftp://ftp.feep.net/pub/software/libtar/libtar-(.*).tar.gz |
/trunk/debian/rules |
---|
8,12 → 8,9 |
[ -f debian/autoreconf.before ] || dh_autoreconf |
./configure \ |
--prefix=/usr \ |
--mandir=\$${prefix}/share/man \ |
$(shell dpkg-buildflags --export=configure) |
--mandir=\$${prefix}/share/man |
touch configure-stamp |
build-arch: build |
build-indep: |
build: build-stamp |
build-stamp: configure-stamp |
dh_testdir |
36,7 → 33,7 |
$(MAKE) install DESTDIR=$(CURDIR)/debian/tmp |
binary-indep: |
binary-indep: build install |
binary-arch: install |
dh_testdir |
/trunk/debian/copyright |
---|
1,15 → 1,13 |
This package was debianized by Glenn McGrath <bug1@debian.org> on |
Sat, 5 Jan 2002 13:24:37 +1100. |
It was downloaded from http://repo.or.cz/w/libtar.git; previously from |
http://www.feep.net/libtar/ |
It was downloaded from http://www-dev.cites.uiuc.edu/libtar/ |
Upstream Authors: Mark D. Roth <roth@uiuc.edu> and Chris Frey |
<cdfrey@foursquare.net> |
Upstream Author: Mark D. Roth <roth@uiuc.edu> |
Copyright: |
Copyright (c) 1998-2003 University of Illinois Board of Trustees |
Copyright (c) 1998-2003 Mark D. Roth |
Copyright (c) 1998-2002 University of Illinois Board of Trustees |
Copyright (c) 1998-2002 Mark D. Roth |
All rights reserved. |
Developed by: Campus Information Technologies and Educational Services, |
43,3 → 41,4 |
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE |
OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE. |