/tags/1.2.20-4/debian/rules |
---|
File deleted |
Property changes: |
Deleted: svn:executable |
## -1 +0,0 ## |
-* |
\ No newline at end of property |
Index: 1.2.20-4/debian/libtar-dev.install |
=================================================================== |
--- 1.2.20-4/debian/libtar-dev.install (revision 37) |
+++ 1.2.20-4/debian/libtar-dev.install (nonexistent) |
@@ -1,4 +0,0 @@ |
-usr/include/libtar.h |
-usr/include/libtar_listhash.h |
-usr/lib/lib*.a |
-usr/lib/lib*so |
Index: 1.2.20-4/debian/source/format |
=================================================================== |
--- 1.2.20-4/debian/source/format (revision 37) |
+++ 1.2.20-4/debian/source/format (nonexistent) |
@@ -1 +0,0 @@ |
-3.0 (quilt) |
Index: 1.2.20-4/debian/control |
=================================================================== |
--- 1.2.20-4/debian/control (revision 37) |
+++ 1.2.20-4/debian/control (nonexistent) |
@@ -1,29 +0,0 @@ |
-Source: libtar |
-Section: libs |
-Priority: optional |
-Maintainer: Magnus Holmgren <holmgren@debian.org> |
-Build-Depends: dpkg-dev (>= 1.15.7), debhelper (>= 7), dh-autoreconf, |
- autoconf, libtool |
-Standards-Version: 3.9.5 |
-Homepage: http://www.feep.net/libtar/ |
-Vcs-Browser: http://svn.kibibyte.se/libtar |
-Vcs-Svn: svn://svn.kibibyte.se/libtar/trunk |
- |
-Package: libtar-dev |
-Architecture: any |
-Section: libdevel |
-Depends: libtar0 (= ${binary:Version}), ${misc:Depends} |
-Description: C library for manipulating tar archives (development files) |
- Contains static library, headers, example code and development manpages |
- for libtar |
- |
-Package: libtar0 |
-Architecture: any |
-Depends: ${shlibs:Depends}, ${misc:Depends} |
-Replaces: libtar |
-Breaks: libtar |
-Provides: libtar |
-Description: C library for manipulating tar archives |
- libtar allows programs to create, extract and test tar archives. |
- It supports both the strict POSIX tar format and many of the commonly-used |
- GNU extensions. |
Index: 1.2.20-4/debian/libtar0.install |
=================================================================== |
--- 1.2.20-4/debian/libtar0.install (revision 37) |
+++ 1.2.20-4/debian/libtar0.install (nonexistent) |
@@ -1 +0,0 @@ |
-usr/lib/lib*.so.* |
Index: 1.2.20-4/debian/libtar-dev.manpages |
=================================================================== |
--- 1.2.20-4/debian/libtar-dev.manpages (revision 37) |
+++ 1.2.20-4/debian/libtar-dev.manpages (nonexistent) |
@@ -1,11 +0,0 @@ |
-debian/tmp/usr/share/man/man3/libtar_hash_new.3 |
-debian/tmp/usr/share/man/man3/libtar_list_new.3 |
-debian/tmp/usr/share/man/man3/tar_append_file.3 |
-debian/tmp/usr/share/man/man3/tar_block_read.3 |
-debian/tmp/usr/share/man/man3/tar_extract_all.3 |
-debian/tmp/usr/share/man/man3/tar_extract_file.3 |
-debian/tmp/usr/share/man/man3/tar_open.3 |
-debian/tmp/usr/share/man/man3/th_get_pathname.3 |
-debian/tmp/usr/share/man/man3/th_print_long_ls.3 |
-debian/tmp/usr/share/man/man3/th_read.3 |
-debian/tmp/usr/share/man/man3/th_set_from_stat.3 |
Index: 1.2.20-4/debian/compat |
=================================================================== |
--- 1.2.20-4/debian/compat (revision 37) |
+++ 1.2.20-4/debian/compat (nonexistent) |
@@ -1 +0,0 @@ |
-7 |
Index: 1.2.20-4/debian/libtar-dev.examples |
=================================================================== |
--- 1.2.20-4/debian/libtar-dev.examples (revision 37) |
+++ 1.2.20-4/debian/libtar-dev.examples (nonexistent) |
@@ -1,2 +0,0 @@ |
-libtar/libtar.c |
-libtar/Makefile |
Index: 1.2.20-4/debian/watch |
=================================================================== |
--- 1.2.20-4/debian/watch (revision 37) |
+++ 1.2.20-4/debian/watch (nonexistent) |
@@ -1,6 +0,0 @@ |
-version=3 |
- |
-#ftp://ftp.feep.net/pub/software/libtar/libtar-(.*).tar.gz |
- |
-opts=downloadurlmangle=s/tag/snapshot/,filenamemangle=s/.*\/v([\d\.]+)$/libtar-$1.tar.gz/ \ |
- http://repo.or.cz/w/libtar.git/shortlog ^.*/v([\d\.]+) |
Index: 1.2.20-4/debian/changelog |
=================================================================== |
--- 1.2.20-4/debian/changelog (revision 37) |
+++ 1.2.20-4/debian/changelog (nonexistent) |
@@ -1,203 +0,0 @@ |
-libtar (1.2.20-4) unstable; urgency=high |
- |
- * no_maxpathlen.patch: Half of the part of the patch modifying |
- compat/dirname.c was missing, causing libtar's dirname to always |
- return NULL (except in special circumstances). Actually make it work |
- (Closes: #745352). (The reason that libtar doesn't use libc's |
- dirname() and basename() on some or most platforms is that the code |
- doesn't work with destructive versions of these functions). |
- |
- -- Magnus Holmgren <holmgren@debian.org> Sat, 03 May 2014 20:39:02 +0200 |
- |
-libtar (1.2.20-3) unstable; urgency=low |
- |
- * no_maxpathlen.patch: Fix two grave bugs in the patch. First, |
- th_get_pathname would only allocate as much memory as was needed for |
- the first filename encountered, causing heap corruption when/if |
- encountering longer filenames later. Second, two variables were mixed |
- up in tar_append_tree(). Also, fix a potential memory leak and trim |
- the patch a bit. |
- * [SECURITY] CVE-2013-4420.patch: When the prefix field is in use, the |
- safer_name_suffix() function should certainly be applied to the |
- combination of it and the name field, not just on the name field. |
- * th_get_size-unsigned-int.patch: Make the th_get_size() macro cast the |
- result from oct_to_int() to unsigned int. This is the right fix for |
- bug #725938 on 64-bit systems, where a specially crafted tar file |
- would not cause an integer overflow, but a memory allocation of almost |
- 16 exbibytes, which would certainly fail outright without harm. |
- |
- -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 23:51:51 +0100 |
- |
-libtar (1.2.20-2) unstable; urgency=low |
- |
- * no_static_buffers.patch: avoid using a static buffer in |
- th_get_pathname(). Taken from upstream. Needed for no_maxpathlen.patch. |
- * no_maxpathlen.patch: Fix FTBFS on Hurd by dynamically allocating path |
- names (Closes: #657116). Thanks to Svante Signell and Petter |
- Reinholdtsen. |
- * [SECURITY] CVE-2013-4420.patch: Strip out leading slashes and any |
- pathname prefix containing ".." components (Closes: #731860). This is |
- done in th_get_pathname() (as well as to symlink targets when |
- extracting symlinks), not merely when extracting files, which means |
- applications calling that function will not see the stored |
- filename. There is no way to disable this behaviour, but it can be |
- expected that one will be provided when the issue is solved upstream. |
- * Bump Standards-Version to 3.9.5. |
- |
- -- Magnus Holmgren <holmgren@debian.org> Sat, 15 Feb 2014 21:49:37 +0100 |
- |
-libtar (1.2.20-1) unstable; urgency=high |
- |
- * [SECURITY] New upstream release. Fixes CVE-2013-4397: Integer |
- overflow (Closes: #725938). |
- * Bump Standards-Version to 3.9.4. |
- |
- -- Magnus Holmgren <holmgren@debian.org> Thu, 10 Oct 2013 19:20:49 +0200 |
- |
-libtar (1.2.19-1) unstable; urgency=low |
- |
- * New upstream release. |
- |
- -- Magnus Holmgren <holmgren@debian.org> Sun, 05 May 2013 17:59:29 +0200 |
- |
-libtar (1.2.16-1) unstable; urgency=low |
- |
- * New upstream: Chris Frey has stepped up with the consent of the |
- original author, Mark Roth, and published an "official unofficial" git |
- repo at http://repo.or.cz/w/libtar.git, which I will use for the time |
- being. |
- * Updated debian/watch to look for tags and corresponding snapshot |
- tarballs at above URL. |
- * All patches have been incorporated or (in the case of |
- autoreconf.patch) made obsolete upstream. |
- * debian/rules: Add build-indep and build-arch targets. |
- * Updated debian/copyright. |
- * Use dpkg-buildflags to set CFLAGS et al. |
- * debian/control: Add VCS fields; bump Standards-Version to 3.9.3. |
- |
- -- Magnus Holmgren <holmgren@debian.org> Sat, 23 Jun 2012 01:03:41 +0200 |
- |
-libtar (1.2.11-8) unstable; urgency=low |
- |
- * libtool.patch: Set SHELL to the configured shell in those Makefile.in |
- where libtool is used; otherwise libtool fails when /bin/sh is dash |
- but bash is expected (Closes: #621935). |
- * man_hyphen_minus.patch (new): Escape hyphens that should be minus |
- signs in man pages. |
- * Rename libtar as libtar0 to follow policy. |
- |
- -- Magnus Holmgren <holmgren@debian.org> Sun, 24 Apr 2011 21:11:52 +0200 |
- |
-libtar (1.2.11-7) unstable; urgency=low |
- |
- * New maintainer (Closes: #526618). |
- * Change source format to 3.0 (quilt), clean up Debian diff and split |
- into several patches: |
- * libtool.patch: Using libtool to build dynamic library; |
- * autoreconf.patch: Changes needed to call autoreconf (bug 511741); |
- * memleak.patch: Fix memory leaks; |
- * bad_ptrtoint.patch: Document stupidity of tartype_t in libtar.c |
- (bug 309945). |
- * Increase Debhelper compat level to 7. |
- * Use dh_autoreconf to avoid having to keep track of files to clean. |
- * memleak2.patch (new): Applied instead of memleak.patch. Fix memory |
- leak by making th_get_pathname() return a pointer to a static buffer |
- instead of a pointer to a copy of a local buffer (LP: #41804). |
- * Add homepage field and watch file (in case there is ever a new |
- upstream release). |
- * Upgrade to Standards-Version 3.9.1. |
- |
- -- Magnus Holmgren <holmgren@debian.org> Sat, 26 Mar 2011 23:10:25 +0100 |
- |
-libtar (1.2.11-6) unstable; urgency=low |
- |
- * Fix autotools usage (Closes: #511741) |
- |
- -- Julien Danjou <acid@debian.org> Sat, 02 May 2009 11:33:06 +0200 |
- |
-libtar (1.2.11-5) unstable; urgency=low |
- |
- * New maintainer (Closes: #465889) |
- * Add missing binary-indep target in debian/rules (Closes: #395714) |
- * Use ${binary:Version} instead of Source-Version |
- * Bump standard version |
- * Switch to debhelper 5 |
- |
- -- Julien Danjou <acid@debian.org> Wed, 02 Apr 2008 07:06:55 +0200 |
- |
-libtar (1.2.11-4) unstable; urgency=low |
- |
- * Always include the newest libtool.m4. (Closes: #313612) |
- |
- -- James Morrison <phython@debian.org> Sun, 28 Aug 2005 09:41:47 -0700 |
- |
-libtar (1.2.11-3) unstable; urgency=low |
- |
- * Document stupidity of tartype_t in libtar.c. (Closes: #309945) |
- |
- -- James Morrison <phython@debian.org> Sat, 11 Jun 2005 18:23:15 -0400 |
- |
-libtar (1.2.11-2) unstable; urgency=low |
- |
- * Move libtar-dev to libdevel. (Closes: #188207) |
- * Fix potential memory leak. |
- |
- -- James Morrison <phython@debian.org> Sun, 25 Jul 2004 12:59:08 -0700 |
- |
-libtar (1.2.11-1) unstable; urgency=low |
- |
- * New Upstream release. |
- |
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:19 -0500 |
- |
-libtar (1.2.10-1) unstable; urgency=low |
- |
- * New Upstream release. |
- (Closes: #166602) New upstream uses autoconf 2.5x |
- * Remove dependency on automake. Hopefully upstream will except this |
- use of libtool. |
- * Remove all -static and -shared targets from debian/rules. |
- * Use dh_install instead of dh_movefiles. |
- * - |
- |
- -- James Morrison <phython@debian.org> Sat, 5 Apr 2003 14:03:16 -0500 |
- |
-libtar (1.2.5-4) unstable; urgency=low |
- |
- * New maintainer. (Closes: #154597) |
- * WSG_ENCAP is now defined. (Closes: #147764) |
- * libtar-dev depends on libc-dev instead of libc6-dev. |
- |
- -- James Morrison <phython@debian.org> Wed, 14 Aug 2002 23:44:16 -0400 |
- |
-libtar (1.2.5-3) unstable; urgency=low |
- |
- * Modify build commands to acomadate change in autoconf (Closes #147764) |
- |
- -- Glenn McGrath <bug1@debian.org> Thu, 23 May 2002 01:06:16 +1000 |
- |
-libtar (1.2.5-2) unstable; urgency=low |
- |
- * Fix build problem (Closes #135360) |
- |
- -- Glenn McGrath <bug1@debian.org> Sun, 24 Feb 2002 06:29:31 +1100 |
- |
-libtar (1.2.5-1) unstable; urgency=low |
- |
- * New upstream version |
- * Change section of libtar-dev to devel and libtar to libs |
- |
- -- Glenn McGrath <bug1@debian.org> Fri, 22 Feb 2002 04:23:15 +1100 |
- |
-libtar (1.2.4-2) unstable; urgency=low |
- |
- * Change section from devel to libs |
- |
- -- Glenn McGrath <bug1@debian.org> Sat, 2 Feb 2002 12:12:32 +1100 |
- |
-libtar (1.2.4-1) unstable; urgency=low |
- |
- * Initial Release. (closes #128042) |
- |
- -- Glenn McGrath <bug1@debian.org> Sat, 5 Jan 2002 13:24:37 +1100 |
- |
Index: 1.2.20-4/debian/patches/no_static_buffers.patch |
=================================================================== |
--- 1.2.20-4/debian/patches/no_static_buffers.patch (revision 37) |
+++ 1.2.20-4/debian/patches/no_static_buffers.patch (nonexistent) |
@@ -1,82 +0,0 @@ |
-From: Kamil Dudka <kdudka@redhat.com> |
-Date: Wed, 23 Oct 2013 13:04:22 +0000 (+0200) |
-Origin: http://repo.or.cz/w/libtar.git/commitdiff/ec613af2e9371d7a3e1f7c7a6822164a4255b4d1 |
-Subject: decode: avoid using a static buffer in th_get_pathname() |
- |
-decode: avoid using a static buffer in th_get_pathname() |
- |
-A solution suggested by Chris Frey: |
-https://lists.feep.net:8080/pipermail/libtar/2013-October/000377.html |
- |
-Note this can break programs that expect sizeof(TAR) to be fixed. |
- |
---- a/lib/decode.c |
-+++ b/lib/decode.c |
-@@ -13,6 +13,7 @@ |
- #include <internal.h> |
- |
- #include <stdio.h> |
-+#include <stdlib.h> |
- #include <sys/param.h> |
- #include <pwd.h> |
- #include <grp.h> |
-@@ -26,20 +27,30 @@ |
- char * |
- th_get_pathname(TAR *t) |
- { |
-- static TLS_THREAD char filename[MAXPATHLEN]; |
-- |
- if (t->th_buf.gnu_longname) |
- return t->th_buf.gnu_longname; |
- |
-- if (t->th_buf.prefix[0] != '\0') |
-+ /* allocate the th_pathname buffer if not already */ |
-+ if (t->th_pathname == NULL) |
-+ { |
-+ t->th_pathname = malloc(MAXPATHLEN * sizeof(char)); |
-+ if (t->th_pathname == NULL) |
-+ /* out of memory */ |
-+ return NULL; |
-+ } |
-+ |
-+ if (t->th_buf.prefix[0] == '\0') |
-+ { |
-+ snprintf(t->th_pathname, MAXPATHLEN, "%.100s", t->th_buf.name); |
-+ } |
-+ else |
- { |
-- snprintf(filename, sizeof(filename), "%.155s/%.100s", |
-+ snprintf(t->th_pathname, MAXPATHLEN, "%.155s/%.100s", |
- t->th_buf.prefix, t->th_buf.name); |
-- return filename; |
- } |
- |
-- snprintf(filename, sizeof(filename), "%.100s", t->th_buf.name); |
-- return filename; |
-+ /* will be deallocated in tar_close() */ |
-+ return t->th_pathname; |
- } |
- |
- |
---- a/lib/handle.c |
-+++ b/lib/handle.c |
-@@ -121,6 +121,7 @@ tar_close(TAR *t) |
- libtar_hash_free(t->h, ((t->oflags & O_ACCMODE) == O_RDONLY |
- ? free |
- : (libtar_freefunc_t)tar_dev_free)); |
-+ free(t->th_pathname); |
- free(t); |
- |
- return i; |
---- a/lib/libtar.h |
-+++ b/lib/libtar.h |
-@@ -85,6 +85,9 @@ typedef struct |
- int options; |
- struct tar_header th_buf; |
- libtar_hash_t *h; |
-+ |
-+ /* introduced in libtar 1.2.21 */ |
-+ char *th_pathname; |
- } |
- TAR; |
- |
Index: 1.2.20-4/debian/patches/th_get_size-unsigned-int.patch |
=================================================================== |
--- 1.2.20-4/debian/patches/th_get_size-unsigned-int.patch (revision 37) |
+++ 1.2.20-4/debian/patches/th_get_size-unsigned-int.patch (nonexistent) |
@@ -1,52 +0,0 @@ |
-Origin: http://repo.or.cz/w/libtar.git/commitdiff/e4c1f2974258d6a325622cfd712873d49b5e7a73 |
-From: Chris Frey <cdfrey@foursquare.net> |
-Date: Thu, 24 Oct 2013 18:52:44 -0400 |
-Subject: [PATCH] Change th_get_size() macro to return unsigned int |
- |
-On systems where size_t is larger than an int (and larger than |
-unsigned int), then in various places in the library, where |
-stuff like this happens: |
- |
- size_t sz = th_get_size(t); |
- |
-then the int value returned from th_get_size() is sign extended to |
-some unwieldy amount. |
- |
-On 64bit systems, this can yield extremely large values. |
- |
-By fixing this problem in the header, and only for th_get_size(), |
-we avoid breaking the API of the function call oct_to_int() |
-(which arguably should return an unsigned int, since the sscanf() |
-it uses expects to yield an unsigned int). We also fix the library, |
-which uses th_get_size() internally to assign sizes to size_t. |
- |
-The drawback is that not all client code that uses th_get_size() |
-will be fixed, until they recompile, but they will automatically |
-take advantage of the bugs fixed *inside* the library. |
- |
-The remaining th_get_*() functions operate on modes and CRC values |
-and the like, and should be fine, remaining as ints. |
- |
-Thanks very much to Magnus Holmgren for catching this behaviour. |
-https://lists.feep.net:8080/pipermail/libtar/2013-October/000365.html |
---- |
- lib/libtar.h | 6 +++++- |
- 1 file changed, 5 insertions(+), 1 deletion(-) |
- |
-diff --git a/lib/libtar.h b/lib/libtar.h |
-index 2fefee0..13bb82d 100644 |
---- a/lib/libtar.h |
-+++ b/lib/libtar.h |
-@@ -185,7 +185,11 @@ int th_write(TAR *t); |
- |
- /* decode tar header info */ |
- #define th_get_crc(t) oct_to_int((t)->th_buf.chksum) |
--#define th_get_size(t) oct_to_int((t)->th_buf.size) |
-+/* We cast from int (what oct_to_int() returns) to |
-+ unsigned int, to avoid unwieldy sign extensions |
-+ from occurring on systems where size_t is bigger than int, |
-+ since th_get_size() is often stored into a size_t. */ |
-+#define th_get_size(t) ((unsigned int)oct_to_int((t)->th_buf.size)) |
- #define th_get_mtime(t) oct_to_int((t)->th_buf.mtime) |
- #define th_get_devmajor(t) oct_to_int((t)->th_buf.devmajor) |
- #define th_get_devminor(t) oct_to_int((t)->th_buf.devminor) |
Index: 1.2.20-4/debian/patches/CVE-2013-4420.patch |
=================================================================== |
--- 1.2.20-4/debian/patches/CVE-2013-4420.patch (revision 37) |
+++ 1.2.20-4/debian/patches/CVE-2013-4420.patch (nonexistent) |
@@ -1,113 +0,0 @@ |
-Author: Raphael Geissert <geissert@debian.org> |
-Bug-Debian: https://bugs.debian.org/731860 |
-Description: Avoid directory traversal when extracting archives |
- by skipping over leading slashes and any prefix containing ".." components. |
-Forwarded: yes |
- |
---- a/lib/decode.c |
-+++ b/lib/decode.c |
-@@ -22,13 +22,42 @@ |
- # include <string.h> |
- #endif |
- |
-+char * |
-+safer_name_suffix (char const *file_name) |
-+{ |
-+ char const *p, *t; |
-+ p = t = file_name; |
-+ while (*p == '/') t = ++p; |
-+ while (*p) |
-+ { |
-+ while (p[0] == '.' && p[0] == p[1] && p[2] == '/') |
-+ { |
-+ p += 3; |
-+ t = p; |
-+ } |
-+ /* advance pointer past the next slash */ |
-+ while (*p && (p++)[0] != '/'); |
-+ } |
-+ |
-+ if (!*t) |
-+ { |
-+ t = "."; |
-+ } |
-+ |
-+ if (t != file_name) |
-+ { |
-+ /* TODO: warn somehow that the path was modified */ |
-+ } |
-+ return (char*)t; |
-+} |
-+ |
- |
- /* determine full path name */ |
- char * |
- th_get_pathname(TAR *t) |
- { |
- if (t->th_buf.gnu_longname) |
-- return t->th_buf.gnu_longname; |
-+ return safer_name_suffix(t->th_buf.gnu_longname); |
- |
- /* allocate the th_pathname buffer if not already */ |
- if (t->th_pathname == NULL) |
-@@ -51,7 +80,7 @@ th_get_pathname(TAR *t) |
- } |
- |
- /* will be deallocated in tar_close() */ |
-- return t->th_pathname; |
-+ return safer_name_suffix(t->th_pathname); |
- } |
- |
- |
---- a/lib/extract.c |
-+++ b/lib/extract.c |
-@@ -298,14 +298,14 @@ tar_extract_hardlink(TAR * t, char *real |
- if (mkdirhier(dirname(filename)) == -1) |
- return -1; |
- libtar_hashptr_reset(&hp); |
-- if (libtar_hash_getkey(t->h, &hp, th_get_linkname(t), |
-+ if (libtar_hash_getkey(t->h, &hp, safer_name_suffix(th_get_linkname(t)), |
- (libtar_matchfunc_t)libtar_str_match) != 0) |
- { |
- lnp = (char *)libtar_hashptr_data(&hp); |
- linktgt = &lnp[strlen(lnp) + 1]; |
- } |
- else |
-- linktgt = th_get_linkname(t); |
-+ linktgt = safer_name_suffix(th_get_linkname(t)); |
- |
- #ifdef DEBUG |
- printf(" ==> extracting: %s (link to %s)\n", filename, linktgt); |
-@@ -343,9 +343,9 @@ tar_extract_symlink(TAR *t, char *realna |
- |
- #ifdef DEBUG |
- printf(" ==> extracting: %s (symlink to %s)\n", |
-- filename, th_get_linkname(t)); |
-+ filename, safer_name_suffix(th_get_linkname(t))); |
- #endif |
-- if (symlink(th_get_linkname(t), filename) == -1) |
-+ if (symlink(safer_name_suffix(th_get_linkname(t)), filename) == -1) |
- { |
- #ifdef DEBUG |
- perror("symlink()"); |
---- a/lib/internal.h |
-+++ b/lib/internal.h |
-@@ -21,3 +21,4 @@ |
- #define TLS_THREAD |
- #endif |
- |
-+char* safer_name_suffix(char const*); |
---- a/lib/output.c |
-+++ b/lib/output.c |
-@@ -123,9 +123,9 @@ th_print_long_ls(TAR *t) |
- else |
- printf(" link to "); |
- if ((t->options & TAR_GNU) && t->th_buf.gnu_longlink != NULL) |
-- printf("%s", t->th_buf.gnu_longlink); |
-+ printf("%s", safer_name_suffix(t->th_buf.gnu_longlink)); |
- else |
-- printf("%.100s", t->th_buf.linkname); |
-+ printf("%.100s", safer_name_suffix(t->th_buf.linkname)); |
- } |
- |
- putchar('\n'); |
Index: 1.2.20-4/debian/patches/series |
=================================================================== |
--- 1.2.20-4/debian/patches/series (revision 37) |
+++ 1.2.20-4/debian/patches/series (nonexistent) |
@@ -1,4 +0,0 @@ |
-no_static_buffers.patch |
-no_maxpathlen.patch |
-CVE-2013-4420.patch |
-th_get_size-unsigned-int.patch |
Index: 1.2.20-4/debian/patches/no_maxpathlen.patch |
=================================================================== |
--- 1.2.20-4/debian/patches/no_maxpathlen.patch (revision 37) |
+++ 1.2.20-4/debian/patches/no_maxpathlen.patch (nonexistent) |
@@ -1,491 +0,0 @@ |
-Author: Svante Signell <svante.signell@telia.com> |
-Author: Petter Reinholdtsen <pere@hungry.com> |
-Author: Magnus Holmgren <magnus@debian.org> |
-Bug-Debian: http://bugs.debian.org/657116 |
-Description: Fix FTBFS on Hurd by dynamically allocating path names. |
- Depends on no_static_buffers.patch, which introduced the th_pathname field. |
- |
---- a/compat/basename.c |
-+++ b/compat/basename.c |
-@@ -34,13 +34,25 @@ static char rcsid[] = "$OpenBSD: basenam |
- #include <errno.h> |
- #include <string.h> |
- #include <sys/param.h> |
-+#include <stdlib.h> |
- |
- char * |
- openbsd_basename(path) |
- const char *path; |
- { |
-- static char bname[MAXPATHLEN]; |
-+ static char *bname = NULL; |
-+ static size_t allocated = 0; |
- register const char *endp, *startp; |
-+ int len = 0; |
-+ |
-+ if (!allocated) { |
-+ allocated = 64; |
-+ bname = malloc(allocated); |
-+ if (!bname) { |
-+ allocated = 0; |
-+ return NULL; |
-+ } |
-+ } |
- |
- /* Empty or NULL string gets treated as "." */ |
- if (path == NULL || *path == '\0') { |
-@@ -64,11 +76,19 @@ openbsd_basename(path) |
- while (startp > path && *(startp - 1) != '/') |
- startp--; |
- |
-- if (endp - startp + 1 > sizeof(bname)) { |
-- errno = ENAMETOOLONG; |
-- return(NULL); |
-+ len = endp - startp + 1; |
-+ |
-+ if (len + 1 > allocated) { |
-+ size_t new_allocated = 2*(len+1); |
-+ void *new_bname = malloc(new_allocated); |
-+ if (!new_bname) |
-+ return NULL; |
-+ allocated = new_allocated; |
-+ free(bname); |
-+ bname = new_bname; |
- } |
-- (void)strncpy(bname, startp, endp - startp + 1); |
-- bname[endp - startp + 1] = '\0'; |
-+ |
-+ (void)strncpy(bname, startp, len); |
-+ bname[len] = '\0'; |
- return(bname); |
- } |
---- a/compat/dirname.c |
-+++ b/compat/dirname.c |
-@@ -34,13 +34,25 @@ static char rcsid[] = "$OpenBSD: dirname |
- #include <errno.h> |
- #include <string.h> |
- #include <sys/param.h> |
-+#include <stdlib.h> |
- |
- char * |
- openbsd_dirname(path) |
- const char *path; |
- { |
-- static char bname[MAXPATHLEN]; |
-+ static char *bname = NULL; |
-+ static size_t allocated = 0; |
- register const char *endp; |
-+ int len; |
-+ |
-+ if (!allocated) { |
-+ allocated = 64; |
-+ bname = malloc(allocated); |
-+ if (!bname) { |
-+ allocated = 0; |
-+ return NULL; |
-+ } |
-+ } |
- |
- /* Empty or NULL string gets treated as "." */ |
- if (path == NULL || *path == '\0') { |
-@@ -67,11 +79,19 @@ openbsd_dirname(path) |
- } while (endp > path && *endp == '/'); |
- } |
- |
-- if (endp - path + 1 > sizeof(bname)) { |
-- errno = ENAMETOOLONG; |
-- return(NULL); |
-+ len = endp - path + 1; |
-+ |
-+ if (len + 1 > allocated) { |
-+ size_t new_allocated = 2*(len+1); |
-+ void *new_bname = malloc(new_allocated); |
-+ if (!new_bname) |
-+ return NULL; |
-+ allocated = new_allocated; |
-+ free(bname); |
-+ bname = new_bname; |
- } |
-- (void)strncpy(bname, path, endp - path + 1); |
-- bname[endp - path + 1] = '\0'; |
-+ |
-+ (void)strncpy(bname, path, len); |
-+ bname[len] = '\0'; |
- return(bname); |
- } |
---- a/lib/append.c |
-+++ b/lib/append.c |
-@@ -38,7 +38,7 @@ typedef struct tar_dev tar_dev_t; |
- struct tar_ino |
- { |
- ino_t ti_ino; |
-- char ti_name[MAXPATHLEN]; |
-+ char ti_name[]; |
- }; |
- typedef struct tar_ino tar_ino_t; |
- |
-@@ -61,7 +61,7 @@ tar_append_file(TAR *t, const char *real |
- libtar_hashptr_t hp; |
- tar_dev_t *td = NULL; |
- tar_ino_t *ti = NULL; |
-- char path[MAXPATHLEN]; |
-+ char *path = NULL; |
- |
- #ifdef DEBUG |
- printf("==> tar_append_file(TAR=0x%lx (\"%s\"), realname=\"%s\", " |
-@@ -126,34 +126,39 @@ tar_append_file(TAR *t, const char *real |
- } |
- else |
- { |
-+ const char *name; |
- #ifdef DEBUG |
- printf("+++ adding entry: device (0x%lx,0x%lx), inode %ld " |
- "(\"%s\")...\n", major(s.st_dev), minor(s.st_dev), |
- s.st_ino, realname); |
- #endif |
-- ti = (tar_ino_t *)calloc(1, sizeof(tar_ino_t)); |
-+ name = savename ? savename : realname; |
-+ ti = (tar_ino_t *)calloc(1, sizeof(tar_ino_t) + strlen(name) + 1); |
- if (ti == NULL) |
- return -1; |
- ti->ti_ino = s.st_ino; |
-- snprintf(ti->ti_name, sizeof(ti->ti_name), "%s", |
-- savename ? savename : realname); |
-+ snprintf(ti->ti_name, strlen(name) + 1, "%s", name); |
- libtar_hash_add(td->td_h, ti); |
- } |
- |
- /* check if it's a symlink */ |
- if (TH_ISSYM(t)) |
- { |
-- i = readlink(realname, path, sizeof(path)); |
-+ if ((path = malloc(s.st_size + 1)) == NULL) |
-+ return -1; |
-+ i = readlink(realname, path, s.st_size); |
- if (i == -1) |
-+ { |
-+ free(path); |
- return -1; |
-- if (i >= MAXPATHLEN) |
-- i = MAXPATHLEN - 1; |
-+ } |
- path[i] = '\0'; |
- #ifdef DEBUG |
- printf(" tar_append_file(): encoding symlink \"%s\" -> " |
- "\"%s\"...\n", realname, path); |
- #endif |
- th_set_link(t, path); |
-+ free(path); |
- } |
- |
- /* print file info */ |
---- a/lib/decode.c |
-+++ b/lib/decode.c |
-@@ -33,7 +33,8 @@ th_get_pathname(TAR *t) |
- /* allocate the th_pathname buffer if not already */ |
- if (t->th_pathname == NULL) |
- { |
-- t->th_pathname = malloc(MAXPATHLEN * sizeof(char)); |
-+ /* Allocate the maximum length of prefix + '/' + name + '\0' */ |
-+ t->th_pathname = malloc(155 + 1 + 100 + 1); |
- if (t->th_pathname == NULL) |
- /* out of memory */ |
- return NULL; |
-@@ -41,11 +42,11 @@ th_get_pathname(TAR *t) |
- |
- if (t->th_buf.prefix[0] == '\0') |
- { |
-- snprintf(t->th_pathname, MAXPATHLEN, "%.100s", t->th_buf.name); |
-+ sprintf(t->th_pathname, "%.100s", t->th_buf.name); |
- } |
- else |
- { |
-- snprintf(t->th_pathname, MAXPATHLEN, "%.155s/%.100s", |
-+ sprintf(t->th_pathname, "%.155s/%.100s", |
- t->th_buf.prefix, t->th_buf.name); |
- } |
- |
---- a/lib/util.c |
-+++ b/lib/util.c |
-@@ -15,6 +15,7 @@ |
- #include <stdio.h> |
- #include <sys/param.h> |
- #include <errno.h> |
-+#include <stdlib.h> |
- |
- #ifdef STDC_HEADERS |
- # include <string.h> |
-@@ -25,13 +26,15 @@ |
- int |
- path_hashfunc(char *key, int numbuckets) |
- { |
-- char buf[MAXPATHLEN]; |
-+ char *buf; |
- char *p; |
-+ int i; |
- |
-- strcpy(buf, key); |
-+ buf = strdup(key); |
- p = basename(buf); |
-- |
-- return (((unsigned int)p[0]) % numbuckets); |
-+ i = ((unsigned int)p[0]) % numbuckets; |
-+ free(buf); |
-+ return (i); |
- } |
- |
- |
-@@ -77,15 +80,26 @@ ino_hash(ino_t *inode) |
- int |
- mkdirhier(char *path) |
- { |
-- char src[MAXPATHLEN], dst[MAXPATHLEN] = ""; |
-- char *dirp, *nextp = src; |
-- int retval = 1; |
-+ char *src, *dst = NULL; |
-+ char *dirp, *nextp = NULL; |
-+ int retval = 1, len; |
-+ |
-+ len = strlen(path); |
-+ if ((src = strdup(path)) == NULL) |
-+ { |
-+ errno = ENOMEM; |
-+ return -1; |
-+ } |
-+ nextp = src; |
- |
-- if (strlcpy(src, path, sizeof(src)) > sizeof(src)) |
-+ /* Make room for // with absolute paths */ |
-+ if ((dst = malloc(len + 2)) == NULL) |
- { |
-- errno = ENAMETOOLONG; |
-+ free(src); |
-+ errno = ENOMEM; |
- return -1; |
- } |
-+ dst[0] = '\0'; |
- |
- if (path[0] == '/') |
- strcpy(dst, "/"); |
-@@ -102,12 +116,18 @@ mkdirhier(char *path) |
- if (mkdir(dst, 0777) == -1) |
- { |
- if (errno != EEXIST) |
-+ { |
-+ free(src); |
-+ free(dst); |
- return -1; |
-+ } |
- } |
- else |
- retval = 0; |
- } |
- |
-+ free(src); |
-+ free(dst); |
- return retval; |
- } |
- |
---- a/lib/wrapper.c |
-+++ b/lib/wrapper.c |
-@@ -16,6 +16,7 @@ |
- #include <sys/param.h> |
- #include <dirent.h> |
- #include <errno.h> |
-+#include <stdlib.h> |
- |
- #ifdef STDC_HEADERS |
- # include <string.h> |
-@@ -26,8 +27,8 @@ int |
- tar_extract_glob(TAR *t, char *globname, char *prefix) |
- { |
- char *filename; |
-- char buf[MAXPATHLEN]; |
-- int i; |
-+ char *buf = NULL; |
-+ int i, len; |
- |
- while ((i = th_read(t)) == 0) |
- { |
-@@ -41,11 +42,25 @@ tar_extract_glob(TAR *t, char *globname, |
- if (t->options & TAR_VERBOSE) |
- th_print_long_ls(t); |
- if (prefix != NULL) |
-- snprintf(buf, sizeof(buf), "%s/%s", prefix, filename); |
-+ { |
-+ len = strlen(prefix) + 1 + strlen(filename); |
-+ if ((buf = malloc(len + 1)) == NULL) |
-+ return -1; |
-+ sprintf(buf, "%s/%s", prefix, filename); |
-+ } |
- else |
-- strlcpy(buf, filename, sizeof(buf)); |
-+ { |
-+ len = strlen(filename); |
-+ if ((buf = malloc(len + 1)) == NULL) |
-+ return -1; |
-+ strcpy(buf, filename); |
-+ } |
- if (tar_extract_file(t, buf) != 0) |
-+ { |
-+ free(buf); |
- return -1; |
-+ } |
-+ free(buf); |
- } |
- |
- return (i == 1 ? 0 : -1); |
-@@ -56,8 +71,9 @@ int |
- tar_extract_all(TAR *t, char *prefix) |
- { |
- char *filename; |
-- char buf[MAXPATHLEN]; |
-- int i; |
-+ char *buf = NULL; |
-+ size_t bufsize = 0; |
-+ int i, len; |
- |
- #ifdef DEBUG |
- printf("==> tar_extract_all(TAR *t, \"%s\")\n", |
-@@ -73,15 +89,29 @@ tar_extract_all(TAR *t, char *prefix) |
- if (t->options & TAR_VERBOSE) |
- th_print_long_ls(t); |
- if (prefix != NULL) |
-- snprintf(buf, sizeof(buf), "%s/%s", prefix, filename); |
-+ { |
-+ len = strlen(prefix) + 1 + strlen(filename); |
-+ if ((buf = malloc(len + 1)) == NULL) |
-+ return -1; |
-+ sprintf(buf, "%s/%s", prefix, filename); |
-+ } |
- else |
-- strlcpy(buf, filename, sizeof(buf)); |
-+ { |
-+ len = strlen(filename); |
-+ if ((buf = malloc(len + 1)) == NULL) |
-+ return -1; |
-+ strcpy(buf, filename); |
-+ } |
- #ifdef DEBUG |
- printf(" tar_extract_all(): calling tar_extract_file(t, " |
- "\"%s\")\n", buf); |
- #endif |
- if (tar_extract_file(t, buf) != 0) |
-+ { |
-+ free(buf); |
- return -1; |
-+ } |
-+ free(buf); |
- } |
- |
- return (i == 1 ? 0 : -1); |
-@@ -91,11 +121,14 @@ tar_extract_all(TAR *t, char *prefix) |
- int |
- tar_append_tree(TAR *t, char *realdir, char *savedir) |
- { |
-- char realpath[MAXPATHLEN]; |
-- char savepath[MAXPATHLEN]; |
-+ char *realpath = NULL; |
-+ size_t realpathsize = 0; |
-+ char *savepath = NULL; |
-+ size_t savepathsize = 0; |
- struct dirent *dent; |
- DIR *dp; |
- struct stat s; |
-+ int len; |
- |
- #ifdef DEBUG |
- printf("==> tar_append_tree(0x%lx, \"%s\", \"%s\")\n", |
-@@ -122,11 +155,21 @@ tar_append_tree(TAR *t, char *realdir, c |
- strcmp(dent->d_name, "..") == 0) |
- continue; |
- |
-- snprintf(realpath, MAXPATHLEN, "%s/%s", realdir, |
-+ len = strlen(realdir) + 1 + strlen(dent->d_name); |
-+ if ((realpath = malloc(len + 1)) == NULL) |
-+ return -1; |
-+ snprintf(realpath, len + 1, "%s/%s", realdir, |
- dent->d_name); |
- if (savedir) |
-- snprintf(savepath, MAXPATHLEN, "%s/%s", savedir, |
-+ { |
-+ len = strlen(savedir) + 1 + strlen(dent->d_name); |
-+ if ((savepath = malloc(len + 1)) == NULL) { |
-+ free(realpath); |
-+ return -1; |
-+ } |
-+ snprintf(savepath, len + 1, "%s/%s", savedir, |
- dent->d_name); |
-+ } |
- |
- if (lstat(realpath, &s) != 0) |
- return -1; |
-@@ -135,13 +178,23 @@ tar_append_tree(TAR *t, char *realdir, c |
- { |
- if (tar_append_tree(t, realpath, |
- (savedir ? savepath : NULL)) != 0) |
-+ { |
-+ free(realpath); |
-+ free(savepath); |
- return -1; |
-+ } |
- continue; |
- } |
- |
- if (tar_append_file(t, realpath, |
- (savedir ? savepath : NULL)) != 0) |
-+ { |
-+ free(realpath); |
-+ free(savepath); |
- return -1; |
-+ } |
-+ free(realpath); |
-+ free(savepath); |
- } |
- |
- closedir(dp); |
---- a/libtar/libtar.c |
-+++ b/libtar/libtar.c |
-@@ -111,8 +111,9 @@ create(char *tarfile, char *rootdir, lib |
- { |
- TAR *t; |
- char *pathname; |
-- char buf[MAXPATHLEN]; |
-+ char *buf = NULL; |
- libtar_listptr_t lp; |
-+ int len; |
- |
- if (tar_open(&t, tarfile, |
- #ifdef HAVE_LIBZ |
-@@ -133,17 +134,29 @@ create(char *tarfile, char *rootdir, lib |
- { |
- pathname = (char *)libtar_listptr_data(&lp); |
- if (pathname[0] != '/' && rootdir != NULL) |
-- snprintf(buf, sizeof(buf), "%s/%s", rootdir, pathname); |
-+ { |
-+ len = strlen(rootdir) + 1 + strlen(pathname); |
-+ if ((buf = malloc(len + 1)) == NULL) |
-+ return -1; |
-+ snprintf(buf, len + 1, "%s/%s", rootdir, pathname); |
-+ } |
- else |
-- strlcpy(buf, pathname, sizeof(buf)); |
-+ { |
-+ len = strlen(pathname); |
-+ if ((buf = malloc(len + 1)) == NULL) |
-+ return -1; |
-+ strlcpy(buf, pathname, len + 1); |
-+ } |
- if (tar_append_tree(t, buf, pathname) != 0) |
- { |
- fprintf(stderr, |
- "tar_append_tree(\"%s\", \"%s\"): %s\n", buf, |
- pathname, strerror(errno)); |
- tar_close(t); |
-+ free(buf); |
- return -1; |
- } |
-+ free(buf); |
- } |
- |
- if (tar_append_eof(t) != 0) |
Index: 1.2.20-4/debian/copyright |
=================================================================== |
--- 1.2.20-4/debian/copyright (revision 37) |
+++ 1.2.20-4/debian/copyright (nonexistent) |
@@ -1,45 +0,0 @@ |
-This package was debianized by Glenn McGrath <bug1@debian.org> on |
-Sat, 5 Jan 2002 13:24:37 +1100. |
- |
-It was downloaded from http://repo.or.cz/w/libtar.git; previously from |
-http://www.feep.net/libtar/ |
- |
-Upstream Authors: Mark D. Roth <roth@uiuc.edu> and Chris Frey |
-<cdfrey@foursquare.net> |
- |
-Copyright: |
-Copyright (c) 1998-2003 University of Illinois Board of Trustees |
-Copyright (c) 1998-2003 Mark D. Roth |
-All rights reserved. |
- |
-Developed by: Campus Information Technologies and Educational Services, |
- University of Illinois at Urbana-Champaign |
- |
-Permission is hereby granted, free of charge, to any person obtaining |
-a copy of this software and associated documentation files (the |
-``Software''), to deal with the Software without restriction, including |
-without limitation the rights to use, copy, modify, merge, publish, |
-distribute, sublicense, and/or sell copies of the Software, and to |
-permit persons to whom the Software is furnished to do so, subject to |
-the following conditions: |
- |
-* Redistributions of source code must retain the above copyright |
- notice, this list of conditions and the following disclaimers. |
- |
-* Redistributions in binary form must reproduce the above copyright |
- notice, this list of conditions and the following disclaimers in the |
- documentation and/or other materials provided with the distribution. |
- |
-* Neither the names of Campus Information Technologies and Educational |
- Services, University of Illinois at Urbana-Champaign, nor the names |
- of its contributors may be used to endorse or promote products derived |
- from this Software without specific prior written permission. |
- |
-THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND, |
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
-IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR |
-ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE |
-OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE. |
- |
Index: 1.2.20-4/debian/docs |
=================================================================== |
--- 1.2.20-4/debian/docs (revision 37) |
+++ 1.2.20-4/debian/docs (nonexistent) |
@@ -1,3 +0,0 @@ |
-README |
-TODO |
-ChangeLog-1.0.x |
Index: 1.2.20-4/debian |
=================================================================== |
--- 1.2.20-4/debian (revision 37) |
+++ 1.2.20-4/debian (nonexistent) |
/1.2.20-4/debian |
---|
Property changes: |
Deleted: mergeWithUpstream |
## -1 +0,0 ## |
-1 |
\ No newline at end of property |