Hello community,
here is the log from the commit of package tar
checked in at Mon Aug 20 18:55:45 CEST 2007.
--------
--- tar/tar.changes 2007-08-17 14:15:22.000000000 +0200
+++ /mounts/work_src_done/STABLE/tar/tar.changes 2007-08-20 18:10:04.000000000 +0200
@@ -1,0 +2,5 @@
+Mon Aug 20 17:56:38 CEST 2007 - mkoenig@suse.de
+
+- use correct patch for paxlib stack overflow [#301416]
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tar.spec ++++++
--- /var/tmp/diff_new_pack.I12470/_old 2007-08-20 18:55:26.000000000 +0200
+++ /var/tmp/diff_new_pack.I12470/_new 2007-08-20 18:55:26.000000000 +0200
@@ -19,7 +19,7 @@
PreReq: %install_info_prereq
Autoreqprov: on
Version: 1.17
-Release: 11
+Release: 13
Summary: GNU implementation of tar ((t)ape (ar)chiver)
Source0: %name-%version.tar.bz2
Patch0: tar-disable_languages.patch
@@ -108,6 +108,8 @@
rm -rf $RPM_BUILD_ROOT
%changelog
+* Mon Aug 20 2007 - mkoenig@suse.de
+- use correct patch for paxlib stack overflow [#301416]
* Fri Aug 17 2007 - lmichnovic@suse.cz
- upstream fix: use of alloca can cause stack overflow
(paxlib-owl-alloca.patch)
++++++ tar-1.17-paxlib-owl-alloca.patch ++++++
--- /var/tmp/diff_new_pack.I12470/_old 2007-08-20 18:55:26.000000000 +0200
+++ /var/tmp/diff_new_pack.I12470/_new 2007-08-20 18:55:26.000000000 +0200
@@ -1,16 +1,20 @@
+Patch from Sergey Poznyakoff for cpio
+based on patch:
2007-08-15 Dmitry V. Levin
- Do not use alloca to avoid stack overflow with untrusted input.
+ Do not use alloca to avoid stack overflow with untrusted input.
- * lib/paxnames.c (hash_string_insert_direct): New function.
- (hash_string_insert): Use it.
- (hash_string_insert_data): New function.
- (safer_name_suffix): Use it instead of hash_string_insert()
- and alloca().
+ * lib/paxnames.c (hash_string_insert_direct): New function.
+ (hash_string_insert): Use it.
+ (hash_string_insert_data): New function.
+ (safer_name_suffix): Use it instead of hash_string_insert()
+ and alloca().
---- lib/paxnames.c
+Index: lib/paxnames.c
+===================================================================
+--- lib/paxnames.c.orig
+++ lib/paxnames.c
-@@ -36,22 +36,50 @@
+@@ -36,15 +36,27 @@ hash_string_compare (void const *name1,
return strcmp (name1, name2) == 0;
}
@@ -18,57 +22,70 @@
- copy of STRING to TABLE and return 1. */
-bool
-hash_string_insert (Hash_table **table, char const *string)
-+/* Return zero if TABLE contains given STRING; otherwise, insert
-+ given STRING to TABLE and return 1. */
++/* Return zero if TABLE contains a LEN-character long prefix of STRING,
++ otherwise, insert a newly allocated copy of this prefix to TABLE and
++ return 1. If RETURN_PREFIX is not NULL, point it to the allocated
++ copy. */
+static bool
-+hash_string_insert_direct (Hash_table **table, char const *string)
++hash_string_insert_prefix (Hash_table **table, char const *string, size_t len,
++ const char **return_prefix)
{
Hash_table *t = *table;
- char *s = xstrdup (string);
++ char *s;
char *e;
++ if (len)
++ {
++ s = xmalloc (len + 1);
++ memcpy (s, string, len);
++ s[len] = 0;
++ }
++ else
++ s = xstrdup (string);
++
if (! ((t
|| (*table = t = hash_initialize (0, 0, hash_string_hasher,
hash_string_compare, 0)))
-- && (e = hash_insert (t, s))))
-+ && (e = hash_insert (t, string))))
+@@ -52,7 +64,11 @@ hash_string_insert (Hash_table **table,
xalloc_die ();
-- if (e == s)
-+ return (e == string);
-+}
-+
+ if (e == s)
+- return 1;
++ {
++ if (return_prefix)
++ *return_prefix = s;
++ return 1;
++ }
+ else
+ {
+ free (s);
+@@ -60,6 +76,14 @@ hash_string_insert (Hash_table **table,
+ }
+ }
+
+/* Return zero if TABLE contains a copy of STRING; otherwise, insert a
+ copy of STRING to TABLE and return 1. */
+bool
+hash_string_insert (Hash_table **table, char const *string)
+{
-+ char *s = xstrdup (string);
-+
-+ if (hash_string_insert_direct (table, s))
-+ return 1;
-+ else
-+ {
-+ free (s);
-+ return 0;
-+ }
++ return hash_string_insert_prefix (table, string, 0, NULL);
+}
+
-+/* Return zero if TABLE contains a string which is a NULL-terminated
-+ copy of DATA of given LENGTH; otherwise, insert a string which is a
-+ NULL-terminated copy of DATA of given LENGTH to TABLE and return 1. */
-+static bool
-+hash_string_insert_data (Hash_table **table, char const *data, size_t length)
-+{
-+ char *s = xmalloc (length + 1);
-+ memcpy (s, data, length);
-+ s[length] = '\0';
-+
-+ if (hash_string_insert_direct (table, s))
- return 1;
- else
- {
-@@ -121,18 +149,16 @@ safer_name_suffix (char const *file_name, bool link_target, bool absolute_names)
+ /* Return 1 if TABLE contains STRING. */
+ bool
+ hash_string_lookup (Hash_table const *table, char const *string)
+@@ -88,7 +112,8 @@ removed_prefixes_p (void)
+ If ABSOLUTE_NAMES is 0, strip filesystem prefix from the file name. */
+
+ char *
+-safer_name_suffix (char const *file_name, bool link_target, bool absolute_names)
++safer_name_suffix (char const *file_name, bool link_target,
++ bool absolute_names)
+ {
+ char const *p;
+
+@@ -121,11 +146,9 @@ safer_name_suffix (char const *file_name
if (prefix_len)
{
@@ -77,19 +94,9 @@
- prefix[prefix_len] = '\0';
-
- if (hash_string_insert (&prefix_table[link_target], prefix))
-+ if (hash_string_insert_data (&prefix_table[link_target],
-+ file_name, prefix_len))
++ const char *prefix;
++ if (hash_string_insert_prefix (&prefix_table[link_target], file_name,
++ prefix_len, &prefix))
{
static char const *const diagnostic[] =
{
-- N_("Removing leading `%s' from member names"),
-- N_("Removing leading `%s' from hard link targets")
-+ N_("Removing leading `%.*s' from member names"),
-+ N_("Removing leading `%.*s' from hard link targets")
- };
-- WARN ((0, 0, _(diagnostic[link_target]), prefix));
-+ WARN ((0, 0, _(diagnostic[link_target]),
-+ (unsigned)prefix_len, file_name));
- }
- }
- }
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org