Pullup ticket #3616 - requested by is net/icsi-finger security update Revisions pulled up: - doc/CHANGES-2011 1.2900 - net/icsi-finger/Makefile 1.17-1.19 - net/icsi-finger/distinfo 1.10-1.13 - net/icsi-finger/patches/patch-ak 1.2-1.4 - net/icsi-finger/patches/patch-al 1.2 - net/icsi-finger/patches/patch-an 1.1 - net/icsi-finger/patches/patch-lib_util_c 1.1 --- Module Name: pkgsrc Committed By: is Date: Thu Nov 10 09:42:22 UTC 2011 Modified Files: pkgsrc/net/icsi-finger: distinfo Added Files: pkgsrc/net/icsi-finger/patches: patch-an Log Message: Missed part of the fix for 64bit time_t from 2011/01/18 12:28:25. The maintainance program packet2ascii (actually, the ascii2packet part) needed to be fixed, too. --- Module Name: pkgsrc Committed By: is Date: Thu Nov 10 09:59:53 UTC 2011 Modified Files: pkgsrc/net/icsi-finger: Makefile Log Message: Missed part of the fix for 64bit time_t from 2011/01/18 12:28:25. The maintainance program packet2ascii (actually, the ascii2packet part) needed to be fixed, too. --- Module Name: pkgsrc Committed By: dholland Date: Tue Nov 15 00:11:07 UTC 2011 Modified Files: pkgsrc/net/icsi-finger: distinfo pkgsrc/net/icsi-finger/patches: patch-ak patch-al Added Files: pkgsrc/net/icsi-finger/patches: patch-lib_util_c Log Message: Use stdlib.h instead of private decls of malloc; remove union wait. Should fix build with newer gcc and maybe also clang. --- Module Name: pkgsrc Committed By: is Date: Tue Nov 15 13:04:47 UTC 2011 Modified Files: pkgsrc/doc: CHANGES-2011 pkgsrc/net/icsi-finger: Makefile distinfo pkgsrc/net/icsi-finger/patches: patch-ak Log Message: replace mktemp() by mkstemp(), updating net/icsi-finger to 1.0.27nb6 --- Module Name: pkgsrc Committed By: is Date: Tue Nov 22 09:04:49 UTC 2011 Modified Files: pkgsrc/net/icsi-finger: Makefile distinfo pkgsrc/net/icsi-finger/patches: patch-ak Log Message: Remove a data-dependent case of segmentation fault in in.fingerd.diff -r1.16 -r1.16.6.1 pkgsrc/net/icsi-finger/Makefile
(sbd)
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.16 2011/02/11 17:16:03 is Exp $ | 1 | # $NetBSD: Makefile,v 1.16.6.1 2011/12/08 04:01:09 sbd Exp $ | |
2 | # | 2 | # | |
3 | 3 | |||
4 | DISTNAME= icsi-finger-1.0.27 | 4 | DISTNAME= icsi-finger-1.0.27 | |
5 | PKGREVISION= 4 | 5 | PKGREVISION= 7 | |
6 | CATEGORIES= net | 6 | CATEGORIES= net | |
7 | MASTER_SITES= ftp://ftp.icsi.berkeley.edu/pub/ai/stolcke/software/ | 7 | MASTER_SITES= ftp://ftp.icsi.berkeley.edu/pub/ai/stolcke/software/ | |
8 | EXTRACT_SUFX= .tar.Z | 8 | EXTRACT_SUFX= .tar.Z | |
9 | 9 | |||
10 | MAINTAINER= is@NetBSD.org | 10 | MAINTAINER= is@NetBSD.org | |
11 | COMMENT= Distributed finger service | 11 | COMMENT= Distributed finger service | |
12 | 12 | |||
13 | PKG_DESTDIR_SUPPORT= user-destdir | 13 | PKG_DESTDIR_SUPPORT= user-destdir | |
14 | 14 | |||
15 | WRKSRC= ${WRKDIR}/finger | 15 | WRKSRC= ${WRKDIR}/finger | |
16 | 16 | |||
17 | # the following only used as installation destinations! | 17 | # the following only used as installation destinations! | |
18 | XMPLD= ${DESTDIR}${PREFIX}/share/examples/icsi-finger | 18 | XMPLD= ${DESTDIR}${PREFIX}/share/examples/icsi-finger |
@@ -1,17 +1,19 @@ | @@ -1,17 +1,19 @@ | |||
1 | $NetBSD: distinfo,v 1.9 2011/02/11 17:16:03 is Exp $ | 1 | $NetBSD: distinfo,v 1.9.6.1 2011/12/08 04:01:09 sbd Exp $ | |
2 | 2 | |||
3 | SHA1 (icsi-finger-1.0.27.tar.Z) = 41f03c42269a402169000a6b08ba8c6330256861 | 3 | SHA1 (icsi-finger-1.0.27.tar.Z) = 41f03c42269a402169000a6b08ba8c6330256861 | |
4 | RMD160 (icsi-finger-1.0.27.tar.Z) = 92839362b6d4b1893958ca0909654f070e734aa4 | 4 | RMD160 (icsi-finger-1.0.27.tar.Z) = 92839362b6d4b1893958ca0909654f070e734aa4 | |
5 | Size (icsi-finger-1.0.27.tar.Z) = 729351 bytes | 5 | Size (icsi-finger-1.0.27.tar.Z) = 729351 bytes | |
6 | SHA1 (patch-aa) = 33d58b9375358e030e03e95ca504d8f6787134cd | 6 | SHA1 (patch-aa) = 33d58b9375358e030e03e95ca504d8f6787134cd | |
7 | SHA1 (patch-ab) = d8a719d78288aad8ab3a7159f332afdd59231ebb | 7 | SHA1 (patch-ab) = d8a719d78288aad8ab3a7159f332afdd59231ebb | |
8 | SHA1 (patch-ac) = e3759d714eafae1cc6a8e974d8a79f065f7efe24 | 8 | SHA1 (patch-ac) = e3759d714eafae1cc6a8e974d8a79f065f7efe24 | |
9 | SHA1 (patch-ad) = de1489cf9860bd412a43a875a43eae69dd559606 | 9 | SHA1 (patch-ad) = de1489cf9860bd412a43a875a43eae69dd559606 | |
10 | SHA1 (patch-ae) = 7613ee307bb047d5e5c794b829dcd1cb1c8edb81 | 10 | SHA1 (patch-ae) = 7613ee307bb047d5e5c794b829dcd1cb1c8edb81 | |
11 | SHA1 (patch-af) = 96d691992eecbf08118a924218570325a52603b1 | 11 | SHA1 (patch-af) = 96d691992eecbf08118a924218570325a52603b1 | |
12 | SHA1 (patch-ah) = d61e893ce11a3957bbe138abc9a247b0d4b51a0e | 12 | SHA1 (patch-ah) = d61e893ce11a3957bbe138abc9a247b0d4b51a0e | |
13 | SHA1 (patch-ai) = 01b48ecef2c1fe191780c9a8dee61f2951ee9c10 | 13 | SHA1 (patch-ai) = 01b48ecef2c1fe191780c9a8dee61f2951ee9c10 | |
14 | SHA1 (patch-aj) = 53adee387e703fcff2b8f5dba4ae593712acb2ad | 14 | SHA1 (patch-aj) = 53adee387e703fcff2b8f5dba4ae593712acb2ad | |
15 | SHA1 (patch-ak) = 8e9bd7da344e082deb0e51301e124a2b7f8025fe | 15 | SHA1 (patch-ak) = 32f76a2e2a683225da8511aa0fcca4b709adf6a5 | |
16 | SHA1 (patch-al) = 28e8762269e94dec2e1b306527c2613b8a86d76d | 16 | SHA1 (patch-al) = 1abcd4a364d66b19e30e38422f3fda5a9cc233b3 | |
17 | SHA1 (patch-am) = 50b7cc7eaa30eaab2a26a849a875322c5344a74a | 17 | SHA1 (patch-am) = 50b7cc7eaa30eaab2a26a849a875322c5344a74a | |
18 | SHA1 (patch-an) = c5e4a49e7abd2b14513be38d3d06280117730e09 | |||
19 | SHA1 (patch-lib_util_c) = 160eb90114aaa9dce5d66de1392673f15aed9cd9 |
@@ -1,28 +1,81 @@ | @@ -1,28 +1,81 @@ | |||
1 | $NetBSD: patch-ak,v 1.1 2011/01/18 12:28:25 is Exp $ | 1 | $NetBSD: patch-ak,v 1.1.6.1 2011/12/08 04:01:09 sbd Exp $ | |
2 | 2 | |||
3 | --- src/in.fingerd.c.orig 1996-01-10 19:26:24.000000000 +0000 | 3 | --- src/in.fingerd.c.orig 1996-01-10 19:26:24.000000000 +0000 | |
4 | +++ src/in.fingerd.c | 4 | +++ src/in.fingerd.c | |
5 | @@ -805,12 +805,12 @@ finger_users (user, options, stream) | 5 | @@ -33,9 +33,7 @@ static char *rcsid = "$Id: in.fingerd.c, | |
6 | #include <sys/types.h> | |||
7 | #include <fcntl.h> | |||
8 | #include <sys/file.h> | |||
9 | -#ifndef X_OK | |||
10 | #include <unistd.h> | |||
11 | -#endif | |||
12 | #include <sys/stat.h> | |||
13 | #include <netinet/in.h> | |||
14 | #include <arpa/inet.h> | |||
15 | @@ -805,12 +803,12 @@ finger_users (user, options, stream) | |||
6 | fprintf (stream, "%s (%s) seen at %s on %s", | 16 | fprintf (stream, "%s (%s) seen at %s on %s", | |
7 | upackets[i]->real_name, upackets[i]->name, | 17 | upackets[i]->real_name, upackets[i]->name, | |
8 | strip_hostname (upackets[i]->host), | 18 | strip_hostname (upackets[i]->host), | |
9 | - ctime (&upackets[i]->idle_time)); | 19 | - ctime (&upackets[i]->idle_time)); | |
10 | + ctime32 (&upackets[i]->idle_time)); | 20 | + ctime32 (&upackets[i]->idle_time)); | |
11 | else | 21 | else | |
12 | fprintf (stream, "%s seen at %s on %s", | 22 | fprintf (stream, "%s seen at %s on %s", | |
13 | upackets[i]->name, | 23 | upackets[i]->name, | |
14 | strip_hostname (upackets[i]->host), | 24 | strip_hostname (upackets[i]->host), | |
15 | - ctime (&upackets[i]->idle_time)); | 25 | - ctime (&upackets[i]->idle_time)); | |
16 | + ctime32 (&upackets[i]->idle_time)); | 26 | + ctime32 (&upackets[i]->idle_time)); | |
17 | } | 27 | } | |
18 | else | 28 | else | |
19 | { | 29 | { | |
20 | @@ -1262,7 +1262,7 @@ show_unlogged_packet (packet, stream) | 30 | @@ -888,7 +886,6 @@ finger_clients (user, options, stream) | |
31 | else | |||
32 | { | |||
33 | status = ""; | |||
34 | - idle_time = ""; | |||
35 | } | |||
36 | ||||
37 | ||||
38 | @@ -1262,7 +1259,7 @@ show_unlogged_packet (packet, stream) | |||
21 | 39 | |||
22 | /* In SunOS4 getpwnam() seems to call ctime(), so we move this call down | 40 | /* In SunOS4 getpwnam() seems to call ctime(), so we move this call down | |
23 | * here to be sure the intended result doesn't get overwritten. */ | 41 | * here to be sure the intended result doesn't get overwritten. */ | |
24 | - char *the_time = ctime(&packet->idle_time); | 42 | - char *the_time = ctime(&packet->idle_time); | |
25 | + char *the_time = ctime32(&packet->idle_time); | 43 | + char *the_time = ctime32(&packet->idle_time); | |
26 | the_time[strlen(the_time) - 1] = '\0'; /* delete newline */ | 44 | the_time[strlen(the_time) - 1] = '\0'; /* delete newline */ | |
27 | 45 | |||
28 | if (*(packet->real_name)) | 46 | if (*(packet->real_name)) | |
47 | @@ -1406,14 +1403,7 @@ run_target_script(script, target, cd, in | |||
48 | char *arg; | |||
49 | { | |||
50 | int pid; | |||
51 | -#ifdef SYSV | |||
52 | int status; | |||
53 | -#else | |||
54 | -#ifndef WEXITSTATUS | |||
55 | -# define WEXITSTATUS(w) ((w).w_retcode) | |||
56 | -#endif | |||
57 | - union wait status; | |||
58 | -#endif | |||
59 | ||||
60 | if (access (script, X_OK) >= 0) | |||
61 | { | |||
62 | @@ -1528,6 +1518,7 @@ maybe_user_script (entry, stream, packet | |||
63 | FILE *long_output; | |||
64 | int result; | |||
65 | extern char *mktemp(); | |||
66 | + int temp_fd; | |||
67 | ||||
68 | #ifndef FINGERRC | |||
69 | return (0); | |||
70 | @@ -1571,8 +1562,9 @@ maybe_user_script (entry, stream, packet | |||
71 | /* Collect regular long finger output in file */ | |||
72 | strcpy (temp_file, TEMPFILE); | |||
73 | ||||
74 | - if (!mktemp (temp_file) || | |||
75 | - !(long_output = fopen (temp_file, "w+"))) | |||
76 | + temp_fd = mkstemp (temp_file); | |||
77 | + if (temp_fd < 0 || | |||
78 | + !(long_output = fdopen (temp_fd, "w+"))) | |||
79 | { | |||
80 | file_error (WARNING, temp_file); | |||
81 | free (user_script); |
@@ -1,18 +1,29 @@ | @@ -1,18 +1,29 @@ | |||
1 | $NetBSD: patch-al,v 1.1 2011/01/18 12:28:25 is Exp $ | 1 | $NetBSD: patch-al,v 1.1.6.1 2011/12/08 04:01:09 sbd Exp $ | |
2 | ||||
3 | - 64-bit time_t fixes | |||
4 | - use standard includes | |||
2 | 5 | |||
3 | --- lib/os.c.orig 1996-07-18 23:31:32.000000000 +0000 | 6 | --- lib/os.c.orig 1996-07-18 23:31:32.000000000 +0000 | |
4 | +++ lib/os.c | 7 | +++ lib/os.c | |
5 | @@ -1137,3 +1137,15 @@ same_hostip (host1, host2) | 8 | @@ -28,6 +28,7 @@ static char *rcsid = "$Id: os.c,v 1.63 1 | |
9 | #include "../config.h" | |||
10 | ||||
11 | #include <stdio.h> | |||
12 | +#include <stdlib.h> | |||
13 | #include <string.h> | |||
14 | #include <sys/types.h> | |||
15 | #include <sys/param.h> | |||
16 | @@ -1137,3 +1138,15 @@ same_hostip (host1, host2) | |||
6 | return (addr1 == addr2); | 17 | return (addr1 == addr2); | |
7 | } | 18 | } | |
8 | 19 | |||
9 | +/* a ctime() replacement that reads a 32bit timestamp, even when | 20 | +/* a ctime() replacement that reads a 32bit timestamp, even when | |
10 | + time_t has a different size. */ | 21 | + time_t has a different size. */ | |
11 | + | 22 | + | |
12 | +char * | 23 | +char * | |
13 | +ctime32(tp) | 24 | +ctime32(tp) | |
14 | + int32_t *tp; | 25 | + int32_t *tp; | |
15 | +{ | 26 | +{ | |
16 | + time_t thetime = *tp; | 27 | + time_t thetime = *tp; | |
17 | + | 28 | + | |
18 | + return ctime(&thetime); | 29 | + return ctime(&thetime); |
$NetBSD: patch-an,v 1.1.2.2 2011/12/08 04:01:09 sbd Exp $
--- src/packet2ascii.c.orig 1994-01-11 02:14:49.000000000 +0000
+++ src/packet2ascii.c
@@ -101,7 +101,7 @@ char *
parse_time(line, sep, buffer, lineno, name)
char *line;
char sep;
- time_t *buffer;
+ int32_t *buffer;
int lineno;
char *name;
{
$NetBSD: patch-lib_util_c,v 1.1.2.2 2011/12/08 04:01:09 sbd Exp $
- use standard headers
--- lib/util.c~ 1997-10-19 00:06:56.000000000 +0000
+++ lib/util.c
@@ -26,6 +26,7 @@ static char *rcsid = "$Id: util.c,v 1.27
#endif
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <sys/types.h>
@@ -239,8 +240,6 @@ memory_error_and_abort (nbytes)
handle_error(FATAL, "(re)alloc error. Cannot allocate %d bytes.", nbytes);
}
-extern char *malloc(), *realloc();
-
void *
xmalloc (nbytes)
int nbytes;