pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/archivers/unarj Add two patches from RedHat, fixing CA...
details: https://anonhg.NetBSD.org/pkgsrc/rev/6d21417bebe9
branches: trunk
changeset: 487882:6d21417bebe9
user: wiz <wiz%pkgsrc.org@localhost>
date: Fri Jan 21 14:42:10 2005 +0000
description:
Add two patches from RedHat, fixing CAN-2004-0947 and CAN-2004-1027.
Bump PKGREVISION.
diffstat:
archivers/unarj/Makefile | 3 +-
archivers/unarj/distinfo | 6 +-
archivers/unarj/files/Makefile | 4 +-
archivers/unarj/patches/patch-ab | 86 ++++++++++++++++++++++++++++++++++++++++
archivers/unarj/patches/patch-ad | 58 ++++++++++++++++++++++++++
5 files changed, 153 insertions(+), 4 deletions(-)
diffs (192 lines):
diff -r beeed32bd170 -r 6d21417bebe9 archivers/unarj/Makefile
--- a/archivers/unarj/Makefile Fri Jan 21 14:41:16 2005 +0000
+++ b/archivers/unarj/Makefile Fri Jan 21 14:42:10 2005 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.18 2005/01/21 14:30:05 wiz Exp $
+# $NetBSD: Makefile,v 1.19 2005/01/21 14:42:10 wiz Exp $
DISTNAME= unarj-2.65
+PKGREVISION= 1
CATEGORIES= archivers
MASTER_SITES= #
diff -r beeed32bd170 -r 6d21417bebe9 archivers/unarj/distinfo
--- a/archivers/unarj/distinfo Fri Jan 21 14:41:16 2005 +0000
+++ b/archivers/unarj/distinfo Fri Jan 21 14:42:10 2005 +0000
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.3 2005/01/21 14:30:05 wiz Exp $
+$NetBSD: distinfo,v 1.4 2005/01/21 14:42:10 wiz Exp $
SHA1 (unarj-2.65.tar.gz) = 56843e95e6b6ac7577dfdfbfee5af166b5e2c74f
Size (unarj-2.65.tar.gz) = 74911 bytes
-SHA1 (patch-aa) = d864780eb564e8035379b06f20b5c8a8e19d5f83
+SHA1 (patch-aa) = 2029b106a498624902639897ae539fd54a0d1052
+SHA1 (patch-ab) = 15216bc07298ce0956bfbadfaae763622ee88a0c
SHA1 (patch-ac) = 59245f61d731e2fd6dc101fefe0f62db0c55b55e
+SHA1 (patch-ad) = 46c469ade1a20da7e3ac633652e4ec926ba2b08f
diff -r beeed32bd170 -r 6d21417bebe9 archivers/unarj/files/Makefile
--- a/archivers/unarj/files/Makefile Fri Jan 21 14:41:16 2005 +0000
+++ b/archivers/unarj/files/Makefile Fri Jan 21 14:42:10 2005 +0000
@@ -9,7 +9,9 @@
decode.o: decode.c unarj.h
-OBJS = unarj.o decode.o environ.o
+sanitize.o: sanitize.c unarj.h
+
+OBJS = unarj.o decode.o environ.o sanitize.o
unarj: $(OBJS)
$(CC) $(LDFLAGS) $(OBJS) -o unarj
diff -r beeed32bd170 -r 6d21417bebe9 archivers/unarj/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/unarj/patches/patch-ab Fri Jan 21 14:42:10 2005 +0000
@@ -0,0 +1,86 @@
+$NetBSD: patch-ab,v 1.4 2005/01/21 14:42:10 wiz Exp $
+
+--- sanitize.c.orig 2005-01-21 15:34:42.000000000 +0100
++++ sanitize.c
+@@ -0,0 +1,81 @@
++/*
++ * Path sanitation code by Ludwig Nussel <ludwig.nussel%suse.de@localhost>. Public Domain.
++ */
++
++#include "unarj.h"
++
++#include <string.h>
++#include <limits.h>
++#include <stdio.h>
++
++#ifndef PATH_CHAR
++#define PATH_CHAR '/'
++#endif
++#ifndef MIN
++#define MIN(x,y) ((x)<(y)?(x):(y))
++#endif
++
++/* copy src into dest converting the path to a relative one inside the current
++ * directory. dest must hold at least len bytes */
++void copy_path_relative(char *dest, char *src, size_t len)
++{
++ char* o = dest;
++ char* p = src;
++
++ *o = '\0';
++
++ while(*p && *p == PATH_CHAR) ++p;
++ for(; len && *p;)
++ {
++ src = p;
++ p = strchr(src, PATH_CHAR);
++ if(!p) p = src+strlen(src);
++
++ /* . => skip */
++ if(p-src == 1 && *src == '.' )
++ {
++ if(*p) src = ++p;
++ }
++ /* .. => pop one */
++ else if(p-src == 2 && *src == '.' && src[1] == '.')
++ {
++ if(o != dest)
++ {
++ char* tmp;
++ *o = '\0';
++ tmp = strrchr(dest, PATH_CHAR);
++ if(!tmp)
++ {
++ len += o-dest;
++ o = dest;
++ if(*p) ++p;
++ }
++ else
++ {
++ len += o-tmp;
++ o = tmp;
++ if(*p) ++p;
++ }
++ }
++ else /* nothing to pop */
++ if(*p) ++p;
++ }
++ else
++ {
++ size_t copy;
++ if(o != dest)
++ {
++ --len;
++ *o++ = PATH_CHAR;
++ }
++ copy = MIN(p-src,len);
++ memcpy(o, src, copy);
++ len -= copy;
++ src += copy;
++ o += copy;
++ if(*p) ++p;
++ }
++ while(*p && *p == PATH_CHAR) ++p;
++ }
++ o[len?0:-1] = '\0';
++}
diff -r beeed32bd170 -r 6d21417bebe9 archivers/unarj/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/unarj/patches/patch-ad Fri Jan 21 14:42:10 2005 +0000
@@ -0,0 +1,58 @@
+$NetBSD: patch-ad,v 1.1 2005/01/21 14:42:10 wiz Exp $
+
+--- unarj.c.orig 2002-06-05 12:28:06.000000000 +0200
++++ unarj.c
+@@ -213,7 +213,7 @@ static uchar arj_flags;
+ static short method;
+ static uint file_mode;
+ static ulong time_stamp;
+-static short entry_pos;
++static ushort entry_pos;
+ static ushort host_data;
+ static uchar *get_ptr;
+ static UCRC file_crc;
+@@ -231,6 +231,8 @@ static UCRC crctable[UCHAR_MAX + 1];
+
+ /* Functions */
+
++void copy_path_relative(char *dest, char *src, size_t len);
++
+ static void
+ make_crctable()
+ {
+@@ -604,6 +606,7 @@ char *name;
+ error(M_BADHEADR, "");
+
+ crc = CRC_MASK;
++ memset(header, 0, sizeof(header));
+ fread_crc(header, (int) headersize, fd);
+ header_crc = fget_crc(fd);
+ if ((crc ^ CRC_MASK) != header_crc)
+@@ -628,9 +631,13 @@ char *name;
+
+ if (origsize < 0 || compsize < 0)
+ error(M_HEADRCRC, "");
++ if(first_hdr_size > headersize-2) /* need two \0 for file and comment */
++ error(M_BADHEADR, "");
+
+ hdr_filename = (char *)&header[first_hdr_size];
+ strncopy(filename, hdr_filename, sizeof(filename));
++ if(entry_pos >= strlen(filename))
++ error(M_BADHEADR, "");
+ if (host_os != OS)
+ strparity((uchar *)filename);
+ if ((arj_flags & PATHSYM_FLAG) != 0)
+@@ -727,11 +734,11 @@ extract()
+
+ no_output = 0;
+ if (command == 'E')
+- strcpy(name, &filename[entry_pos]);
++ copy_path_relative(name, &filename[entry_pos], sizeof(name));
+ else
+ {
+ strcpy(name, DEFAULT_DIR);
+- strcat(name, filename);
++ copy_path_relative(name+strlen(name), filename, sizeof(name)-strlen(name));
+ }
+
+ if (host_os != OS)
Home |
Main Index |
Thread Index |
Old Index