diff options
author | salo <salo@pkgsrc.org> | 2005-01-21 15:32:26 +0000 |
---|---|---|
committer | salo <salo@pkgsrc.org> | 2005-01-21 15:32:26 +0000 |
commit | 14eca264db87f837b7cec4600eaa319e8a754ee9 (patch) | |
tree | 4fd134aecb9ea07db72c0670f79ea43c7a530aae | |
parent | b6c45195436e283c74fe98372db69d1d7539fe35 (diff) | |
download | pkgsrc-14eca264db87f837b7cec4600eaa319e8a754ee9.tar.gz |
Pullup ticket 240 - requested by Thomas Klausner
security fix for unarj
Revisions pulled up:
- pkgsrc/archivers/unarj/Makefile 1.18-1.19
- pkgsrc/archivers/unarj/PLIST 1.2
- pkgsrc/archivers/unarj/distinfo 1.3-1.4
- pkgsrc/archivers/unarj/files/Makefile 1.1-1.2
- pkgsrc/archivers/unarj/patches/patch-aa 1.6
- pkgsrc/archivers/unarj/patches/patch-ab 1.4
- pkgsrc/archivers/unarj/patches/patch-ad 1.1
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jan 21 14:30:05 UTC 2005
Modified Files:
pkgsrc/archivers/unarj: Makefile PLIST distinfo
Log Message:
Update to 2.65. (Documented) changes:
UNARJ 2.65 - Fixed table boundaries per suggestion of
UNARJ 2.63 - Added additional header data checks.
UNARJ 2.61 - Added chapter and encryption information.
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jan 21 14:30:32 UTC 2005
Added Files:
pkgsrc/archivers/unarj/files: Makefile
Log Message:
Add Makefile, since distfiles comes without one.
--
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jan 21 14:41:16 UTC 2005
Modified Files:
pkgsrc/archivers/unarj/patches: patch-aa
Log Message:
regen with correct offsets
--
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jan 21 14:42:10 UTC 2005
Modified Files:
pkgsrc/archivers/unarj: Makefile distinfo
pkgsrc/archivers/unarj/files: Makefile
Added Files:
pkgsrc/archivers/unarj/patches: patch-ab patch-ad
Log Message:
Add two patches from RedHat, fixing CAN-2004-0947 and CAN-2004-1027.
Bump PKGREVISION.
-rw-r--r-- | archivers/unarj/Makefile | 17 | ||||
-rw-r--r-- | archivers/unarj/PLIST | 6 | ||||
-rw-r--r-- | archivers/unarj/distinfo | 10 | ||||
-rw-r--r-- | archivers/unarj/files/Makefile | 20 | ||||
-rw-r--r-- | archivers/unarj/patches/patch-aa | 8 | ||||
-rw-r--r-- | archivers/unarj/patches/patch-ab | 86 | ||||
-rw-r--r-- | archivers/unarj/patches/patch-ad | 58 |
7 files changed, 187 insertions, 18 deletions
diff --git a/archivers/unarj/Makefile b/archivers/unarj/Makefile index 333171b965f..d29094a5883 100644 --- a/archivers/unarj/Makefile +++ b/archivers/unarj/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.17 2004/07/28 02:47:35 minskim Exp $ +# $NetBSD: Makefile,v 1.17.4.1 2005/01/21 15:32:26 salo Exp $ -DISTNAME= unarj-2.43 +DISTNAME= unarj-2.65 +PKGREVISION= 1 CATEGORIES= archivers -MASTER_SITES= ftp://ftp.kiarchive.ru/pub/unix/arcers/ -EXTRACT_SUFX= .tgz +MASTER_SITES= # MAINTAINER= tech-pkg@NetBSD.org HOMEPAGE= http://www.arjsoftware.com/ @@ -15,15 +15,18 @@ NO_SRC_ON_CDROM=${RESTRICTED} NO_BIN_ON_CDROM=${RESTRICTED} PKG_INSTALLATION_TYPES= overwrite pkgviews - +NO_CONFIGURE= # defined USE_BUILDLINK3= yes INSTALLATION_DIRS= bin +post-extract: + ${CP} ${FILESDIR}/Makefile ${WRKSRC} + do-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/unarj ${INSTALL_PROGRAM} ${WRKSRC}/unarj ${PREFIX}/bin - ${INSTALL_MAN} ${WRKSRC}/unarj.doc ${PREFIX}/share/doc/unarj - ${INSTALL_MAN} ${WRKSRC}/technote.doc ${PREFIX}/share/doc/unarj + ${INSTALL_MAN} ${WRKSRC}/unarj.txt ${PREFIX}/share/doc/unarj + ${INSTALL_MAN} ${WRKSRC}/technote.txt ${PREFIX}/share/doc/unarj .include "../../mk/bsd.pkg.mk" diff --git a/archivers/unarj/PLIST b/archivers/unarj/PLIST index beabba347a5..ad7a8495620 100644 --- a/archivers/unarj/PLIST +++ b/archivers/unarj/PLIST @@ -1,5 +1,5 @@ -@comment $NetBSD: PLIST,v 1.1 2001/10/31 20:24:44 zuntum Exp $ +@comment $NetBSD: PLIST,v 1.1.18.1 2005/01/21 15:32:26 salo Exp $ bin/unarj -share/doc/unarj/unarj.doc -share/doc/unarj/technote.doc +share/doc/unarj/unarj.txt +share/doc/unarj/technote.txt @dirrm share/doc/unarj diff --git a/archivers/unarj/distinfo b/archivers/unarj/distinfo index d9476d1afa7..f8e4cff64b9 100644 --- a/archivers/unarj/distinfo +++ b/archivers/unarj/distinfo @@ -1,6 +1,8 @@ -$NetBSD: distinfo,v 1.2 2001/04/18 11:21:09 agc Exp $ +$NetBSD: distinfo,v 1.2.18.1 2005/01/21 15:32:26 salo Exp $ -SHA1 (unarj-2.43.tgz) = 0d814c93a723087fd4d229f92f0354166ee53660 -Size (unarj-2.43.tgz) = 20728 bytes -SHA1 (patch-aa) = d864780eb564e8035379b06f20b5c8a8e19d5f83 +SHA1 (unarj-2.65.tar.gz) = 56843e95e6b6ac7577dfdfbfee5af166b5e2c74f +Size (unarj-2.65.tar.gz) = 74911 bytes +SHA1 (patch-aa) = 2029b106a498624902639897ae539fd54a0d1052 +SHA1 (patch-ab) = 15216bc07298ce0956bfbadfaae763622ee88a0c SHA1 (patch-ac) = 59245f61d731e2fd6dc101fefe0f62db0c55b55e +SHA1 (patch-ad) = 46c469ade1a20da7e3ac633652e4ec926ba2b08f diff --git a/archivers/unarj/files/Makefile b/archivers/unarj/files/Makefile new file mode 100644 index 00000000000..e59225eee30 --- /dev/null +++ b/archivers/unarj/files/Makefile @@ -0,0 +1,20 @@ +.c.o: + ${CC} ${CFLAGS} -DUNIX -c $< + +all: unarj + +unarj.o: unarj.c unarj.h + +environ.o: environ.c unarj.h + +decode.o: decode.c unarj.h + +sanitize.o: sanitize.c unarj.h + +OBJS = unarj.o decode.o environ.o sanitize.o + +unarj: $(OBJS) + $(CC) $(LDFLAGS) $(OBJS) -o unarj + +clean: + -rm -f $(OBJS) unarj diff --git a/archivers/unarj/patches/patch-aa b/archivers/unarj/patches/patch-aa index 74e99171273..cec2a32e646 100644 --- a/archivers/unarj/patches/patch-aa +++ b/archivers/unarj/patches/patch-aa @@ -1,8 +1,8 @@ -$NetBSD: patch-aa,v 1.5 1999/02/10 14:53:34 frueauf Exp $ +$NetBSD: patch-aa,v 1.5.18.1 2005/01/21 15:32:27 salo Exp $ ---- unarj.h.orig Wed Jun 23 06:07:20 1993 -+++ unarj.h Wed Jan 21 15:03:39 1998 -@@ -104,9 +104,13 @@ +--- unarj.h.orig 2002-06-05 12:28:06.000000000 +0200 ++++ unarj.h +@@ -106,9 +106,13 @@ #endif typedef unsigned char uchar; /* 8 bits or more */ diff --git a/archivers/unarj/patches/patch-ab b/archivers/unarj/patches/patch-ab new file mode 100644 index 00000000000..cfb613332e0 --- /dev/null +++ b/archivers/unarj/patches/patch-ab @@ -0,0 +1,86 @@ +$NetBSD: patch-ab,v 1.3.10.1 2005/01/21 15:32:27 salo Exp $ + +--- sanitize.c.orig 2005-01-21 15:34:42.000000000 +0100 ++++ sanitize.c +@@ -0,0 +1,81 @@ ++/* ++ * Path sanitation code by Ludwig Nussel <ludwig.nussel@suse.de>. Public Domain. ++ */ ++ ++#include "unarj.h" ++ ++#include <string.h> ++#include <limits.h> ++#include <stdio.h> ++ ++#ifndef PATH_CHAR ++#define PATH_CHAR '/' ++#endif ++#ifndef MIN ++#define MIN(x,y) ((x)<(y)?(x):(y)) ++#endif ++ ++/* copy src into dest converting the path to a relative one inside the current ++ * directory. dest must hold at least len bytes */ ++void copy_path_relative(char *dest, char *src, size_t len) ++{ ++ char* o = dest; ++ char* p = src; ++ ++ *o = '\0'; ++ ++ while(*p && *p == PATH_CHAR) ++p; ++ for(; len && *p;) ++ { ++ src = p; ++ p = strchr(src, PATH_CHAR); ++ if(!p) p = src+strlen(src); ++ ++ /* . => skip */ ++ if(p-src == 1 && *src == '.' ) ++ { ++ if(*p) src = ++p; ++ } ++ /* .. => pop one */ ++ else if(p-src == 2 && *src == '.' && src[1] == '.') ++ { ++ if(o != dest) ++ { ++ char* tmp; ++ *o = '\0'; ++ tmp = strrchr(dest, PATH_CHAR); ++ if(!tmp) ++ { ++ len += o-dest; ++ o = dest; ++ if(*p) ++p; ++ } ++ else ++ { ++ len += o-tmp; ++ o = tmp; ++ if(*p) ++p; ++ } ++ } ++ else /* nothing to pop */ ++ if(*p) ++p; ++ } ++ else ++ { ++ size_t copy; ++ if(o != dest) ++ { ++ --len; ++ *o++ = PATH_CHAR; ++ } ++ copy = MIN(p-src,len); ++ memcpy(o, src, copy); ++ len -= copy; ++ src += copy; ++ o += copy; ++ if(*p) ++p; ++ } ++ while(*p && *p == PATH_CHAR) ++p; ++ } ++ o[len?0:-1] = '\0'; ++} diff --git a/archivers/unarj/patches/patch-ad b/archivers/unarj/patches/patch-ad new file mode 100644 index 00000000000..a5c9ba6fd71 --- /dev/null +++ b/archivers/unarj/patches/patch-ad @@ -0,0 +1,58 @@ +$NetBSD: patch-ad,v 1.1.2.2 2005/01/21 15:32:27 salo Exp $ + +--- unarj.c.orig 2002-06-05 12:28:06.000000000 +0200 ++++ unarj.c +@@ -213,7 +213,7 @@ static uchar arj_flags; + static short method; + static uint file_mode; + static ulong time_stamp; +-static short entry_pos; ++static ushort entry_pos; + static ushort host_data; + static uchar *get_ptr; + static UCRC file_crc; +@@ -231,6 +231,8 @@ static UCRC crctable[UCHAR_MAX + 1]; + + /* Functions */ + ++void copy_path_relative(char *dest, char *src, size_t len); ++ + static void + make_crctable() + { +@@ -604,6 +606,7 @@ char *name; + error(M_BADHEADR, ""); + + crc = CRC_MASK; ++ memset(header, 0, sizeof(header)); + fread_crc(header, (int) headersize, fd); + header_crc = fget_crc(fd); + if ((crc ^ CRC_MASK) != header_crc) +@@ -628,9 +631,13 @@ char *name; + + if (origsize < 0 || compsize < 0) + error(M_HEADRCRC, ""); ++ if(first_hdr_size > headersize-2) /* need two \0 for file and comment */ ++ error(M_BADHEADR, ""); + + hdr_filename = (char *)&header[first_hdr_size]; + strncopy(filename, hdr_filename, sizeof(filename)); ++ if(entry_pos >= strlen(filename)) ++ error(M_BADHEADR, ""); + if (host_os != OS) + strparity((uchar *)filename); + if ((arj_flags & PATHSYM_FLAG) != 0) +@@ -727,11 +734,11 @@ extract() + + no_output = 0; + if (command == 'E') +- strcpy(name, &filename[entry_pos]); ++ copy_path_relative(name, &filename[entry_pos], sizeof(name)); + else + { + strcpy(name, DEFAULT_DIR); +- strcat(name, filename); ++ copy_path_relative(name+strlen(name), filename, sizeof(name)-strlen(name)); + } + + if (host_os != OS) |