Add two patches from RedHat, fixing CAN-2004-0947 and CAN-2004-1027.

Bump PKGREVISION.

2 files changed, 144 insertions, 0 deletions

diff --git a/archivers/unarj/patches/patch-ab b/archivers/unarj/patches/patch-ab
new file mode 100644
index 00000000000..3fdf8e5aa3d
--- /dev/null
+++ b/archivers/unarj/patches/patch-ab
@@ -0,0 +1,86 @@
+$NetBSD: patch-ab,v 1.4 2005/01/21 14:42:10 wiz Exp $
+
+--- sanitize.c.orig	2005-01-21 15:34:42.000000000 +0100
++++ sanitize.c
+@@ -0,0 +1,81 @@
++/*
++ * Path sanitation code by Ludwig Nussel <ludwig.nussel@suse.de>. Public Domain.
++ */
++
++#include "unarj.h"
++
++#include <string.h>
++#include <limits.h>
++#include <stdio.h>
++
++#ifndef PATH_CHAR
++#define PATH_CHAR '/'
++#endif
++#ifndef MIN
++#define MIN(x,y) ((x)<(y)?(x):(y))
++#endif
++
++/* copy src into dest converting the path to a relative one inside the current
++ * directory. dest must hold at least len bytes */
++void copy_path_relative(char *dest, char *src, size_t len)
++{
++    char* o = dest;
++    char* p = src;
++
++    *o = '\0';
++
++    while(*p && *p == PATH_CHAR) ++p;
++    for(; len && *p;)
++    {
++	src = p;
++	p = strchr(src, PATH_CHAR);
++	if(!p) p = src+strlen(src);
++
++	/* . => skip */
++	if(p-src == 1 && *src == '.' )
++	{
++	    if(*p) src = ++p;
++	}
++	/* .. => pop one */
++	else if(p-src == 2 && *src == '.' && src[1] == '.')
++	{
++	    if(o != dest)
++	    {
++		char* tmp;
++		*o = '\0';
++		tmp = strrchr(dest, PATH_CHAR);
++		if(!tmp)
++		{
++		    len += o-dest;
++		    o = dest;
++		    if(*p) ++p;
++		}
++		else
++		{
++		    len += o-tmp;
++		    o = tmp;
++		    if(*p) ++p;
++		}
++	    }
++	    else /* nothing to pop */
++		if(*p) ++p;
++	}
++	else
++	{
++	    size_t copy;
++	    if(o != dest)
++	    {
++		--len;
++		*o++ = PATH_CHAR;
++	    }
++	    copy = MIN(p-src,len);
++	    memcpy(o, src, copy);
++	    len -= copy;
++	    src += copy;
++	    o += copy;
++	    if(*p) ++p;
++	}
++	while(*p && *p == PATH_CHAR) ++p;
++    }
++    o[len?0:-1] = '\0';
++}
diff --git a/archivers/unarj/patches/patch-ad b/archivers/unarj/patches/patch-ad
new file mode 100644
index 00000000000..69c865c0b9b
--- /dev/null
+++ b/archivers/unarj/patches/patch-ad
@@ -0,0 +1,58 @@
+$NetBSD: patch-ad,v 1.1 2005/01/21 14:42:10 wiz Exp $
+
+--- unarj.c.orig	2002-06-05 12:28:06.000000000 +0200
++++ unarj.c
+@@ -213,7 +213,7 @@ static uchar  arj_flags;
+ static short  method;
+ static uint   file_mode;
+ static ulong  time_stamp;
+-static short  entry_pos;
++static ushort entry_pos;
+ static ushort host_data;
+ static uchar  *get_ptr;
+ static UCRC   file_crc;
+@@ -231,6 +231,8 @@ static UCRC   crctable[UCHAR_MAX + 1];
+ 
+ /* Functions */
+ 
++void copy_path_relative(char *dest, char *src, size_t len);
++
+ static void
+ make_crctable()
+ {
+@@ -604,6 +606,7 @@ char *name;
+         error(M_BADHEADR, "");
+ 
+     crc = CRC_MASK;
++    memset(header, 0, sizeof(header));
+     fread_crc(header, (int) headersize, fd);
+     header_crc = fget_crc(fd);
+     if ((crc ^ CRC_MASK) != header_crc)
+@@ -628,9 +631,13 @@ char *name;
+ 
+     if (origsize < 0 || compsize < 0)
+         error(M_HEADRCRC, "");
++    if(first_hdr_size > headersize-2) /* need two \0 for file and comment */
++        error(M_BADHEADR, "");
+ 
+     hdr_filename = (char *)&header[first_hdr_size];
+     strncopy(filename, hdr_filename, sizeof(filename));
++    if(entry_pos >= strlen(filename))
++        error(M_BADHEADR, "");
+     if (host_os != OS)
+         strparity((uchar *)filename);
+     if ((arj_flags & PATHSYM_FLAG) != 0)
+@@ -727,11 +734,11 @@ extract()
+ 
+     no_output = 0;
+     if (command == 'E')
+-        strcpy(name, &filename[entry_pos]);
++        copy_path_relative(name, &filename[entry_pos], sizeof(name));
+     else
+     {
+         strcpy(name, DEFAULT_DIR);
+-        strcat(name, filename);
++        copy_path_relative(name+strlen(name), filename, sizeof(name)-strlen(name));
+     }
+ 
+     if (host_os != OS)