pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2004Q4]: pkgsrc/archivers/unarj Pullup ticket 240 - requested ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/5f0aeed3f367
branches: pkgsrc-2004Q4
changeset: 485843:5f0aeed3f367
user: salo <salo%pkgsrc.org@localhost>
date: Fri Jan 21 15:32:26 2005 +0000
description:
Pullup ticket 240 - requested by Thomas Klausner
security fix for unarj
Revisions pulled up:
- pkgsrc/archivers/unarj/Makefile 1.18-1.19
- pkgsrc/archivers/unarj/PLIST 1.2
- pkgsrc/archivers/unarj/distinfo 1.3-1.4
- pkgsrc/archivers/unarj/files/Makefile 1.1-1.2
- pkgsrc/archivers/unarj/patches/patch-aa 1.6
- pkgsrc/archivers/unarj/patches/patch-ab 1.4
- pkgsrc/archivers/unarj/patches/patch-ad 1.1
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jan 21 14:30:05 UTC 2005
Modified Files:
pkgsrc/archivers/unarj: Makefile PLIST distinfo
Log Message:
Update to 2.65. (Documented) changes:
UNARJ 2.65 - Fixed table boundaries per suggestion of
UNARJ 2.63 - Added additional header data checks.
UNARJ 2.61 - Added chapter and encryption information.
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jan 21 14:30:32 UTC 2005
Added Files:
pkgsrc/archivers/unarj/files: Makefile
Log Message:
Add Makefile, since distfiles comes without one.
--
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jan 21 14:41:16 UTC 2005
Modified Files:
pkgsrc/archivers/unarj/patches: patch-aa
Log Message:
regen with correct offsets
--
Module Name: pkgsrc
Committed By: wiz
Date: Fri Jan 21 14:42:10 UTC 2005
Modified Files:
pkgsrc/archivers/unarj: Makefile distinfo
pkgsrc/archivers/unarj/files: Makefile
Added Files:
pkgsrc/archivers/unarj/patches: patch-ab patch-ad
Log Message:
Add two patches from RedHat, fixing CAN-2004-0947 and CAN-2004-1027.
Bump PKGREVISION.
diffstat:
archivers/unarj/Makefile | 17 ++++---
archivers/unarj/PLIST | 6 +-
archivers/unarj/distinfo | 10 ++-
archivers/unarj/files/Makefile | 20 +++++++++
archivers/unarj/patches/patch-aa | 8 +-
archivers/unarj/patches/patch-ab | 86 ++++++++++++++++++++++++++++++++++++++++
archivers/unarj/patches/patch-ad | 58 ++++++++++++++++++++++++++
7 files changed, 187 insertions(+), 18 deletions(-)
diffs (259 lines):
diff -r e3a4dab969f8 -r 5f0aeed3f367 archivers/unarj/Makefile
--- a/archivers/unarj/Makefile Fri Jan 21 14:38:45 2005 +0000
+++ b/archivers/unarj/Makefile Fri Jan 21 15:32:26 2005 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.17 2004/07/28 02:47:35 minskim Exp $
+# $NetBSD: Makefile,v 1.17.4.1 2005/01/21 15:32:26 salo Exp $
-DISTNAME= unarj-2.43
+DISTNAME= unarj-2.65
+PKGREVISION= 1
CATEGORIES= archivers
-MASTER_SITES= ftp://ftp.kiarchive.ru/pub/unix/arcers/
-EXTRACT_SUFX= .tgz
+MASTER_SITES= #
MAINTAINER= tech-pkg%NetBSD.org@localhost
HOMEPAGE= http://www.arjsoftware.com/
@@ -15,15 +15,18 @@
NO_BIN_ON_CDROM=${RESTRICTED}
PKG_INSTALLATION_TYPES= overwrite pkgviews
-
+NO_CONFIGURE= # defined
USE_BUILDLINK3= yes
INSTALLATION_DIRS= bin
+post-extract:
+ ${CP} ${FILESDIR}/Makefile ${WRKSRC}
+
do-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/unarj
${INSTALL_PROGRAM} ${WRKSRC}/unarj ${PREFIX}/bin
- ${INSTALL_MAN} ${WRKSRC}/unarj.doc ${PREFIX}/share/doc/unarj
- ${INSTALL_MAN} ${WRKSRC}/technote.doc ${PREFIX}/share/doc/unarj
+ ${INSTALL_MAN} ${WRKSRC}/unarj.txt ${PREFIX}/share/doc/unarj
+ ${INSTALL_MAN} ${WRKSRC}/technote.txt ${PREFIX}/share/doc/unarj
.include "../../mk/bsd.pkg.mk"
diff -r e3a4dab969f8 -r 5f0aeed3f367 archivers/unarj/PLIST
--- a/archivers/unarj/PLIST Fri Jan 21 14:38:45 2005 +0000
+++ b/archivers/unarj/PLIST Fri Jan 21 15:32:26 2005 +0000
@@ -1,5 +1,5 @@
-@comment $NetBSD: PLIST,v 1.1 2001/10/31 20:24:44 zuntum Exp $
+@comment $NetBSD: PLIST,v 1.1.18.1 2005/01/21 15:32:26 salo Exp $
bin/unarj
-share/doc/unarj/unarj.doc
-share/doc/unarj/technote.doc
+share/doc/unarj/unarj.txt
+share/doc/unarj/technote.txt
@dirrm share/doc/unarj
diff -r e3a4dab969f8 -r 5f0aeed3f367 archivers/unarj/distinfo
--- a/archivers/unarj/distinfo Fri Jan 21 14:38:45 2005 +0000
+++ b/archivers/unarj/distinfo Fri Jan 21 15:32:26 2005 +0000
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.2 2001/04/18 11:21:09 agc Exp $
+$NetBSD: distinfo,v 1.2.18.1 2005/01/21 15:32:26 salo Exp $
-SHA1 (unarj-2.43.tgz) = 0d814c93a723087fd4d229f92f0354166ee53660
-Size (unarj-2.43.tgz) = 20728 bytes
-SHA1 (patch-aa) = d864780eb564e8035379b06f20b5c8a8e19d5f83
+SHA1 (unarj-2.65.tar.gz) = 56843e95e6b6ac7577dfdfbfee5af166b5e2c74f
+Size (unarj-2.65.tar.gz) = 74911 bytes
+SHA1 (patch-aa) = 2029b106a498624902639897ae539fd54a0d1052
+SHA1 (patch-ab) = 15216bc07298ce0956bfbadfaae763622ee88a0c
SHA1 (patch-ac) = 59245f61d731e2fd6dc101fefe0f62db0c55b55e
+SHA1 (patch-ad) = 46c469ade1a20da7e3ac633652e4ec926ba2b08f
diff -r e3a4dab969f8 -r 5f0aeed3f367 archivers/unarj/files/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/unarj/files/Makefile Fri Jan 21 15:32:26 2005 +0000
@@ -0,0 +1,20 @@
+.c.o:
+ ${CC} ${CFLAGS} -DUNIX -c $<
+
+all: unarj
+
+unarj.o: unarj.c unarj.h
+
+environ.o: environ.c unarj.h
+
+decode.o: decode.c unarj.h
+
+sanitize.o: sanitize.c unarj.h
+
+OBJS = unarj.o decode.o environ.o sanitize.o
+
+unarj: $(OBJS)
+ $(CC) $(LDFLAGS) $(OBJS) -o unarj
+
+clean:
+ -rm -f $(OBJS) unarj
diff -r e3a4dab969f8 -r 5f0aeed3f367 archivers/unarj/patches/patch-aa
--- a/archivers/unarj/patches/patch-aa Fri Jan 21 14:38:45 2005 +0000
+++ b/archivers/unarj/patches/patch-aa Fri Jan 21 15:32:26 2005 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.5 1999/02/10 14:53:34 frueauf Exp $
+$NetBSD: patch-aa,v 1.5.18.1 2005/01/21 15:32:27 salo Exp $
---- unarj.h.orig Wed Jun 23 06:07:20 1993
-+++ unarj.h Wed Jan 21 15:03:39 1998
-@@ -104,9 +104,13 @@
+--- unarj.h.orig 2002-06-05 12:28:06.000000000 +0200
++++ unarj.h
+@@ -106,9 +106,13 @@
#endif
typedef unsigned char uchar; /* 8 bits or more */
diff -r e3a4dab969f8 -r 5f0aeed3f367 archivers/unarj/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/unarj/patches/patch-ab Fri Jan 21 15:32:26 2005 +0000
@@ -0,0 +1,86 @@
+$NetBSD: patch-ab,v 1.3.10.1 2005/01/21 15:32:27 salo Exp $
+
+--- sanitize.c.orig 2005-01-21 15:34:42.000000000 +0100
++++ sanitize.c
+@@ -0,0 +1,81 @@
++/*
++ * Path sanitation code by Ludwig Nussel <ludwig.nussel%suse.de@localhost>. Public Domain.
++ */
++
++#include "unarj.h"
++
++#include <string.h>
++#include <limits.h>
++#include <stdio.h>
++
++#ifndef PATH_CHAR
++#define PATH_CHAR '/'
++#endif
++#ifndef MIN
++#define MIN(x,y) ((x)<(y)?(x):(y))
++#endif
++
++/* copy src into dest converting the path to a relative one inside the current
++ * directory. dest must hold at least len bytes */
++void copy_path_relative(char *dest, char *src, size_t len)
++{
++ char* o = dest;
++ char* p = src;
++
++ *o = '\0';
++
++ while(*p && *p == PATH_CHAR) ++p;
++ for(; len && *p;)
++ {
++ src = p;
++ p = strchr(src, PATH_CHAR);
++ if(!p) p = src+strlen(src);
++
++ /* . => skip */
++ if(p-src == 1 && *src == '.' )
++ {
++ if(*p) src = ++p;
++ }
++ /* .. => pop one */
++ else if(p-src == 2 && *src == '.' && src[1] == '.')
++ {
++ if(o != dest)
++ {
++ char* tmp;
++ *o = '\0';
++ tmp = strrchr(dest, PATH_CHAR);
++ if(!tmp)
++ {
++ len += o-dest;
++ o = dest;
++ if(*p) ++p;
++ }
++ else
++ {
++ len += o-tmp;
++ o = tmp;
++ if(*p) ++p;
++ }
++ }
++ else /* nothing to pop */
++ if(*p) ++p;
++ }
++ else
++ {
++ size_t copy;
++ if(o != dest)
++ {
++ --len;
++ *o++ = PATH_CHAR;
++ }
++ copy = MIN(p-src,len);
++ memcpy(o, src, copy);
++ len -= copy;
++ src += copy;
++ o += copy;
++ if(*p) ++p;
++ }
++ while(*p && *p == PATH_CHAR) ++p;
++ }
++ o[len?0:-1] = '\0';
++}
diff -r e3a4dab969f8 -r 5f0aeed3f367 archivers/unarj/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/unarj/patches/patch-ad Fri Jan 21 15:32:26 2005 +0000
@@ -0,0 +1,58 @@
+$NetBSD: patch-ad,v 1.1.2.2 2005/01/21 15:32:27 salo Exp $
+
+--- unarj.c.orig 2002-06-05 12:28:06.000000000 +0200
++++ unarj.c
+@@ -213,7 +213,7 @@ static uchar arj_flags;
+ static short method;
+ static uint file_mode;
+ static ulong time_stamp;
+-static short entry_pos;
++static ushort entry_pos;
+ static ushort host_data;
+ static uchar *get_ptr;
+ static UCRC file_crc;
+@@ -231,6 +231,8 @@ static UCRC crctable[UCHAR_MAX + 1];
+
+ /* Functions */
+
++void copy_path_relative(char *dest, char *src, size_t len);
++
+ static void
+ make_crctable()
+ {
+@@ -604,6 +606,7 @@ char *name;
+ error(M_BADHEADR, "");
+
+ crc = CRC_MASK;
++ memset(header, 0, sizeof(header));
+ fread_crc(header, (int) headersize, fd);
+ header_crc = fget_crc(fd);
+ if ((crc ^ CRC_MASK) != header_crc)
+@@ -628,9 +631,13 @@ char *name;
+
+ if (origsize < 0 || compsize < 0)
+ error(M_HEADRCRC, "");
++ if(first_hdr_size > headersize-2) /* need two \0 for file and comment */
++ error(M_BADHEADR, "");
+
+ hdr_filename = (char *)&header[first_hdr_size];
+ strncopy(filename, hdr_filename, sizeof(filename));
++ if(entry_pos >= strlen(filename))
++ error(M_BADHEADR, "");
+ if (host_os != OS)
+ strparity((uchar *)filename);
+ if ((arj_flags & PATHSYM_FLAG) != 0)
+@@ -727,11 +734,11 @@ extract()
+
+ no_output = 0;
+ if (command == 'E')
+- strcpy(name, &filename[entry_pos]);
++ copy_path_relative(name, &filename[entry_pos], sizeof(name));
+ else
+ {
+ strcpy(name, DEFAULT_DIR);
+- strcat(name, filename);
++ copy_path_relative(name+strlen(name), filename, sizeof(name)-strlen(name));
+ }
+
+ if (host_os != OS)
Home |
Main Index |
Thread Index |
Old Index