5 files changed, 53 insertions, 47 deletions

diff --git a/archivers/unarj/files/patch-CVE-2004-0947 b/archivers/unarj/files/patch-CVE-2004-0947
index b66db317b198..317d595de984 100644
--- a/archivers/unarj/files/patch-CVE-2004-0947
+++ b/archivers/unarj/files/patch-CVE-2004-0947
@@ -1,6 +1,8 @@
 - Fix buffer overflow problem in filename handling (CAN-2004-0947)
-Index: unarj.c
-@@ -217,7 +217,7 @@ static uchar  arj_flags;
+
+--- unarj.c.orig	2002-06-05 08:28:06 UTC
++++ unarj.c
+@@ -213,7 +213,7 @@ static uchar  arj_flags;
  static short  method;
  static uint   file_mode;
  static ulong  time_stamp;
@@ -9,7 +11,7 @@ Index: unarj.c
  static ushort host_data;
  static uchar  *get_ptr;
  static UCRC   file_crc;
-@@ -608,6 +608,7 @@ char *name;
+@@ -604,6 +604,7 @@ char *name;
          error(M_BADHEADR, "");
  
      crc = CRC_MASK;
@@ -17,7 +19,7 @@ Index: unarj.c
      fread_crc(header, (int) headersize, fd);
      header_crc = fget_crc(fd);
      if ((crc ^ CRC_MASK) != header_crc)
-@@ -632,9 +633,13 @@ char *name;
+@@ -628,9 +629,13 @@ char *name;
  
      if (origsize < 0 || compsize < 0)
          error(M_HEADRCRC, "");
@@ -31,7 +33,7 @@ Index: unarj.c
      if (host_os != OS)
          strparity((uchar *)filename);
      if ((arj_flags & PATHSYM_FLAG) != 0)
-@@ -733,11 +738,11 @@ extract()
+@@ -727,11 +732,11 @@ extract()
  
      no_output = 0;
      if (command == 'E')
diff --git a/archivers/unarj/files/patch-CVE-2004-1027 b/archivers/unarj/files/patch-CVE-2004-1027
index 7a236040cc09..28b54b85f922 100644
--- a/archivers/unarj/files/patch-CVE-2004-1027
+++ b/archivers/unarj/files/patch-CVE-2004-1027
@@ -1,30 +1,8 @@
 - Fix unchecked path extraction problem (CAN-2004-1027)
-Index: unarj.c
-@@ -235,6 +235,8 @@ static UCRC   crctable[UCHAR_MAX + 1];
- 
- /* Functions */
- 
-+void copy_path_relative(char *dest, char *src, size_t len);
-+
- static void
- make_crctable()
- {
-@@ -738,11 +740,11 @@ extract()
- 
-     no_output = 0;
-     if (command == 'E')
--        strncopy(name, &filename[entry_pos], sizeof(name));
-+        copy_path_relative(name, &filename[entry_pos], sizeof(name));
-     else
-     {
-         strcpy(name, DEFAULT_DIR);
--        strncopy(name+strlen(name), filename, sizeof(name)-strlen(name));
-+        copy_path_relative(name+strlen(name), filename, sizeof(name)-strlen(name));
-     }
- 
-     if (host_os != OS)
-Index: Makefile
-@@ -9,7 +9,9 @@
+
+--- Makefile.orig	2004-11-29 13:47:24 UTC
++++ Makefile
+@@ -9,7 +9,9 @@ environ.o:  environ.c unarj.h
  
  decode.o:   decode.c  unarj.h
  
@@ -35,7 +13,8 @@ Index: Makefile
  
  unarj: $(OBJS)
  	$(CC) $(LDFLAGS) $(OBJS) -o unarj
-Index: sanitize.c
+--- sanitize.c.orig	2016-07-26 12:41:37 UTC
++++ sanitize.c
 @@ -0,0 +1,81 @@
 +/*
 + * Path sanitation code by Ludwig Nussel <ludwig.nussel@suse.de>. Public Domain.
@@ -118,3 +97,28 @@ Index: sanitize.c
 +    }
 +    o[len?0:-1] = '\0';
 +}
+--- unarj.c.orig	2016-07-26 12:41:37 UTC
++++ unarj.c
+@@ -231,6 +231,8 @@ static UCRC   crctable[UCHAR_MAX + 1];
+ 
+ /* Functions */
+ 
++void copy_path_relative(char *dest, char *src, size_t len);
++
+ static void
+ make_crctable()
+ {
+@@ -732,11 +734,11 @@ extract()
+ 
+     no_output = 0;
+     if (command == 'E')
+-        strncopy(name, &filename[entry_pos], sizeof(name));
++        copy_path_relative(name, &filename[entry_pos], sizeof(name));
+     else
+     {
+         strcpy(name, DEFAULT_DIR);
+-        strncopy(name+strlen(name), filename, sizeof(name)-strlen(name));
++        copy_path_relative(name+strlen(name), filename, sizeof(name)-strlen(name));
+     }
+ 
+     if (host_os != OS)
diff --git a/archivers/unarj/files/patch-environ.c b/archivers/unarj/files/patch-environ.c
index 43f2e4c66c96..ed827668c968 100644
--- a/archivers/unarj/files/patch-environ.c
+++ b/archivers/unarj/files/patch-environ.c
@@ -1,6 +1,6 @@
---- environ.c.orig	Mon Sep 29 14:00:24 1997
-+++ environ.c	Thu Feb 18 01:14:35 1999
-@@ -430,16 +430,24 @@
+--- environ.c.orig	2002-06-05 08:28:06 UTC
++++ environ.c
+@@ -430,16 +430,24 @@ uint  host;
  
  #define SUBS_DEFINED
  
@@ -28,7 +28,7 @@
  
  FILE *
  file_open(name, mode)
-@@ -535,8 +543,12 @@
+@@ -535,8 +543,12 @@ uint mode;
  }
  
  long
@@ -42,7 +42,7 @@
  #define NOONOFFSET    43200L
  #define SEC_IN_DAY    (24L * 60L * 60L)
  #define INV_VALUE     (SEC_IN_DAY + 1L)
-@@ -552,6 +564,7 @@
+@@ -552,6 +564,7 @@ gettz()         /* returns the offset fr
      noontm = localtime(&noon);
      retval = NOONOFFSET - 60 * (60 * noontm->tm_hour - noontm->tm_min);
      return retval;
@@ -50,7 +50,7 @@
  }
  
  long
-@@ -600,19 +613,29 @@
+@@ -600,19 +613,29 @@ uint  host;
  {
      time_t m_time;
      struct utimbuf
diff --git a/archivers/unarj/files/patch-unarj.c b/archivers/unarj/files/patch-unarj.c
index 5b683946234c..d348abe13792 100644
--- a/archivers/unarj/files/patch-unarj.c
+++ b/archivers/unarj/files/patch-unarj.c
@@ -1,5 +1,5 @@
---- unarj.c.orig	Wed Jun  5 12:28:06 2002
-+++ unarj.c	Mon Nov 29 17:48:27 2004
+--- unarj.c.orig	2002-06-05 08:28:06 UTC
++++ unarj.c
 @@ -54,6 +54,10 @@
  #include <stdlib.h>
  #include <string.h>
@@ -11,7 +11,7 @@
  #else /* !MODERN */
  extern void free();
  extern void exit();
-@@ -718,6 +722,8 @@
+@@ -718,6 +722,8 @@ static int
  extract()
  {
      char name[FNAME_MAX];
@@ -20,11 +20,10 @@
  
      if (check_flags())
      {
-@@ -736,6 +742,21 @@
- 
+@@ -737,6 +743,21 @@ extract()
      if (host_os != OS)
          default_case_path(name);
-+
+ 
 +
 +    /*
 +       8/8/2000 Phil Knirsch: Bugfix to create subdirectories. Unarj didn't
@@ -39,6 +38,7 @@
 +        mkdir(dir, 0777);
 +        pos = strchr(pos+1, PATH_CHAR);
 +    }
- 
++
      if (file_exists(name))
      {
+         printf(M_FEXISTS, name);
diff --git a/archivers/unarj/files/patch-unarj.h b/archivers/unarj/files/patch-unarj.h
index 42d3e4a23b6c..79c120416fbb 100644
--- a/archivers/unarj/files/patch-unarj.h
+++ b/archivers/unarj/files/patch-unarj.h
@@ -1,5 +1,5 @@
---- unarj.h.orig	Mon Sep 29 14:00:24 1997
-+++ unarj.h	Thu Feb 18 01:06:10 1999
+--- unarj.h.orig	2002-06-05 08:28:06 UTC
++++ unarj.h
 @@ -106,8 +106,12 @@
  #endif