diff options
author | Alex Kozlov <ak@FreeBSD.org> | 2016-02-09 22:46:58 +0000 |
---|---|---|
committer | Alex Kozlov <ak@FreeBSD.org> | 2016-02-09 22:46:58 +0000 |
commit | 667ae541342d47635fbe7b6069c3832a4def753d (patch) | |
tree | 737153b7c93b4588e86f97fc06805f416f53beda /archivers | |
parent | 433e0a25b03b5124f2cd927384fd5b18b6e9dbf6 (diff) | |
download | ports-667ae541342d47635fbe7b6069c3832a4def753d.tar.gz ports-667ae541342d47635fbe7b6069c3832a4def753d.zip |
Notes
Diffstat (limited to 'archivers')
-rw-r--r-- | archivers/unarj/Makefile | 3 | ||||
-rw-r--r-- | archivers/unarj/files/patch-01-path-Makefile | 13 | ||||
-rw-r--r-- | archivers/unarj/files/patch-01-path-unarj.c | 25 | ||||
-rw-r--r-- | archivers/unarj/files/patch-CVE-2004-0947 (renamed from archivers/unarj/files/patch-00-over-unarj.c) | 4 | ||||
-rw-r--r-- | archivers/unarj/files/patch-CVE-2004-1027 | 120 | ||||
-rw-r--r-- | archivers/unarj/files/patch-environ.c (renamed from archivers/unarj/files/patch-ac) | 0 | ||||
-rw-r--r-- | archivers/unarj/files/patch-unarj.c (renamed from archivers/unarj/files/patch-ab) | 0 | ||||
-rw-r--r-- | archivers/unarj/files/patch-unarj.h (renamed from archivers/unarj/files/patch-aa) | 0 | ||||
-rw-r--r-- | archivers/unarj/files/sanitize.c | 81 | ||||
-rw-r--r-- | archivers/unarj/pkg-descr | 8 |
10 files changed, 125 insertions, 129 deletions
diff --git a/archivers/unarj/Makefile b/archivers/unarj/Makefile index 97ff1fe9f871..02d46fc64aa6 100644 --- a/archivers/unarj/Makefile +++ b/archivers/unarj/Makefile @@ -17,9 +17,6 @@ PORTDOCS= unarj.txt technote.txt OPTIONS_DEFINE= DOCS -post-patch: - ${CP} ${FILESDIR}/sanitize.c ${WRKSRC} - do-install: ${INSTALL_PROGRAM} ${WRKSRC}/unarj ${STAGEDIR}${PREFIX}/bin @${MKDIR} ${STAGEDIR}${DOCSDIR} diff --git a/archivers/unarj/files/patch-01-path-Makefile b/archivers/unarj/files/patch-01-path-Makefile deleted file mode 100644 index 942f2ea7ee86..000000000000 --- a/archivers/unarj/files/patch-01-path-Makefile +++ /dev/null @@ -1,13 +0,0 @@ ---- Makefile.orig Mon Nov 29 16:47:24 2004 -+++ Makefile Mon Nov 29 22:46:56 2004 -@@ -9,7 +9,9 @@ - - decode.o: decode.c unarj.h - --OBJS = unarj.o decode.o environ.o -+sanitize.o: sanitize.c unarj.h -+ -+OBJS = unarj.o decode.o environ.o sanitize.o - - unarj: $(OBJS) - $(CC) $(LDFLAGS) $(OBJS) -o unarj diff --git a/archivers/unarj/files/patch-01-path-unarj.c b/archivers/unarj/files/patch-01-path-unarj.c deleted file mode 100644 index c727acb2d8d3..000000000000 --- a/archivers/unarj/files/patch-01-path-unarj.c +++ /dev/null @@ -1,25 +0,0 @@ ---- unarj-2.65.orig/unarj.c -+++ unarj.c -@@ -235,6 +235,8 @@ static UCRC crctable[UCHAR_MAX + 1]; - - /* Functions */ - -+void copy_path_relative(char *dest, char *src, size_t len); -+ - static void - make_crctable() - { -@@ -738,11 +740,11 @@ extract() - - no_output = 0; - if (command == 'E') -- strncopy(name, &filename[entry_pos], sizeof(name)); -+ copy_path_relative(name, &filename[entry_pos], sizeof(name)); - else - { - strcpy(name, DEFAULT_DIR); -- strncopy(name+strlen(name), filename, sizeof(name)-strlen(name)); -+ copy_path_relative(name+strlen(name), filename, sizeof(name)-strlen(name)); - } - - if (host_os != OS) diff --git a/archivers/unarj/files/patch-00-over-unarj.c b/archivers/unarj/files/patch-CVE-2004-0947 index 3a9426f21932..b66db317b198 100644 --- a/archivers/unarj/files/patch-00-over-unarj.c +++ b/archivers/unarj/files/patch-CVE-2004-0947 @@ -1,5 +1,5 @@ ---- unarj-2.65.orig/unarj.c -+++ unarj.c +- Fix buffer overflow problem in filename handling (CAN-2004-0947) +Index: unarj.c @@ -217,7 +217,7 @@ static uchar arj_flags; static short method; static uint file_mode; diff --git a/archivers/unarj/files/patch-CVE-2004-1027 b/archivers/unarj/files/patch-CVE-2004-1027 new file mode 100644 index 000000000000..7a236040cc09 --- /dev/null +++ b/archivers/unarj/files/patch-CVE-2004-1027 @@ -0,0 +1,120 @@ +- Fix unchecked path extraction problem (CAN-2004-1027) +Index: unarj.c +@@ -235,6 +235,8 @@ static UCRC crctable[UCHAR_MAX + 1]; + + /* Functions */ + ++void copy_path_relative(char *dest, char *src, size_t len); ++ + static void + make_crctable() + { +@@ -738,11 +740,11 @@ extract() + + no_output = 0; + if (command == 'E') +- strncopy(name, &filename[entry_pos], sizeof(name)); ++ copy_path_relative(name, &filename[entry_pos], sizeof(name)); + else + { + strcpy(name, DEFAULT_DIR); +- strncopy(name+strlen(name), filename, sizeof(name)-strlen(name)); ++ copy_path_relative(name+strlen(name), filename, sizeof(name)-strlen(name)); + } + + if (host_os != OS) +Index: Makefile +@@ -9,7 +9,9 @@ + + decode.o: decode.c unarj.h + +-OBJS = unarj.o decode.o environ.o ++sanitize.o: sanitize.c unarj.h ++ ++OBJS = unarj.o decode.o environ.o sanitize.o + + unarj: $(OBJS) + $(CC) $(LDFLAGS) $(OBJS) -o unarj +Index: sanitize.c +@@ -0,0 +1,81 @@ ++/* ++ * Path sanitation code by Ludwig Nussel <ludwig.nussel@suse.de>. Public Domain. ++ */ ++ ++#include "unarj.h" ++ ++#include <string.h> ++#include <limits.h> ++#include <stdio.h> ++ ++#ifndef PATH_CHAR ++#define PATH_CHAR '/' ++#endif ++#ifndef MIN ++#define MIN(x,y) ((x)<(y)?(x):(y)) ++#endif ++ ++/* copy src into dest converting the path to a relative one inside the current ++ * directory. dest must hold at least len bytes */ ++void copy_path_relative(char *dest, char *src, size_t len) ++{ ++ char* o = dest; ++ char* p = src; ++ ++ *o = '\0'; ++ ++ while(*p && *p == PATH_CHAR) ++p; ++ for(; len && *p;) ++ { ++ src = p; ++ p = strchr(src, PATH_CHAR); ++ if(!p) p = src+strlen(src); ++ ++ /* . => skip */ ++ if(p-src == 1 && *src == '.' ) ++ { ++ if(*p) src = ++p; ++ } ++ /* .. => pop one */ ++ else if(p-src == 2 && *src == '.' && src[1] == '.') ++ { ++ if(o != dest) ++ { ++ char* tmp; ++ *o = '\0'; ++ tmp = strrchr(dest, PATH_CHAR); ++ if(!tmp) ++ { ++ len += o-dest; ++ o = dest; ++ if(*p) ++p; ++ } ++ else ++ { ++ len += o-tmp; ++ o = tmp; ++ if(*p) ++p; ++ } ++ } ++ else /* nothing to pop */ ++ if(*p) ++p; ++ } ++ else ++ { ++ size_t copy; ++ if(o != dest) ++ { ++ --len; ++ *o++ = PATH_CHAR; ++ } ++ copy = MIN(p-src,len); ++ memcpy(o, src, copy); ++ len -= copy; ++ src += copy; ++ o += copy; ++ if(*p) ++p; ++ } ++ while(*p && *p == PATH_CHAR) ++p; ++ } ++ o[len?0:-1] = '\0'; ++} diff --git a/archivers/unarj/files/patch-ac b/archivers/unarj/files/patch-environ.c index 43f2e4c66c96..43f2e4c66c96 100644 --- a/archivers/unarj/files/patch-ac +++ b/archivers/unarj/files/patch-environ.c diff --git a/archivers/unarj/files/patch-ab b/archivers/unarj/files/patch-unarj.c index 5b683946234c..5b683946234c 100644 --- a/archivers/unarj/files/patch-ab +++ b/archivers/unarj/files/patch-unarj.c diff --git a/archivers/unarj/files/patch-aa b/archivers/unarj/files/patch-unarj.h index 42d3e4a23b6c..42d3e4a23b6c 100644 --- a/archivers/unarj/files/patch-aa +++ b/archivers/unarj/files/patch-unarj.h diff --git a/archivers/unarj/files/sanitize.c b/archivers/unarj/files/sanitize.c deleted file mode 100644 index dc698b60eb8b..000000000000 --- a/archivers/unarj/files/sanitize.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Path sanitation code by Ludwig Nussel <ludwig.nussel@suse.de>. Public Domain. - */ - -#include "unarj.h" - -#include <string.h> -#include <limits.h> -#include <stdio.h> - -#ifndef PATH_CHAR -#define PATH_CHAR '/' -#endif -#ifndef MIN -#define MIN(x,y) ((x)<(y)?(x):(y)) -#endif - -/* copy src into dest converting the path to a relative one inside the current - * directory. dest must hold at least len bytes */ -void copy_path_relative(char *dest, char *src, size_t len) -{ - char* o = dest; - char* p = src; - - *o = '\0'; - - while(*p && *p == PATH_CHAR) ++p; - for(; len && *p;) - { - src = p; - p = strchr(src, PATH_CHAR); - if(!p) p = src+strlen(src); - - /* . => skip */ - if(p-src == 1 && *src == '.' ) - { - if(*p) src = ++p; - } - /* .. => pop one */ - else if(p-src == 2 && *src == '.' && src[1] == '.') - { - if(o != dest) - { - char* tmp; - *o = '\0'; - tmp = strrchr(dest, PATH_CHAR); - if(!tmp) - { - len += o-dest; - o = dest; - if(*p) ++p; - } - else - { - len += o-tmp; - o = tmp; - if(*p) ++p; - } - } - else /* nothing to pop */ - if(*p) ++p; - } - else - { - size_t copy; - if(o != dest) - { - --len; - *o++ = PATH_CHAR; - } - copy = MIN(p-src,len); - memcpy(o, src, copy); - len -= copy; - src += copy; - o += copy; - if(*p) ++p; - } - while(*p && *p == PATH_CHAR) ++p; - } - o[len?0:-1] = '\0'; -} diff --git a/archivers/unarj/pkg-descr b/archivers/unarj/pkg-descr index 27246b9db286..d2c43c470ff7 100644 --- a/archivers/unarj/pkg-descr +++ b/archivers/unarj/pkg-descr @@ -1,7 +1,5 @@ -This is an extract-only program which allows access to the contents of ARJ -archives. You cannot specify a base directory or select individual files -to extract. UNARJ does not support empty directories or volume labels. -UNARJ is much slower than ARJ because ARJ is highly optimized using -assembly language. +This is an extract-only program which allows access to the contents of ARJ +archives. You cannot specify a base directory or select individual files +to extract. UNARJ does not support empty directories or volume labels. WWW: http://www.arjsoftware.com/ |