aboutsummaryrefslogtreecommitdiff
path: root/archivers
diff options
context:
space:
mode:
authorAlex Kozlov <ak@FreeBSD.org>2016-02-09 22:46:58 +0000
committerAlex Kozlov <ak@FreeBSD.org>2016-02-09 22:46:58 +0000
commit667ae541342d47635fbe7b6069c3832a4def753d (patch)
tree737153b7c93b4588e86f97fc06805f416f53beda /archivers
parent433e0a25b03b5124f2cd927384fd5b18b6e9dbf6 (diff)
downloadports-667ae541342d47635fbe7b6069c3832a4def753d.tar.gz
ports-667ae541342d47635fbe7b6069c3832a4def753d.zip
Notes
Diffstat (limited to 'archivers')
-rw-r--r--archivers/unarj/Makefile3
-rw-r--r--archivers/unarj/files/patch-01-path-Makefile13
-rw-r--r--archivers/unarj/files/patch-01-path-unarj.c25
-rw-r--r--archivers/unarj/files/patch-CVE-2004-0947 (renamed from archivers/unarj/files/patch-00-over-unarj.c)4
-rw-r--r--archivers/unarj/files/patch-CVE-2004-1027120
-rw-r--r--archivers/unarj/files/patch-environ.c (renamed from archivers/unarj/files/patch-ac)0
-rw-r--r--archivers/unarj/files/patch-unarj.c (renamed from archivers/unarj/files/patch-ab)0
-rw-r--r--archivers/unarj/files/patch-unarj.h (renamed from archivers/unarj/files/patch-aa)0
-rw-r--r--archivers/unarj/files/sanitize.c81
-rw-r--r--archivers/unarj/pkg-descr8
10 files changed, 125 insertions, 129 deletions
diff --git a/archivers/unarj/Makefile b/archivers/unarj/Makefile
index 97ff1fe9f871..02d46fc64aa6 100644
--- a/archivers/unarj/Makefile
+++ b/archivers/unarj/Makefile
@@ -17,9 +17,6 @@ PORTDOCS= unarj.txt technote.txt
OPTIONS_DEFINE= DOCS
-post-patch:
- ${CP} ${FILESDIR}/sanitize.c ${WRKSRC}
-
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/unarj ${STAGEDIR}${PREFIX}/bin
@${MKDIR} ${STAGEDIR}${DOCSDIR}
diff --git a/archivers/unarj/files/patch-01-path-Makefile b/archivers/unarj/files/patch-01-path-Makefile
deleted file mode 100644
index 942f2ea7ee86..000000000000
--- a/archivers/unarj/files/patch-01-path-Makefile
+++ /dev/null
@@ -1,13 +0,0 @@
---- Makefile.orig Mon Nov 29 16:47:24 2004
-+++ Makefile Mon Nov 29 22:46:56 2004
-@@ -9,7 +9,9 @@
-
- decode.o: decode.c unarj.h
-
--OBJS = unarj.o decode.o environ.o
-+sanitize.o: sanitize.c unarj.h
-+
-+OBJS = unarj.o decode.o environ.o sanitize.o
-
- unarj: $(OBJS)
- $(CC) $(LDFLAGS) $(OBJS) -o unarj
diff --git a/archivers/unarj/files/patch-01-path-unarj.c b/archivers/unarj/files/patch-01-path-unarj.c
deleted file mode 100644
index c727acb2d8d3..000000000000
--- a/archivers/unarj/files/patch-01-path-unarj.c
+++ /dev/null
@@ -1,25 +0,0 @@
---- unarj-2.65.orig/unarj.c
-+++ unarj.c
-@@ -235,6 +235,8 @@ static UCRC crctable[UCHAR_MAX + 1];
-
- /* Functions */
-
-+void copy_path_relative(char *dest, char *src, size_t len);
-+
- static void
- make_crctable()
- {
-@@ -738,11 +740,11 @@ extract()
-
- no_output = 0;
- if (command == 'E')
-- strncopy(name, &filename[entry_pos], sizeof(name));
-+ copy_path_relative(name, &filename[entry_pos], sizeof(name));
- else
- {
- strcpy(name, DEFAULT_DIR);
-- strncopy(name+strlen(name), filename, sizeof(name)-strlen(name));
-+ copy_path_relative(name+strlen(name), filename, sizeof(name)-strlen(name));
- }
-
- if (host_os != OS)
diff --git a/archivers/unarj/files/patch-00-over-unarj.c b/archivers/unarj/files/patch-CVE-2004-0947
index 3a9426f21932..b66db317b198 100644
--- a/archivers/unarj/files/patch-00-over-unarj.c
+++ b/archivers/unarj/files/patch-CVE-2004-0947
@@ -1,5 +1,5 @@
---- unarj-2.65.orig/unarj.c
-+++ unarj.c
+- Fix buffer overflow problem in filename handling (CAN-2004-0947)
+Index: unarj.c
@@ -217,7 +217,7 @@ static uchar arj_flags;
static short method;
static uint file_mode;
diff --git a/archivers/unarj/files/patch-CVE-2004-1027 b/archivers/unarj/files/patch-CVE-2004-1027
new file mode 100644
index 000000000000..7a236040cc09
--- /dev/null
+++ b/archivers/unarj/files/patch-CVE-2004-1027
@@ -0,0 +1,120 @@
+- Fix unchecked path extraction problem (CAN-2004-1027)
+Index: unarj.c
+@@ -235,6 +235,8 @@ static UCRC crctable[UCHAR_MAX + 1];
+
+ /* Functions */
+
++void copy_path_relative(char *dest, char *src, size_t len);
++
+ static void
+ make_crctable()
+ {
+@@ -738,11 +740,11 @@ extract()
+
+ no_output = 0;
+ if (command == 'E')
+- strncopy(name, &filename[entry_pos], sizeof(name));
++ copy_path_relative(name, &filename[entry_pos], sizeof(name));
+ else
+ {
+ strcpy(name, DEFAULT_DIR);
+- strncopy(name+strlen(name), filename, sizeof(name)-strlen(name));
++ copy_path_relative(name+strlen(name), filename, sizeof(name)-strlen(name));
+ }
+
+ if (host_os != OS)
+Index: Makefile
+@@ -9,7 +9,9 @@
+
+ decode.o: decode.c unarj.h
+
+-OBJS = unarj.o decode.o environ.o
++sanitize.o: sanitize.c unarj.h
++
++OBJS = unarj.o decode.o environ.o sanitize.o
+
+ unarj: $(OBJS)
+ $(CC) $(LDFLAGS) $(OBJS) -o unarj
+Index: sanitize.c
+@@ -0,0 +1,81 @@
++/*
++ * Path sanitation code by Ludwig Nussel <ludwig.nussel@suse.de>. Public Domain.
++ */
++
++#include "unarj.h"
++
++#include <string.h>
++#include <limits.h>
++#include <stdio.h>
++
++#ifndef PATH_CHAR
++#define PATH_CHAR '/'
++#endif
++#ifndef MIN
++#define MIN(x,y) ((x)<(y)?(x):(y))
++#endif
++
++/* copy src into dest converting the path to a relative one inside the current
++ * directory. dest must hold at least len bytes */
++void copy_path_relative(char *dest, char *src, size_t len)
++{
++ char* o = dest;
++ char* p = src;
++
++ *o = '\0';
++
++ while(*p && *p == PATH_CHAR) ++p;
++ for(; len && *p;)
++ {
++ src = p;
++ p = strchr(src, PATH_CHAR);
++ if(!p) p = src+strlen(src);
++
++ /* . => skip */
++ if(p-src == 1 && *src == '.' )
++ {
++ if(*p) src = ++p;
++ }
++ /* .. => pop one */
++ else if(p-src == 2 && *src == '.' && src[1] == '.')
++ {
++ if(o != dest)
++ {
++ char* tmp;
++ *o = '\0';
++ tmp = strrchr(dest, PATH_CHAR);
++ if(!tmp)
++ {
++ len += o-dest;
++ o = dest;
++ if(*p) ++p;
++ }
++ else
++ {
++ len += o-tmp;
++ o = tmp;
++ if(*p) ++p;
++ }
++ }
++ else /* nothing to pop */
++ if(*p) ++p;
++ }
++ else
++ {
++ size_t copy;
++ if(o != dest)
++ {
++ --len;
++ *o++ = PATH_CHAR;
++ }
++ copy = MIN(p-src,len);
++ memcpy(o, src, copy);
++ len -= copy;
++ src += copy;
++ o += copy;
++ if(*p) ++p;
++ }
++ while(*p && *p == PATH_CHAR) ++p;
++ }
++ o[len?0:-1] = '\0';
++}
diff --git a/archivers/unarj/files/patch-ac b/archivers/unarj/files/patch-environ.c
index 43f2e4c66c96..43f2e4c66c96 100644
--- a/archivers/unarj/files/patch-ac
+++ b/archivers/unarj/files/patch-environ.c
diff --git a/archivers/unarj/files/patch-ab b/archivers/unarj/files/patch-unarj.c
index 5b683946234c..5b683946234c 100644
--- a/archivers/unarj/files/patch-ab
+++ b/archivers/unarj/files/patch-unarj.c
diff --git a/archivers/unarj/files/patch-aa b/archivers/unarj/files/patch-unarj.h
index 42d3e4a23b6c..42d3e4a23b6c 100644
--- a/archivers/unarj/files/patch-aa
+++ b/archivers/unarj/files/patch-unarj.h
diff --git a/archivers/unarj/files/sanitize.c b/archivers/unarj/files/sanitize.c
deleted file mode 100644
index dc698b60eb8b..000000000000
--- a/archivers/unarj/files/sanitize.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Path sanitation code by Ludwig Nussel <ludwig.nussel@suse.de>. Public Domain.
- */
-
-#include "unarj.h"
-
-#include <string.h>
-#include <limits.h>
-#include <stdio.h>
-
-#ifndef PATH_CHAR
-#define PATH_CHAR '/'
-#endif
-#ifndef MIN
-#define MIN(x,y) ((x)<(y)?(x):(y))
-#endif
-
-/* copy src into dest converting the path to a relative one inside the current
- * directory. dest must hold at least len bytes */
-void copy_path_relative(char *dest, char *src, size_t len)
-{
- char* o = dest;
- char* p = src;
-
- *o = '\0';
-
- while(*p && *p == PATH_CHAR) ++p;
- for(; len && *p;)
- {
- src = p;
- p = strchr(src, PATH_CHAR);
- if(!p) p = src+strlen(src);
-
- /* . => skip */
- if(p-src == 1 && *src == '.' )
- {
- if(*p) src = ++p;
- }
- /* .. => pop one */
- else if(p-src == 2 && *src == '.' && src[1] == '.')
- {
- if(o != dest)
- {
- char* tmp;
- *o = '\0';
- tmp = strrchr(dest, PATH_CHAR);
- if(!tmp)
- {
- len += o-dest;
- o = dest;
- if(*p) ++p;
- }
- else
- {
- len += o-tmp;
- o = tmp;
- if(*p) ++p;
- }
- }
- else /* nothing to pop */
- if(*p) ++p;
- }
- else
- {
- size_t copy;
- if(o != dest)
- {
- --len;
- *o++ = PATH_CHAR;
- }
- copy = MIN(p-src,len);
- memcpy(o, src, copy);
- len -= copy;
- src += copy;
- o += copy;
- if(*p) ++p;
- }
- while(*p && *p == PATH_CHAR) ++p;
- }
- o[len?0:-1] = '\0';
-}
diff --git a/archivers/unarj/pkg-descr b/archivers/unarj/pkg-descr
index 27246b9db286..d2c43c470ff7 100644
--- a/archivers/unarj/pkg-descr
+++ b/archivers/unarj/pkg-descr
@@ -1,7 +1,5 @@
-This is an extract-only program which allows access to the contents of ARJ
-archives. You cannot specify a base directory or select individual files
-to extract. UNARJ does not support empty directories or volume labels.
-UNARJ is much slower than ARJ because ARJ is highly optimized using
-assembly language.
+This is an extract-only program which allows access to the contents of ARJ
+archives. You cannot specify a base directory or select individual files
+to extract. UNARJ does not support empty directories or volume labels.
WWW: http://www.arjsoftware.com/