security bump - CAN-2004-0947 - bug 70966

6 files changed, 225 insertions, 1 deletions

diff --git a/app-arch/unarj/ChangeLog b/app-arch/unarj/ChangeLog
index d2bada0e8ce5..349b3506ad3d 100644
--- a/app-arch/unarj/ChangeLog
+++ b/app-arch/unarj/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-arch/unarj
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/unarj/ChangeLog,v 1.9 2004/06/24 21:37:28 agriffis Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-arch/unarj/ChangeLog,v 1.10 2004/11/15 03:34:39 solar Exp $
+
+*unarj-2.63a-r2 (14 Nov 2004)
+
+  14 Nov 2004; <solar@gentoo.org> +files/unarj-2.65-CAN-2004-0947.patch,
+  +files/unarj-2.65-sanitation.patch, +unarj-2.63a-r2.ebuild:
+  security bump - CAN-2004-0947 - bug 70966
 
   24 Nov 2003; Aron Griffis <agriffis@gentoo.org> unarj-2.63a-r1.ebuild:
   Mark stable on alpha
diff --git a/app-arch/unarj/Manifest b/app-arch/unarj/Manifest
index b599fc0a6caa..828c7b8ba933 100644
--- a/app-arch/unarj/Manifest
+++ b/app-arch/unarj/Manifest
@@ -1,3 +1,7 @@
 MD5 416739c466fcd11a64bf83b0b905c486 unarj-2.63a-r1.ebuild 658
+MD5 3db1dd73e60c9d088058dda04be488a8 unarj-2.63a-r2.ebuild 788
 MD5 d1e87deacbf6773fdc257d33a4934d09 ChangeLog 1246
+MD5 ff29e175029520a55c6bbe96c614370b files/unarj-2.65-sanitation.patch 3040
 MD5 0fec2e24cfc04ee5279a349ea7ebc34b files/digest-unarj-2.63a-r1 62
+MD5 0fec2e24cfc04ee5279a349ea7ebc34b files/digest-unarj-2.63a-r2 62
+MD5 c690458b8e0e69d0988b7359b4c4efa7 files/unarj-2.65-CAN-2004-0947.patch 1523
diff --git a/app-arch/unarj/files/digest-unarj-2.63a-r2 b/app-arch/unarj/files/digest-unarj-2.63a-r2
new file mode 100644
index 000000000000..ea9a48b49669
--- /dev/null
+++ b/app-arch/unarj/files/digest-unarj-2.63a-r2
@@ -0,0 +1 @@
+MD5 a83d139c245f911f22cb1b611ec9768f unarj-2.63a.tar.gz 24979
diff --git a/app-arch/unarj/files/unarj-2.65-CAN-2004-0947.patch b/app-arch/unarj/files/unarj-2.65-CAN-2004-0947.patch
new file mode 100644
index 000000000000..f52af83ac2ca
--- /dev/null
+++ b/app-arch/unarj/files/unarj-2.65-CAN-2004-0947.patch
@@ -0,0 +1,49 @@
+Index: unarj-2.65/unarj.c
+===================================================================
+--- unarj-2.65.orig/unarj.c
++++ unarj-2.65/unarj.c
+@@ -217,7 +217,7 @@ static uchar  arj_flags;
+ static short  method;
+ static uint   file_mode;
+ static ulong  time_stamp;
+-static short  entry_pos;
++static ushort entry_pos;
+ static ushort host_data;
+ static uchar  *get_ptr;
+ static UCRC   file_crc;
+@@ -608,6 +608,7 @@ char *name;
+         error(M_BADHEADR, "");
+ 
+     crc = CRC_MASK;
++    memset(header, 0, sizeof(header));
+     fread_crc(header, (int) headersize, fd);
+     header_crc = fget_crc(fd);
+     if ((crc ^ CRC_MASK) != header_crc)
+@@ -632,9 +633,13 @@ char *name;
+ 
+     if (origsize < 0 || compsize < 0)
+         error(M_HEADRCRC, "");
++    if(first_hdr_size > headersize-2) /* need two \0 for file and comment */
++        error(M_BADHEADR, "");
+ 
+     hdr_filename = (char *)&header[first_hdr_size];
+     strncopy(filename, hdr_filename, sizeof(filename));
++    if(entry_pos >= strlen(filename))
++        error(M_BADHEADR, "");
+     if (host_os != OS)
+         strparity((uchar *)filename);
+     if ((arj_flags & PATHSYM_FLAG) != 0)
+@@ -733,11 +738,11 @@ extract()
+ 
+     no_output = 0;
+     if (command == 'E')
+-        strcpy(name, &filename[entry_pos]);
++        strncopy(name, &filename[entry_pos], sizeof(name));
+     else
+     {
+         strcpy(name, DEFAULT_DIR);
+-        strcat(name, filename);
++        strncopy(name+strlen(name), filename, sizeof(name)-strlen(name));
+     }
+ 
+     if (host_os != OS)
diff --git a/app-arch/unarj/files/unarj-2.65-sanitation.patch b/app-arch/unarj/files/unarj-2.65-sanitation.patch
new file mode 100644
index 000000000000..e8b36f050815
--- /dev/null
+++ b/app-arch/unarj/files/unarj-2.65-sanitation.patch
@@ -0,0 +1,133 @@
+Index: unarj-2.65/sanitize.c
+===================================================================
+--- /dev/null
++++ unarj-2.65/sanitize.c
+@@ -0,0 +1,81 @@
++/*
++ * Path sanitation code by Ludwig Nussel <ludwig.nussel@suse.de>. Public Domain.
++ */
++
++#include "unarj.h"
++
++#include <string.h>
++#include <limits.h>
++#include <stdio.h>
++
++#ifndef PATH_CHAR
++#define PATH_CHAR '/'
++#endif
++#ifndef MIN
++#define MIN(x,y) ((x)<(y)?(x):(y))
++#endif
++
++/* copy src into dest converting the path to a relative one inside the current
++ * directory. dest must hold at least len bytes */
++void copy_path_relative(char *dest, char *src, size_t len)
++{
++    char* o = dest;
++    char* p = src;
++
++    *o = '\0';
++
++    while(*p && *p == PATH_CHAR) ++p;
++    for(; len && *p;)
++    {
++	src = p;
++	p = strchr(src, PATH_CHAR);
++	if(!p) p = src+strlen(src);
++
++	/* . => skip */
++	if(p-src == 1 && *src == '.' )
++	{
++	    if(*p) src = ++p;
++	}
++	/* .. => pop one */
++	else if(p-src == 2 && *src == '.' && src[1] == '.')
++	{
++	    if(o != dest)
++	    {
++		char* tmp;
++		*o = '\0';
++		tmp = strrchr(dest, PATH_CHAR);
++		if(!tmp)
++		{
++		    len += o-dest;
++		    o = dest;
++		    if(*p) ++p;
++		}
++		else
++		{
++		    len += o-tmp;
++		    o = tmp;
++		    if(*p) ++p;
++		}
++	    }
++	    else /* nothing to pop */
++		if(*p) ++p;
++	}
++	else
++	{
++	    size_t copy;
++	    if(o != dest)
++	    {
++		--len;
++		*o++ = PATH_CHAR;
++	    }
++	    copy = MIN(p-src,len);
++	    memcpy(o, src, copy);
++	    len -= copy;
++	    src += copy;
++	    o += copy;
++	    if(*p) ++p;
++	}
++	while(*p && *p == PATH_CHAR) ++p;
++    }
++    o[len?0:-1] = '\0';
++}
+Index: unarj-2.65/unarj.c
+===================================================================
+--- unarj-2.65.orig/unarj.c
++++ unarj-2.65/unarj.c
+@@ -235,6 +235,8 @@ static UCRC   crctable[UCHAR_MAX + 1];
+ 
+ /* Functions */
+ 
++void copy_path_relative(char *dest, char *src, size_t len);
++
+ static void
+ make_crctable()
+ {
+@@ -738,11 +740,11 @@ extract()
+ 
+     no_output = 0;
+     if (command == 'E')
+-        strncopy(name, &filename[entry_pos], sizeof(name));
++        copy_path_relative(name, &filename[entry_pos], sizeof(name));
+     else
+     {
+         strcpy(name, DEFAULT_DIR);
+-        strncopy(name+strlen(name), filename, sizeof(name)-strlen(name));
++        copy_path_relative(name+strlen(name), filename, sizeof(name)-strlen(name));
+     }
+ 
+     if (host_os != OS)
+Index: unarj-2.65/Makefile
+===================================================================
+--- unarj-2.65.orig/Makefile
++++ unarj-2.65/Makefile
+@@ -6,8 +6,8 @@ CC = gcc
+ CFLAGS = -O2 -Wall -ansi -pedantic -DUNIX
+ INSTALLDIR=/usr/local/bin
+ 
+-unarj: unarj.o decode.o environ.o
+-	$(CC) $(CFLAGS) -o unarj unarj.o decode.o environ.o
++unarj: unarj.o decode.o environ.o sanitize.o
++	$(CC) $(CFLAGS) -o unarj unarj.o decode.o environ.o sanitize.o
+ 	strip unarj
+ 
+ clean:
+@@ -19,3 +19,4 @@ install:
+ unarj.o: unarj.c unarj.h Makefile
+ environ.o:  environ.c unarj.h Makefile
+ decode.o:   decode.c unarj.h Makefile
++sanitize.o:   sanitize.c unarj.h Makefile
diff --git a/app-arch/unarj/unarj-2.63a-r2.ebuild b/app-arch/unarj/unarj-2.63a-r2.ebuild
new file mode 100644
index 000000000000..1c5bf003e56e
--- /dev/null
+++ b/app-arch/unarj/unarj-2.63a-r2.ebuild
@@ -0,0 +1,31 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-arch/unarj/unarj-2.63a-r2.ebuild,v 1.1 2004/11/15 03:34:39 solar Exp $
+
+inherit eutils
+
+DESCRIPTION="Utility for opening arj archives"
+HOMEPAGE="http://ibiblio.org/pub/Linux/utils/compress/"
+SRC_URI="http://ibiblio.org/pub/Linux/utils/compress/${P}.tar.gz"
+
+LICENSE="arj"
+SLOT="0"
+KEYWORDS="~x86 ~ppc ~sparc ~alpha ~arm ~amd64"
+IUSE=""
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	sed -i "/^CFLAGS/s:-O2:${CFLAGS}:" ${S}/Makefile
+	epatch ${FILESDIR}/unarj-2.65-CAN-2004-0947.patch
+	epatch ${FILESDIR}/unarj-2.65-sanitation.patch
+}
+
+src_compile() {
+	emake || die
+}
+
+src_install() {
+	dobin unarj || die
+	dodoc unarj.txt technote.txt readme.txt
+}