diff options
author | Ned Ludd <solar@gentoo.org> | 2004-11-15 03:34:39 +0000 |
---|---|---|
committer | Ned Ludd <solar@gentoo.org> | 2004-11-15 03:34:39 +0000 |
commit | 338ac4286081c68e2c14081c567a0135459bcc68 (patch) | |
tree | 8a9ad21c2f8f91b76d1db6e802012e1f6072299d /app-arch | |
parent | Error out when profile contains files owned by another user #67052 (and other... (diff) | |
download | gentoo-2-338ac4286081c68e2c14081c567a0135459bcc68.tar.gz gentoo-2-338ac4286081c68e2c14081c567a0135459bcc68.tar.bz2 gentoo-2-338ac4286081c68e2c14081c567a0135459bcc68.zip |
security bump - CAN-2004-0947 - bug 70966
Diffstat (limited to 'app-arch')
-rw-r--r-- | app-arch/unarj/ChangeLog | 8 | ||||
-rw-r--r-- | app-arch/unarj/Manifest | 4 | ||||
-rw-r--r-- | app-arch/unarj/files/digest-unarj-2.63a-r2 | 1 | ||||
-rw-r--r-- | app-arch/unarj/files/unarj-2.65-CAN-2004-0947.patch | 49 | ||||
-rw-r--r-- | app-arch/unarj/files/unarj-2.65-sanitation.patch | 133 | ||||
-rw-r--r-- | app-arch/unarj/unarj-2.63a-r2.ebuild | 31 |
6 files changed, 225 insertions, 1 deletions
diff --git a/app-arch/unarj/ChangeLog b/app-arch/unarj/ChangeLog index d2bada0e8ce5..349b3506ad3d 100644 --- a/app-arch/unarj/ChangeLog +++ b/app-arch/unarj/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-arch/unarj # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-arch/unarj/ChangeLog,v 1.9 2004/06/24 21:37:28 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-arch/unarj/ChangeLog,v 1.10 2004/11/15 03:34:39 solar Exp $ + +*unarj-2.63a-r2 (14 Nov 2004) + + 14 Nov 2004; <solar@gentoo.org> +files/unarj-2.65-CAN-2004-0947.patch, + +files/unarj-2.65-sanitation.patch, +unarj-2.63a-r2.ebuild: + security bump - CAN-2004-0947 - bug 70966 24 Nov 2003; Aron Griffis <agriffis@gentoo.org> unarj-2.63a-r1.ebuild: Mark stable on alpha diff --git a/app-arch/unarj/Manifest b/app-arch/unarj/Manifest index b599fc0a6caa..828c7b8ba933 100644 --- a/app-arch/unarj/Manifest +++ b/app-arch/unarj/Manifest @@ -1,3 +1,7 @@ MD5 416739c466fcd11a64bf83b0b905c486 unarj-2.63a-r1.ebuild 658 +MD5 3db1dd73e60c9d088058dda04be488a8 unarj-2.63a-r2.ebuild 788 MD5 d1e87deacbf6773fdc257d33a4934d09 ChangeLog 1246 +MD5 ff29e175029520a55c6bbe96c614370b files/unarj-2.65-sanitation.patch 3040 MD5 0fec2e24cfc04ee5279a349ea7ebc34b files/digest-unarj-2.63a-r1 62 +MD5 0fec2e24cfc04ee5279a349ea7ebc34b files/digest-unarj-2.63a-r2 62 +MD5 c690458b8e0e69d0988b7359b4c4efa7 files/unarj-2.65-CAN-2004-0947.patch 1523 diff --git a/app-arch/unarj/files/digest-unarj-2.63a-r2 b/app-arch/unarj/files/digest-unarj-2.63a-r2 new file mode 100644 index 000000000000..ea9a48b49669 --- /dev/null +++ b/app-arch/unarj/files/digest-unarj-2.63a-r2 @@ -0,0 +1 @@ +MD5 a83d139c245f911f22cb1b611ec9768f unarj-2.63a.tar.gz 24979 diff --git a/app-arch/unarj/files/unarj-2.65-CAN-2004-0947.patch b/app-arch/unarj/files/unarj-2.65-CAN-2004-0947.patch new file mode 100644 index 000000000000..f52af83ac2ca --- /dev/null +++ b/app-arch/unarj/files/unarj-2.65-CAN-2004-0947.patch @@ -0,0 +1,49 @@ +Index: unarj-2.65/unarj.c +=================================================================== +--- unarj-2.65.orig/unarj.c ++++ unarj-2.65/unarj.c +@@ -217,7 +217,7 @@ static uchar arj_flags; + static short method; + static uint file_mode; + static ulong time_stamp; +-static short entry_pos; ++static ushort entry_pos; + static ushort host_data; + static uchar *get_ptr; + static UCRC file_crc; +@@ -608,6 +608,7 @@ char *name; + error(M_BADHEADR, ""); + + crc = CRC_MASK; ++ memset(header, 0, sizeof(header)); + fread_crc(header, (int) headersize, fd); + header_crc = fget_crc(fd); + if ((crc ^ CRC_MASK) != header_crc) +@@ -632,9 +633,13 @@ char *name; + + if (origsize < 0 || compsize < 0) + error(M_HEADRCRC, ""); ++ if(first_hdr_size > headersize-2) /* need two \0 for file and comment */ ++ error(M_BADHEADR, ""); + + hdr_filename = (char *)&header[first_hdr_size]; + strncopy(filename, hdr_filename, sizeof(filename)); ++ if(entry_pos >= strlen(filename)) ++ error(M_BADHEADR, ""); + if (host_os != OS) + strparity((uchar *)filename); + if ((arj_flags & PATHSYM_FLAG) != 0) +@@ -733,11 +738,11 @@ extract() + + no_output = 0; + if (command == 'E') +- strcpy(name, &filename[entry_pos]); ++ strncopy(name, &filename[entry_pos], sizeof(name)); + else + { + strcpy(name, DEFAULT_DIR); +- strcat(name, filename); ++ strncopy(name+strlen(name), filename, sizeof(name)-strlen(name)); + } + + if (host_os != OS) diff --git a/app-arch/unarj/files/unarj-2.65-sanitation.patch b/app-arch/unarj/files/unarj-2.65-sanitation.patch new file mode 100644 index 000000000000..e8b36f050815 --- /dev/null +++ b/app-arch/unarj/files/unarj-2.65-sanitation.patch @@ -0,0 +1,133 @@ +Index: unarj-2.65/sanitize.c +=================================================================== +--- /dev/null ++++ unarj-2.65/sanitize.c +@@ -0,0 +1,81 @@ ++/* ++ * Path sanitation code by Ludwig Nussel <ludwig.nussel@suse.de>. Public Domain. ++ */ ++ ++#include "unarj.h" ++ ++#include <string.h> ++#include <limits.h> ++#include <stdio.h> ++ ++#ifndef PATH_CHAR ++#define PATH_CHAR '/' ++#endif ++#ifndef MIN ++#define MIN(x,y) ((x)<(y)?(x):(y)) ++#endif ++ ++/* copy src into dest converting the path to a relative one inside the current ++ * directory. dest must hold at least len bytes */ ++void copy_path_relative(char *dest, char *src, size_t len) ++{ ++ char* o = dest; ++ char* p = src; ++ ++ *o = '\0'; ++ ++ while(*p && *p == PATH_CHAR) ++p; ++ for(; len && *p;) ++ { ++ src = p; ++ p = strchr(src, PATH_CHAR); ++ if(!p) p = src+strlen(src); ++ ++ /* . => skip */ ++ if(p-src == 1 && *src == '.' ) ++ { ++ if(*p) src = ++p; ++ } ++ /* .. => pop one */ ++ else if(p-src == 2 && *src == '.' && src[1] == '.') ++ { ++ if(o != dest) ++ { ++ char* tmp; ++ *o = '\0'; ++ tmp = strrchr(dest, PATH_CHAR); ++ if(!tmp) ++ { ++ len += o-dest; ++ o = dest; ++ if(*p) ++p; ++ } ++ else ++ { ++ len += o-tmp; ++ o = tmp; ++ if(*p) ++p; ++ } ++ } ++ else /* nothing to pop */ ++ if(*p) ++p; ++ } ++ else ++ { ++ size_t copy; ++ if(o != dest) ++ { ++ --len; ++ *o++ = PATH_CHAR; ++ } ++ copy = MIN(p-src,len); ++ memcpy(o, src, copy); ++ len -= copy; ++ src += copy; ++ o += copy; ++ if(*p) ++p; ++ } ++ while(*p && *p == PATH_CHAR) ++p; ++ } ++ o[len?0:-1] = '\0'; ++} +Index: unarj-2.65/unarj.c +=================================================================== +--- unarj-2.65.orig/unarj.c ++++ unarj-2.65/unarj.c +@@ -235,6 +235,8 @@ static UCRC crctable[UCHAR_MAX + 1]; + + /* Functions */ + ++void copy_path_relative(char *dest, char *src, size_t len); ++ + static void + make_crctable() + { +@@ -738,11 +740,11 @@ extract() + + no_output = 0; + if (command == 'E') +- strncopy(name, &filename[entry_pos], sizeof(name)); ++ copy_path_relative(name, &filename[entry_pos], sizeof(name)); + else + { + strcpy(name, DEFAULT_DIR); +- strncopy(name+strlen(name), filename, sizeof(name)-strlen(name)); ++ copy_path_relative(name+strlen(name), filename, sizeof(name)-strlen(name)); + } + + if (host_os != OS) +Index: unarj-2.65/Makefile +=================================================================== +--- unarj-2.65.orig/Makefile ++++ unarj-2.65/Makefile +@@ -6,8 +6,8 @@ CC = gcc + CFLAGS = -O2 -Wall -ansi -pedantic -DUNIX + INSTALLDIR=/usr/local/bin + +-unarj: unarj.o decode.o environ.o +- $(CC) $(CFLAGS) -o unarj unarj.o decode.o environ.o ++unarj: unarj.o decode.o environ.o sanitize.o ++ $(CC) $(CFLAGS) -o unarj unarj.o decode.o environ.o sanitize.o + strip unarj + + clean: +@@ -19,3 +19,4 @@ install: + unarj.o: unarj.c unarj.h Makefile + environ.o: environ.c unarj.h Makefile + decode.o: decode.c unarj.h Makefile ++sanitize.o: sanitize.c unarj.h Makefile diff --git a/app-arch/unarj/unarj-2.63a-r2.ebuild b/app-arch/unarj/unarj-2.63a-r2.ebuild new file mode 100644 index 000000000000..1c5bf003e56e --- /dev/null +++ b/app-arch/unarj/unarj-2.63a-r2.ebuild @@ -0,0 +1,31 @@ +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-arch/unarj/unarj-2.63a-r2.ebuild,v 1.1 2004/11/15 03:34:39 solar Exp $ + +inherit eutils + +DESCRIPTION="Utility for opening arj archives" +HOMEPAGE="http://ibiblio.org/pub/Linux/utils/compress/" +SRC_URI="http://ibiblio.org/pub/Linux/utils/compress/${P}.tar.gz" + +LICENSE="arj" +SLOT="0" +KEYWORDS="~x86 ~ppc ~sparc ~alpha ~arm ~amd64" +IUSE="" + +src_unpack() { + unpack ${A} + cd ${S} + sed -i "/^CFLAGS/s:-O2:${CFLAGS}:" ${S}/Makefile + epatch ${FILESDIR}/unarj-2.65-CAN-2004-0947.patch + epatch ${FILESDIR}/unarj-2.65-sanitation.patch +} + +src_compile() { + emake || die +} + +src_install() { + dobin unarj || die + dodoc unarj.txt technote.txt readme.txt +} |