diff options
| -rw-r--r-- | app-arch/unace/ChangeLog | 10 | ||||
| -rw-r--r-- | app-arch/unace/Manifest | 7 | ||||
| -rw-r--r-- | app-arch/unace/files/digest-unace-1.2b-r1 | 1 | ||||
| -rw-r--r-- | app-arch/unace/files/unace-1.2b-CAN-2005-0160-CAN-2005-0161.patch | 167 | ||||
| -rw-r--r-- | app-arch/unace/unace-1.2b-r1.ebuild | 40 |
5 files changed, 222 insertions, 3 deletions
diff --git a/app-arch/unace/ChangeLog b/app-arch/unace/ChangeLog index a8798ba20186..7c311558974c 100644 --- a/app-arch/unace/ChangeLog +++ b/app-arch/unace/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-arch/unace # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-arch/unace/ChangeLog,v 1.17 2005/01/01 11:59:26 eradicator Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-arch/unace/ChangeLog,v 1.18 2005/02/26 14:05:02 solar Exp $ + +*unace-1.2b-r1 (26 Feb 2005) + + 26 Feb 2005; <solar@gentoo.org> + +files/unace-1.2b-CAN-2005-0160-CAN-2005-0161.patch, +unace-1.2b-r1.ebuild: + - security bump for unace-1.2b (the last) opensource release bug #81958. I'd + like for us to remove the binary only 2.2 which partially remains vuln. No + clear upgrade path. will p.mask or something 27 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> unace-1.2b.ebuild, unace-2.2.ebuild: diff --git a/app-arch/unace/Manifest b/app-arch/unace/Manifest index 924d99243f55..afe763d889e3 100644 --- a/app-arch/unace/Manifest +++ b/app-arch/unace/Manifest @@ -1,5 +1,8 @@ -MD5 48c4d62b86cb355e11fb71c164da268f ChangeLog 1836 -MD5 22adbef5a4b77d94654be224d912f3ea unace-1.2b.ebuild 734 MD5 9da1b90e590dd29a38b39ec3b51d038c unace-2.2.ebuild 497 +MD5 22adbef5a4b77d94654be224d912f3ea unace-1.2b.ebuild 734 +MD5 48c4d62b86cb355e11fb71c164da268f ChangeLog 1836 +MD5 0aeb2b2ff2faf4a93a9d548c31ee719c unace-1.2b-r1.ebuild 815 +MD5 34628d3f6507592703856c82761becf0 files/digest-unace-1.2b-r1 61 MD5 34628d3f6507592703856c82761becf0 files/digest-unace-1.2b 61 +MD5 5ec540a4e79c388d1b3e270f2c7083f8 files/unace-1.2b-CAN-2005-0160-CAN-2005-0161.patch 4618 MD5 42853f578a4e17a07fc7693bf2a8b8f8 files/digest-unace-2.2 59 diff --git a/app-arch/unace/files/digest-unace-1.2b-r1 b/app-arch/unace/files/digest-unace-1.2b-r1 new file mode 100644 index 000000000000..a42e0a0aeb58 --- /dev/null +++ b/app-arch/unace/files/digest-unace-1.2b-r1 @@ -0,0 +1 @@ +MD5 84cb27bc330ee17410c7ab6e669b6f72 unace-1.2b.tar.gz 20784 diff --git a/app-arch/unace/files/unace-1.2b-CAN-2005-0160-CAN-2005-0161.patch b/app-arch/unace/files/unace-1.2b-CAN-2005-0160-CAN-2005-0161.patch new file mode 100644 index 000000000000..c9c2dd551702 --- /dev/null +++ b/app-arch/unace/files/unace-1.2b-CAN-2005-0160-CAN-2005-0161.patch @@ -0,0 +1,167 @@ +--- uac_crt.h.old 1998-07-01 10:29:00.000000000 +0200 ++++ uac_crt.h 2005-02-14 00:48:35.000000000 +0100 +@@ -4,7 +4,7 @@ + + #include "acestruc.h" + +-CHAR *ace_fname(CHAR * s, thead * head, INT nopath); ++CHAR *ace_fname(CHAR * s, thead * head, INT nopath, unsigned int size); + INT create_dest_file(CHAR * file, INT a); + + #ifdef UNIX +--- uac_crt.c.old 1998-07-01 10:29:00.000000000 +0200 ++++ uac_crt.c 2005-02-14 02:46:02.000000000 +0100 +@@ -33,12 +33,15 @@ + + /* gets file name from header + */ +-CHAR *ace_fname(CHAR * s, thead * head, INT nopath) ++CHAR *ace_fname(CHAR * s, thead * head, INT nopath, unsigned int size) + { +- INT i; ++ unsigned int i; + char *cp; + +- strncpy(s, (*(tfhead *) head).FNAME, i = (*(tfhead *) head).FNAME_SIZE); ++ i = (*(tfhead *) head).FNAME_SIZE; ++ if (i > (size - 1)) ++ i = size - 1; ++ strncpy(s, (*(tfhead *) head).FNAME, i); + s[i] = 0; + + if (nopath) +@@ -56,22 +59,72 @@ CHAR *ace_fname(CHAR * s, thead * head, + } + #endif + ++ cp = s; ++ while (*cp == '/') cp++; ++ if (cp != s) ++ memmove(s, cp, strlen(cp) + 1); ++ + return s; + } + ++int is_directory_traversal(char *str) ++{ ++ unsigned int mode, countdots; ++ /* mode 0 = fresh, 1 = just dots, 2 = not just dots */ ++ char ch; ++ ++ mode = countdots = 0; ++ ++ while (ch = *str++) ++ { ++ if ((ch == '/') && (mode == 1) && (countdots > 1)) ++ return 1; ++ ++ if (ch == '/') ++ { ++ mode = countdots = 0; ++ continue; ++ } ++ ++ if (ch == '.') ++ { ++ if (mode == 0) ++ mode = 1; ++ ++ countdots++; ++ } ++ else ++ mode = 2; ++ } ++ ++ if ((mode == 1) && (countdots > 1)) ++ return 1; ++ ++ return 0; ++} ++ + void check_ext_dir(CHAR * f) // checks/creates path of file + { + CHAR *cp, + d[PATH_MAX]; +- INT i; ++ unsigned int i; + + d[0] = 0; + ++ if (is_directory_traversal(f)) ++ { ++ f_err = ERR_WRITE; ++ printf("\n Directory traversal attempt: %s\n", f); ++ return; ++ } ++ + for (;;) + { + if ((cp = (CHAR *) strchr(&f[strlen(d) + 1], DIRSEP))!=NULL) + { + i = cp - f; ++ if (i > (PATH_MAX - 1)) ++ i = PATH_MAX - 1; + strncpy(d, f, i); + d[i] = 0; + } +--- unace.c.old 1998-07-01 10:29:00.000000000 +0200 ++++ unace.c 2005-02-14 01:43:28.000000000 +0100 +@@ -240,6 +240,7 @@ INT read_arc_head(void) // searc + INT open_archive(INT print_err) // opens archive (or volume) + { + CHAR av_str[80]; ++ unsigned int copylen; + + archan = open(aname, O_RDONLY | O_BINARY); // open file + +@@ -263,8 +264,11 @@ INT open_archive(INT print_err) + sprintf(av_str, "\ncreated on %d.%d.%d by ", + ts_day(adat.time_cr), ts_month(adat.time_cr), ts_year(adat.time_cr)); + printf(av_str); +- strncpy(av_str, mhead.AV, mhead.AV_SIZE); +- av_str[mhead.AV_SIZE] = 0; ++ copylen = mhead.AV_SIZE; ++ if (copylen > 79) ++ copylen = 79; ++ strncpy(av_str, mhead.AV, copylen); ++ av_str[copylen] = 0; + printf("%s\n\n", av_str); + } + comment_out("Main comment:"); // print main comment +@@ -300,7 +304,7 @@ void get_next_volname(void) + INT proc_vol(void) // opens volume + { + INT i; +- CHAR s[80]; ++ CHAR s[PATH_MAX + 80]; + + // if f_allvol_pr is 2 we have -y and should never ask + if ((!fileexists_insense(aname) && f_allvol_pr != 2) || !f_allvol_pr) +@@ -428,7 +432,7 @@ void extract_files(int nopath, int test) + if (head.HEAD_TYPE == FILE_BLK) + { + comment_out("File comment:"); // show file comment +- ace_fname(file, &head, nopath); // get file name ++ ace_fname(file, &head, nopath, sizeof(file)); // get file name + printf("\n%s", file); + flush; + dcpr_init_file(); // initialize decompression of file +@@ -496,7 +500,7 @@ void list_files(int verbose) + if (head.HEAD_TYPE == FILE_BLK) + { + ULONG ti=fhead.FTIME; +- ace_fname(file, &head, verbose ? 0 : 1); // get file name ++ ace_fname(file, &head, verbose ? 0 : 1, sizeof(file)); // get file name + + size += fhead.SIZE; + psize += +@@ -588,7 +592,8 @@ int main(INT argc, CHAR * argv[]) + + init_unace(); // initialize unace + +- strcpy(aname, argv[arg_cnt]); // get archive name ++ strncpy(aname, argv[arg_cnt], sizeof(aname) - 4); // get archive name ++ aname[sizeof(aname) - 5] = '\0'; + if (!(s = (CHAR *) strrchr(aname, DIRSEP))) + s = aname; + if (!strrchr(s, '.')) diff --git a/app-arch/unace/unace-1.2b-r1.ebuild b/app-arch/unace/unace-1.2b-r1.ebuild new file mode 100644 index 000000000000..fbc88f568c1b --- /dev/null +++ b/app-arch/unace/unace-1.2b-r1.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-arch/unace/unace-1.2b-r1.ebuild,v 1.1 2005/02/26 14:05:02 solar Exp $ + +inherit eutils + +DESCRIPTION="ACE unarchiver" +HOMEPAGE="http://www.winace.com/" +SRC_URI="http://wilma.vub.ac.be/~pdewacht/${P}.tar.gz" + +LICENSE="freedist" +SLOT="1" +KEYWORDS="x86" +IUSE="" + +DEPEND="virtual/libc" + +S="${WORKDIR}/${PN}" + +src_unpack() { + unpack ${A} + cd ${S} + cp unix/makefile . + cp unix/gccmaked . + epatch ${FILESDIR}/unace-1.2b-CAN-2005-0160-CAN-2005-0161.patch +} + +src_compile() { + sed -i -e "s/^CFLAGS = -O.*/CFLAGS = -Wall ${CFLAGS}/g" \ + -e "s/-DCASEINSENSE//g" \ + makefile + + emake dep || die + emake || die +} + +src_install() { + dobin unace || die + dodoc readme.txt changes.log +} |