From f92f1be5ffcfd4351e0fd35aacf487d538c9614b Mon Sep 17 00:00:00 2001 From: gryf Date: Mon, 16 Oct 2023 17:43:40 +0200 Subject: [PATCH] Bump unadf version --- app-arch/unadf/Manifest | 5 +- ...f-0.7.12-CVE-2016-1243_CVE-2016-1244.patch | 146 ------------------ .../files/unadf-0.7.12_separate_comment.patch | 137 ---------------- ...unadf-0.7.12.ebuild => unadf-0.8.0.ebuild} | 12 +- 4 files changed, 5 insertions(+), 295 deletions(-) delete mode 100644 app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch delete mode 100644 app-arch/unadf/files/unadf-0.7.12_separate_comment.patch rename app-arch/unadf/{unadf-0.7.12.ebuild => unadf-0.8.0.ebuild} (63%) diff --git a/app-arch/unadf/Manifest b/app-arch/unadf/Manifest index fa0ff11..fe94a27 100644 --- a/app-arch/unadf/Manifest +++ b/app-arch/unadf/Manifest @@ -1,4 +1 @@ -AUX unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch 5191 BLAKE2B f888e30e1a4d7caefbb407e1cb0fc76345deb960fce974f5ad80e3cad41d3dfde78e34370bdedc11f5dc2729c6695a339db1eab3d37ed5f0bfae9e104c0d2949 SHA512 d1c9a8efcf026d58eaee61e92ee99304c52672836a63dd69f5e1e0472c9b2278521b5a2597f55449ffd23dd307e2c045324bed9b5bf89d160ab517542706aca3 -AUX unadf-0.7.12_separate_comment.patch 4846 BLAKE2B a58dfab3190e02ddb41c2632c62ebf40eaf8240430e8c2e146c34a30bda5956706c1927d3236d73fa8d0b2731a574b3402f25a8ebab6ba0fc11d2f92982449ef SHA512 9d1e608eae1e8cbd20051c18dff8f53aee7c3d7ef57c1c5527006c6f3af3d72dd92f8b0aee62f3ea06872d00a6a42f89105800f6fbff385830bd10486ceedbf0 -DIST adflib-0.7.12.tar.bz2 135412 BLAKE2B 964ef195c0539779c33acb2f3c103f97f7fd7f78bb32a83af9d586157700664f5e531908121aea8234592bb00fb8bff2e8f754e620f989d6d4e52537675c030e SHA512 d63846f0780bd57cae5ff667eb70f98a0ba3659cfd0b12b3ae2f29ac96631e522088f911b1ba6e5ee3b00620a28a802f14d93cdf8462e18a7e3f749915ab5af3 -EBUILD unadf-0.7.12.ebuild 768 BLAKE2B 9913d790bc0e21cd74985b6a3868d0fbad4fbd14a964dbfffa52bec469e5ed3e9caa11d7af10cd1995090f8c540f5269f1927291ed95a55ae6ffe026607fe4d5 SHA512 13bf269898d20bce71dc0250fc849ebcb864e03f8e29ae9706f57fa82b7987878a9ad692e4c80adf26e15028dcad911b53ec73a240a41b1dd7207704009917b3 +EBUILD unadf-0.8.0.ebuild 638 BLAKE2B 57726bedc71bfbbfb1edde4f68361363282420c2953261e9daa4b4eb1ddd0ad8aaf051fe5dab9d76cb3cfe3403815fabe3a7779a346c50fefb3fe8d741550484 SHA512 b3176d5b2e18dfe76b09cda35c94f49a4bac756953b04535c140e03a5d9cb20c0aa5d66e3805f71c596a82ef7782f495c72b6ca7210daf2e8500306dc2f230df diff --git a/app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch b/app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch deleted file mode 100644 index 5547e00..0000000 --- a/app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch +++ /dev/null @@ -1,146 +0,0 @@ -Description: Fix unsafe extraction by using mkdir() instead of shell command - This commit fixes following vulnerabilities: - - - CVE-2016-1243: stack buffer overflow caused by blindly trusting on - pathname lengths of archived files - - Stack allocated buffer sysbuf was filled with sprintf() without any - bounds checking in extracTree() function. - - - CVE-2016-1244: execution of unsanitized input - - Shell command used for creating directory paths was constructed by - concatenating names of archived files to the end of the command - string. - - So, if the user was tricked to extract a specially crafted .adf file, - the attacker was able to execute arbitrary code with privileges of the - user. - - This commit fixes both issues by - - 1) replacing mkdir shell commands with mkdir() function calls - 2) removing redundant sysbuf buffer - -Author: Tuomas Räsänen -Last-Update: 2016-09-20 --- ---- a/examples/unadf.c -+++ b/examples/unadf.c -@@ -24,6 +24,8 @@ - - #define UNADF_VERSION "1.0" - -+#include -+#include - - #include - #include -@@ -31,17 +33,15 @@ - - #include "adflib.h" - --/* The portable way used to create a directory is to call the MKDIR command via the -- * system() function. -- * It is used to create the 'dir1' directory, like the 'dir1/dir11' directory -+/* The portable way used to create a directory is to call mkdir() -+ * which is defined by following standards: SVr4, BSD, POSIX.1-2001 -+ * and POSIX.1-2008 - */ - - /* the portable way to check if a directory 'dir1' already exists i'm using is to - * do fopen('dir1','rb'). NULL is returned if 'dir1' doesn't exists yet, an handle instead - */ - --#define MKDIR "mkdir" -- - #ifdef WIN32 - #define DIRSEP '\\' - #else -@@ -51,6 +51,13 @@ - #define EXTBUFL 1024*8 - - -+static void mkdirOrLogErr(const char *const path) -+{ -+ if (mkdir(path, S_IRWXU | S_IRWXG | S_IRWXO)) -+ fprintf(stderr, "mkdir: cannot create directory '%s': %s\n", -+ path, strerror(errno)); -+} -+ - void help() - { - puts("unadf [-lrcsp -v n] dumpname.adf [files-with-path] [-d extractdir]"); -@@ -152,7 +159,6 @@ void extractTree(struct Volume *vol, str - { - struct Entry* entry; - char *buf; -- char sysbuf[200]; - - while(tree) { - entry = (struct Entry*)tree->content; -@@ -162,16 +168,14 @@ void extractTree(struct Volume *vol, str - buf=(char*)malloc(strlen(path)+1+strlen(entry->name)+1); - if (!buf) return; - sprintf(buf,"%s%c%s",path,DIRSEP,entry->name); -- sprintf(sysbuf,"%s %s",MKDIR,buf); - if (!qflag) printf("x - %s%c\n",buf,DIRSEP); -+ if (!pflag) mkdirOrLogErr(buf); - } - else { -- sprintf(sysbuf,"%s %s",MKDIR,entry->name); - if (!qflag) printf("x - %s%c\n",entry->name,DIRSEP); -+ if (!pflag) mkdirOrLogErr(entry->name); - } - -- if (!pflag) system(sysbuf); -- - if (tree->subdir!=NULL) { - if (adfChangeDir(vol,entry->name)==RC_OK) { - if (buf!=NULL) -@@ -301,21 +305,20 @@ void processFile(struct Volume *vol, cha - extractFile(vol, name, path, extbuf, pflag, qflag); - } - else { -- /* the all-in-one string : to call system(), to find the filename, the convert dir sep char ... */ -- bigstr=(char*)malloc(strlen(MKDIR)+1+strlen(path)+1+strlen(name)+1); -+ bigstr=(char*)malloc(strlen(path)+1+strlen(name)+1); - if (!bigstr) { fprintf(stderr,"processFile : malloc"); return; } - - /* to build to extract path */ - if (strlen(path)>0) { -- sprintf(bigstr,"%s %s%c%s",MKDIR,path,DIRSEP,name); -- cdstr = bigstr+strlen(MKDIR)+1+strlen(path)+1; -+ sprintf(bigstr,"%s%c%s",path,DIRSEP,name); -+ cdstr = bigstr+strlen(path)+1; - } - else { -- sprintf(bigstr,"%s %s",MKDIR,name); -- cdstr = bigstr+strlen(MKDIR)+1; -+ sprintf(bigstr,"%s",name); -+ cdstr = bigstr; - } - /* the directory in which the file will be extracted */ -- fullname = bigstr+strlen(MKDIR)+1; -+ fullname = bigstr; - - /* finds the filename, and separates it from the path */ - filename = strrchr(bigstr,'/')+1; -@@ -333,7 +336,7 @@ void processFile(struct Volume *vol, cha - return; - tfile = fopen(fullname,"r"); /* the only portable way to test if the dir exists */ - if (tfile==NULL) { /* does't exist : create it */ -- if (!pflag) system(bigstr); -+ if (!pflag) mkdirOrLogErr(bigstr); - if (!qflag) printf("x - %s%c\n",fullname,DIRSEP); - } - else -@@ -350,7 +353,7 @@ void processFile(struct Volume *vol, cha - return; - tfile = fopen(fullname,"r"); - if (tfile==NULL) { -- if (!pflag) system(bigstr); -+ if (!pflag) mkdirOrLogErr(bigstr); - if (!qflag) printf("x - %s%c\n",fullname,DIRSEP); - } - else diff --git a/app-arch/unadf/files/unadf-0.7.12_separate_comment.patch b/app-arch/unadf/files/unadf-0.7.12_separate_comment.patch deleted file mode 100644 index 276392f..0000000 --- a/app-arch/unadf/files/unadf-0.7.12_separate_comment.patch +++ /dev/null @@ -1,137 +0,0 @@ ---- adflib-0.7.12_a/examples/unadf.c 2021-07-09 17:38:47.980770205 +0200 -+++ adflib-0.7.12_b/examples/unadf.c 2021-07-09 17:54:32.548793259 +0200 -@@ -65,6 +65,7 @@ - puts(" -r : lists directory tree contents"); - puts(" -c : use dircache data (must be used with -l)"); - puts(" -s : display entries logical block pointer (must be used with -l)"); -+ puts(" -m : display file comments, if exists (must be used with -l)"); - putchar('\n'); - puts(" -v n : mount volume #n instead of default #0 volume"); - putchar('\n'); -@@ -72,7 +73,8 @@ - puts(" -d dir : extract to 'dir' directory"); - } - --void printEnt(struct Volume *vol, struct Entry* entry, char *path, BOOL sect) -+void printEnt(struct Volume *vol, struct Entry* entry, char *path, BOOL sect, -+ BOOL comment) - { - /* do not print the links entries, ADFlib do not support them yet properly */ - if (entry->type==ST_LFILE || entry->type==ST_LDIR || entry->type==ST_LSOFT) -@@ -81,12 +83,12 @@ - if (entry->type==ST_DIR) - printf(" "); - else -- printf("%7ld ",entry->size); -+ printf("%7d ",entry->size); - - printf("%4d/%02d/%02d %2d:%02d:%02d ",entry->year, entry->month, entry->days, - entry->hour, entry->mins, entry->secs); - if (sect) -- printf(" %06ld ",entry->sector); -+ printf(" %06d ",entry->sector); - - if (strlen(path)>0) - printf(" %s/",path); -@@ -96,7 +98,7 @@ - printf("%s/",entry->name); - else - printf("%s",entry->name); -- if (entry->comment!=NULL && strlen(entry->comment)>0) -+ if (comment && entry->comment!=NULL && strlen(entry->comment)>0) - printf(", %s",entry->comment); - putchar('\n'); - -@@ -203,13 +205,14 @@ - } - - --void printTree(struct Volume *vol, struct List* tree, char* path, BOOL sect) -+void printTree(struct Volume *vol, struct List* tree, char* path, BOOL sect, -+ BOOL comment) - { - char *buf; - struct Entry* entry; - - while(tree) { -- printEnt(vol, tree->content, path, sect); -+ printEnt(vol, tree->content, path, sect, comment); - if (tree->subdir!=NULL) { - entry = (struct Entry*)tree->content; - if (strlen(path)>0) { -@@ -219,11 +222,11 @@ - return; - } - sprintf(buf,"%s/%s", path, entry->name); -- printTree(vol, tree->subdir, buf, sect); -+ printTree(vol, tree->subdir, buf, sect, comment); - free(buf); - } - else -- printTree(vol, tree->subdir, entry->name, sect); -+ printTree(vol, tree->subdir, entry->name, sect, comment); - } - tree = tree->next; - } -@@ -247,7 +250,7 @@ - printf("???"); break; - } - -- printf(". Cylinders = %ld, Heads = %ld, Sectors = %ld",dev->cylinders,dev->heads,dev->sectors); -+ printf(". Cylinders = %d, Heads = %d, Sectors = %d",dev->cylinders,dev->heads,dev->sectors); - - printf(". Volumes = %d\n",dev->nVol); - } -@@ -277,7 +280,7 @@ - if (vol->volName!=NULL) - printf(" \"%s\"", vol->volName); - -- printf(" between sectors [%ld-%ld].",vol->firstBlock, vol->lastBlock); -+ printf(" between sectors [%d-%d].",vol->firstBlock, vol->lastBlock); - - printf(" %s ",isFFS(vol->dosType) ? "FFS" : "OFS"); - if (isINTL(vol->dosType)) -@@ -373,7 +376,7 @@ - int main(int argc, char* argv[]) - { - int i, j; -- BOOL rflag, lflag, xflag, cflag, vflag, sflag, dflag, pflag, qflag; -+ BOOL rflag, lflag, xflag, cflag, vflag, sflag, dflag, pflag, qflag, mflag; - struct List* files, *rtfiles; - char *devname, *dirname; - char strbuf[80]; -@@ -392,7 +395,7 @@ - exit(0); - } - -- rflag = lflag = cflag = vflag = sflag = dflag = pflag = qflag = FALSE; -+ rflag = lflag = cflag = vflag = sflag = dflag = pflag = qflag = mflag = FALSE; - vInd = dInd = fInd = aInd = -1; - xflag = TRUE; - dirname = NULL; -@@ -433,6 +436,9 @@ - case 's': - sflag = TRUE; - break; -+ case 'm': -+ mflag = TRUE; -+ break; - case 'c': - cflag = TRUE; - break; -@@ -526,13 +532,13 @@ - if (!rflag) { - cell = list = adfGetDirEnt(vol,vol->curDirPtr); - while(cell) { -- printEnt(vol,cell->content,"", sflag); -+ printEnt(vol,cell->content,"", sflag, mflag); - cell = cell->next; - } - adfFreeDirList(list); - } else { - cell = list = adfGetRDirEnt(vol,vol->curDirPtr,TRUE); -- printTree(vol,cell,"", sflag); -+ printTree(vol,cell,"", sflag, mflag); - adfFreeDirList(list); - } - }else if (xflag) { diff --git a/app-arch/unadf/unadf-0.7.12.ebuild b/app-arch/unadf/unadf-0.8.0.ebuild similarity index 63% rename from app-arch/unadf/unadf-0.7.12.ebuild rename to app-arch/unadf/unadf-0.8.0.ebuild index c1eac1d..2a73d84 100644 --- a/app-arch/unadf/unadf-0.7.12.ebuild +++ b/app-arch/unadf/unadf-0.8.0.ebuild @@ -3,24 +3,20 @@ EAPI=8 -inherit autotools +inherit autotools git-r3 MY_PN="adflib" DESCRIPTION="Extract files from Amiga adf disk images" -HOMEPAGE="http://lclevy.free.fr/adflib/" -SRC_URI="http://lclevy.free.fr/${MY_PN}/${MY_PN}-${PV}.tar.bz2" +HOMEPAGE="https://github.com/lclevy/adflib" +EGIT_REPO_URI="https://github.com/lclevy/adflib" LICENSE="GPL-2" SLOT="0" KEYWORDS="~amd64 ~hppa ~ppc ~x86 ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris" IUSE="static-libs" -S="${WORKDIR}/${MY_PN}-${PV}" -PATCHES=( - "${FILESDIR}/${PN}-0.7.12-CVE-2016-1243_CVE-2016-1244.patch" - "${FILESDIR}/${PN}-0.7.12_separate_comment.patch" -) +#S="${WORKDIR}/${MY_PN}-${PV}" src_prepare() { default