gryf/gryf-overlay
1
0
Fork 0
mirror of https://github.com/gryf/gryf-overlay.git synced 2026-01-03 12:24:17 +01:00
Code Issues Projects Releases Wiki Activity

Bump unadf version

Browse Source
This commit is contained in:
gryf
2023-10-16 17:43:40 +02:00
parent 0e1efada07
commit f92f1be5ff
4 changed files with 5 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app-arch/unadf/Manifest
View File

@@ -1,4 +1 @@
AUX unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch 5191 BLAKE2B f888e30e1a4d7caefbb407e1cb0fc76345deb960fce974f5ad80e3cad41d3dfde78e34370bdedc11f5dc2729c6695a339db1eab3d37ed5f0bfae9e104c0d2949 SHA512 d1c9a8efcf026d58eaee61e92ee99304c52672836a63dd69f5e1e0472c9b2278521b5a2597f55449ffd23dd307e2c045324bed9b5bf89d160ab517542706aca3
AUX unadf-0.7.12_separate_comment.patch 4846 BLAKE2B a58dfab3190e02ddb41c2632c62ebf40eaf8240430e8c2e146c34a30bda5956706c1927d3236d73fa8d0b2731a574b3402f25a8ebab6ba0fc11d2f92982449ef SHA512 9d1e608eae1e8cbd20051c18dff8f53aee7c3d7ef57c1c5527006c6f3af3d72dd92f8b0aee62f3ea06872d00a6a42f89105800f6fbff385830bd10486ceedbf0
DIST adflib-0.7.12.tar.bz2 135412 BLAKE2B 964ef195c0539779c33acb2f3c103f97f7fd7f78bb32a83af9d586157700664f5e531908121aea8234592bb00fb8bff2e8f754e620f989d6d4e52537675c030e SHA512 d63846f0780bd57cae5ff667eb70f98a0ba3659cfd0b12b3ae2f29ac96631e522088f911b1ba6e5ee3b00620a28a802f14d93cdf8462e18a7e3f749915ab5af3
EBUILD unadf-0.7.12.ebuild 768 BLAKE2B 9913d790bc0e21cd74985b6a3868d0fbad4fbd14a964dbfffa52bec469e5ed3e9caa11d7af10cd1995090f8c540f5269f1927291ed95a55ae6ffe026607fe4d5 SHA512 13bf269898d20bce71dc0250fc849ebcb864e03f8e29ae9706f57fa82b7987878a9ad692e4c80adf26e15028dcad911b53ec73a240a41b1dd7207704009917b3
EBUILD unadf-0.8.0.ebuild 638 BLAKE2B 57726bedc71bfbbfb1edde4f68361363282420c2953261e9daa4b4eb1ddd0ad8aaf051fe5dab9d76cb3cfe3403815fabe3a7779a346c50fefb3fe8d741550484 SHA512 b3176d5b2e18dfe76b09cda35c94f49a4bac756953b04535c140e03a5d9cb20c0aa5d66e3805f71c596a82ef7782f495c72b6ca7210daf2e8500306dc2f230df

146
app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch
View File

@@ -1,146 +0,0 @@
Description: Fix unsafe extraction by using mkdir() instead of shell command
This commit fixes following vulnerabilities:
- CVE-2016-1243: stack buffer overflow caused by blindly trusting on
pathname lengths of archived files
Stack allocated buffer sysbuf was filled with sprintf() without any
bounds checking in extracTree() function.
- CVE-2016-1244: execution of unsanitized input
Shell command used for creating directory paths was constructed by
concatenating names of archived files to the end of the command
string.
So, if the user was tricked to extract a specially crafted .adf file,
the attacker was able to execute arbitrary code with privileges of the
user.
This commit fixes both issues by
1) replacing mkdir shell commands with mkdir() function calls
2) removing redundant sysbuf buffer
Author: Tuomas Räsänen <tuomasjjrasanen@tjjr.fi>
Last-Update: 2016-09-20
--
--- a/examples/unadf.c
+++ b/examples/unadf.c
@@ -24,6 +24,8 @@
#define UNADF_VERSION "1.0"
+#include <sys/stat.h>
+#include <sys/types.h>
#include<stdlib.h>
#include<errno.h>
@@ -31,17 +33,15 @@
#include "adflib.h"
-/* The portable way used to create a directory is to call the MKDIR command via the
- * system() function.
- * It is used to create the 'dir1' directory, like the 'dir1/dir11' directory
+/* The portable way used to create a directory is to call mkdir()
+ * which is defined by following standards: SVr4, BSD, POSIX.1-2001
+ * and POSIX.1-2008
*/
/* the portable way to check if a directory 'dir1' already exists i'm using is to
* do fopen('dir1','rb'). NULL is returned if 'dir1' doesn't exists yet, an handle instead
*/
-#define MKDIR "mkdir"
-
#ifdef WIN32
#define DIRSEP '\\'
#else
@@ -51,6 +51,13 @@
#define EXTBUFL 1024*8
+static void mkdirOrLogErr(const char *const path)
+{
+ if (mkdir(path, S_IRWXU | S_IRWXG | S_IRWXO))
+ fprintf(stderr, "mkdir: cannot create directory '%s': %s\n",
+ path, strerror(errno));
+}
+
void help()
{
puts("unadf [-lrcsp -v n] dumpname.adf [files-with-path] [-d extractdir]");
@@ -152,7 +159,6 @@ void extractTree(struct Volume *vol, str
{
struct Entry* entry;
char *buf;
- char sysbuf[200];
while(tree) {
entry = (struct Entry*)tree->content;
@@ -162,16 +168,14 @@ void extractTree(struct Volume *vol, str
buf=(char*)malloc(strlen(path)+1+strlen(entry->name)+1);
if (!buf) return;
sprintf(buf,"%s%c%s",path,DIRSEP,entry->name);
- sprintf(sysbuf,"%s %s",MKDIR,buf);
if (!qflag) printf("x - %s%c\n",buf,DIRSEP);
+ if (!pflag) mkdirOrLogErr(buf);
}
else {
- sprintf(sysbuf,"%s %s",MKDIR,entry->name);
if (!qflag) printf("x - %s%c\n",entry->name,DIRSEP);
+ if (!pflag) mkdirOrLogErr(entry->name);
}
- if (!pflag) system(sysbuf);
-
if (tree->subdir!=NULL) {
if (adfChangeDir(vol,entry->name)==RC_OK) {
if (buf!=NULL)
@@ -301,21 +305,20 @@ void processFile(struct Volume *vol, cha
extractFile(vol, name, path, extbuf, pflag, qflag);
}
else {
- /* the all-in-one string : to call system(), to find the filename, the convert dir sep char ... */
- bigstr=(char*)malloc(strlen(MKDIR)+1+strlen(path)+1+strlen(name)+1);
+ bigstr=(char*)malloc(strlen(path)+1+strlen(name)+1);
if (!bigstr) { fprintf(stderr,"processFile : malloc"); return; }
/* to build to extract path */
if (strlen(path)>0) {
- sprintf(bigstr,"%s %s%c%s",MKDIR,path,DIRSEP,name);
- cdstr = bigstr+strlen(MKDIR)+1+strlen(path)+1;
+ sprintf(bigstr,"%s%c%s",path,DIRSEP,name);
+ cdstr = bigstr+strlen(path)+1;
}
else {
- sprintf(bigstr,"%s %s",MKDIR,name);
- cdstr = bigstr+strlen(MKDIR)+1;
+ sprintf(bigstr,"%s",name);
+ cdstr = bigstr;
}
/* the directory in which the file will be extracted */
- fullname = bigstr+strlen(MKDIR)+1;
+ fullname = bigstr;
/* finds the filename, and separates it from the path */
filename = strrchr(bigstr,'/')+1;
@@ -333,7 +336,7 @@ void processFile(struct Volume *vol, cha
return;
tfile = fopen(fullname,"r"); /* the only portable way to test if the dir exists */
if (tfile==NULL) { /* does't exist : create it */
- if (!pflag) system(bigstr);
+ if (!pflag) mkdirOrLogErr(bigstr);
if (!qflag) printf("x - %s%c\n",fullname,DIRSEP);
}
else
@@ -350,7 +353,7 @@ void processFile(struct Volume *vol, cha
return;
tfile = fopen(fullname,"r");
if (tfile==NULL) {
- if (!pflag) system(bigstr);
+ if (!pflag) mkdirOrLogErr(bigstr);
if (!qflag) printf("x - %s%c\n",fullname,DIRSEP);
}
else

137
app-arch/unadf/files/unadf-0.7.12_separate_comment.patch
View File

@@ -1,137 +0,0 @@
--- adflib-0.7.12_a/examples/unadf.c 2021-07-09 17:38:47.980770205 +0200
+++ adflib-0.7.12_b/examples/unadf.c 2021-07-09 17:54:32.548793259 +0200
@@ -65,6 +65,7 @@
puts(" -r : lists directory tree contents");
puts(" -c : use dircache data (must be used with -l)");
puts(" -s : display entries logical block pointer (must be used with -l)");
+ puts(" -m : display file comments, if exists (must be used with -l)");
putchar('\n');
puts(" -v n : mount volume #n instead of default #0 volume");
putchar('\n');
@@ -72,7 +73,8 @@
puts(" -d dir : extract to 'dir' directory");
}
-void printEnt(struct Volume *vol, struct Entry* entry, char *path, BOOL sect)
+void printEnt(struct Volume *vol, struct Entry* entry, char *path, BOOL sect,
+ BOOL comment)
{
/* do not print the links entries, ADFlib do not support them yet properly */
if (entry->type==ST_LFILE || entry->type==ST_LDIR || entry->type==ST_LSOFT)
@@ -81,12 +83,12 @@
if (entry->type==ST_DIR)
printf(" ");
else
- printf("%7ld ",entry->size);
+ printf("%7d ",entry->size);
printf("%4d/%02d/%02d %2d:%02d:%02d ",entry->year, entry->month, entry->days,
entry->hour, entry->mins, entry->secs);
if (sect)
- printf(" %06ld ",entry->sector);
+ printf(" %06d ",entry->sector);
if (strlen(path)>0)
printf(" %s/",path);
@@ -96,7 +98,7 @@
printf("%s/",entry->name);
else
printf("%s",entry->name);
- if (entry->comment!=NULL && strlen(entry->comment)>0)
+ if (comment && entry->comment!=NULL && strlen(entry->comment)>0)
printf(", %s",entry->comment);
putchar('\n');
@@ -203,13 +205,14 @@
}
-void printTree(struct Volume *vol, struct List* tree, char* path, BOOL sect)
+void printTree(struct Volume *vol, struct List* tree, char* path, BOOL sect,
+ BOOL comment)
{
char *buf;
struct Entry* entry;
while(tree) {
- printEnt(vol, tree->content, path, sect);
+ printEnt(vol, tree->content, path, sect, comment);
if (tree->subdir!=NULL) {
entry = (struct Entry*)tree->content;
if (strlen(path)>0) {
@@ -219,11 +222,11 @@
return;
}
sprintf(buf,"%s/%s", path, entry->name);
- printTree(vol, tree->subdir, buf, sect);
+ printTree(vol, tree->subdir, buf, sect, comment);
free(buf);
}
else
- printTree(vol, tree->subdir, entry->name, sect);
+ printTree(vol, tree->subdir, entry->name, sect, comment);
}
tree = tree->next;
}
@@ -247,7 +250,7 @@
printf("???"); break;
}
- printf(". Cylinders = %ld, Heads = %ld, Sectors = %ld",dev->cylinders,dev->heads,dev->sectors);
+ printf(". Cylinders = %d, Heads = %d, Sectors = %d",dev->cylinders,dev->heads,dev->sectors);
printf(". Volumes = %d\n",dev->nVol);
}
@@ -277,7 +280,7 @@
if (vol->volName!=NULL)
printf(" \"%s\"", vol->volName);
- printf(" between sectors [%ld-%ld].",vol->firstBlock, vol->lastBlock);
+ printf(" between sectors [%d-%d].",vol->firstBlock, vol->lastBlock);
printf(" %s ",isFFS(vol->dosType) ? "FFS" : "OFS");
if (isINTL(vol->dosType))
@@ -373,7 +376,7 @@
int main(int argc, char* argv[])
{
int i, j;
- BOOL rflag, lflag, xflag, cflag, vflag, sflag, dflag, pflag, qflag;
+ BOOL rflag, lflag, xflag, cflag, vflag, sflag, dflag, pflag, qflag, mflag;
struct List* files, *rtfiles;
char *devname, *dirname;
char strbuf[80];
@@ -392,7 +395,7 @@
exit(0);
}
- rflag = lflag = cflag = vflag = sflag = dflag = pflag = qflag = FALSE;
+ rflag = lflag = cflag = vflag = sflag = dflag = pflag = qflag = mflag = FALSE;
vInd = dInd = fInd = aInd = -1;
xflag = TRUE;
dirname = NULL;
@@ -433,6 +436,9 @@
case 's':
sflag = TRUE;
break;
+ case 'm':
+ mflag = TRUE;
+ break;
case 'c':
cflag = TRUE;
break;
@@ -526,13 +532,13 @@
if (!rflag) {
cell = list = adfGetDirEnt(vol,vol->curDirPtr);
while(cell) {
- printEnt(vol,cell->content,"", sflag);
+ printEnt(vol,cell->content,"", sflag, mflag);
cell = cell->next;
}
adfFreeDirList(list);
} else {
cell = list = adfGetRDirEnt(vol,vol->curDirPtr,TRUE);
- printTree(vol,cell,"", sflag);
+ printTree(vol,cell,"", sflag, mflag);
adfFreeDirList(list);
}
}else if (xflag) {

12
app-arch/unadf/unadf-0.7.12.ebuild → app-arch/unadf/unadf-0.8.0.ebuild
View File

@@ -3,24 +3,20 @@
EAPI=8
inherit autotools
inherit autotools git-r3
MY_PN="adflib"
DESCRIPTION="Extract files from Amiga adf disk images"
HOMEPAGE="http://lclevy.free.fr/adflib/"
SRC_URI="http://lclevy.free.fr/${MY_PN}/${MY_PN}-${PV}.tar.bz2"
HOMEPAGE="https://github.com/lclevy/adflib"
EGIT_REPO_URI="https://github.com/lclevy/adflib"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~hppa ~ppc ~x86 ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
IUSE="static-libs"
S="${WORKDIR}/${MY_PN}-${PV}"
PATCHES=(
"${FILESDIR}/${PN}-0.7.12-CVE-2016-1243_CVE-2016-1244.patch"
"${FILESDIR}/${PN}-0.7.12_separate_comment.patch"
)
#S="${WORKDIR}/${MY_PN}-${PV}"
src_prepare() {
default