Security fixes adopted/reimplemented from Debian:
CVE-2008-0888, CVE-2005-4667, CAN-2005-2475 Enable ACORN_FTYPE_NFS and WILD_STOP_AT_DIR options PR: 122367 Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
This commit is contained in:
parent
fe3afaa421
commit
d775f2b68c
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=210384
7 changed files with 242 additions and 25 deletions
|
@ -7,7 +7,7 @@
|
|||
|
||||
PORTNAME= unzip
|
||||
PORTVERSION= 5.52
|
||||
PORTREVISION= 3
|
||||
PORTREVISION= 4
|
||||
CATEGORIES?= archivers
|
||||
MASTER_SITES= ftp://ftp.info-zip.org/pub/infozip/src/ ${MASTER_SITE_TEX_CTAN}
|
||||
MASTER_SITE_SUBDIR= tools/zip/info-zip/src
|
||||
|
@ -27,7 +27,8 @@ CFLAGS+= -D_FILE_OFFSET_BITS=64
|
|||
.if defined(WITH_UNZIP_UNREDUCE)
|
||||
DISTFILES= ${DISTNAME}${EXTRACT_SUFX} unreduce_full.zip
|
||||
EXTRACT_ONLY= ${PORTNAME}552.tar.gz
|
||||
MAKE_ENV= LOCAL_UNZIP="${CFLAGS} -DUSE_UNSHRINK -DUSE_SMITH_CODE"
|
||||
MAKE_ENV= LOCAL_UNZIP="${CFLAGS} \
|
||||
-DUSE_UNSHRINK -DUSE_SMITH_CODE -DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR"
|
||||
.endif
|
||||
|
||||
.ifdef USE_UNZIP
|
||||
|
|
14
archivers/unzip/files/patch-contsts.h
Normal file
14
archivers/unzip/files/patch-contsts.h
Normal file
|
@ -0,0 +1,14 @@
|
|||
--- unzip-5.52.orig/consts.h
|
||||
+++ consts.h
|
||||
@@ -34,9 +34,9 @@
|
||||
"error: expected central file header signature not found (file #%lu).\n";
|
||||
ZCONST char Far SeekMsg[] =
|
||||
"error [%s]: attempt to seek before beginning of zipfile\n%s";
|
||||
-ZCONST char Far FilenameNotMatched[] = "caution: filename not matched: %s\n";
|
||||
+ZCONST char Far FilenameNotMatched[] = "caution: filename not matched: %.512s\n";
|
||||
ZCONST char Far ExclFilenameNotMatched[] =
|
||||
- "caution: excluded filename not matched: %s\n";
|
||||
+ "caution: excluded filename not matched: %.512s\n";
|
||||
|
||||
#ifdef VMS
|
||||
ZCONST char Far ReportMsg[] = "\
|
14
archivers/unzip/files/patch-fileio.c
Normal file
14
archivers/unzip/files/patch-fileio.c
Normal file
|
@ -0,0 +1,14 @@
|
|||
--- unzip-5.52.orig/fileio.c
|
||||
+++ fileio.c
|
||||
@@ -413,7 +413,11 @@
|
||||
#endif /* NOVELL_BUG_FAILSAFE */
|
||||
Trace((stderr, "open_outfile: doing fopen(%s) for writing\n",
|
||||
FnFilter1(G.filename)));
|
||||
+#if defined(SYMLINKS) || defined(QLZIP)
|
||||
+ if ((G.outfile = fopen(G.filename, FOPWR)) == (FILE *)NULL) {
|
||||
+#else
|
||||
if ((G.outfile = fopen(G.filename, FOPW)) == (FILE *)NULL) {
|
||||
+#endif
|
||||
Info(slide, 0x401, ((char *)slide, LoadFarString(CannotCreateFile),
|
||||
FnFilter1(G.filename)));
|
||||
return 1;
|
50
archivers/unzip/files/patch-inflate.c
Normal file
50
archivers/unzip/files/patch-inflate.c
Normal file
|
@ -0,0 +1,50 @@
|
|||
--- unzip-5.52.orig/inflate.c
|
||||
+++ inflate.c
|
||||
@@ -983,6 +983,7 @@
|
||||
unsigned l; /* last length */
|
||||
unsigned m; /* mask for bit lengths table */
|
||||
unsigned n; /* number of lengths to get */
|
||||
+ struct huft *tlp;
|
||||
struct huft *tl; /* literal/length code table */
|
||||
struct huft *td; /* distance code table */
|
||||
unsigned bl; /* lookup bits for tl */
|
||||
@@ -996,6 +997,8 @@
|
||||
int retval = 0; /* error code returned: initialized to "no error" */
|
||||
|
||||
|
||||
+ td = tlp = tl = (struct huft *)NULL;
|
||||
+
|
||||
/* make local bit buffer */
|
||||
Trace((stderr, "\ndynamic block"));
|
||||
b = G.bb;
|
||||
@@ -1047,9 +1050,9 @@
|
||||
while (i < n)
|
||||
{
|
||||
NEEDBITS(bl)
|
||||
- j = (td = tl + ((unsigned)b & m))->b;
|
||||
+ j = (tlp = tl + ((unsigned)b & m))->b;
|
||||
DUMPBITS(j)
|
||||
- j = td->v.n;
|
||||
+ j = tlp->v.n;
|
||||
if (j < 16) /* length of code in bits (0..15) */
|
||||
ll[i++] = l = j; /* save last length in l */
|
||||
else if (j == 16) /* repeat last length 3 to 6 times */
|
||||
@@ -1141,6 +1144,7 @@
|
||||
huft_free(td);
|
||||
}
|
||||
huft_free(tl);
|
||||
+
|
||||
return retval;
|
||||
}
|
||||
|
||||
@@ -1149,8 +1153,8 @@
|
||||
|
||||
cleanup_and_exit:
|
||||
/* free the decoding tables, return */
|
||||
- huft_free(tl);
|
||||
- huft_free(td);
|
||||
+ if (tl) huft_free(tl);
|
||||
+ if (td) huft_free(td);
|
||||
return retval;
|
||||
}
|
||||
|
30
archivers/unzip/files/patch-process.c
Normal file
30
archivers/unzip/files/patch-process.c
Normal file
|
@ -0,0 +1,30 @@
|
|||
--- unzip-5.52.orig/process.c
|
||||
+++ process.c
|
||||
@@ -74,20 +74,20 @@
|
||||
/* do_seekable() strings */
|
||||
# ifdef UNIX
|
||||
static ZCONST char Far CannotFindZipfileDirMsg[] =
|
||||
- "%s: cannot find zipfile directory in one of %s or\n\
|
||||
- %s%s.zip, and cannot find %s, period.\n";
|
||||
+ "%s: cannot find zipfile directory in one of %.512s or\n\
|
||||
+ %s%.512s.zip, and cannot find %.512s, period.\n";
|
||||
static ZCONST char Far CannotFindEitherZipfile[] =
|
||||
- "%s: cannot find or open %s, %s.zip or %s.\n";
|
||||
+ "%s: cannot find or open %.512s, %.512s.zip or %.512s.\n";
|
||||
# else /* !UNIX */
|
||||
# ifndef AMIGA
|
||||
static ZCONST char Far CannotFindWildcardMatch[] =
|
||||
- "%s: cannot find any matches for wildcard specification \"%s\".\n";
|
||||
+ "%s: cannot find any matches for wildcard specification \"%.512s\".\n";
|
||||
# endif /* !AMIGA */
|
||||
static ZCONST char Far CannotFindZipfileDirMsg[] =
|
||||
- "%s: cannot find zipfile directory in %s,\n\
|
||||
- %sand cannot find %s, period.\n";
|
||||
+ "%s: cannot find zipfile directory in %.512s,\n\
|
||||
+ %sand cannot find %.512s, period.\n";
|
||||
static ZCONST char Far CannotFindEitherZipfile[] =
|
||||
- "%s: cannot find either %s or %s.\n";
|
||||
+ "%s: cannot find either %.512s or %.512s.\n";
|
||||
# endif /* ?UNIX */
|
||||
extern ZCONST char Far Zipnfo[]; /* in unzip.c */
|
||||
#ifndef WINDLL
|
|
@ -1,36 +1,114 @@
|
|||
--- unix/unix.c.orig Sat Feb 26 16:43:42 2005
|
||||
+++ unix/unix.c Fri Sep 9 14:36:35 2005
|
||||
@@ -1042,6 +1042,16 @@
|
||||
--- unzip-5.52.orig/unix/unix.c
|
||||
+++ unix/unix.c
|
||||
@@ -1042,8 +1042,6 @@
|
||||
ush z_uidgid[2];
|
||||
int have_uidgid_flg;
|
||||
|
||||
- fclose(G.outfile);
|
||||
-
|
||||
/*---------------------------------------------------------------------------
|
||||
If symbolic links are supported, allocate storage for a symlink control
|
||||
structure, put the uncompressed "data" and other required info in it, and
|
||||
@@ -1063,6 +1061,7 @@
|
||||
Info(slide, 0x201, ((char *)slide,
|
||||
"warning: symbolic link (%s) failed: mem alloc overflow\n",
|
||||
FnFilter1(G.filename)));
|
||||
+ fclose(G.outfile);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1070,6 +1069,7 @@
|
||||
Info(slide, 0x201, ((char *)slide,
|
||||
"warning: symbolic link (%s) failed: no mem\n",
|
||||
FnFilter1(G.filename)));
|
||||
+ fclose(G.outfile);
|
||||
return;
|
||||
}
|
||||
slnk_entry->next = NULL;
|
||||
@@ -1079,11 +1079,10 @@
|
||||
slnk_entry->fname = slnk_entry->target + ucsize + 1;
|
||||
strcpy(slnk_entry->fname, G.filename);
|
||||
|
||||
- /* reopen the "link data" file for reading */
|
||||
- G.outfile = fopen(G.filename, FOPR);
|
||||
+ /* move back to the start of the file to re-read the "link data" */
|
||||
+ rewind(G.outfile);
|
||||
|
||||
- if (!G.outfile ||
|
||||
- fread(slnk_entry->target, 1, ucsize, G.outfile) != (int)ucsize)
|
||||
+ if (fread(slnk_entry->target, 1, ucsize, G.outfile) != (int)ucsize)
|
||||
{
|
||||
Info(slide, 0x201, ((char *)slide,
|
||||
"warning: symbolic link (%s) failed\n",
|
||||
@@ -1115,12 +1114,20 @@
|
||||
}
|
||||
#endif
|
||||
|
||||
+#if (defined(NO_FCHOWN) || defined(NO_FCHMOD))
|
||||
+ fclose(G.outfile);
|
||||
+#endif
|
||||
+
|
||||
have_uidgid_flg = get_extattribs(__G__ &(zt.t3), z_uidgid);
|
||||
|
||||
/* if -X option was specified and we have UID/GID info, restore it */
|
||||
if (have_uidgid_flg) {
|
||||
TTrace((stderr, "close_outfile: restoring Unix UID/GID info\n"));
|
||||
+#if (defined(NO_FCHOWN) || defined(NO_FCHMOD))
|
||||
if (chown(G.filename, (uid_t)z_uidgid[0], (gid_t)z_uidgid[1]))
|
||||
+#else
|
||||
+ if (fchown(fileno(G.outfile), (uid_t)z_uidgid[0], (gid_t)z_uidgid[1]))
|
||||
+#endif
|
||||
{
|
||||
if (uO.qflag)
|
||||
Info(slide, 0x201, ((char *)slide,
|
||||
@@ -1133,6 +1140,18 @@
|
||||
}
|
||||
}
|
||||
|
||||
+#if (!defined(NO_FCHOWN) && !defined(NO_FCHMOD))
|
||||
+/*---------------------------------------------------------------------------
|
||||
+ Change the file permissions from default ones to those stored in the
|
||||
+ zipfile.
|
||||
+ ---------------------------------------------------------------------------*/
|
||||
+
|
||||
+#ifndef NO_CHMOD
|
||||
+ if (fchmod(fileno(G.outfile), filtattr(__G__ G.pInfo->file_attr)))
|
||||
+ perror("fchmod (file attributes) error");
|
||||
+#endif
|
||||
+ perror("chmod (file attributes) error");
|
||||
+
|
||||
fclose(G.outfile);
|
||||
|
||||
/*---------------------------------------------------------------------------
|
||||
@@ -1150,16 +1160,6 @@
|
||||
" (warning) cannot set times"));
|
||||
+ fclose(G.outfile);
|
||||
+#endif /* !NO_FCHOWN && !NO_FCHMOD */
|
||||
+
|
||||
/* set the file's access and modification times */
|
||||
if (utime(G.filename, &(zt.t2))) {
|
||||
#ifdef AOS_VS
|
||||
@@ -1151,6 +1170,7 @@
|
||||
#endif /* ?AOS_VS */
|
||||
}
|
||||
-
|
||||
-/*---------------------------------------------------------------------------
|
||||
- Change the file permissions from default ones to those stored in the
|
||||
- zipfile.
|
||||
- ---------------------------------------------------------------------------*/
|
||||
-
|
||||
-#ifndef NO_CHMOD
|
||||
- if (chmod(G.filename, filtattr(__G__ G.pInfo->file_attr)))
|
||||
- perror("chmod (file attributes) error");
|
||||
-#endif
|
||||
|
||||
+#if (defined(NO_FCHOWN) || defined(NO_FCHMOD))
|
||||
/*---------------------------------------------------------------------------
|
||||
Change the file permissions from default ones to those stored in the
|
||||
zipfile.
|
||||
@@ -1160,6 +1180,7 @@
|
||||
if (chmod(G.filename, filtattr(__G__ G.pInfo->file_attr)))
|
||||
perror("chmod (file attributes) error");
|
||||
#endif
|
||||
+#endif /* NO_FCHOWN || NO_FCHMOD */
|
||||
|
||||
} /* end function close_outfile() */
|
||||
|
||||
@@ -1640,7 +1661,6 @@
|
||||
|
||||
if ((long)LG(dlen) > 0)
|
||||
{
|
||||
- G.outfile = fopen(G.filename,"r+");
|
||||
fseek(G.outfile, -8, SEEK_END);
|
||||
fread(&ntc, 8, 1, G.outfile);
|
||||
if(ntc.id != *(long *)"XTcc")
|
||||
@@ -1650,7 +1670,6 @@
|
||||
fwrite (&ntc, 8, 1, G.outfile);
|
||||
}
|
||||
Info(slide, 0x201, ((char *)slide, "QData = %d", LG(dlen)));
|
||||
- fclose(G.outfile);
|
||||
}
|
||||
return; /* finished, cancel further extra field scanning */
|
||||
}
|
||||
|
|
30
archivers/unzip/files/patch-unzpriv.h
Normal file
30
archivers/unzip/files/patch-unzpriv.h
Normal file
|
@ -0,0 +1,30 @@
|
|||
--- unzip-5.52.orig/unzpriv.h
|
||||
+++ unzpriv.h
|
||||
@@ -1081,6 +1081,7 @@
|
||||
# define FOPR "r","ctx=stm"
|
||||
# define FOPM "r+","ctx=stm","rfm=fix","mrs=512"
|
||||
# define FOPW "w","ctx=stm","rfm=fix","mrs=512"
|
||||
+# define FOPWR "w+","ctx=stm","rfm=fix","mrs=512"
|
||||
#endif /* VMS */
|
||||
|
||||
#ifdef CMS_MVS
|
||||
@@ -1117,6 +1118,9 @@
|
||||
# ifndef FOPWT
|
||||
# define FOPWT "wt"
|
||||
# endif
|
||||
+# ifndef FOPWR
|
||||
+# define FOPWR "w+b"
|
||||
+# endif
|
||||
#else /* !MODERN */
|
||||
# ifndef FOPR
|
||||
# define FOPR "r"
|
||||
@@ -1130,6 +1134,9 @@
|
||||
# ifndef FOPWT
|
||||
# define FOPWT "w"
|
||||
# endif
|
||||
+# ifndef FOPWR
|
||||
+# define FOPWR "w+b"
|
||||
+# endif
|
||||
#endif /* ?MODERN */
|
||||
|
||||
/*
|
Loading…
Reference in a new issue