gentoo resync : 30.12.2017

author: V3n3RiX <venerix@redcorelinux.org> 2017-12-30 01:11:30 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2017-12-30 01:11:30 +0000
commit: 76dfef0cec9170000357d2f354e412daf48941fc (patch)
tree: 56647120c0ee20ab3494475c86722034cd194b02 /app-arch/unadf
parent: ccf84bcd604130256d1377cd58f0a634ae6ee20f (diff)
3 files changed, 156 insertions, 8 deletions
diff --git a/app-arch/unadf/Manifest b/app-arch/unadf/Manifest
index 45de279879f8..4946293a7f8e 100644
--- a/app-arch/unadf/Manifest
+++ b/app-arch/unadf/Manifest
@@ -1,6 +1,7 @@
 AUX no.in_path.patch 1341 BLAKE2B 7ec890361f9c7a30b5b60682773bbdfbf2eed2d6de19ded5ba4ba6d3dff1f08f9f4b79c927fa5bfdc2d8ad2de76f8101259350b011e5ceec8ec00e634b9f0fac SHA512 79e218cb222ac8024a8c6decab688428677298269c11bfca683921a84e70056f9fd58b12f290cf30944017fff1c794a713701cfd0c722fd98180a2c3d521a1c8
+AUX unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch 5191 BLAKE2B f888e30e1a4d7caefbb407e1cb0fc76345deb960fce974f5ad80e3cad41d3dfde78e34370bdedc11f5dc2729c6695a339db1eab3d37ed5f0bfae9e104c0d2949 SHA512 d1c9a8efcf026d58eaee61e92ee99304c52672836a63dd69f5e1e0472c9b2278521b5a2597f55449ffd23dd307e2c045324bed9b5bf89d160ab517542706aca3
 DIST adflib-0.7.12.tar.bz2 135412 BLAKE2B 964ef195c0539779c33acb2f3c103f97f7fd7f78bb32a83af9d586157700664f5e531908121aea8234592bb00fb8bff2e8f754e620f989d6d4e52537675c030e SHA512 d63846f0780bd57cae5ff667eb70f98a0ba3659cfd0b12b3ae2f29ac96631e522088f911b1ba6e5ee3b00620a28a802f14d93cdf8462e18a7e3f749915ab5af3
 DIST adflib.zip 254914 BLAKE2B 9683ea4edbeb7254e0c162140063e2aa53e183aba31b4b7bf1ab498a5bb218ae687a54d87e50cc2b15e5725a2f77c16e9ca4dba23b5d5a373f513747839055a9 SHA512 fe8edf5247ba82e475f62f96fcb72d50bf80641e14e957c99694def98735eb327a67208e3460504a0d109c9497d6e81f0cd8ce07ddc73486adc9e7070a75074a
-EBUILD unadf-0.7.12.ebuild 640 BLAKE2B 9b5080c1eab3f84df2682b8386a9c2ff92842223f2c004472a721c1f0af1d4a05aaa990ad01327f7aeaa4ed196dea2f877ca2fe383947657eca7d44c79a319a3 SHA512 e7cdedb3d7fc0b5b20fab9bd932311a99d3829e2345b78b74d098397bfba1c64532dfd2e6404fffe64a210bcda09f7d05755d46b4241d4148b187866be571671
+EBUILD unadf-0.7.12-r1.ebuild 713 BLAKE2B dec763f597a3b70d61f79d06e0fd318d0185b27d751ecb7043f4d827af9599ca3639868fd24ee0ffebdaff0758cfe72c24526f9b41bda95d865e0cadc1c504c6 SHA512 2a118c374eb133f1eb75d60905fb33cf016fab65c232e05e9e9d3a9966ebba8a9913028a96f1b4ca0fb2d97b0693f1ff0ff502e4bb578a33ff143361ea5af7a3
 EBUILD unadf-0.7.9b.ebuild 875 BLAKE2B 9df1ceefc07e087ebf0b5f5f5a99963fe19cf1a391eda0036a9950b5bc6af080cc4c8f4257fe83bcb4424f9c2562a5ed83903f2f7f854adf31724e71075b39ec SHA512 be619ea1d383e7279313c45c2cdd77aa32854962c04a1693bf99488ed9032c6de2b4a84ad0211d3358989cb68d9f8637bba5e625fab9fe3ee4ccc15d692a8f1a
 MISC metadata.xml 216 BLAKE2B 20531789dc11e43feee7ec315a0c1c7249fdf73764e29cb7d6db439826e9ff72f24a5cdb8eb7f1ab99bbb41fb6e4226874a1d1fa4185de52598602bb3b0479a3 SHA512 e881b59fe49746eb25ad66c258b41aba501e4eb563129093a3898ea970a20506e7898f7c355cfcf99605234962bf2c77c1309c258b9a2b84ee4302ccb71c9dbd
diff --git a/app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch b/app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch
new file mode 100644
index 000000000000..5547e0047cbc
--- /dev/null
+++ b/app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch
@@ -0,0 +1,146 @@
+Description: Fix unsafe extraction by using mkdir() instead of shell command
+  This commit fixes following vulnerabilities:
+
+  - CVE-2016-1243: stack buffer overflow caused by blindly trusting on
+    pathname lengths of archived files
+
+    Stack allocated buffer sysbuf was filled with sprintf() without any
+    bounds checking in extracTree() function.
+
+  - CVE-2016-1244: execution of unsanitized input
+
+    Shell command used for creating directory paths was constructed by
+    concatenating names of archived files to the end of the command
+    string.
+
+  So, if the user was tricked to extract a specially crafted .adf file,
+  the attacker was able to execute arbitrary code with privileges of the
+  user.
+
+  This commit fixes both issues by
+
+    1) replacing mkdir shell commands with mkdir() function calls
+    2) removing redundant sysbuf buffer
+
+Author: Tuomas Räsänen <tuomasjjrasanen@tjjr.fi>
+Last-Update: 2016-09-20
+--
+--- a/examples/unadf.c
++++ b/examples/unadf.c
+@@ -24,6 +24,8 @@
+ 
+ #define UNADF_VERSION "1.0"
+ 
++#include <sys/stat.h>
++#include <sys/types.h>
+ 
+ #include<stdlib.h>
+ #include<errno.h>
+@@ -31,17 +33,15 @@
+ 
+ #include "adflib.h"
+ 
+-/* The portable way used to create a directory is to call the MKDIR command via the
+- * system() function.
+- * It is used to create the 'dir1' directory, like the 'dir1/dir11' directory
++/* The portable way used to create a directory is to call mkdir()
++ * which is defined by following standards: SVr4, BSD, POSIX.1-2001
++ * and POSIX.1-2008
+  */
+ 
+ /* the portable way to check if a directory 'dir1' already exists i'm using is to
+  * do fopen('dir1','rb'). NULL is returned if 'dir1' doesn't exists yet, an handle instead
+  */
+ 
+-#define MKDIR "mkdir"
+-
+ #ifdef WIN32
+ #define DIRSEP '\\'
+ #else
+@@ -51,6 +51,13 @@
+ #define EXTBUFL 1024*8
+ 
+ 
++static void mkdirOrLogErr(const char *const path)
++{
++	if (mkdir(path, S_IRWXU | S_IRWXG | S_IRWXO))
++		fprintf(stderr, "mkdir: cannot create directory '%s': %s\n",
++			path, strerror(errno));
++}
++
+ void help()
+ {
+     puts("unadf [-lrcsp -v n] dumpname.adf [files-with-path] [-d extractdir]");
+@@ -152,7 +159,6 @@ void extractTree(struct Volume *vol, str
+ {
+ 	struct Entry* entry;
+     char *buf;
+-    char sysbuf[200];
+ 
+     while(tree) {
+         entry = (struct Entry*)tree->content;
+@@ -162,16 +168,14 @@ void extractTree(struct Volume *vol, str
+                 buf=(char*)malloc(strlen(path)+1+strlen(entry->name)+1);
+                 if (!buf) return;
+                 sprintf(buf,"%s%c%s",path,DIRSEP,entry->name);
+-                sprintf(sysbuf,"%s %s",MKDIR,buf);
+                 if (!qflag) printf("x - %s%c\n",buf,DIRSEP);
++                if (!pflag) mkdirOrLogErr(buf);
+             }
+             else {
+-                sprintf(sysbuf,"%s %s",MKDIR,entry->name);
+                 if (!qflag) printf("x - %s%c\n",entry->name,DIRSEP);
++                if (!pflag) mkdirOrLogErr(entry->name);
+             }
+ 
+-            if (!pflag) system(sysbuf);
+-
+ 	        if (tree->subdir!=NULL) {
+                 if (adfChangeDir(vol,entry->name)==RC_OK) {
+                     if (buf!=NULL)
+@@ -301,21 +305,20 @@ void processFile(struct Volume *vol, cha
+         extractFile(vol, name, path, extbuf, pflag, qflag);
+     }
+     else {
+-        /* the all-in-one string : to call system(), to find the filename, the convert dir sep char ... */
+-        bigstr=(char*)malloc(strlen(MKDIR)+1+strlen(path)+1+strlen(name)+1);
++        bigstr=(char*)malloc(strlen(path)+1+strlen(name)+1);
+         if (!bigstr) { fprintf(stderr,"processFile : malloc"); return; }
+ 
+         /* to build to extract path */
+         if (strlen(path)>0) {
+-            sprintf(bigstr,"%s %s%c%s",MKDIR,path,DIRSEP,name);
+-            cdstr = bigstr+strlen(MKDIR)+1+strlen(path)+1;
++            sprintf(bigstr,"%s%c%s",path,DIRSEP,name);
++            cdstr = bigstr+strlen(path)+1;
+         }
+         else {
+-            sprintf(bigstr,"%s %s",MKDIR,name);
+-            cdstr = bigstr+strlen(MKDIR)+1;
++            sprintf(bigstr,"%s",name);
++            cdstr = bigstr;
+         }
+         /* the directory in which the file will be extracted */
+-        fullname =  bigstr+strlen(MKDIR)+1;
++        fullname =  bigstr;
+ 
+         /* finds the filename, and separates it from the path */
+         filename = strrchr(bigstr,'/')+1;
+@@ -333,7 +336,7 @@ void processFile(struct Volume *vol, cha
+                     return;
+                 tfile = fopen(fullname,"r"); /* the only portable way to test if the dir exists */
+                 if (tfile==NULL) { /* does't exist : create it */
+-                    if (!pflag) system(bigstr);
++                    if (!pflag) mkdirOrLogErr(bigstr);
+                     if (!qflag) printf("x - %s%c\n",fullname,DIRSEP);
+                 }
+                 else
+@@ -350,7 +353,7 @@ void processFile(struct Volume *vol, cha
+                     return;
+                 tfile = fopen(fullname,"r");
+                 if (tfile==NULL) {
+-                    if (!pflag) system(bigstr);
++                    if (!pflag) mkdirOrLogErr(bigstr);
+                     if (!qflag) printf("x - %s%c\n",fullname,DIRSEP);
+                 }
+                 else
diff --git a/app-arch/unadf/unadf-0.7.12.ebuild b/app-arch/unadf/unadf-0.7.12-r1.ebuild
index 8250209a1c24..e6592e1c01e4 100644
--- a/app-arch/unadf/unadf-0.7.12.ebuild
+++ b/app-arch/unadf/unadf-0.7.12-r1.ebuild
@@ -1,25 +1,26 @@
 # Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=5
+EAPI=6
 
-inherit autotools eutils
+inherit autotools
 
 MY_PN="adflib"
 
 DESCRIPTION="Extract files from Amiga adf disk images"
-SRC_URI="http://lclevy.free.fr/${MY_PN}/${MY_PN}-${PV}.tar.bz2"
 HOMEPAGE="http://lclevy.free.fr/adflib/"
+SRC_URI="http://lclevy.free.fr/${MY_PN}/${MY_PN}-${PV}.tar.bz2"
+
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="~amd64 ~hppa ~ppc ~x86 ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
+KEYWORDS="amd64 ~hppa ~ppc x86 ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
 IUSE="static-libs"
-DEPEND=""
-RDEPEND=""
 
 S="${WORKDIR}/${MY_PN}-${PV}"
+PATCHES=( "${FILESDIR}"/${PN}-0.7.12-CVE-2016-1243_CVE-2016-1244.patch )
 
 src_prepare() {
+	default
 	eautoreconf
 }
 
@@ -29,5 +30,5 @@ src_configure() {
 
 src_install() {
 	default
-	prune_libtool_files
+	find "${D}" -name '*.la' -delete || die
 }
author	V3n3RiX <venerix@redcorelinux.org>	2017-12-30 01:11:30 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2017-12-30 01:11:30 +0000
commit	76dfef0cec9170000357d2f354e412daf48941fc (patch)
tree	56647120c0ee20ab3494475c86722034cd194b02 /app-arch/unadf
parent	ccf84bcd604130256d1377cd58f0a634ae6ee20f (diff)