gentoo resync : 14.07.2018

author: V3n3RiX <venerix@redcorelinux.org> 2018-07-14 20:56:41 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2018-07-14 20:56:41 +0100
commit: d87262dd706fec50cd150aab3e93883b6337466d (patch)
tree: 246b44c33ad7a57550430b0a60fa0df86a3c9e68 /app-arch/unadf
parent: 71bc00c87bba1ce31de0dac6c3b7fd1aee6917fc (diff)
4 files changed, 0 insertions, 191 deletions
diff --git a/app-arch/unadf/Manifest b/app-arch/unadf/Manifest
deleted file mode 100644
index 94f244259159..000000000000
--- a/app-arch/unadf/Manifest
+++ /dev/null
@@ -1,4 +0,0 @@
-AUX unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch 5191 BLAKE2B f888e30e1a4d7caefbb407e1cb0fc76345deb960fce974f5ad80e3cad41d3dfde78e34370bdedc11f5dc2729c6695a339db1eab3d37ed5f0bfae9e104c0d2949 SHA512 d1c9a8efcf026d58eaee61e92ee99304c52672836a63dd69f5e1e0472c9b2278521b5a2597f55449ffd23dd307e2c045324bed9b5bf89d160ab517542706aca3
-DIST adflib-0.7.12.tar.bz2 135412 BLAKE2B 964ef195c0539779c33acb2f3c103f97f7fd7f78bb32a83af9d586157700664f5e531908121aea8234592bb00fb8bff2e8f754e620f989d6d4e52537675c030e SHA512 d63846f0780bd57cae5ff667eb70f98a0ba3659cfd0b12b3ae2f29ac96631e522088f911b1ba6e5ee3b00620a28a802f14d93cdf8462e18a7e3f749915ab5af3
-EBUILD unadf-0.7.12-r1.ebuild 711 BLAKE2B 3f5f4f4ce0b60f1cc8e5f52b12b52ce83159bb12286613eae5360d3b5145324da315fa0eb719289dbb275619c70a1726a3aa152db80a2432eef7a00f6bbe0b44 SHA512 8fdca2e22a57466c677457a56124ffece2f87578b97b70b8d3e2faba0b8062c31a6ab2505a47309e021e83dddc15c3f1fc62335d6d105e1382742c66019fc62a
-MISC metadata.xml 216 BLAKE2B 20531789dc11e43feee7ec315a0c1c7249fdf73764e29cb7d6db439826e9ff72f24a5cdb8eb7f1ab99bbb41fb6e4226874a1d1fa4185de52598602bb3b0479a3 SHA512 e881b59fe49746eb25ad66c258b41aba501e4eb563129093a3898ea970a20506e7898f7c355cfcf99605234962bf2c77c1309c258b9a2b84ee4302ccb71c9dbd
diff --git a/app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch b/app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch
deleted file mode 100644
index 5547e0047cbc..000000000000
--- a/app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch
+++ /dev/null
@@ -1,146 +0,0 @@
-Description: Fix unsafe extraction by using mkdir() instead of shell command
-  This commit fixes following vulnerabilities:
-
-  - CVE-2016-1243: stack buffer overflow caused by blindly trusting on
-    pathname lengths of archived files
-
-    Stack allocated buffer sysbuf was filled with sprintf() without any
-    bounds checking in extracTree() function.
-
-  - CVE-2016-1244: execution of unsanitized input
-
-    Shell command used for creating directory paths was constructed by
-    concatenating names of archived files to the end of the command
-    string.
-
-  So, if the user was tricked to extract a specially crafted .adf file,
-  the attacker was able to execute arbitrary code with privileges of the
-  user.
-
-  This commit fixes both issues by
-
-    1) replacing mkdir shell commands with mkdir() function calls
-    2) removing redundant sysbuf buffer
-
-Author: Tuomas Räsänen <tuomasjjrasanen@tjjr.fi>
-Last-Update: 2016-09-20
---
---- a/examples/unadf.c
-+++ b/examples/unadf.c
-@@ -24,6 +24,8 @@
- 
- #define UNADF_VERSION "1.0"
- 
-+#include <sys/stat.h>
-+#include <sys/types.h>
- 
- #include<stdlib.h>
- #include<errno.h>
-@@ -31,17 +33,15 @@
- 
- #include "adflib.h"
- 
--/* The portable way used to create a directory is to call the MKDIR command via the
-- * system() function.
-- * It is used to create the 'dir1' directory, like the 'dir1/dir11' directory
-+/* The portable way used to create a directory is to call mkdir()
-+ * which is defined by following standards: SVr4, BSD, POSIX.1-2001
-+ * and POSIX.1-2008
-  */
- 
- /* the portable way to check if a directory 'dir1' already exists i'm using is to
-  * do fopen('dir1','rb'). NULL is returned if 'dir1' doesn't exists yet, an handle instead
-  */
- 
--#define MKDIR "mkdir"
--
- #ifdef WIN32
- #define DIRSEP '\\'
- #else
-@@ -51,6 +51,13 @@
- #define EXTBUFL 1024*8
- 
- 
-+static void mkdirOrLogErr(const char *const path)
-+{
-+	if (mkdir(path, S_IRWXU | S_IRWXG | S_IRWXO))
-+		fprintf(stderr, "mkdir: cannot create directory '%s': %s\n",
-+			path, strerror(errno));
-+}
-+
- void help()
- {
-     puts("unadf [-lrcsp -v n] dumpname.adf [files-with-path] [-d extractdir]");
-@@ -152,7 +159,6 @@ void extractTree(struct Volume *vol, str
- {
- 	struct Entry* entry;
-     char *buf;
--    char sysbuf[200];
- 
-     while(tree) {
-         entry = (struct Entry*)tree->content;
-@@ -162,16 +168,14 @@ void extractTree(struct Volume *vol, str
-                 buf=(char*)malloc(strlen(path)+1+strlen(entry->name)+1);
-                 if (!buf) return;
-                 sprintf(buf,"%s%c%s",path,DIRSEP,entry->name);
--                sprintf(sysbuf,"%s %s",MKDIR,buf);
-                 if (!qflag) printf("x - %s%c\n",buf,DIRSEP);
-+                if (!pflag) mkdirOrLogErr(buf);
-             }
-             else {
--                sprintf(sysbuf,"%s %s",MKDIR,entry->name);
-                 if (!qflag) printf("x - %s%c\n",entry->name,DIRSEP);
-+                if (!pflag) mkdirOrLogErr(entry->name);
-             }
- 
--            if (!pflag) system(sysbuf);
--
- 	        if (tree->subdir!=NULL) {
-                 if (adfChangeDir(vol,entry->name)==RC_OK) {
-                     if (buf!=NULL)
-@@ -301,21 +305,20 @@ void processFile(struct Volume *vol, cha
-         extractFile(vol, name, path, extbuf, pflag, qflag);
-     }
-     else {
--        /* the all-in-one string : to call system(), to find the filename, the convert dir sep char ... */
--        bigstr=(char*)malloc(strlen(MKDIR)+1+strlen(path)+1+strlen(name)+1);
-+        bigstr=(char*)malloc(strlen(path)+1+strlen(name)+1);
-         if (!bigstr) { fprintf(stderr,"processFile : malloc"); return; }
- 
-         /* to build to extract path */
-         if (strlen(path)>0) {
--            sprintf(bigstr,"%s %s%c%s",MKDIR,path,DIRSEP,name);
--            cdstr = bigstr+strlen(MKDIR)+1+strlen(path)+1;
-+            sprintf(bigstr,"%s%c%s",path,DIRSEP,name);
-+            cdstr = bigstr+strlen(path)+1;
-         }
-         else {
--            sprintf(bigstr,"%s %s",MKDIR,name);
--            cdstr = bigstr+strlen(MKDIR)+1;
-+            sprintf(bigstr,"%s",name);
-+            cdstr = bigstr;
-         }
-         /* the directory in which the file will be extracted */
--        fullname =  bigstr+strlen(MKDIR)+1;
-+        fullname =  bigstr;
- 
-         /* finds the filename, and separates it from the path */
-         filename = strrchr(bigstr,'/')+1;
-@@ -333,7 +336,7 @@ void processFile(struct Volume *vol, cha
-                     return;
-                 tfile = fopen(fullname,"r"); /* the only portable way to test if the dir exists */
-                 if (tfile==NULL) { /* does't exist : create it */
--                    if (!pflag) system(bigstr);
-+                    if (!pflag) mkdirOrLogErr(bigstr);
-                     if (!qflag) printf("x - %s%c\n",fullname,DIRSEP);
-                 }
-                 else
-@@ -350,7 +353,7 @@ void processFile(struct Volume *vol, cha
-                     return;
-                 tfile = fopen(fullname,"r");
-                 if (tfile==NULL) {
--                    if (!pflag) system(bigstr);
-+                    if (!pflag) mkdirOrLogErr(bigstr);
-                     if (!qflag) printf("x - %s%c\n",fullname,DIRSEP);
-                 }
-                 else
diff --git a/app-arch/unadf/metadata.xml b/app-arch/unadf/metadata.xml
deleted file mode 100644
index 79d462e85571..000000000000
--- a/app-arch/unadf/metadata.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-<maintainer type="person">
-  <email>robbat2@gentoo.org</email>
-</maintainer>
-</pkgmetadata>
diff --git a/app-arch/unadf/unadf-0.7.12-r1.ebuild b/app-arch/unadf/unadf-0.7.12-r1.ebuild
deleted file mode 100644
index 1bbe4e3b7be6..000000000000
--- a/app-arch/unadf/unadf-0.7.12-r1.ebuild
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools
-
-MY_PN="adflib"
-
-DESCRIPTION="Extract files from Amiga adf disk images"
-HOMEPAGE="http://lclevy.free.fr/adflib/"
-SRC_URI="http://lclevy.free.fr/${MY_PN}/${MY_PN}-${PV}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 hppa ppc x86 ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
-IUSE="static-libs"
-
-S="${WORKDIR}/${MY_PN}-${PV}"
-PATCHES=( "${FILESDIR}"/${PN}-0.7.12-CVE-2016-1243_CVE-2016-1244.patch )
-
-src_prepare() {
-	default
-	eautoreconf
-}
-
-src_configure() {
-	econf $(use_enable static-libs static)
-}
-
-src_install() {
-	default
-	find "${D}" -name '*.la' -delete || die
-}
author	V3n3RiX <venerix@redcorelinux.org>	2018-07-14 20:56:41 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2018-07-14 20:56:41 +0100
commit	d87262dd706fec50cd150aab3e93883b6337466d (patch)
tree	246b44c33ad7a57550430b0a60fa0df86a3c9e68 /app-arch/unadf
parent	71bc00c87bba1ce31de0dac6c3b7fd1aee6917fc (diff)