* [gentoo-commits] repo/gentoo:master commit in: app-arch/unadf/, app-arch/unadf/files/
@ 2017-12-29 13:17 David Seifert
0 siblings, 0 replies; 2+ messages in thread
From: David Seifert @ 2017-12-29 13:17 UTC (permalink / raw
To: gentoo-commits
commit: 634759896cca38f227b01c715f190ee3dc6741ca
Author: David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 29 12:54:56 2017 +0000
Commit: David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Fri Dec 29 13:16:45 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63475989
app-arch/unadf: Add patches for CVE-2016-1243 and CVE-2016-1244
Bug: https://bugs.gentoo.org/636388
Package-Manager: Portage-2.3.19, Repoman-2.3.6
.../unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch | 146 +++++++++++++++++++++
...{unadf-0.7.12.ebuild => unadf-0.7.12-r1.ebuild} | 1 +
2 files changed, 147 insertions(+)
diff --git a/app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch b/app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch
new file mode 100644
index 00000000000..5547e0047cb
--- /dev/null
+++ b/app-arch/unadf/files/unadf-0.7.12-CVE-2016-1243_CVE-2016-1244.patch
@@ -0,0 +1,146 @@
+Description: Fix unsafe extraction by using mkdir() instead of shell command
+ This commit fixes following vulnerabilities:
+
+ - CVE-2016-1243: stack buffer overflow caused by blindly trusting on
+ pathname lengths of archived files
+
+ Stack allocated buffer sysbuf was filled with sprintf() without any
+ bounds checking in extracTree() function.
+
+ - CVE-2016-1244: execution of unsanitized input
+
+ Shell command used for creating directory paths was constructed by
+ concatenating names of archived files to the end of the command
+ string.
+
+ So, if the user was tricked to extract a specially crafted .adf file,
+ the attacker was able to execute arbitrary code with privileges of the
+ user.
+
+ This commit fixes both issues by
+
+ 1) replacing mkdir shell commands with mkdir() function calls
+ 2) removing redundant sysbuf buffer
+
+Author: Tuomas Räsänen <tuomasjjrasanen@tjjr.fi>
+Last-Update: 2016-09-20
+--
+--- a/examples/unadf.c
++++ b/examples/unadf.c
+@@ -24,6 +24,8 @@
+
+ #define UNADF_VERSION "1.0"
+
++#include <sys/stat.h>
++#include <sys/types.h>
+
+ #include<stdlib.h>
+ #include<errno.h>
+@@ -31,17 +33,15 @@
+
+ #include "adflib.h"
+
+-/* The portable way used to create a directory is to call the MKDIR command via the
+- * system() function.
+- * It is used to create the 'dir1' directory, like the 'dir1/dir11' directory
++/* The portable way used to create a directory is to call mkdir()
++ * which is defined by following standards: SVr4, BSD, POSIX.1-2001
++ * and POSIX.1-2008
+ */
+
+ /* the portable way to check if a directory 'dir1' already exists i'm using is to
+ * do fopen('dir1','rb'). NULL is returned if 'dir1' doesn't exists yet, an handle instead
+ */
+
+-#define MKDIR "mkdir"
+-
+ #ifdef WIN32
+ #define DIRSEP '\\'
+ #else
+@@ -51,6 +51,13 @@
+ #define EXTBUFL 1024*8
+
+
++static void mkdirOrLogErr(const char *const path)
++{
++ if (mkdir(path, S_IRWXU | S_IRWXG | S_IRWXO))
++ fprintf(stderr, "mkdir: cannot create directory '%s': %s\n",
++ path, strerror(errno));
++}
++
+ void help()
+ {
+ puts("unadf [-lrcsp -v n] dumpname.adf [files-with-path] [-d extractdir]");
+@@ -152,7 +159,6 @@ void extractTree(struct Volume *vol, str
+ {
+ struct Entry* entry;
+ char *buf;
+- char sysbuf[200];
+
+ while(tree) {
+ entry = (struct Entry*)tree->content;
+@@ -162,16 +168,14 @@ void extractTree(struct Volume *vol, str
+ buf=(char*)malloc(strlen(path)+1+strlen(entry->name)+1);
+ if (!buf) return;
+ sprintf(buf,"%s%c%s",path,DIRSEP,entry->name);
+- sprintf(sysbuf,"%s %s",MKDIR,buf);
+ if (!qflag) printf("x - %s%c\n",buf,DIRSEP);
++ if (!pflag) mkdirOrLogErr(buf);
+ }
+ else {
+- sprintf(sysbuf,"%s %s",MKDIR,entry->name);
+ if (!qflag) printf("x - %s%c\n",entry->name,DIRSEP);
++ if (!pflag) mkdirOrLogErr(entry->name);
+ }
+
+- if (!pflag) system(sysbuf);
+-
+ if (tree->subdir!=NULL) {
+ if (adfChangeDir(vol,entry->name)==RC_OK) {
+ if (buf!=NULL)
+@@ -301,21 +305,20 @@ void processFile(struct Volume *vol, cha
+ extractFile(vol, name, path, extbuf, pflag, qflag);
+ }
+ else {
+- /* the all-in-one string : to call system(), to find the filename, the convert dir sep char ... */
+- bigstr=(char*)malloc(strlen(MKDIR)+1+strlen(path)+1+strlen(name)+1);
++ bigstr=(char*)malloc(strlen(path)+1+strlen(name)+1);
+ if (!bigstr) { fprintf(stderr,"processFile : malloc"); return; }
+
+ /* to build to extract path */
+ if (strlen(path)>0) {
+- sprintf(bigstr,"%s %s%c%s",MKDIR,path,DIRSEP,name);
+- cdstr = bigstr+strlen(MKDIR)+1+strlen(path)+1;
++ sprintf(bigstr,"%s%c%s",path,DIRSEP,name);
++ cdstr = bigstr+strlen(path)+1;
+ }
+ else {
+- sprintf(bigstr,"%s %s",MKDIR,name);
+- cdstr = bigstr+strlen(MKDIR)+1;
++ sprintf(bigstr,"%s",name);
++ cdstr = bigstr;
+ }
+ /* the directory in which the file will be extracted */
+- fullname = bigstr+strlen(MKDIR)+1;
++ fullname = bigstr;
+
+ /* finds the filename, and separates it from the path */
+ filename = strrchr(bigstr,'/')+1;
+@@ -333,7 +336,7 @@ void processFile(struct Volume *vol, cha
+ return;
+ tfile = fopen(fullname,"r"); /* the only portable way to test if the dir exists */
+ if (tfile==NULL) { /* does't exist : create it */
+- if (!pflag) system(bigstr);
++ if (!pflag) mkdirOrLogErr(bigstr);
+ if (!qflag) printf("x - %s%c\n",fullname,DIRSEP);
+ }
+ else
+@@ -350,7 +353,7 @@ void processFile(struct Volume *vol, cha
+ return;
+ tfile = fopen(fullname,"r");
+ if (tfile==NULL) {
+- if (!pflag) system(bigstr);
++ if (!pflag) mkdirOrLogErr(bigstr);
+ if (!qflag) printf("x - %s%c\n",fullname,DIRSEP);
+ }
+ else
diff --git a/app-arch/unadf/unadf-0.7.12.ebuild b/app-arch/unadf/unadf-0.7.12-r1.ebuild
similarity index 89%
rename from app-arch/unadf/unadf-0.7.12.ebuild
rename to app-arch/unadf/unadf-0.7.12-r1.ebuild
index d2c414ac385..3ee04c33a12 100644
--- a/app-arch/unadf/unadf-0.7.12.ebuild
+++ b/app-arch/unadf/unadf-0.7.12-r1.ebuild
@@ -17,6 +17,7 @@ KEYWORDS="~amd64 ~hppa ~ppc ~x86 ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solar
IUSE="static-libs"
S="${WORKDIR}/${MY_PN}-${PV}"
+PATCHES=( "${FILESDIR}"/${PN}-0.7.12-CVE-2016-1243_CVE-2016-1244.patch )
src_prepare() {
default
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-arch/unadf/, app-arch/unadf/files/
@ 2025-03-10 2:45 Sam James
0 siblings, 0 replies; 2+ messages in thread
From: Sam James @ 2025-03-10 2:45 UTC (permalink / raw
To: gentoo-commits
commit: d45ab8d1f8e6c707351eaf2ae221ff0769a6ba25
Author: Alfred Wingate <parona <AT> protonmail <DOT> com>
AuthorDate: Thu Feb 27 01:02:44 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar 10 02:40:06 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d45ab8d1
app-arch/unadf: add 0.9.0
Signed-off-by: Alfred Wingate <parona <AT> protonmail.com>
Signed-off-by: Sam James <sam <AT> gentoo.org>
app-arch/unadf/Manifest | 1 +
.../unadf-0.9.0-make-test-build-conditional.patch | 22 ++++++++++
app-arch/unadf/unadf-0.9.0.ebuild | 48 ++++++++++++++++++++++
3 files changed, 71 insertions(+)
diff --git a/app-arch/unadf/Manifest b/app-arch/unadf/Manifest
index 02ff444b7eec..25d8f56817ef 100644
--- a/app-arch/unadf/Manifest
+++ b/app-arch/unadf/Manifest
@@ -1 +1,2 @@
+DIST ADFlib-0.9.0.tar.gz 2262331 BLAKE2B 3bb9a061de6b4a009f3c266cce20d7a2aa826b2fbaf2bd91db5b40f991471922889dfa5cb70f29a6fa8d954b24ec6d8ab63a1d51f08f983daeac4f0fecd47cb8 SHA512 1abd1ba06a1150780397eff48e2334ba4e2d11679847966f9a1ef7bf4b9f16557ac2ec891e8810296c534ab2cf38dfa3e8d780b67cf160b7710aec5075e10846
DIST adflib-0.7.12.tar.bz2 135412 BLAKE2B 964ef195c0539779c33acb2f3c103f97f7fd7f78bb32a83af9d586157700664f5e531908121aea8234592bb00fb8bff2e8f754e620f989d6d4e52537675c030e SHA512 d63846f0780bd57cae5ff667eb70f98a0ba3659cfd0b12b3ae2f29ac96631e522088f911b1ba6e5ee3b00620a28a802f14d93cdf8462e18a7e3f749915ab5af3
diff --git a/app-arch/unadf/files/unadf-0.9.0-make-test-build-conditional.patch b/app-arch/unadf/files/unadf-0.9.0-make-test-build-conditional.patch
new file mode 100644
index 000000000000..011edd7789ed
--- /dev/null
+++ b/app-arch/unadf/files/unadf-0.9.0-make-test-build-conditional.patch
@@ -0,0 +1,22 @@
+diff --git a/configure.ac b/configure.ac
+index a37d6f7..ec7d410 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -103,8 +103,14 @@ AC_PROG_INSTALL
+ AM_PROG_AR
+ LT_INIT
+
+-# Checks for libraries.
+-PKG_CHECK_MODULES([CHECK], [check >= 0.11.0], [tests=yes], [tests=no])
++AC_ARG_ENABLE([tests],
++ AS_HELP_STRING([--enable-tests], [Build tests]))
++
++AS_IF([test "x$enable_tests" = "xyes"],
++ [PKG_CHECK_MODULES([CHECK], [check >= 0.11.0],
++ [tests=yes],
++ [AC_MSG_FAILURE([--enable-tests was given, but dependency check wasn't found])])],
++ [])
+ AM_CONDITIONAL([TESTS], [test x${tests} = xyes])
+
+ # Checks for typedefs, structures, and compiler characteristics.
+
diff --git a/app-arch/unadf/unadf-0.9.0.ebuild b/app-arch/unadf/unadf-0.9.0.ebuild
new file mode 100644
index 000000000000..6e6637346344
--- /dev/null
+++ b/app-arch/unadf/unadf-0.9.0.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# autotools has automagic test building
+# cmake has half baked installation
+inherit autotools
+
+MY_PN="ADFlib"
+
+DESCRIPTION="Extract files from Amiga adf disk images"
+HOMEPAGE="https://github.com/adflib/ADFlib/"
+SRC_URI="
+ https://github.com/adflib/ADFlib/archive/refs/tags/v${PV}.tar.gz
+ -> ${MY_PN}-${PV}.tar.gz
+"
+S="${WORKDIR}/${MY_PN}-${PV}"
+
+LICENSE="|| ( GPL-2+ LGPL-2.1+ )"
+SLOT="0/2" # see adflib_lt_version from configure.ac and util/bump_project_version for more details
+KEYWORDS="~amd64 ~hppa ~ppc ~x86 ~x86-linux ~ppc-macos"
+
+IUSE="test"
+RESTRICT="!test? ( test )"
+
+DEPEND="test? ( dev-libs/check )"
+
+PATCHES=( "${FILESDIR}"/unadf-0.9.0-make-test-build-conditional.patch )
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+src_configure() {
+ local detected_libtool_ver
+ detected_libtool_ver="$(sed -n -e 's/m4_define(\[adflib_lt_version\],\[\([0-9]*\):[0-9]*:[0-9]*\])/\1/p' configure.ac)"
+ if [[ "${SLOT}" != "0/${detected_libtool_ver}" ]]; then
+ die "SLOT ${SLOT} doesn't match upstream specified libtool version ${detected_libtool_ver}."
+ fi
+ econf $(use_enable test tests) $(use_enable test regtests)
+}
+
+src_install() {
+ default
+ find "${ED}" -name '*.la' -delete || die
+}
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-03-10 2:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-10 2:45 [gentoo-commits] repo/gentoo:master commit in: app-arch/unadf/, app-arch/unadf/files/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2017-12-29 13:17 David Seifert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox