Accepting request 663613 from Archiving

OBS-URL: https://build.opensuse.org/request/show/663613
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/arc?expand=0&rev=2
This commit is contained in:
Dominique Leuenberger 2019-01-10 14:20:55 +00:00 committed by Git OBS Bridge
commit d537207950
5 changed files with 148 additions and 4 deletions

@ -0,0 +1,21 @@
Fix directory traversal bugs
arc archives do not contain directory hierarchies, only filenames, so refuse
to operate on archives which have the directory-seperator inside filenames.
BugLink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774527
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1179143
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
diff -up arc-5.21p/arcio.c~ arc-5.21p/arcio.c
--- arc-5.21p/arcio.c~ 2015-01-16 13:04:16.000000000 +0100
+++ arc-5.21p/arcio.c 2015-01-16 15:45:31.389010626 +0100
@@ -109,6 +109,9 @@ readhdr(hdr, f) /* read a header from
#if _MTS
(void) atoe(hdr->name, strlen(hdr->name));
#endif
+ if (strchr(hdr->name, CUTOFF) != NULL)
+ arcdie("%s contains illegal filename %s", arcname, hdr->name);
+
for (i = 0, hdr->size=0; i<4; hdr->size<<=8, hdr->size += dummy[16-i], i++);
hdr->date = (short) ((dummy[18] << 8) + dummy[17]);
hdr->time = (short) ((dummy[20] << 8) + dummy[19]);

@ -0,0 +1,34 @@
Fix arcdie crash when called with more then 1 variable argument
Add proper vararg handling to fix crash on 64 bit machines when arcdie gets
called with more then 1 variable argument.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
diff -up arc-5.21p/arcmisc.c~ arc-5.21p/arcmisc.c
--- arc-5.21p/arcmisc.c~ 2010-08-07 15:06:42.000000000 +0200
+++ arc-5.21p/arcmisc.c 2015-01-16 16:10:29.322603290 +0100
@@ -4,6 +4,7 @@
*/
#include <stdio.h>
+#include <stdarg.h>
#include <ctype.h>
#include "arc.h"
@@ -223,11 +224,13 @@ upper(string)
}
/* VARARGS1 */
VOID
-arcdie(s, arg1, arg2, arg3)
- char *s;
+arcdie(const char *s, ...)
{
+ va_list args;
fprintf(stderr, "ARC: ");
- fprintf(stderr, s, arg1, arg2, arg3);
+ va_start(args, s);
+ vfprintf(stderr, s, args);
+ va_end(args);
fprintf(stderr, "\n");
#if UNIX
perror("UNIX");

@ -0,0 +1,70 @@
Fix version 1 arc header reading
The code for v1 hdr reading was reading the packed header directly into an
unpacked struct.
Use the same read to dummy array, then manual unpack to header struct as
used for v2 headers for v1 headers too.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
diff -ur arc-5.21p/arcio.c arc-5.21p.new/arcio.c
--- arc-5.21p/arcio.c 2010-08-07 15:06:42.000000000 +0200
+++ arc-5.21p.new/arcio.c 2015-01-16 12:59:43.203289118 +0100
@@ -37,6 +37,7 @@
#endif
char name[FNLEN]; /* filename buffer */
int try = 0;/* retry counter */
+ int hdrlen;
static int first = 1; /* true only on first read */
if (!f) /* if archive didn't open */
@@ -92,23 +93,19 @@
printf("I think you need a newer version of ARC.\n");
exit(1);
}
+
/* amount to read depends on header type */
+ if (hdrver == 1) {
+ hdrlen = 23; /* old style is shorter */
+ } else {
+ hdrlen = 27;
+ }
- if (hdrver == 1) { /* old style is shorter */
- if (fread(hdr, sizeof(struct heads) - sizeof(long int), 1, f) != 1)
- arcdie("%s was truncated", arcname);
- hdrver = 2; /* convert header to new format */
- hdr->length = hdr->size; /* size is same when not
- * packed */
- } else
-#if MSDOS
- if (fread(hdr, sizeof(struct heads), 1, f) != 1)
- arcdie("%s was truncated", arcname);
-#else
- if (fread(dummy, 27, 1, f) != 1)
- arcdie("%s was truncated", arcname);
+ if (fread(dummy, hdrlen, 1, f) != 1)
+ arcdie("%s was truncated", arcname);
for (i = 0; i < FNLEN; hdr->name[i] = dummy[i], i++);
+ hdr->name[FNLEN - 1] = 0; /* ensure 0 termination */
#if _MTS
(void) atoe(hdr->name, strlen(hdr->name));
#endif
@@ -116,8 +113,14 @@
hdr->date = (short) ((dummy[18] << 8) + dummy[17]);
hdr->time = (short) ((dummy[20] << 8) + dummy[19]);
hdr->crc = (short) ((dummy[22] << 8) + dummy[21]);
- for (i = 0, hdr->length=0; i<4; hdr->length<<=8, hdr->length += dummy[26-i], i++);
-#endif
+
+ if (hdrver == 1) {
+ hdrver = 2; /* convert header to new format */
+ hdr->length = hdr->size; /* size is same when not
+ * packed */
+ } else {
+ for (i = 0, hdr->length=0; i<4; hdr->length<<=8, hdr->length += dummy[26-i], i++);
+ }
if (hdr->date > olddate
|| (hdr->date == olddate && hdr->time > oldtime)) {

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Tue Jan 8 08:52:55 UTC 2019 - Karol Babioch <kbabioch@suse.de>
- Make use of license %macro
- Applied spec-cleaner
- Added patches:
* arc-5.21p-directory-traversel.patch: Fixes a directory traversal
vulnerability (CVE-2015-9275 bsc#1121032)
* arc-5.21p-fix-arcdie.patch: Fixed a crash on 64 bit machines when arcdie
gets called with more than 1 variable argument
* arc-5.21p-hdrv1-read-fix.patch: Fixed version 1 arc header reading
-------------------------------------------------------------------
Tue Jan 30 16:00:02 UTC 2018 - mpluskal@suse.com

@ -1,7 +1,7 @@
#
# spec file for package arc
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@ -20,16 +20,22 @@ Name: arc
Version: 5.21q
Release: 0
Summary: Archiving tool for arc achives
License: GPL-2.0
License: GPL-2.0-only
Group: Productivity/Archiving/Compression
URL: https://github.com/ani6al/arc
Source: https://github.com/ani6al/arc/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
Patch0: arc-5.21p-directory-traversel.patch
Patch1: arc-5.21p-fix-arcdie.patch
Patch2: arc-5.21p-hdrv1-read-fix.patch
%description
This package allows you to unpack *.arc file
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%build
make %{?_smp_mflags} OPT="%{optflags}"
@ -43,7 +49,8 @@ install -Dpm 0644 arc.1 \
%{buildroot}%{_mandir}/man1/arc.1
%files
%doc Arc521.doc Arcinfo Readme LICENSE
%doc Arc521.doc Arcinfo Readme
%license LICENSE
%{_bindir}/arc
%{_bindir}/marc
%{_mandir}/man1/arc.1%{ext_man}