From 66edcaa9ea597f5d4f8f63003c6f115599cbb145 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Sun, 29 May 2005 22:47:49 +0000 Subject: Add a patch to fix security concerns #93079. (Portage version: 2.0.51.22-r1) --- games-util/dzip/ChangeLog | 10 ++- games-util/dzip/dzip-2.9-r1.ebuild | 43 ++++++++++++ games-util/dzip/files/digest-dzip-2.9-r1 | 1 + games-util/dzip/files/dzip-2.9-scrub-names.patch | 88 ++++++++++++++++++++++++ 4 files changed, 140 insertions(+), 2 deletions(-) create mode 100644 games-util/dzip/dzip-2.9-r1.ebuild create mode 100644 games-util/dzip/files/digest-dzip-2.9-r1 create mode 100644 games-util/dzip/files/dzip-2.9-scrub-names.patch (limited to 'games-util') diff --git a/games-util/dzip/ChangeLog b/games-util/dzip/ChangeLog index 04cb95ba68d2..b73273426417 100644 --- a/games-util/dzip/ChangeLog +++ b/games-util/dzip/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for games-util/dzip -# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/games-util/dzip/ChangeLog,v 1.4 2005/05/09 15:35:06 dholm Exp $ +# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/games-util/dzip/ChangeLog,v 1.5 2005/05/29 22:47:49 vapier Exp $ + +*dzip-2.9-r1 (29 May 2005) + + 29 May 2005; Mike Frysinger + +files/dzip-2.9-scrub-names.patch, +dzip-2.9-r1.ebuild: + Add a patch to fix security concerns #93079. 09 May 2005; David Holm dzip-2.9.ebuild: Added to ~ppc. diff --git a/games-util/dzip/dzip-2.9-r1.ebuild b/games-util/dzip/dzip-2.9-r1.ebuild new file mode 100644 index 000000000000..6bb389d3f6d6 --- /dev/null +++ b/games-util/dzip/dzip-2.9-r1.ebuild @@ -0,0 +1,43 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/games-util/dzip/dzip-2.9-r1.ebuild,v 1.1 2005/05/29 22:47:49 vapier Exp $ + +inherit games + +DESCRIPTION="compressor/uncompressor for demo recordings from id's Quake" +HOMEPAGE="http://speeddemosarchive.com/dzip/" +SRC_URI="http://speeddemosarchive.com/dzip/dz${PV/./}src.zip" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~ppc x86" +IUSE="" + +DEPEND="app-arch/unzip" +RDEPEND="" + +S=${WORKDIR} + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}"/dzip-2.9-scrub-names.patch #93079 +} + +src_compile() { + emake CFLAGS="${CFLAGS}" -f Makefile.linux || die "emake failed" +} + +src_install () { + dogamesbin dzip || die "dogamesbin failed" + dodoc Readme || die "dodoc failed" + prepgamesdirs +} + +pkg_postinst() { + games_pkg_postinst + echo + einfo "Demo files can be found at http://planetquake.com/sda/" + einfo "and http://planetquake.com/qdq/" + echo +} diff --git a/games-util/dzip/files/digest-dzip-2.9-r1 b/games-util/dzip/files/digest-dzip-2.9-r1 new file mode 100644 index 000000000000..8b183d0bd7a0 --- /dev/null +++ b/games-util/dzip/files/digest-dzip-2.9-r1 @@ -0,0 +1 @@ +MD5 b02d69c7c6ee491380d77f26c6f5a6e0 dz29src.zip 100354 diff --git a/games-util/dzip/files/dzip-2.9-scrub-names.patch b/games-util/dzip/files/dzip-2.9-scrub-names.patch new file mode 100644 index 000000000000..079fae3fd070 --- /dev/null +++ b/games-util/dzip/files/dzip-2.9-scrub-names.patch @@ -0,0 +1,88 @@ +Fix directory traversals issues. + +Since .dz files normally just have relative directory trees: +pak/ +pak/file +pak/subdir/file + +we strip out all the components which ascend in the directory tree + +http://bugs.gentoo.org/93079 + +--- main.c ++++ main.c +@@ -77,6 +77,48 @@ int dzRead (int inlen) + return 1; + } + ++#define IS_SEP(c) (c == '/' || c == ':' || c == '\\') ++void scrub_name(char *smee) ++{ ++ char *paths[] = { "../", "..\\", "..:", NULL}; ++ size_t p, i, len; ++ char scrubit, scrubbed; ++ ++ scrubbed = 0; ++ len = strlen(smee); ++ i = 0; ++ scrubit = 1; ++ ++ /* search the path and scrub out all relative paths */ ++ while (i + 3 < len) { ++ for (p = 0; paths[p]; ++p) { ++ if (scrubit && !strncmp(paths[p], smee+i, 3)) { ++ scrubbed = 1; ++ memset(smee+i, '\0', 3); ++ i += 2; ++ break; ++ } ++ } ++ scrubit = IS_SEP(smee[i]) || smee[i] == '\0'; ++ ++i; ++ } ++ ++ if (!scrubbed) ++ return; ++ ++ /* condense the string over all the scrubbed bits */ ++ p = 0; ++ for (i = 0; i < len; ++i) { ++ while (p < len && smee[p] == '\0') ++ ++p; ++ if (p == len) { ++ smee[i] = '\0'; ++ break; ++ } ++ smee[i] = smee[p++]; ++ } ++} ++ + int dzReadDirectoryEntry (direntry_t *de) + { + char *s; +@@ -102,6 +144,7 @@ int dzReadDirectoryEntry (direntry_t *de + s = Dzip_malloc(de->len); + dzFile_Read(s, de->len); + de->name = s; ++ scrub_name(de->name); + if (de->pak && de->type != TYPE_PAK) + return 1; /* dont mess with dirchar inside pakfiles */ + do +--- v1code.c ++++ v1code.c +@@ -201,6 +201,7 @@ void demv1_dxentities(void) + + } + ++extern void scrub_name(char *smee); + void dzUncompressV1 (int testing) + { + int i, inlen = 0; +@@ -221,6 +222,7 @@ void dzUncompressV1 (int testing) + { + de = directory + i; + crcval = INITCRC; ++ scrub_name(de->name); + printf("%s %s",action,de->name); + fflush(stdout); + -- cgit v1.2.3-65-gdbad