diff options
| author |   Chris Bainbridge <chrb@gentoo.org> | 2005-05-21 09:45:24 +0000 |
|---|---|---|
| committer | Chris Bainbridge <chrb@gentoo.org> | 2005-05-21 09:45:24 +0000 |
| commit | 0a9a523b6356edadc41551c600b7a5a5db35522f (patch) | |
| tree | 7308ff092cd469913fde65fdd776e7c04c977826 /app-cdr | |
| parent | new upstream version. 0.11.1_beta stable on amd64 and x86. some generall clea... (diff) | |
| download | historical-0a9a523b6356edadc41551c600b7a5a5db35522f.tar.gz historical-0a9a523b6356edadc41551c600b7a5a5db35522f.tar.bz2 historical-0a9a523b6356edadc41551c600b7a5a5db35522f.zip | |
Directory traversal fix for bug #93054
Package-Manager: portage-2.0.51.19
Diffstat (limited to 'app-cdr')
| -rw-r--r-- | app-cdr/xbiso/ChangeLog | 6 | ||||
| -rw-r--r-- | app-cdr/xbiso/Manifest | 5 | ||||
| -rw-r--r-- | app-cdr/xbiso/files/xbiso-0.6.0-fnamecheck.patch | 14 | ||||
| -rw-r--r-- | app-cdr/xbiso/xbiso-0.6.0.ebuild | 8 |
4 files changed, 29 insertions, 4 deletions
diff --git a/app-cdr/xbiso/ChangeLog b/app-cdr/xbiso/ChangeLog index 54165d1091a5..91be360756a3 100644 --- a/app-cdr/xbiso/ChangeLog +++ b/app-cdr/xbiso/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for app-cdr/xbiso # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-cdr/xbiso/ChangeLog,v 1.4 2005/01/01 12:21:50 eradicator Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-cdr/xbiso/ChangeLog,v 1.5 2005/05/21 09:45:24 chrb Exp $ + + 21 May 2005; Chris Bainbridge <chrb@gentoo.org> + +files/xbiso-0.6.0-fnamecheck.patch, xbiso-0.6.0.ebuild: + Directory traversal fix for bug #93054 16 Oct 2004; Chris Bainbridge <chrb@gentoo.org> xbiso-0.6.0.ebuild: mark stable diff --git a/app-cdr/xbiso/Manifest b/app-cdr/xbiso/Manifest index 7575365f3b76..7f124c0675c8 100644 --- a/app-cdr/xbiso/Manifest +++ b/app-cdr/xbiso/Manifest @@ -1,3 +1,4 @@ -MD5 e2dd36787142a9647a18c10937b191ce ChangeLog 424 -MD5 e462218494002e85453431405d492386 xbiso-0.6.0.ebuild 497 +MD5 f1d39402733e67cb455f6099d74b766f ChangeLog 569 +MD5 4ec40e1b2c466d39ce4f4f1716b4c693 xbiso-0.6.0.ebuild 579 +MD5 d928741ffaf5aaa598aad25b9c9da993 files/xbiso-0.6.0-fnamecheck.patch 691 MD5 33080cee554b29175fc0e2cb37cf8fe2 files/digest-xbiso-0.6.0 62 diff --git a/app-cdr/xbiso/files/xbiso-0.6.0-fnamecheck.patch b/app-cdr/xbiso/files/xbiso-0.6.0-fnamecheck.patch new file mode 100644 index 000000000000..7b7388a3554b --- /dev/null +++ b/app-cdr/xbiso/files/xbiso-0.6.0-fnamecheck.patch @@ -0,0 +1,14 @@ +--- xbiso-0.6.0.orig/xbiso.c 2005-05-21 10:36:11.108385944 +0000 ++++ xbiso-0.6.0/xbiso.c 2005-05-21 10:33:09.679967256 +0000 +@@ -310,6 +310,11 @@ + memset(dirent.fname,0,dirent.fnamelen+1); + fread(dirent.fname, dirent.fnamelen, 1, xiso); //filename + ++ if (strstr(dirent.fname,"..") || strchr(dirent.fname, '/') || strchr(dirent.fname, '\\')) ++ { ++ printf("Filename contains invalid characters"); ++ exit(1); ++ } + + if(verb) { + printf("ltable offset: %i\nrtable offset: %i\nsector: %li\nfilesize: %li\nattributes: 0x%x\nfilename length: %i\nfilename: %s\n\n", dirent.ltable, dirent.rtable, dirent.sector, dirent.size, dirent.attribs, dirent.fnamelen, dirent.fname); diff --git a/app-cdr/xbiso/xbiso-0.6.0.ebuild b/app-cdr/xbiso/xbiso-0.6.0.ebuild index eefe55c7a7c2..7c5dc9b24e08 100644 --- a/app-cdr/xbiso/xbiso-0.6.0.ebuild +++ b/app-cdr/xbiso/xbiso-0.6.0.ebuild @@ -1,7 +1,8 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-cdr/xbiso/xbiso-0.6.0.ebuild,v 1.4 2005/01/01 12:21:50 eradicator Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-cdr/xbiso/xbiso-0.6.0.ebuild,v 1.5 2005/05/21 09:45:24 chrb Exp $ +inherit eutils DESCRIPTION="Xbox xdvdfs ISO extraction utility" HOMEPAGE="http://sourceforge.net/projects/xbiso/" @@ -12,6 +13,11 @@ SLOT="0" KEYWORDS="x86" IUSE="" +src_unpack() { + unpack ${A} + epatch ${FILESDIR}/${P}-fnamecheck.patch +} + src_install() { dobin xbiso || die "install failed" dodoc README CHANGELOG |