summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2005-05-29 22:47:49 +0000
committerMike Frysinger <vapier@gentoo.org>2005-05-29 22:47:49 +0000
commit66edcaa9ea597f5d4f8f63003c6f115599cbb145 (patch)
tree8fe1200f8a33f085eea8d98d4a6a8d303be698a7 /games-util
parentgcc4 patch; #94321 (diff)
downloadgentoo-2-66edcaa9ea597f5d4f8f63003c6f115599cbb145.tar.gz
gentoo-2-66edcaa9ea597f5d4f8f63003c6f115599cbb145.tar.bz2
gentoo-2-66edcaa9ea597f5d4f8f63003c6f115599cbb145.zip
Add a patch to fix security concerns #93079.
(Portage version: 2.0.51.22-r1)
Diffstat (limited to 'games-util')
-rw-r--r--games-util/dzip/ChangeLog10
-rw-r--r--games-util/dzip/dzip-2.9-r1.ebuild43
-rw-r--r--games-util/dzip/files/digest-dzip-2.9-r11
-rw-r--r--games-util/dzip/files/dzip-2.9-scrub-names.patch88
4 files changed, 140 insertions, 2 deletions
diff --git a/games-util/dzip/ChangeLog b/games-util/dzip/ChangeLog
index 04cb95ba68d2..b73273426417 100644
--- a/games-util/dzip/ChangeLog
+++ b/games-util/dzip/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for games-util/dzip
-# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/games-util/dzip/ChangeLog,v 1.4 2005/05/09 15:35:06 dholm Exp $
+# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/games-util/dzip/ChangeLog,v 1.5 2005/05/29 22:47:49 vapier Exp $
+
+*dzip-2.9-r1 (29 May 2005)
+
+ 29 May 2005; Mike Frysinger <vapier@gentoo.org>
+ +files/dzip-2.9-scrub-names.patch, +dzip-2.9-r1.ebuild:
+ Add a patch to fix security concerns #93079.
09 May 2005; David Holm <dholm@gentoo.org> dzip-2.9.ebuild:
Added to ~ppc.
diff --git a/games-util/dzip/dzip-2.9-r1.ebuild b/games-util/dzip/dzip-2.9-r1.ebuild
new file mode 100644
index 000000000000..6bb389d3f6d6
--- /dev/null
+++ b/games-util/dzip/dzip-2.9-r1.ebuild
@@ -0,0 +1,43 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/games-util/dzip/dzip-2.9-r1.ebuild,v 1.1 2005/05/29 22:47:49 vapier Exp $
+
+inherit games
+
+DESCRIPTION="compressor/uncompressor for demo recordings from id's Quake"
+HOMEPAGE="http://speeddemosarchive.com/dzip/"
+SRC_URI="http://speeddemosarchive.com/dzip/dz${PV/./}src.zip"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~ppc x86"
+IUSE=""
+
+DEPEND="app-arch/unzip"
+RDEPEND=""
+
+S=${WORKDIR}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ epatch "${FILESDIR}"/dzip-2.9-scrub-names.patch #93079
+}
+
+src_compile() {
+ emake CFLAGS="${CFLAGS}" -f Makefile.linux || die "emake failed"
+}
+
+src_install () {
+ dogamesbin dzip || die "dogamesbin failed"
+ dodoc Readme || die "dodoc failed"
+ prepgamesdirs
+}
+
+pkg_postinst() {
+ games_pkg_postinst
+ echo
+ einfo "Demo files can be found at http://planetquake.com/sda/"
+ einfo "and http://planetquake.com/qdq/"
+ echo
+}
diff --git a/games-util/dzip/files/digest-dzip-2.9-r1 b/games-util/dzip/files/digest-dzip-2.9-r1
new file mode 100644
index 000000000000..8b183d0bd7a0
--- /dev/null
+++ b/games-util/dzip/files/digest-dzip-2.9-r1
@@ -0,0 +1 @@
+MD5 b02d69c7c6ee491380d77f26c6f5a6e0 dz29src.zip 100354
diff --git a/games-util/dzip/files/dzip-2.9-scrub-names.patch b/games-util/dzip/files/dzip-2.9-scrub-names.patch
new file mode 100644
index 000000000000..079fae3fd070
--- /dev/null
+++ b/games-util/dzip/files/dzip-2.9-scrub-names.patch
@@ -0,0 +1,88 @@
+Fix directory traversals issues.
+
+Since .dz files normally just have relative directory trees:
+pak/
+pak/file
+pak/subdir/file
+
+we strip out all the components which ascend in the directory tree
+
+http://bugs.gentoo.org/93079
+
+--- main.c
++++ main.c
+@@ -77,6 +77,48 @@ int dzRead (int inlen)
+ return 1;
+ }
+
++#define IS_SEP(c) (c == '/' || c == ':' || c == '\\')
++void scrub_name(char *smee)
++{
++ char *paths[] = { "../", "..\\", "..:", NULL};
++ size_t p, i, len;
++ char scrubit, scrubbed;
++
++ scrubbed = 0;
++ len = strlen(smee);
++ i = 0;
++ scrubit = 1;
++
++ /* search the path and scrub out all relative paths */
++ while (i + 3 < len) {
++ for (p = 0; paths[p]; ++p) {
++ if (scrubit && !strncmp(paths[p], smee+i, 3)) {
++ scrubbed = 1;
++ memset(smee+i, '\0', 3);
++ i += 2;
++ break;
++ }
++ }
++ scrubit = IS_SEP(smee[i]) || smee[i] == '\0';
++ ++i;
++ }
++
++ if (!scrubbed)
++ return;
++
++ /* condense the string over all the scrubbed bits */
++ p = 0;
++ for (i = 0; i < len; ++i) {
++ while (p < len && smee[p] == '\0')
++ ++p;
++ if (p == len) {
++ smee[i] = '\0';
++ break;
++ }
++ smee[i] = smee[p++];
++ }
++}
++
+ int dzReadDirectoryEntry (direntry_t *de)
+ {
+ char *s;
+@@ -102,6 +144,7 @@ int dzReadDirectoryEntry (direntry_t *de
+ s = Dzip_malloc(de->len);
+ dzFile_Read(s, de->len);
+ de->name = s;
++ scrub_name(de->name);
+ if (de->pak && de->type != TYPE_PAK)
+ return 1; /* dont mess with dirchar inside pakfiles */
+ do
+--- v1code.c
++++ v1code.c
+@@ -201,6 +201,7 @@ void demv1_dxentities(void)
+
+ }
+
++extern void scrub_name(char *smee);
+ void dzUncompressV1 (int testing)
+ {
+ int i, inlen = 0;
+@@ -221,6 +222,7 @@ void dzUncompressV1 (int testing)
+ {
+ de = directory + i;
+ crcval = INITCRC;
++ scrub_name(de->name);
+ printf("%s %s",action,de->name);
+ fflush(stdout);
+