head 1.4; access; symbols pkgsrc-2026Q1:1.4.0.174 pkgsrc-2026Q1-base:1.4 pkgsrc-2025Q4:1.4.0.172 pkgsrc-2025Q4-base:1.4 pkgsrc-2025Q3:1.4.0.170 pkgsrc-2025Q3-base:1.4 pkgsrc-2025Q2:1.4.0.168 pkgsrc-2025Q2-base:1.4 pkgsrc-2025Q1:1.4.0.166 pkgsrc-2025Q1-base:1.4 pkgsrc-2024Q4:1.4.0.164 pkgsrc-2024Q4-base:1.4 pkgsrc-2024Q3:1.4.0.162 pkgsrc-2024Q3-base:1.4 pkgsrc-2024Q2:1.4.0.160 pkgsrc-2024Q2-base:1.4 pkgsrc-2024Q1:1.4.0.158 pkgsrc-2024Q1-base:1.4 pkgsrc-2023Q4:1.4.0.156 pkgsrc-2023Q4-base:1.4 pkgsrc-2023Q3:1.4.0.154 pkgsrc-2023Q3-base:1.4 pkgsrc-2023Q2:1.4.0.152 pkgsrc-2023Q2-base:1.4 pkgsrc-2023Q1:1.4.0.150 pkgsrc-2023Q1-base:1.4 pkgsrc-2022Q4:1.4.0.148 pkgsrc-2022Q4-base:1.4 pkgsrc-2022Q3:1.4.0.146 pkgsrc-2022Q3-base:1.4 pkgsrc-2022Q2:1.4.0.144 pkgsrc-2022Q2-base:1.4 pkgsrc-2022Q1:1.4.0.142 pkgsrc-2022Q1-base:1.4 pkgsrc-2021Q4:1.4.0.140 pkgsrc-2021Q4-base:1.4 pkgsrc-2021Q3:1.4.0.138 pkgsrc-2021Q3-base:1.4 pkgsrc-2021Q2:1.4.0.136 pkgsrc-2021Q2-base:1.4 pkgsrc-2021Q1:1.4.0.134 pkgsrc-2021Q1-base:1.4 pkgsrc-2020Q4:1.4.0.132 pkgsrc-2020Q4-base:1.4 pkgsrc-2020Q3:1.4.0.130 pkgsrc-2020Q3-base:1.4 pkgsrc-2020Q2:1.4.0.126 pkgsrc-2020Q2-base:1.4 pkgsrc-2020Q1:1.4.0.106 pkgsrc-2020Q1-base:1.4 pkgsrc-2019Q4:1.4.0.128 pkgsrc-2019Q4-base:1.4 pkgsrc-2019Q3:1.4.0.124 pkgsrc-2019Q3-base:1.4 pkgsrc-2019Q2:1.4.0.122 pkgsrc-2019Q2-base:1.4 pkgsrc-2019Q1:1.4.0.120 pkgsrc-2019Q1-base:1.4 pkgsrc-2018Q4:1.4.0.118 pkgsrc-2018Q4-base:1.4 pkgsrc-2018Q3:1.4.0.116 pkgsrc-2018Q3-base:1.4 pkgsrc-2018Q2:1.4.0.114 pkgsrc-2018Q2-base:1.4 pkgsrc-2018Q1:1.4.0.112 pkgsrc-2018Q1-base:1.4 pkgsrc-2017Q4:1.4.0.110 pkgsrc-2017Q4-base:1.4 pkgsrc-2017Q3:1.4.0.108 pkgsrc-2017Q3-base:1.4 pkgsrc-2017Q2:1.4.0.104 pkgsrc-2017Q2-base:1.4 pkgsrc-2017Q1:1.4.0.102 pkgsrc-2017Q1-base:1.4 pkgsrc-2016Q4:1.4.0.100 pkgsrc-2016Q4-base:1.4 pkgsrc-2016Q3:1.4.0.98 pkgsrc-2016Q3-base:1.4 pkgsrc-2016Q2:1.4.0.96 pkgsrc-2016Q2-base:1.4 pkgsrc-2016Q1:1.4.0.94 pkgsrc-2016Q1-base:1.4 pkgsrc-2015Q4:1.4.0.92 pkgsrc-2015Q4-base:1.4 pkgsrc-2015Q3:1.4.0.90 pkgsrc-2015Q3-base:1.4 pkgsrc-2015Q2:1.4.0.88 pkgsrc-2015Q2-base:1.4 pkgsrc-2015Q1:1.4.0.86 pkgsrc-2015Q1-base:1.4 pkgsrc-2014Q4:1.4.0.84 pkgsrc-2014Q4-base:1.4 pkgsrc-2014Q3:1.4.0.82 pkgsrc-2014Q3-base:1.4 pkgsrc-2014Q2:1.4.0.80 pkgsrc-2014Q2-base:1.4 pkgsrc-2014Q1:1.4.0.78 pkgsrc-2014Q1-base:1.4 pkgsrc-2013Q4:1.4.0.76 pkgsrc-2013Q4-base:1.4 pkgsrc-2013Q3:1.4.0.74 pkgsrc-2013Q3-base:1.4 pkgsrc-2013Q2:1.4.0.72 pkgsrc-2013Q2-base:1.4 pkgsrc-2013Q1:1.4.0.70 pkgsrc-2013Q1-base:1.4 pkgsrc-2012Q4:1.4.0.68 pkgsrc-2012Q4-base:1.4 pkgsrc-2012Q3:1.4.0.66 pkgsrc-2012Q3-base:1.4 pkgsrc-2012Q2:1.4.0.64 pkgsrc-2012Q2-base:1.4 pkgsrc-2012Q1:1.4.0.62 pkgsrc-2012Q1-base:1.4 pkgsrc-2011Q4:1.4.0.60 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q3:1.4.0.58 pkgsrc-2011Q3-base:1.4 pkgsrc-2011Q2:1.4.0.56 pkgsrc-2011Q2-base:1.4 pkgsrc-2011Q1:1.4.0.54 pkgsrc-2011Q1-base:1.4 pkgsrc-2010Q4:1.4.0.52 pkgsrc-2010Q4-base:1.4 pkgsrc-2010Q3:1.4.0.50 pkgsrc-2010Q3-base:1.4 pkgsrc-2010Q2:1.4.0.48 pkgsrc-2010Q2-base:1.4 pkgsrc-2010Q1:1.4.0.46 pkgsrc-2010Q1-base:1.4 pkgsrc-2009Q4:1.4.0.44 pkgsrc-2009Q4-base:1.4 pkgsrc-2009Q3:1.4.0.42 pkgsrc-2009Q3-base:1.4 pkgsrc-2009Q2:1.4.0.40 pkgsrc-2009Q2-base:1.4 pkgsrc-2009Q1:1.4.0.38 pkgsrc-2009Q1-base:1.4 pkgsrc-2008Q4:1.4.0.36 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.34 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.32 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.30 pkgsrc-2008Q2-base:1.4 cwrapper:1.4.0.28 pkgsrc-2008Q1:1.4.0.26 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.24 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.22 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.4.0.20 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.18 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.16 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.14 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.4.0.12 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.4.0.10 pkgsrc-2006Q1-base:1.4 pkgsrc-2005Q4:1.4.0.8 pkgsrc-2005Q4-base:1.4 pkgsrc-2005Q3:1.4.0.6 pkgsrc-2005Q3-base:1.4 pkgsrc-2005Q2:1.4.0.4 pkgsrc-2005Q2-base:1.4 pkgsrc-2005Q1:1.4.0.2 pkgsrc-2005Q1-base:1.4 pkgsrc-2004Q4:1.3.0.10 pkgsrc-2004Q4-base:1.3 pkgsrc-2004Q3:1.3.0.8 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.3.0.6 pkgsrc-2004Q2-base:1.3 pkgsrc-2004Q1:1.3.0.4 pkgsrc-2004Q1-base:1.3 pkgsrc-2003Q4:1.3.0.2 pkgsrc-2003Q4-base:1.3 buildlink2-base:1.3 netbsd-1-4-RELEASE:1.2; locks; strict; comment @# @; 1.4 date 2005.01.21.14.42.10; author wiz; state Exp; branches; next 1.3; 1.3 date 99.05.22.22.07.04; author tv; state dead; branches 1.3.10.1; next 1.2; 1.2 date 99.02.10.14.53.34; author frueauf; state Exp; branches; next 1.1; 1.1 date 98.12.26.15.46.10; author garbled; state Exp; branches; next ; 1.3.10.1 date 2005.01.21.15.32.27; author salo; state Exp; branches; next ; desc @@ 1.4 log @Add two patches from RedHat, fixing CAN-2004-0947 and CAN-2004-1027. Bump PKGREVISION. @ text @$NetBSD$ --- sanitize.c.orig 2005-01-21 15:34:42.000000000 +0100 +++ sanitize.c @@@@ -0,0 +1,81 @@@@ +/* + * Path sanitation code by Ludwig Nussel . Public Domain. + */ + +#include "unarj.h" + +#include +#include +#include + +#ifndef PATH_CHAR +#define PATH_CHAR '/' +#endif +#ifndef MIN +#define MIN(x,y) ((x)<(y)?(x):(y)) +#endif + +/* copy src into dest converting the path to a relative one inside the current + * directory. dest must hold at least len bytes */ +void copy_path_relative(char *dest, char *src, size_t len) +{ + char* o = dest; + char* p = src; + + *o = '\0'; + + while(*p && *p == PATH_CHAR) ++p; + for(; len && *p;) + { + src = p; + p = strchr(src, PATH_CHAR); + if(!p) p = src+strlen(src); + + /* . => skip */ + if(p-src == 1 && *src == '.' ) + { + if(*p) src = ++p; + } + /* .. => pop one */ + else if(p-src == 2 && *src == '.' && src[1] == '.') + { + if(o != dest) + { + char* tmp; + *o = '\0'; + tmp = strrchr(dest, PATH_CHAR); + if(!tmp) + { + len += o-dest; + o = dest; + if(*p) ++p; + } + else + { + len += o-tmp; + o = tmp; + if(*p) ++p; + } + } + else /* nothing to pop */ + if(*p) ++p; + } + else + { + size_t copy; + if(o != dest) + { + --len; + *o++ = PATH_CHAR; + } + copy = MIN(p-src,len); + memcpy(o, src, copy); + len -= copy; + src += copy; + o += copy; + if(*p) ++p; + } + while(*p && *p == PATH_CHAR) ++p; + } + o[len?0:-1] = '\0'; +} @ 1.3 log @Update to 2.43, clean up. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.2 1999/02/10 14:53:34 frueauf Exp $ d3 84 a86 14 *** Makefile.old Wed Jul 17 22:02:20 1991 --- Makefile Wed Dec 28 04:39:21 1994 *************** *** 1,5 **** ! ! CC=cc all: unarj --- 1,4 ---- ! CFLAGS+=-DUNIX all: unarj @ 1.3.10.1 log @Pullup ticket 240 - requested by Thomas Klausner security fix for unarj Revisions pulled up: - pkgsrc/archivers/unarj/Makefile 1.18-1.19 - pkgsrc/archivers/unarj/PLIST 1.2 - pkgsrc/archivers/unarj/distinfo 1.3-1.4 - pkgsrc/archivers/unarj/files/Makefile 1.1-1.2 - pkgsrc/archivers/unarj/patches/patch-aa 1.6 - pkgsrc/archivers/unarj/patches/patch-ab 1.4 - pkgsrc/archivers/unarj/patches/patch-ad 1.1 Module Name: pkgsrc Committed By: wiz Date: Fri Jan 21 14:30:05 UTC 2005 Modified Files: pkgsrc/archivers/unarj: Makefile PLIST distinfo Log Message: Update to 2.65. (Documented) changes: UNARJ 2.65 - Fixed table boundaries per suggestion of UNARJ 2.63 - Added additional header data checks. UNARJ 2.61 - Added chapter and encryption information. --- Module Name: pkgsrc Committed By: wiz Date: Fri Jan 21 14:30:32 UTC 2005 Added Files: pkgsrc/archivers/unarj/files: Makefile Log Message: Add Makefile, since distfiles comes without one. -- Module Name: pkgsrc Committed By: wiz Date: Fri Jan 21 14:41:16 UTC 2005 Modified Files: pkgsrc/archivers/unarj/patches: patch-aa Log Message: regen with correct offsets -- Module Name: pkgsrc Committed By: wiz Date: Fri Jan 21 14:42:10 UTC 2005 Modified Files: pkgsrc/archivers/unarj: Makefile distinfo pkgsrc/archivers/unarj/files: Makefile Added Files: pkgsrc/archivers/unarj/patches: patch-ab patch-ad Log Message: Add two patches from RedHat, fixing CAN-2004-0947 and CAN-2004-1027. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.4 2005/01/21 14:42:10 wiz Exp $ d3 14 a16 84 --- sanitize.c.orig 2005-01-21 15:34:42.000000000 +0100 +++ sanitize.c @@@@ -0,0 +1,81 @@@@ +/* + * Path sanitation code by Ludwig Nussel . Public Domain. + */ + +#include "unarj.h" + +#include +#include +#include + +#ifndef PATH_CHAR +#define PATH_CHAR '/' +#endif +#ifndef MIN +#define MIN(x,y) ((x)<(y)?(x):(y)) +#endif + +/* copy src into dest converting the path to a relative one inside the current + * directory. dest must hold at least len bytes */ +void copy_path_relative(char *dest, char *src, size_t len) +{ + char* o = dest; + char* p = src; + + *o = '\0'; + + while(*p && *p == PATH_CHAR) ++p; + for(; len && *p;) + { + src = p; + p = strchr(src, PATH_CHAR); + if(!p) p = src+strlen(src); + + /* . => skip */ + if(p-src == 1 && *src == '.' ) + { + if(*p) src = ++p; + } + /* .. => pop one */ + else if(p-src == 2 && *src == '.' && src[1] == '.') + { + if(o != dest) + { + char* tmp; + *o = '\0'; + tmp = strrchr(dest, PATH_CHAR); + if(!tmp) + { + len += o-dest; + o = dest; + if(*p) ++p; + } + else + { + len += o-tmp; + o = tmp; + if(*p) ++p; + } + } + else /* nothing to pop */ + if(*p) ++p; + } + else + { + size_t copy; + if(o != dest) + { + --len; + *o++ = PATH_CHAR; + } + copy = MIN(p-src,len); + memcpy(o, src, copy); + len -= copy; + src += copy; + o += copy; + if(*p) ++p; + } + while(*p && *p == PATH_CHAR) ++p; + } + o[len?0:-1] = '\0'; +} @ 1.2 log @pkglint: add missing rcs ids. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Break patch into multiple patches. Fix install target to work. Minor LP64 cleanup. (fix lack of needed headers) @ text @d1 2 @