update to unzip 5.51
This commit is contained in:
parent
d58c0e4dd1
commit
3c67f35287
@ -1,10 +1,9 @@
|
||||
# $OpenBSD: Makefile,v 1.32 2003/08/17 23:48:40 brad Exp $
|
||||
# $OpenBSD: Makefile,v 1.33 2004/06/24 21:35:14 sturm Exp $
|
||||
|
||||
COMMENT= "extract, list & test files in a ZIP archive"
|
||||
|
||||
VERSION= 5.50
|
||||
VERSION= 5.51
|
||||
DISTNAME= unzip${VERSION:S/.//}
|
||||
PKGNAME= unzip-${VERSION}p2
|
||||
CATEGORIES= archivers
|
||||
MASTER_SITES= ftp://ftp.info-zip.org/pub/infozip/src/ \
|
||||
ftp://ftp.uu.net/pub/archiving/zip/src/ \
|
||||
|
@ -1,3 +1,3 @@
|
||||
MD5 (unzip550.tar.gz) = 798592d62e37f92571184236947122ed
|
||||
RMD160 (unzip550.tar.gz) = 4eb8e5b4130b523681dd5ccf9c2f1434f9695c98
|
||||
SHA1 (unzip550.tar.gz) = 51034a8098eddc8facb4db9ea1a935e813dbdb73
|
||||
MD5 (unzip551.tar.gz) = 8a25712aac642430d87d21491f7c6bd1
|
||||
RMD160 (unzip551.tar.gz) = c38cf2c4c1341afcc75282caf088b3001bd99553
|
||||
SHA1 (unzip551.tar.gz) = 4643ca31419cfb34c9de8a182aabebd79662ba04
|
||||
|
@ -1,18 +0,0 @@
|
||||
$OpenBSD: patch-man_unzip_1,v 1.1 2003/08/17 23:48:40 brad Exp $
|
||||
--- man/unzip.1.orig 2002-02-10 17:09:20.000000000 -0500
|
||||
+++ man/unzip.1 2003-08-17 19:25:19.000000000 -0400
|
||||
@@ -396,7 +396,13 @@ version 5.50) prevents \fIunzip\fP from
|
||||
\fB\-:\fP option lets \fIunzip\fP switch back to its previous, more liberal
|
||||
behaviour, to allow exact extraction of (older) archives that used ``../''
|
||||
components to create multiple directory trees at the level of the current
|
||||
-extraction folder.
|
||||
+extraction folder. Use of this will not enable writing explicitly to the
|
||||
+root directory (``/''). To do this, it is necessary to unzip the file from
|
||||
+within the root directory itself. However, when the \fB\-:\fP option is
|
||||
+specified, it is still possible to write to implicitly write to the root
|
||||
+directory by specifiying enough ``../'' path components within the zip file.
|
||||
+Use this option with extreme caution.
|
||||
+
|
||||
.PD
|
||||
.\" =========================================================================
|
||||
.SH "ENVIRONMENT OPTIONS"
|
@ -1,6 +1,17 @@
|
||||
$OpenBSD: patch-unix_Makefile,v 1.2 2002/07/05 01:07:26 brad Exp $
|
||||
--- unix/Makefile.orig Sat Feb 16 12:00:38 2002
|
||||
+++ unix/Makefile Thu Jul 4 21:00:37 2002
|
||||
$OpenBSD: patch-unix_Makefile,v 1.3 2004/06/24 21:35:15 sturm Exp $
|
||||
--- unix/Makefile.orig Mon Mar 1 10:37:24 2004
|
||||
+++ unix/Makefile Thu Jun 24 15:28:24 2004
|
||||
@@ -42,8 +42,8 @@
|
||||
# such as -DDOSWILD).
|
||||
|
||||
# UnZip flags
|
||||
-CC = cc# try using "gcc" target rather than changing this (CC and LD
|
||||
-LD = $(CC)# must match, else "unresolved symbol: ___main" is possible)
|
||||
+#CC = cc# try using "gcc" target rather than changing this (CC and LD
|
||||
+#LD = $(CC)# must match, else "unresolved symbol: ___main" is possible)
|
||||
AS = as
|
||||
LOC = $(LOCAL_UNZIP)
|
||||
AF = $(LOC)
|
||||
@@ -61,8 +61,8 @@ FL2 = $(LF2)
|
||||
|
||||
# general-purpose stuff
|
||||
@ -8,22 +19,23 @@ $OpenBSD: patch-unix_Makefile,v 1.2 2002/07/05 01:07:26 brad Exp $
|
||||
-CP = ln
|
||||
-LN = ln
|
||||
+CP = ln -s
|
||||
+LN = ln -fs
|
||||
+LN = ln -sf
|
||||
RM = rm -f
|
||||
CHMOD = chmod
|
||||
BINPERMS = 755
|
||||
@@ -450,18 +450,16 @@ svr4package: unzips
|
||||
@@ -449,19 +449,17 @@ svr4package: unzips
|
||||
@echo " "
|
||||
|
||||
install: $(MANS)
|
||||
-$(INSTALL_D) $(BINDIR)
|
||||
- -$(INSTALL_D) $(BINDIR)
|
||||
- $(INSTALL_PROGRAM) $(UNZIPS) $(BINDIR)
|
||||
- $(INSTALL) unix/zipgrep $(BINDIR)
|
||||
+ -$(BSD_INSTALL_PROGRAM_DIR) $(BINDIR)
|
||||
+ $(BSD_INSTALL_PROGRAM) $(UNZIPS) $(BINDIR)
|
||||
+ $(BSD_INSTALL_SCRIPT) unix/zipgrep $(BINDIR)
|
||||
$(RM) $(BINDIR)/zipinfo$E
|
||||
- $(LN) $(BINDIR)/unzip$E $(BINDIR)/zipinfo$E
|
||||
+ cd $(BINDIR); $(LN) unzip$E zipinfo$E
|
||||
-$(INSTALL_D) $(MANDIR)
|
||||
- -$(INSTALL_D) $(MANDIR)
|
||||
- $(INSTALL) man/funzip.1 $(MANDIR)/funzip.$(manext)
|
||||
- $(INSTALL) man/unzip.1 $(MANDIR)/unzip.$(manext)
|
||||
- $(INSTALL) man/unzipsfx.1 $(MANDIR)/unzipsfx.$(manext)
|
||||
@ -31,6 +43,8 @@ $OpenBSD: patch-unix_Makefile,v 1.2 2002/07/05 01:07:26 brad Exp $
|
||||
- $(INSTALL) man/zipinfo.1 $(MANDIR)/zipinfo.$(manext)
|
||||
- $(CHMOD) $(BINPERMS) $(INSTALLEDBIN)
|
||||
- $(CHMOD) $(MANPERMS) $(INSTALLEDMAN)
|
||||
+ $(LN) $(TRUEPREFIX)/bin/unzip$E $(BINDIR)/zipinfo$E
|
||||
+ -$(BSD_INSTALL_MAN_DIR) $(MANDIR)
|
||||
+ $(BSD_INSTALL_MAN) man/funzip.1 $(MANDIR)/funzip.$(manext)
|
||||
+ $(BSD_INSTALL_MAN) man/unzip.1 $(MANDIR)/unzip.$(manext)
|
||||
+ $(BSD_INSTALL_MAN) man/unzipsfx.1 $(MANDIR)/unzipsfx.$(manext)
|
||||
@ -39,14 +53,12 @@ $OpenBSD: patch-unix_Makefile,v 1.2 2002/07/05 01:07:26 brad Exp $
|
||||
|
||||
uninstall:
|
||||
$(RM) $(INSTALLEDBIN) $(INSTALLEDMAN)
|
||||
@@ -569,8 +567,8 @@ generic_shlib: unix_make
|
||||
$(MAKE) objsdll CC=gcc CF="-O3 -Wall -I. -fPIC -DDLL $(LOC)"
|
||||
@@ -569,8 +567,6 @@ generic_shlib: unix_make
|
||||
$(MAKE) objsdll CC=gcc CF="-O3 -Wall -I. -fPIC -DDLL -DUNIX $(LOC)"
|
||||
gcc -shared -Wl,-soname,libunzip.so.0 -o libunzip.so.0.4 $(OBJSDLL)
|
||||
$(RM) libunzip.so.0 libunzip.so
|
||||
- $(LN) -s libunzip.so.0.4 libunzip.so.0
|
||||
- $(LN) -s libunzip.so.0 libunzip.so
|
||||
+ $(LN) libunzip.so.0.4 libunzip.so.0
|
||||
+ $(LN) libunzip.so.0 libunzip.so
|
||||
gcc -c -O unzipstb.c
|
||||
gcc -o unzip_shlib unzipstb.o -L. -lunzip
|
||||
|
||||
|
@ -1,110 +0,0 @@
|
||||
$OpenBSD: patch-unix_unix_c,v 1.2 2003/08/17 23:48:40 brad Exp $
|
||||
--- unix/unix.c.orig 2002-01-21 17:54:42.000000000 -0500
|
||||
+++ unix/unix.c 2003-08-17 19:25:19.000000000 -0400
|
||||
@@ -421,7 +421,8 @@ int mapname(__G__ renamed)
|
||||
*/
|
||||
{
|
||||
char pathcomp[FILNAMSIZ]; /* path-component buffer */
|
||||
- char *pp, *cp=(char *)NULL; /* character pointers */
|
||||
+ char *pp, *cp=(char *)NULL, /* character pointers */
|
||||
+ *dp=(char *)NULL;
|
||||
char *lastsemi=(char *)NULL; /* pointer to last semi-colon in pathcomp */
|
||||
#ifdef ACORN_FTYPE_NFS
|
||||
char *lastcomma=(char *)NULL; /* pointer to last comma in pathcomp */
|
||||
@@ -429,6 +430,8 @@ int mapname(__G__ renamed)
|
||||
#endif
|
||||
int quote = FALSE; /* flags */
|
||||
int killed_ddot = FALSE; /* is set when skipping "../" pathcomp */
|
||||
+ int killed_qslash = FALSE; /* is set when skipping "^V/" pathcomp */
|
||||
+ int snarf_ddot = FALSE; /* Is set while scanning for "../" */
|
||||
int error = MPN_OK;
|
||||
register unsigned workch; /* hold the character being tested */
|
||||
|
||||
@@ -467,6 +470,18 @@ int mapname(__G__ renamed)
|
||||
while ((workch = (uch)*cp++) != 0) {
|
||||
|
||||
if (quote) { /* if character quoted, */
|
||||
+ if (pp == pathcomp) {
|
||||
+ quote = FALSE;
|
||||
+ if (workch == '.')
|
||||
+ /* Oh no you don't... */
|
||||
+ goto ddot_hack;
|
||||
+ if (workch == '/') {
|
||||
+ /* We *never* allow quote-slash at the beginning */
|
||||
+ killed_qslash = TRUE;
|
||||
+ continue;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
*pp++ = (char)workch; /* include it literally */
|
||||
quote = FALSE;
|
||||
} else
|
||||
@@ -481,15 +496,45 @@ int mapname(__G__ renamed)
|
||||
break;
|
||||
|
||||
case '.':
|
||||
- if (pp == pathcomp) { /* nothing appended yet... */
|
||||
+ if (pp == pathcomp) {
|
||||
+ddot_hack:
|
||||
+ /* nothing appended yet... */
|
||||
if (*cp == '/') { /* don't bother appending "./" to */
|
||||
++cp; /* the path: skip behind the '/' */
|
||||
break;
|
||||
- } else if (!uO.ddotflag && *cp == '.' && cp[1] == '/') {
|
||||
- /* "../" dir traversal detected */
|
||||
- cp += 2; /* skip over behind the '/' */
|
||||
- killed_ddot = TRUE; /* set "show message" flag */
|
||||
- break;
|
||||
+ } else if (!uO.ddotflag) {
|
||||
+
|
||||
+ /*
|
||||
+ * SECURITY: Skip past control characters if the user
|
||||
+ * didn't OK use of absolute pathnames. lhh - this is
|
||||
+ * a very quick, ugly, inefficient fix; it traverses
|
||||
+ * the WHOLE path, eating up these as it comes to it.
|
||||
+ */
|
||||
+ dp = cp;
|
||||
+ do {
|
||||
+ workch = (uch)(*dp);
|
||||
+ if (workch == '/' && snarf_ddot) {
|
||||
+ /* "../" dir traversal detected */
|
||||
+ cp = dp + 1; /* skip past the '/' */
|
||||
+ killed_ddot = TRUE; /* set "show msg" flag */
|
||||
+ break;
|
||||
+ } else if (workch == '.' && !snarf_ddot) {
|
||||
+ snarf_ddot = TRUE;
|
||||
+ } else if (isprint(workch) ||
|
||||
+ ((workch > 127) && (workch <= 254))) {
|
||||
+ /*
|
||||
+ * Since we found a printable, non-ctrl char,
|
||||
+ * we can stop looking for '../', the amount
|
||||
+ * in ../!
|
||||
+ */
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ dp++;
|
||||
+ } while (*dp != 0);
|
||||
+
|
||||
+ if (killed_ddot)
|
||||
+ break;
|
||||
}
|
||||
}
|
||||
*pp++ = '.';
|
||||
@@ -534,6 +579,16 @@ int mapname(__G__ renamed)
|
||||
error = (error & MPN_MASK) | PK_WARN;
|
||||
}
|
||||
|
||||
+ /* Show warning when stripping insecure quoted-slash at beginning of
|
||||
+ path components */
|
||||
+ if (killed_qslash && QCOND2) {
|
||||
+ Info(slide, 0, ((char *)slide,
|
||||
+ "warning: skipped root directory component(s) in %s\n",
|
||||
+ FnFilter1(G.filename)));
|
||||
+ if (!(error & ~MPN_MASK))
|
||||
+ error = (error & MPN_MASK) | PK_WARN;
|
||||
+ }
|
||||
+
|
||||
/*---------------------------------------------------------------------------
|
||||
Report if directory was created (and no file to create: filename ended
|
||||
in '/'), check name to be sure it exists, and combine path and name be-
|
Loading…
Reference in New Issue
Block a user