Security fix bug #93054

Package-Manager: portage-2.0.51.19

2 files changed, 48 insertions, 0 deletions

diff --git a/app-cdr/extract-xiso/files/extract-xiso-2.4_beta2-64bitfix.patch b/app-cdr/extract-xiso/files/extract-xiso-2.4_beta2-64bitfix.patch
new file mode 100644
index 000000000000..7f673561195c
--- /dev/null
+++ b/app-cdr/extract-xiso/files/extract-xiso-2.4_beta2-64bitfix.patch
@@ -0,0 +1,29 @@
+--- extract-xiso.c~	2004-05-04 21:39:30.000000000 +0200
++++ extract-xiso.c	2005-01-29 10:48:32.603567584 +0100
+@@ -631,7 +631,7 @@
+ int extract_file( int in_xiso, dir_node *in_file, modes in_mode );
+ int open_ftp_connection( char *in_host, char *in_user, char *in_password, FTP **out_ftp );
+ int decode_xiso( char *in_xiso, char *in_path, modes in_mode, char **out_iso_path, bool in_ll_compat );
+-int verify_xiso( int in_xiso, unsigned long *out_root_dir_sector, unsigned long *out_root_dir_size, char *in_iso_name );
++int verify_xiso( int in_xiso, int32_t *out_root_dir_sector, int32_t *out_root_dir_size, char *in_iso_name );
+ int traverse_xiso( int in_xiso, dir_node *in_dir_node, xoff_t in_dir_start, char *in_path, modes in_mode, dir_node_avl **in_root, bool in_ll_compat );
+ int create_xiso( char *in_root_directory, char *in_output_directory, dir_node_avl *in_root, int in_xiso, char **out_iso_path, char *in_name, progress_callback in_progress_callback );
+ 
+@@ -980,7 +980,7 @@
+ #endif
+ 
+ 
+-int verify_xiso( int in_xiso, unsigned long *out_root_dir_sector, unsigned long *out_root_dir_size, char *in_iso_name ) {
++int verify_xiso( int in_xiso, int32_t *out_root_dir_sector, int32_t *out_root_dir_size, char *in_iso_name ) {
+ 	int				err = 0;
+ 	char			buffer[ XISO_HEADER_DATA_LENGTH ];
+ 
+@@ -1187,7 +1187,7 @@
+ int decode_xiso( char *in_xiso, char *in_path, modes in_mode, char **out_iso_path, bool in_ll_compat ) {
+ 	dir_node_avl		   *root = nil;
+ 	bool					repair = false;
+-	unsigned long			root_dir_sect, root_dir_size;
++	int32_t			root_dir_sect, root_dir_size;
+ 	int						xiso, err = 0, len, path_len = 0, add_slash = 0;
+ 	char				   *buf, *cwd = nil, *name = nil, *short_name = nil, *iso_name;
+ 
diff --git a/app-cdr/extract-xiso/files/extract-xiso-2.4_beta2-fnamefix.patch b/app-cdr/extract-xiso/files/extract-xiso-2.4_beta2-fnamefix.patch
new file mode 100644
index 000000000000..f7628bfe6239
--- /dev/null
+++ b/app-cdr/extract-xiso/files/extract-xiso-2.4_beta2-fnamefix.patch
@@ -0,0 +1,19 @@
+Common subdirectories: extract-xiso.orig/darwin and extract-xiso/darwin
+diff -u extract-xiso.orig/extract-xiso.c extract-xiso/extract-xiso.c
+--- extract-xiso.orig/extract-xiso.c	2005-05-21 10:59:45.065431800 +0000
++++ extract-xiso/extract-xiso.c	2005-05-21 10:59:23.935644016 +0000
+@@ -1345,6 +1345,11 @@
+ 	if ( ! err ) {
+ 		if ( read( in_xiso, dir->filename, dir->filename_length ) != dir->filename_length ) read_err();
+ 		if ( ! err ) dir->filename[ dir->filename_length ] = 0;
++		if (strstr(dir->filename,"..") || strchr(dir->filename, '/') || strchr(dir->filename, '\\'))
++		  {
++		    printf("Filename contains invalid characters");
++		    exit(1);
++		  }
+ 	}
+ 
+ 	if ( ! err && in_mode == k_generate_avl ) {
+Common subdirectories: extract-xiso.orig/libftp-5.0.1.modified.by.in and extract-xiso/libftp-5.0.1.modified.by.in
+Common subdirectories: extract-xiso.orig/visual_c++_project and extract-xiso/visual_c++_project
+Common subdirectories: extract-xiso.orig/win32 and extract-xiso/win32