update version to 0.8
This commit is contained in:
yang_zhuang_zhuang
parent
308bf3a7d9
commit
c615de3def
@ -1,37 +0,0 @@
|
||||
From e9c3024874007015ff7ebd66ecff086698b9db91 Mon Sep 17 00:00:00 2001
|
||||
From: Stuart Caie <kyzer@cabextract.org.uk>
|
||||
Date: Wed, 17 Oct 2018 11:29:03 +0100
|
||||
Subject: [PATCH] Avoid returning CHM file entries that are "blank" because
|
||||
they have embedded null bytes (cherry picked from commit
|
||||
8759da8db6ec9e866cb8eb143313f397f925bb4f)
|
||||
|
||||
https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f
|
||||
---
|
||||
libmspack/mspack/chmd.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/mspack/chmd.c b/mspack/chmd.c
|
||||
index 014e71e..0f6c3a3 100644
|
||||
--- a/mspack/chmd.c
|
||||
+++ b/mspack/chmd.c
|
||||
@@ -447,14 +447,14 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,
|
||||
while (num_entries--) {
|
||||
READ_ENCINT(name_len);
|
||||
if (name_len > (unsigned int) (end - p)) goto chunk_end;
|
||||
- /* consider blank filenames to be an error */
|
||||
- if (name_len == 0) goto chunk_end;
|
||||
name = p; p += name_len;
|
||||
-
|
||||
READ_ENCINT(section);
|
||||
READ_ENCINT(offset);
|
||||
READ_ENCINT(length);
|
||||
|
||||
+ /* ignore blank or one-char (e.g. "/") filenames we'd return as blank */
|
||||
+ if (name_len < 2 || !name[0] || !name[1]) continue;
|
||||
+
|
||||
/* empty files and directory names are stored as a file entry at
|
||||
* offset 0 with length 0. We want to keep empty files, but not
|
||||
* directory names, which end with a "/" */
|
||||
--
|
||||
1.7.12.4
|
||||
|
||||
@ -1,174 +0,0 @@
|
||||
From 7cadd489698be117c47efcadd742651594429e6d Mon Sep 17 00:00:00 2001
|
||||
From: Stuart Caie <kyzer@cabextract.org.uk>
|
||||
Date: Sat, 20 Oct 2018 19:06:32 +0100
|
||||
Subject: [PATCH] add anti "../" and leading slash protection to chmextract
|
||||
|
||||
---
|
||||
libmspack/src/chmextract.c | 140 +++++--------------------------------
|
||||
1 files changed, 17 insertions(+), 123 deletions(-)
|
||||
|
||||
diff --git a/libmspack/src/chmextract.c b/libmspack/src/chmextract.c
|
||||
index 1e03341..b535f0e 100644
|
||||
--- a/src/chmextract.c
|
||||
+++ b/src/chmextract.c
|
||||
@@ -25,8 +25,6 @@
|
||||
|
||||
mode_t user_umask;
|
||||
|
||||
-#define FILENAME ".test.chmx"
|
||||
-
|
||||
/**
|
||||
* Ensures that all directory components in a filepath exist. New directory
|
||||
* components are created, if necessary.
|
||||
@@ -51,126 +49,22 @@ static int ensure_filepath(char *path) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
-/**
|
||||
- * Creates a UNIX filename from the internal CAB filename and the given
|
||||
- * parameters.
|
||||
- *
|
||||
- * @param fname the internal CAB filename.
|
||||
- * @param dir a directory path to prepend to the output filename.
|
||||
- * @param lower if non-zero, filename should be made lower-case.
|
||||
- * @param isunix if zero, MS-DOS path seperators are used in the internal
|
||||
- * CAB filename. If non-zero, UNIX path seperators are used.
|
||||
- * @param utf8 if non-zero, the internal CAB filename is encoded in UTF8.
|
||||
- * @return a freshly allocated and created filename, or NULL if there was
|
||||
- * not enough memory.
|
||||
- * @see unix_path_seperators()
|
||||
- */
|
||||
-static char *create_output_name(unsigned char *fname, unsigned char *dir,
|
||||
- int lower, int isunix, int utf8)
|
||||
-{
|
||||
- unsigned char *p, *name, c, *fe, sep, slash;
|
||||
- unsigned int x;
|
||||
-
|
||||
- sep = (isunix) ? '/' : '\\'; /* the path-seperator */
|
||||
- slash = (isunix) ? '\\' : '/'; /* the other slash */
|
||||
-
|
||||
- /* length of filename */
|
||||
- x = strlen((char *) fname);
|
||||
- /* UTF8 worst case scenario: tolower() expands all chars from 1 to 3 bytes */
|
||||
- if (utf8) x *= 3;
|
||||
- /* length of output directory */
|
||||
- if (dir) x += strlen((char *) dir);
|
||||
-
|
||||
- if (!(name = (unsigned char *) malloc(x + 2))) {
|
||||
- fprintf(stderr, "out of memory!\n");
|
||||
- return NULL;
|
||||
- }
|
||||
-
|
||||
- /* start with blank name */
|
||||
- *name = '\0';
|
||||
-
|
||||
- /* add output directory if needed */
|
||||
- if (dir) {
|
||||
- strcpy((char *) name, (char *) dir);
|
||||
- strcat((char *) name, "/");
|
||||
- }
|
||||
-
|
||||
- /* remove leading slashes */
|
||||
- while (*fname == sep) fname++;
|
||||
-
|
||||
- /* copy from fi->filename to new name, converting MS-DOS slashes to UNIX
|
||||
- * slashes as we go. Also lowercases characters if needed.
|
||||
- */
|
||||
- p = &name[strlen((char *)name)];
|
||||
- fe = &fname[strlen((char *)fname)];
|
||||
-
|
||||
- if (utf8) {
|
||||
- /* UTF8 translates two-byte unicode characters into 1, 2 or 3 bytes.
|
||||
- * %000000000xxxxxxx -> %0xxxxxxx
|
||||
- * %00000xxxxxyyyyyy -> %110xxxxx %10yyyyyy
|
||||
- * %xxxxyyyyyyzzzzzz -> %1110xxxx %10yyyyyy %10zzzzzz
|
||||
- *
|
||||
- * Therefore, the inverse is as follows:
|
||||
- * First char:
|
||||
- * 0x00 - 0x7F = one byte char
|
||||
- * 0x80 - 0xBF = invalid
|
||||
- * 0xC0 - 0xDF = 2 byte char (next char only 0x80-0xBF is valid)
|
||||
- * 0xE0 - 0xEF = 3 byte char (next 2 chars only 0x80-0xBF is valid)
|
||||
- * 0xF0 - 0xFF = invalid
|
||||
- */
|
||||
- do {
|
||||
- if (fname >= fe) {
|
||||
- free(name);
|
||||
- return NULL;
|
||||
- }
|
||||
-
|
||||
- /* get next UTF8 char */
|
||||
- if ((c = *fname++) < 0x80) x = c;
|
||||
- else {
|
||||
- if ((c >= 0xC0) && (c < 0xE0)) {
|
||||
- x = (c & 0x1F) << 6;
|
||||
- x |= *fname++ & 0x3F;
|
||||
- }
|
||||
- else if ((c >= 0xE0) && (c < 0xF0)) {
|
||||
- x = (c & 0xF) << 12;
|
||||
- x |= (*fname++ & 0x3F) << 6;
|
||||
- x |= *fname++ & 0x3F;
|
||||
- }
|
||||
- else x = '?';
|
||||
- }
|
||||
-
|
||||
- /* whatever is the path seperator -> '/'
|
||||
- * whatever is the other slash -> '\\'
|
||||
- * otherwise, if lower is set, the lowercase version */
|
||||
- if (x == sep) x = '/';
|
||||
- else if (x == slash) x = '\\';
|
||||
- else if (lower) x = (unsigned int) tolower((int) x);
|
||||
-
|
||||
- /* integer back to UTF8 */
|
||||
- if (x < 0x80) {
|
||||
- *p++ = (unsigned char) x;
|
||||
- }
|
||||
- else if (x < 0x800) {
|
||||
- *p++ = 0xC0 | (x >> 6);
|
||||
- *p++ = 0x80 | (x & 0x3F);
|
||||
- }
|
||||
- else {
|
||||
- *p++ = 0xE0 | (x >> 12);
|
||||
- *p++ = 0x80 | ((x >> 6) & 0x3F);
|
||||
- *p++ = 0x80 | (x & 0x3F);
|
||||
- }
|
||||
- } while (x);
|
||||
- }
|
||||
- else {
|
||||
- /* regular non-utf8 version */
|
||||
- do {
|
||||
- c = *fname++;
|
||||
- if (c == sep) c = '/';
|
||||
- else if (c == slash) c = '\\';
|
||||
- else if (lower) c = (unsigned char) tolower((int) c);
|
||||
- } while ((*p++ = c));
|
||||
- }
|
||||
- return (char *) name;
|
||||
+char *create_output_name(char *fname) {
|
||||
+ char *out, *p;
|
||||
+ if ((out = malloc(strlen(fname) + 1))) {
|
||||
+ /* remove leading slashes */
|
||||
+ while (*fname == '/' || *fname == '\\') fname++;
|
||||
+ /* if that removes all characters, just call it "x" */
|
||||
+ strcpy(out, (*fname) ? fname : "x");
|
||||
+
|
||||
+ /* change "../" to "xx/" */
|
||||
+ for (p = out; *p; p++) {
|
||||
+ if (p[0] == '.' && p[1] == '.' && (p[2] == '/' || p[2] == '\\')) {
|
||||
+ p[0] = p[1] = 'x';
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ return out;
|
||||
}
|
||||
|
||||
static int sortfunc(const void *a, const void *b) {
|
||||
@@ -205,7 +99,7 @@ int main(int argc, char *argv[]) {
|
||||
qsort(f, numf, sizeof(struct mschmd_file *), &sortfunc);
|
||||
|
||||
for (i = 0; i < numf; i++) {
|
||||
- char *outname = create_output_name((unsigned char *)f[i]->filename,NULL,0,1,0);
|
||||
+ char *outname = create_output_name(f[i]->filename);
|
||||
printf("Extracting %s\n", outname);
|
||||
ensure_filepath(outname);
|
||||
if (chmd->extract(chmd, f[i], outname)) {
|
||||
@ -1,9 +1,12 @@
|
||||
Backported of:
|
||||
|
||||
From 2f084136cfe0d05e5bf5703f3e83c6d955234b4d Mon Sep 17 00:00:00 2001
|
||||
From: Stuart Caie <kyzer@cabextract.org.uk>
|
||||
Date: Mon, 18 Feb 2019 13:04:58 +0000
|
||||
Subject: [PATCH] length checks when looking for control files
|
||||
|
||||
---
|
||||
libmspack/mspack/chmd.c | 24 +++++++++++-------------
|
||||
1 files changed, 11 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/mspack/chmd.c b/mspack/chmd.c
|
||||
index 91d926e..4813ccc 100644
|
||||
--- a/mspack/chmd.c
|
||||
|
||||
Binary file not shown.
BIN
libmspack-v0.8alpha.tar.gz
Normal file
BIN
libmspack-v0.8alpha.tar.gz
Normal file
Binary file not shown.
@ -1,14 +1,12 @@
|
||||
Name: libmspack
|
||||
Version: 0.7
|
||||
Release: 0.1.6
|
||||
Version: 0.8
|
||||
Release: 0.1.1
|
||||
Summary: Library for CAB and related files compression and decompression
|
||||
License: LGPLv2.1
|
||||
URL: http://www.cabextract.org.uk/libmspack/
|
||||
Source0: https://github.com/kyz/libmspack/archive/v0.7alpha/%{name}-v0.7alpha.tar.gz
|
||||
Source0: https://github.com/kyz/libmspack/archive/v0.8alpha/%{name}-v0.8alpha.tar.gz
|
||||
|
||||
Patch6000: CVE-2019-1010305.patch
|
||||
Patch6001: CVE-2018-18585.patch
|
||||
Patch6002: CVE-2018-18586.patch
|
||||
Patch0: CVE-2019-1010305.patch
|
||||
|
||||
BuildRequires: doxygen gcc autoconf automake libtool
|
||||
|
||||
@ -70,6 +68,12 @@ mv Changelog.utf8 ChangeLog
|
||||
%doc doc
|
||||
|
||||
%changelog
|
||||
* Thu Jan 21 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 0.8-0.1.1
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC:update version to 0.8
|
||||
|
||||
* Thu Jan 9 2020 chengquan<chengquan3@huawei.com> - 0.7-0.1.6
|
||||
- Type:bugfix
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user