Hello community,
here is the log from the commit of package unrar for openSUSE:Factory:NonFree checked in at 2017-07-04 09:12:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory:NonFree/unrar (Old)
and /work/SRC/openSUSE:Factory:NonFree/.unrar.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unrar"
Tue Jul 4 09:12:29 2017 rev:66 rq:507803 version:5.5.6
Changes:
--------
--- /work/SRC/openSUSE:Factory:NonFree/unrar/unrar.changes 2017-06-28 10:38:05.192096936 +0200
+++ /work/SRC/openSUSE:Factory:NonFree/.unrar.new/unrar.changes 2017-07-04 09:12:36.879874950 +0200
@@ -1,0 +2,6 @@
+Mon Jul 3 12:09:04 UTC 2017 - idonmez@suse.com
+
+- Update to version 5.5.6
+ * No changelog upstream
+
+-------------------------------------------------------------------
Old:
----
unrarsrc-5.5.5.tar.gz
New:
----
unrarsrc-5.5.6.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ unrar.spec ++++++
--- /var/tmp/diff_new_pack.33bn1a/_old 2017-07-04 09:12:41.239261887 +0200
+++ /var/tmp/diff_new_pack.33bn1a/_new 2017-07-04 09:12:41.243261324 +0200
@@ -18,10 +18,10 @@
# majorversion should match the major version number.
%define majorversion 5
-%define libsuffix 5_5_5
+%define libsuffix 5_5_6
Name: unrar
-Version: 5.5.5
+Version: 5.5.6
Release: 0
Summary: A program to extract, test, and view RAR archives
License: SUSE-NonFree
++++++ unrarsrc-5.5.5.tar.gz -> unrarsrc-5.5.6.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/crypt5.cpp new/unrar/crypt5.cpp
--- old/unrar/crypt5.cpp 2017-06-16 09:02:22.000000000 +0200
+++ new/unrar/crypt5.cpp 2017-07-02 09:52:35.000000000 +0200
@@ -67,10 +67,10 @@
sha256_process(&RCtx, KeyBuf, Sha256BlockSize); // Hash padded key.
}
- if (ICtxOpt!=NULL && !*SetROpt) // Store constant context for further reuse.
+ if (RCtxOpt!=NULL && !*SetROpt) // Store constant context for further reuse.
{
*RCtxOpt=RCtx;
- *SetIOpt=true;
+ *SetROpt=true;
}
sha256_process(&RCtx, IDig, SHA256_DIGEST_SIZE); // Hash internal digest.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/dll.rc new/unrar/dll.rc
--- old/unrar/dll.rc 2017-06-16 08:56:20.000000000 +0200
+++ new/unrar/dll.rc 2017-07-02 09:48:59.000000000 +0200
@@ -2,8 +2,8 @@
#include
VS_VERSION_INFO VERSIONINFO
-FILEVERSION 5, 50, 4, 2362
-PRODUCTVERSION 5, 50, 4, 2362
+FILEVERSION 5, 50, 5, 2378
+PRODUCTVERSION 5, 50, 5, 2378
FILEOS VOS__WINDOWS32
FILETYPE VFT_APP
{
@@ -14,8 +14,8 @@
VALUE "CompanyName", "Alexander Roshal\0"
VALUE "ProductName", "RAR decompression library\0"
VALUE "FileDescription", "RAR decompression library\0"
- VALUE "FileVersion", "5.50.4\0"
- VALUE "ProductVersion", "5.50.4\0"
+ VALUE "FileVersion", "5.50.5\0"
+ VALUE "ProductVersion", "5.50.5\0"
VALUE "LegalCopyright", "Copyright � Alexander Roshal 1993-2017\0"
VALUE "OriginalFilename", "Unrar.dll\0"
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/extinfo.cpp new/unrar/extinfo.cpp
--- old/unrar/extinfo.cpp 2017-06-16 09:02:22.000000000 +0200
+++ new/unrar/extinfo.cpp 2017-07-02 09:52:35.000000000 +0200
@@ -74,34 +74,63 @@
-bool IsRelativeSymlinkSafe(const wchar *SrcName,const wchar *TargetName)
+// Calculate a number of path components except \. and \..
+static int CalcAllowedDepth(const wchar *Name)
{
- if (IsFullRootPath(SrcName))
- return false;
int AllowedDepth=0;
- while (*SrcName!=0)
+ while (*Name!=0)
{
- if (IsPathDiv(SrcName[0]) && SrcName[1]!=0 && !IsPathDiv(SrcName[1]))
+ if (IsPathDiv(Name[0]) && Name[1]!=0 && !IsPathDiv(Name[1]))
{
- bool Dot=SrcName[1]=='.' && (IsPathDiv(SrcName[2]) || SrcName[2]==0);
- bool Dot2=SrcName[1]=='.' && SrcName[2]=='.' && (IsPathDiv(SrcName[3]) || SrcName[3]==0);
+ bool Dot=Name[1]=='.' && (IsPathDiv(Name[2]) || Name[2]==0);
+ bool Dot2=Name[1]=='.' && Name[2]=='.' && (IsPathDiv(Name[3]) || Name[3]==0);
if (!Dot && !Dot2)
AllowedDepth++;
}
- SrcName++;
+ Name++;
}
- if (IsFullRootPath(TargetName)) // Catch root dir based /path/file paths.
+ return AllowedDepth;
+}
+
+
+bool IsRelativeSymlinkSafe(CommandData *Cmd,const wchar *SrcName,const wchar *PrepSrcName,const wchar *TargetName)
+{
+ // Catch root dir based /path/file paths also as stuff like \\?\.
+ // Do not check PrepSrcName here, it can be root based if destination path
+ // is a root based.
+ if (IsFullRootPath(SrcName) || IsFullRootPath(TargetName))
return false;
+
+ // We could check just prepared src name, but for extra safety
+ // we check both original (as from archive header) and prepared
+ // (after applying the destination path and -ep switches) names.
+
+ int AllowedDepth=CalcAllowedDepth(SrcName); // Original name depth.
+
+ // Remove the destination path from prepared name if any. We should not
+ // count the destination path depth, because the link target must point
+ // inside of this path, not outside of it.
+ size_t ExtrPathLength=wcslen(Cmd->ExtrPath);
+ if (ExtrPathLength>0 && wcsncmp(PrepSrcName,Cmd->ExtrPath,ExtrPathLength)==0)
+ {
+ PrepSrcName+=ExtrPathLength;
+ while (IsPathDiv(*PrepSrcName))
+ PrepSrcName++;
+ }
+ int PrepAllowedDepth=CalcAllowedDepth(PrepSrcName);
+
+ // Number of ".." in link target.
+ int UpLevels=0;
for (int Pos=0;*TargetName!=0;Pos++)
{
bool Dot2=TargetName[0]=='.' && TargetName[1]=='.' &&
(IsPathDiv(TargetName[2]) || TargetName[2]==0) &&
(Pos==0 || IsPathDiv(*(TargetName-1)));
if (Dot2)
- AllowedDepth--;
+ UpLevels++;
TargetName++;
}
- return AllowedDepth>=0;
+ return AllowedDepth>=UpLevels && PrepAllowedDepth>=UpLevels;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/extinfo.hpp new/unrar/extinfo.hpp
--- old/unrar/extinfo.hpp 2017-06-16 09:02:22.000000000 +0200
+++ new/unrar/extinfo.hpp 2017-07-02 09:52:35.000000000 +0200
@@ -1,7 +1,7 @@
#ifndef _RAR_EXTINFO_
#define _RAR_EXTINFO_
-bool IsRelativeSymlinkSafe(const wchar *SrcName,const wchar *TargetName);
+bool IsRelativeSymlinkSafe(CommandData *Cmd,const wchar *SrcName,const wchar *PrepSrcName,const wchar *TargetName);
bool ExtractSymlink(CommandData *Cmd,ComprDataIO &DataIO,Archive &Arc,const wchar *LinkName);
#ifdef _UNIX
void SetUnixOwner(Archive &Arc,const wchar *FileName);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/extract.cpp new/unrar/extract.cpp
--- old/unrar/extract.cpp 2017-06-16 09:02:22.000000000 +0200
+++ new/unrar/extract.cpp 2017-07-02 09:52:35.000000000 +0200
@@ -525,6 +525,9 @@
return true;
TotalFileCount++;
ExtrCreateDir(Arc,ArcFileName);
+ // It is important to not increment MatchedArgs here, so we extract
+ // dir with its entire contents and not dir record only even if
+ // dir record precedes files.
return true;
}
else
@@ -757,6 +760,9 @@
}
}
}
+ // It is important to increment it for files, but not dirs. So we extract
+ // dir with its entire contents, not just dir record only even if dir
+ // record precedes files.
if (MatchFound)
MatchedArgs++;
if (DataIO.NextVolumeMissing)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/ulinks.cpp new/unrar/ulinks.cpp
--- old/unrar/ulinks.cpp 2017-06-16 09:02:23.000000000 +0200
+++ new/unrar/ulinks.cpp 2017-07-02 09:52:37.000000000 +0200
@@ -63,8 +63,14 @@
if (!DataIO.UnpHash.Cmp(&Arc.FileHead.FileHash,Arc.FileHead.UseHashKey ? Arc.FileHead.HashKey:NULL))
return true;
- if (!Cmd->AbsoluteLinks && (IsFullPath(Target) ||
- !IsRelativeSymlinkSafe(Arc.FileHead.FileName,Arc.FileHead.RedirName)))
+ wchar TargetW[NM];
+ CharToWide(Target,TargetW,ASIZE(TargetW));
+ // Check for *TargetW==0 to catch CharToWide failure.
+ // Use Arc.FileHead.FileName instead of LinkName, since LinkName
+ // can include the destination path as a prefix, which can
+ // confuse IsRelativeSymlinkSafe algorithm.
+ if (!Cmd->AbsoluteLinks && (*TargetW==0 || IsFullPath(TargetW) ||
+ !IsRelativeSymlinkSafe(Cmd,Arc.FileHead.FileName,LinkName,TargetW)))
return false;
return UnixSymlink(Target,LinkName,&Arc.FileHead.mtime,&Arc.FileHead.atime);
}
@@ -86,8 +92,11 @@
return false;
DosSlashToUnix(Target,Target,ASIZE(Target));
}
+ // Use hd->FileName instead of LinkName, since LinkName can include
+ // the destination path as a prefix, which can confuse
+ // IsRelativeSymlinkSafe algorithm.
if (!Cmd->AbsoluteLinks && (IsFullPath(Target) ||
- !IsRelativeSymlinkSafe(hd->FileName,hd->RedirName)))
+ !IsRelativeSymlinkSafe(Cmd,hd->FileName,Name,hd->RedirName)))
return false;
return UnixSymlink(Target,Name,&hd->mtime,&hd->atime);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/unpack.cpp new/unrar/unpack.cpp
--- old/unrar/unpack.cpp 2017-06-16 09:02:23.000000000 +0200
+++ new/unrar/unpack.cpp 2017-07-02 09:52:37.000000000 +0200
@@ -259,7 +259,7 @@
// Prepare the copy of DecodePos. We'll modify this copy below,
// so we cannot use the original DecodePos.
- uint CopyDecodePos[16];
+ uint CopyDecodePos[ASIZE(Dec->DecodePos)];
memcpy(CopyDecodePos,Dec->DecodePos,sizeof(CopyDecodePos));
// For every bit length in the bit length table and so for every item
@@ -337,14 +337,17 @@
// Now we can calculate the position in the code list. It is the sum
// of first position for current bit length and right aligned distance
// between our bit field and start code for current bit length.
- uint Pos=Dec->DecodePos[CurBitLength]+Dist;
-
- if (PosDecodePos) &&
+ (Pos=Dec->DecodePos[CurBitLength]+Dist)QuickNum[Code]=Dec->DecodeNum[Pos];
}
else
+ {
+ // Can be here for length table filled with zeroes only (empty).
Dec->QuickNum[Code]=0;
+ }
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/version.hpp new/unrar/version.hpp
--- old/unrar/version.hpp 2017-06-16 09:02:24.000000000 +0200
+++ new/unrar/version.hpp 2017-07-02 09:52:37.000000000 +0200
@@ -1,6 +1,6 @@
#define RARVER_MAJOR 5
#define RARVER_MINOR 50
-#define RARVER_BETA 4
-#define RARVER_DAY 16
-#define RARVER_MONTH 6
+#define RARVER_BETA 5
+#define RARVER_DAY 2
+#define RARVER_MONTH 7
#define RARVER_YEAR 2017
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/win32lnk.cpp new/unrar/win32lnk.cpp
--- old/unrar/win32lnk.cpp 2017-06-16 09:02:24.000000000 +0200
+++ new/unrar/win32lnk.cpp 2017-07-02 09:52:37.000000000 +0200
@@ -65,8 +65,10 @@
// IsFullPath is not really needed here, AbsPath check is enough.
// We added it just for extra safety, in case some Windows version would
// allow to create absolute targets with SYMLINK_FLAG_RELATIVE.
+ // Use hd->FileName instead of Name, since Name can include the destination
+ // path as a prefix, which can confuse IsRelativeSymlinkSafe algorithm.
if (!Cmd->AbsoluteLinks && (AbsPath || IsFullPath(hd->RedirName) ||
- !IsRelativeSymlinkSafe(hd->FileName,hd->RedirName)))
+ !IsRelativeSymlinkSafe(Cmd,hd->FileName,Name,hd->RedirName)))
return false;
CreatePath(Name,true);