Hello community,
here is the log from the commit of package unrar for openSUSE:Factory:NonFree checked in at 2015-10-14 16:46:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory:NonFree/unrar (Old)
and /work/SRC/openSUSE:Factory:NonFree/.unrar.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unrar"
Changes:
--------
--- /work/SRC/openSUSE:Factory:NonFree/unrar/unrar.changes 2015-09-17 09:22:03.000000000 +0200
+++ /work/SRC/openSUSE:Factory:NonFree/.unrar.new/unrar.changes 2015-10-14 16:46:21.000000000 +0200
@@ -1,0 +2,7 @@
+Thu Oct 8 17:37:01 UTC 2015 - lazy.kent@opensuse.org
+
+- Update to 5.3.5.
+ * Fixed bug: unrar could crash when unpacking .rar archives with
+ corrupt file headers.
+
+-------------------------------------------------------------------
Old:
----
unrarsrc-5.3.4.tar.gz
New:
----
unrarsrc-5.3.5.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ unrar.spec ++++++
--- /var/tmp/diff_new_pack.woOtxz/_old 2015-10-14 16:46:22.000000000 +0200
+++ /var/tmp/diff_new_pack.woOtxz/_new 2015-10-14 16:46:22.000000000 +0200
@@ -18,10 +18,10 @@
# majorversion should match the major version number.
%define majorversion 5
-%define libsuffix 5_3_4
+%define libsuffix 5_3_5
Name: unrar
-Version: 5.3.4
+Version: 5.3.5
Release: 0
Summary: A program to extract, test, and view RAR archives
License: SUSE-NonFree
++++++ unrarsrc-5.3.4.tar.gz -> unrarsrc-5.3.5.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/dll.rc new/unrar/dll.rc
--- old/unrar/dll.rc 2015-09-13 11:04:13.000000000 +0200
+++ new/unrar/dll.rc 2015-10-01 23:48:14.000000000 +0200
@@ -2,8 +2,8 @@
#include
VS_VERSION_INFO VERSIONINFO
-FILEVERSION 5, 30, 4, 1719
-PRODUCTVERSION 5, 30, 4, 1719
+FILEVERSION 5, 30, 4, 1738
+PRODUCTVERSION 5, 30, 4, 1738
FILEOS VOS__WINDOWS32
FILETYPE VFT_APP
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/extract.cpp new/unrar/extract.cpp
--- old/unrar/extract.cpp 2015-09-13 11:12:16.000000000 +0200
+++ new/unrar/extract.cpp 2015-10-02 00:34:56.000000000 +0200
@@ -206,6 +206,18 @@
bool CmdExtract::ExtractCurrentFile(Archive &Arc,size_t HeaderSize,bool &Repeat)
{
+ // We can get negative sizes in corrupt archive and it is unacceptable
+ // for size comparisons in CmdExtract::UnstoreFile and ComprDataIO::UnpRead,
+ // where we cast sizes to size_t and can exceed another read or available
+ // size. We could fix it when reading an archive. But we prefer to do it
+ // here, because this function is called directly in unrar.dll, so we fix
+ // bad parameters passed to dll. Also we want to see real negative sizes
+ // in the listing of corrupt archive.
+ if (Arc.FileHead.PackSize<0)
+ Arc.FileHead.PackSize=0;
+ if (Arc.FileHead.UnpSize<0)
+ Arc.FileHead.UnpSize=0;
+
wchar Command=Cmd->Command[0];
if (HeaderSize==0)
if (DataIO.UnpVolume)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/list.cpp new/unrar/list.cpp
--- old/unrar/list.cpp 2015-09-13 11:12:17.000000000 +0200
+++ new/unrar/list.cpp 2015-10-02 00:34:56.000000000 +0200
@@ -215,7 +215,7 @@
TitleShown=true;
}
- wchar UnpSizeText[20],PackSizeText[20];
+ wchar UnpSizeText[30],PackSizeText[30];
if (hd.UnpSize==INT64NDF)
wcscpy(UnpSizeText,L"?");
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/strfn.cpp new/unrar/strfn.cpp
--- old/unrar/strfn.cpp 2015-09-13 11:12:17.000000000 +0200
+++ new/unrar/strfn.cpp 2015-10-02 00:34:56.000000000 +0200
@@ -290,14 +290,21 @@
char NumStr[50];
size_t Pos=0;
+ int Neg=n < 0 ? 1 : 0;
+ if (Neg)
+ n=-n;
+
do
{
- if (Pos+1>=MaxSize)
+ if (Pos+1>=MaxSize-Neg)
break;
NumStr[Pos++]=char(n%10)+'0';
n=n/10;
} while (n!=0);
+ if (Neg)
+ NumStr[Pos++]='-';
+
for (size_t I=0;I=MaxSize)
+ if (Pos+1>=MaxSize-Neg)
break;
NumStr[Pos++]=wchar(n%10)+'0';
n=n/10;
} while (n!=0);
+ if (Neg)
+ NumStr[Pos++]='-';
+
for (size_t I=0;I