Fixed another buffer overflow vulnerability. Thanks to Florian Schilhabel <florian.schilhabel@gmx.net> for the patch, see bug #51285

7 files changed, 38 insertions, 49 deletions

diff --git a/app-arch/lha/ChangeLog b/app-arch/lha/ChangeLog
index af39c8cf32ac..ebabaf7c3f39 100644
--- a/app-arch/lha/ChangeLog
+++ b/app-arch/lha/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for app-arch/lha
 # Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/lha/ChangeLog,v 1.15 2004/05/04 12:17:34 usata Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-arch/lha/ChangeLog,v 1.16 2004/05/19 17:20:41 usata Exp $
+
+*lha-114i-r3 (20 May 2004)
+
+  20 May 2004; Mamoru KOMACHI <usata@gentoo.org> +files/lha-114i-lhext.diff,
+  +lha-114i-r3.ebuild:
+  Fixed another buffer overflow vulnerability. Thanks to Florian Schilhabel
+  <florian.schilhabel@gmx.net> for the patch, see bug #51285
 
 *lha-114i-r2 (04 May 2004)
 
diff --git a/app-arch/lha/Manifest b/app-arch/lha/Manifest
index cb8c88ce4cc3..7757f3be62d1 100644
--- a/app-arch/lha/Manifest
+++ b/app-arch/lha/Manifest
@@ -1,8 +1,11 @@
 MD5 1c088142fea249e48a7f34e7e659b142 lha-114i-r1.ebuild 977
-MD5 8860ec5d586ce59f15d0c135cac3a71b ChangeLog 1738
+MD5 ecae0d7bd2d5c074c0fc250edea011d3 lha-114i-r3.ebuild 907
 MD5 a92c349058bce101d2735b5e7d9c1397 lha-114i-r2.ebuild 871
 MD5 2dc78c761b7c185673e930a8f6d9a141 lha-114i.ebuild 813
+MD5 8860ec5d586ce59f15d0c135cac3a71b ChangeLog 1738
 MD5 8d44f00f248f7ae367372b6f8edbfb06 files/digest-lha-114i-r1 78
-MD5 0ca54fececc10dcda9d3e9f649102c78 files/digest-lha-114i 59
 MD5 0ca54fececc10dcda9d3e9f649102c78 files/digest-lha-114i-r2 59
+MD5 0ca54fececc10dcda9d3e9f649102c78 files/digest-lha-114i-r3 59
 MD5 7e87f643ac65634d0b934b7bfcd6a8cb files/lha-114i.diff 1721
+MD5 0ca54fececc10dcda9d3e9f649102c78 files/digest-lha-114i 59
+MD5 9c4e9404173fd5897d3736e33c909b81 files/lha-114i-lhext.diff 513
diff --git a/app-arch/lha/files/digest-lha-114i-r1 b/app-arch/lha/files/digest-lha-114i-r1
deleted file mode 100644
index 919a29131fb9..000000000000
--- a/app-arch/lha/files/digest-lha-114i-r1
+++ /dev/null
@@ -1 +0,0 @@
-MD5 367f99d2978ac4d9268ec7733bc18121 lha-114i.autoconf-20020903.tar.gz 197831
diff --git a/app-arch/lha/files/digest-lha-114i b/app-arch/lha/files/digest-lha-114i-r3
index 44da31fd5180..44da31fd5180 100644
--- a/app-arch/lha/files/digest-lha-114i
+++ b/app-arch/lha/files/digest-lha-114i-r3
diff --git a/app-arch/lha/files/lha-114i-lhext.diff b/app-arch/lha/files/lha-114i-lhext.diff
new file mode 100644
index 000000000000..dca1f2a458be
--- /dev/null
+++ b/app-arch/lha/files/lha-114i-lhext.diff
@@ -0,0 +1,18 @@
+diff -urN lha-114i/src/lhext.c lha-114i.lhext/src/lhext.c
+--- lha-114i/src/lhext.c	2000-10-04 23:57:38.000000000 +0900
++++ lha-114i.lhext/src/lhext.c	2004-05-20 01:06:41.000000000 +0900
+@@ -207,9 +207,11 @@
+ 	}
+ 
+ 	if (extract_directory)
+-		sprintf(name, "%s/%s", extract_directory, q);
+-	else
+-		strcpy(name, q);
++		snprintf(name, sizeof(name), "%s/%s", extract_directory, q);
++	else {
++		strncpy(name, q, sizeof(name));
++		name[sizeof(name) - 1] = '\0';
++	}
+ 
+ 
+ 	/* LZHDIRS_METHODを持つヘッダをチェックする */
diff --git a/app-arch/lha/lha-114i-r1.ebuild b/app-arch/lha/lha-114i-r1.ebuild
deleted file mode 100644
index 6774610a978e..000000000000
--- a/app-arch/lha/lha-114i-r1.ebuild
+++ /dev/null
@@ -1,43 +0,0 @@
-# Copyright 1999-2004 Gentoo Technologies, Inc.
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/lha/lha-114i-r1.ebuild,v 1.8 2004/03/12 15:17:01 aliz Exp $
-
-DESCRIPTION="Utility for creating and opening lzh archives."
-HOMEPAGE="http://sourceforge.jp/projects/lha/"
-LICENSE="lha"
-
-DEPEND="virtual/glibc"
-IUSE="nls"
-
-SLOT="0"
-KEYWORDS="x86 ~ppc sparc alpha amd64"
-
-MY_P="${P}.autoconf"
-SRC_URI="http://downloads.sourceforge.jp/lha/1548/${MY_P}-20020903.tar.gz"
-S="${WORKDIR}/${MY_P}"
-
-src_compile() {
-
-	local myconf=""
-
-	use nls \
-		&& myconf="${myconf} --enable-multibyte-filename=auto" \
-		|| myconf="${myconf} --disable-multibyte-filename"
-
-	./configure \
-		--prefix=/usr \
-		--mandir=/usr/share/man/ja \
-		${myconf} || die "./configure failed"
-
-	#make check || die "make check failed"
-
-	emake || die
-
-}
-
-src_install() {
-
-	make DESTDIR=${D} install || die
-	dodoc *.txt *.euc *.eng ChangeLog 00readme.autoconf
-
-}
diff --git a/app-arch/lha/lha-114i.ebuild b/app-arch/lha/lha-114i-r3.ebuild
index 6343f3b6c45b..6b76e8f68c65 100644
--- a/app-arch/lha/lha-114i.ebuild
+++ b/app-arch/lha/lha-114i-r3.ebuild
@@ -1,6 +1,8 @@
 # Copyright 1999-2004 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/lha/lha-114i.ebuild,v 1.13 2004/03/12 11:11:07 mr_bones_ Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-arch/lha/lha-114i-r3.ebuild,v 1.1 2004/05/19 17:20:41 usata Exp $
+
+inherit eutils
 
 IUSE=""
 
@@ -10,13 +12,16 @@ SRC_URI="http://www2m.biglobe.ne.jp/~dolphin/lha/prog/${P}.tar.gz"
 
 SLOT="0"
 LICENSE="lha"
-KEYWORDS="x86 ppc sparc alpha"
+KEYWORDS="x86 ppc sparc alpha amd64"
 
 DEPEND="virtual/glibc"
 
 src_unpack () {
 	unpack ${A} ; cd ${S}
 	sed -i -e "/^OPTIMIZE/ s:-O2:${CFLAGS}:" Makefile
+	cd src
+	epatch ${FILESDIR}/${P}.diff
+	epatch ${FILESDIR}/${P}-lhext.diff
 }
 
 src_compile() {