Hello community, here is the log from the commit of package unrar for openSUSE:Factory:NonFree checked in at 2015-02-06 22:38:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory:NonFree/unrar (Old) and /work/SRC/openSUSE:Factory:NonFree/.unrar.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unrar" Changes: -------- --- /work/SRC/openSUSE:Factory:NonFree/unrar/unrar.changes 2014-12-19 09:58:22.000000000 +0100 +++ /work/SRC/openSUSE:Factory:NonFree/.unrar.new/unrar.changes 2015-02-06 22:38:38.000000000 +0100 @@ -1,0 +2,14 @@ +Sat Jan 31 22:03:18 UTC 2015 - [email protected] + +- Update to 5.2.5. + * Based on rar 5.21 beta 2. + * Now by default unrar skips symbolic links with absolute paths + in link target when extracting. You can enable creating such + links with -ola command line switch. + Such links pointing to folders outside of extraction + destination folder can present a security risk. Enable their + extraction only if you are sure that archive contents is safe, + such as your own backup. +- Update a manual page. + +------------------------------------------------------------------- Old: ---- unrarsrc-5.2.3.tar.gz New: ---- unrarsrc-5.2.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ unrar.spec ++++++ --- /var/tmp/diff_new_pack.4w7Uib/_old 2015-02-06 22:38:39.000000000 +0100 +++ /var/tmp/diff_new_pack.4w7Uib/_new 2015-02-06 22:38:39.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package unrar # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,10 +18,10 @@ # majorversion should match the major version number. %define majorversion 5 -%define libsuffix 5_2_3 +%define libsuffix 5_2_5 Name: unrar -Version: 5.2.3 +Version: 5.2.5 Release: 0 License: SUSE-NonFree Summary: A program to extract, test, and view RAR archives ++++++ unrar.1 ++++++ --- /var/tmp/diff_new_pack.4w7Uib/_old 2015-02-06 22:38:39.000000000 +0100 +++ /var/tmp/diff_new_pack.4w7Uib/_new 2015-02-06 22:38:39.000000000 +0100 @@ -1,9 +1,6 @@ -.\" Copyright (C) 2013 Kyrill Detinov <[email protected]> +.\" Copyright (C) 2013-2015 Kyrill Detinov <[email protected]> .\" -.\" This manual page is distributed under the terms -.\" of the GNU Free Documentation License version 1.3. -.\" -.TH UNRAR "1" "2013-05-28" "unrar 5.0" "User Commands" +.TH UNRAR "1" "2015-02-01" "unrar 5.2" "User Commands" .SH NAME unrar \- extract, test, and view RAR archives @@ -103,6 +100,9 @@ .B \-o[+|\-] Set the overwrite mode [yes|no]. .TP +.B \-ol[a] +Process symbolic links as the link [absolute paths]. +.TP .B \-or Rename files automatically. .TP ++++++ unrarsrc-5.2.3.tar.gz -> unrarsrc-5.2.5.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/archive.cpp new/unrar/archive.cpp --- old/unrar/archive.cpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/archive.cpp 2015-01-31 09:29:33.000000000 +0100 @@ -234,6 +234,7 @@ { SaveFilePos SavePos(*this); int64 SaveCurBlockPos=CurBlockPos,SaveNextBlockPos=NextBlockPos; + HEADER_TYPE SaveCurHeaderType=CurHeaderType; while (ReadHeader()!=0) { @@ -250,6 +251,7 @@ } CurBlockPos=SaveCurBlockPos; NextBlockPos=SaveNextBlockPos; + CurHeaderType=SaveCurHeaderType; } if (!Volume || FirstVolume) wcscpy(FirstVolumeName,FileName); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/archive.hpp new/unrar/archive.hpp --- old/unrar/archive.hpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/archive.hpp 2015-01-31 09:29:33.000000000 +0100 @@ -85,8 +85,8 @@ void AddSubData(byte *SrcData,uint64 DataSize,File *SrcFile, const wchar *Name,uint Flags); bool ReadSubData(Array<byte> *UnpData,File *DestFile); - HEADER_TYPE GetHeaderType() {return(CurHeaderType);}; - RAROptions* GetRAROptions() {return(Cmd);} + HEADER_TYPE GetHeaderType() {return CurHeaderType;}; + RAROptions* GetRAROptions() {return Cmd;} void SetSilentOpen(bool Mode) {SilentOpen=Mode;} #ifdef USE_QOPEN bool Open(const wchar *Name,uint Mode=FMF_READ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/arcread.cpp new/unrar/arcread.cpp --- old/unrar/arcread.cpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/arcread.cpp 2015-01-31 09:29:33.000000000 +0100 @@ -44,10 +44,10 @@ if ((++Count & 127)==0) Wait(); if (GetHeaderType()==HeaderType) - return(Size); + return Size; SeekToNext(); } - return(0); + return 0; } @@ -128,7 +128,7 @@ if (Read(Salt,SIZE_SALT30)!=SIZE_SALT30) { UnexpEndArcMsg(); - return(0); + return 0; } HeadersCrypt.SetCryptKeys(false,CRYPT_RAR30,&Cmd->Password,Salt,NULL,0,NULL,NULL); Raw.SetCrypt(&HeadersCrypt); @@ -155,7 +155,7 @@ if (ShortBlock.HeadSize<SIZEOF_SHORTBLOCKHEAD) { BrokenHeaderMsg(); - return(0); + return 0; } // For simpler further processing we map header types common @@ -562,7 +562,7 @@ if (Decrypt) { #if defined(SHELL_EXT) || defined(RAR_NOCRYPT) - return(0); + return 0; #else RequestArcPassword(); @@ -570,7 +570,7 @@ if (Read(HeadersInitV,SIZE_INITV)!=SIZE_INITV) { UnexpEndArcMsg(); - return(0); + return 0; } byte PswCheck[SIZE_PSWCHECK]; @@ -886,7 +886,8 @@ ErrHandler.Exit(RARX_USERBREAK); } #else - if (!uiGetPassword(UIPASSWORD_ARCHIVE,FileName,&Cmd->Password)) + if (!uiGetPassword(UIPASSWORD_ARCHIVE,FileName,&Cmd->Password) || + !Cmd->Password.IsSet()) { Close(); uiMsg(UIERROR_INCERRCOUNT); @@ -1168,7 +1169,7 @@ NextBlockPos=CurBlockPos+FileHead.HeadSize+FileHead.PackSize; CurHeaderType=HEAD_FILE; } - return(NextBlockPos>CurBlockPos ? Raw.Size():0); + return NextBlockPos>CurBlockPos ? Raw.Size() : 0; } #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/cmddata.cpp new/unrar/cmddata.cpp --- old/unrar/cmddata.cpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/cmddata.cpp 2015-01-31 09:29:33.000000000 +0100 @@ -616,6 +616,8 @@ #ifdef SAVE_LINKS case 'L': SaveSymLinks=true; + if (toupperw(Switch[2])=='A') + AbsoluteLinks=true; break; #endif case 'R': @@ -958,7 +960,7 @@ MCHelpSwCm,MCHelpSwCFGm,MCHelpSwCL,MCHelpSwCU, MCHelpSwDH,MCHelpSwEP,MCHelpSwEP3,MCHelpSwF,MCHelpSwIDP,MCHelpSwIERR, MCHelpSwINUL,MCHelpSwIOFF,MCHelpSwKB,MCHelpSwN,MCHelpSwNa,MCHelpSwNal, - MCHelpSwO,MCHelpSwOC,MCHelpSwOR,MCHelpSwOW,MCHelpSwP, + MCHelpSwO,MCHelpSwOC,MCHelpSwOL,MCHelpSwOR,MCHelpSwOW,MCHelpSwP, MCHelpSwPm,MCHelpSwR,MCHelpSwRI,MCHelpSwSC,MCHelpSwSL,MCHelpSwSM, MCHelpSwTA,MCHelpSwTB,MCHelpSwTN,MCHelpSwTO,MCHelpSwTS,MCHelpSwU, MCHelpSwVUnr,MCHelpSwVER,MCHelpSwVP,MCHelpSwX,MCHelpSwXa,MCHelpSwXal, @@ -1157,8 +1159,11 @@ -int CommandData::IsProcessFile(FileHeader &FileHead,bool *ExactMatch,int MatchType) +int CommandData::IsProcessFile(FileHeader &FileHead,bool *ExactMatch,int MatchType, + wchar *MatchedArg,uint MatchedArgSize) { + if (MatchedArg!=NULL && MatchedArgSize>0) + *MatchedArg=0; if (wcslen(FileHead.FileName)>=NM) return 0; bool Dir=FileHead.Dir; @@ -1179,6 +1184,8 @@ { if (ExactMatch!=NULL) *ExactMatch=wcsicompc(ArgName,FileHead.FileName)==0; + if (MatchedArg!=NULL) + wcsncpyz(MatchedArg,ArgName,MatchedArgSize); return StringCount; } return 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/cmddata.hpp new/unrar/cmddata.hpp --- old/unrar/cmddata.hpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/cmddata.hpp 2015-01-31 09:29:33.000000000 +0100 @@ -37,7 +37,8 @@ bool TimeCheck(RarTime &ft); bool SizeCheck(int64 Size); bool AnyFiltersActive(); - int IsProcessFile(FileHeader &FileHead,bool *ExactMatch=NULL,int MatchType=MATCH_WILDSUBPATH); + int IsProcessFile(FileHeader &FileHead,bool *ExactMatch=NULL,int MatchType=MATCH_WILDSUBPATH, + wchar *MatchedArg=NULL,uint MatchedArgSize=0); void ProcessCommand(); void AddArcName(const wchar *Name); bool GetArcName(wchar *Name,int MaxSize); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/dll.rc new/unrar/dll.rc --- old/unrar/dll.rc 2014-12-02 11:06:20.000000000 +0100 +++ new/unrar/dll.rc 2015-01-31 09:20:43.000000000 +0100 @@ -2,8 +2,8 @@ #include <commctrl.h> VS_VERSION_INFO VERSIONINFO -FILEVERSION 5, 20, 100, 1433 -PRODUCTVERSION 5, 20, 100, 1433 +FILEVERSION 5, 21, 2, 1494 +PRODUCTVERSION 5, 21, 2, 1494 FILEOS VOS__WINDOWS32 FILETYPE VFT_APP { @@ -14,9 +14,9 @@ VALUE "CompanyName", "Alexander Roshal\0" VALUE "ProductName", "RAR decompression library\0" VALUE "FileDescription", "RAR decompression library\0" - VALUE "FileVersion", "5.20.0\0" - VALUE "ProductVersion", "5.20.0\0" - VALUE "LegalCopyright", "Copyright � Alexander Roshal 1993-2014\0" + VALUE "FileVersion", "5.21.2\0" + VALUE "ProductVersion", "5.21.2\0" + VALUE "LegalCopyright", "Copyright � Alexander Roshal 1993-2015\0" VALUE "OriginalFilename", "Unrar.dll\0" } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/extinfo.cpp new/unrar/extinfo.cpp --- old/unrar/extinfo.cpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/extinfo.cpp 2015-01-31 09:29:33.000000000 +0100 @@ -60,14 +60,45 @@ +bool IsRelativeSymlinkSafe(const wchar *SrcName,const wchar *TargetName) +{ + if (IsFullRootPath(SrcName)) + return false; + int AllowedDepth=0; + while (*SrcName!=0) + { + if (IsPathDiv(SrcName[0]) && SrcName[1]!=0 && !IsPathDiv(SrcName[1])) + { + bool Dot=SrcName[1]=='.' && (IsPathDiv(SrcName[2]) || SrcName[2]==0); + bool Dot2=SrcName[1]=='.' && SrcName[2]=='.' && (IsPathDiv(SrcName[3]) || SrcName[3]==0); + if (!Dot && !Dot2) + AllowedDepth++; + } + SrcName++; + } + if (IsFullRootPath(TargetName)) // Catch root dir based /path/file paths. + return false; + for (int Pos=0;*TargetName!=0;Pos++) + { + bool Dot2=TargetName[0]=='.' && TargetName[1]=='.' && + (IsPathDiv(TargetName[2]) || TargetName[2]==0) && + (Pos==0 || IsPathDiv(*(TargetName-1))); + if (Dot2) + AllowedDepth--; + TargetName++; + } + return AllowedDepth>=0; +} + + bool ExtractSymlink(CommandData *Cmd,ComprDataIO &DataIO,Archive &Arc,const wchar *LinkName) { #if defined(SAVE_LINKS) && defined(_UNIX) // For RAR 3.x archives we process links even in test mode to skip link data. if (Arc.Format==RARFMT15) - return ExtractUnixLink30(DataIO,Arc,LinkName); + return ExtractUnixLink30(Cmd,DataIO,Arc,LinkName); if (Arc.Format==RARFMT50) - return ExtractUnixLink50(LinkName,&Arc.FileHead); + return ExtractUnixLink50(Cmd,LinkName,&Arc.FileHead); #elif defined _WIN_ALL // RAR 5.0 archives store link information in file header, so there is // no need to additionally test it if we do not create a file. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/extinfo.hpp new/unrar/extinfo.hpp --- old/unrar/extinfo.hpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/extinfo.hpp 2015-01-31 09:29:33.000000000 +0100 @@ -1,6 +1,7 @@ #ifndef _RAR_EXTINFO_ #define _RAR_EXTINFO_ +bool IsRelativeSymlinkSafe(const wchar *SrcName,const wchar *TargetName); bool ExtractSymlink(CommandData *Cmd,ComprDataIO &DataIO,Archive &Arc,const wchar *LinkName); #ifdef _UNIX void SetUnixOwner(Archive &Arc,const wchar *FileName); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/extract.cpp new/unrar/extract.cpp --- old/unrar/extract.cpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/extract.cpp 2015-01-31 09:29:33.000000000 +0100 @@ -213,6 +213,8 @@ #ifdef NOVOLUME return false; #else + // Supposing we unpack an old RAR volume without end of archive record + // and last file is not split between volumes. if (!MergeArchive(Arc,&DataIO,false,Command)) { ErrHandler.SetErrorCode(RARX_WARNING); @@ -257,17 +259,19 @@ int MatchType=MATCH_WILDSUBPATH; bool EqualNames=false; - int MatchNumber=Cmd->IsProcessFile(Arc.FileHead,&EqualNames,MatchType); - bool ExactMatch=MatchNumber!=0; + wchar MatchedArg[NM]; + int MatchNumber=Cmd->IsProcessFile(Arc.FileHead,&EqualNames,MatchType,MatchedArg,ASIZE(MatchedArg)); + bool MatchFound=MatchNumber!=0; #ifndef SFX_MODULE - if (*Cmd->ArcPath==0 && Cmd->ExclPath==EXCL_BASEPATH && ExactMatch) + if (Cmd->ExclPath==EXCL_BASEPATH) { - Cmd->FileArgs.Rewind(); - if (Cmd->FileArgs.GetString(Cmd->ArcPath,ASIZE(Cmd->ArcPath),MatchNumber-1)) - *PointToName(Cmd->ArcPath)=0; + wcsncpyz(Cmd->ArcPath,MatchedArg,ASIZE(Cmd->ArcPath)); + *PointToName(Cmd->ArcPath)=0; + if (IsWildcard(Cmd->ArcPath)) // Cannot correctly process path*\* masks here. + *Cmd->ArcPath=0; } #endif - if (ExactMatch && !EqualNames) + if (MatchFound && !EqualNames) AllMatchesExact=false; Arc.ConvertAttributes(); @@ -309,17 +313,17 @@ if (Cmd->VersionControl!=1 && !EqualNames) { if (Cmd->VersionControl==0) - ExactMatch=false; + MatchFound=false; int Version=ParseVersionFileName(ArcFileName,false); if (Cmd->VersionControl-1==Version) ParseVersionFileName(ArcFileName,true); else - ExactMatch=false; + MatchFound=false; } } else if (!Arc.IsArcDir() && Cmd->VersionControl>1) - ExactMatch=false; + MatchFound=false; DataIO.UnpVolume=Arc.FileHead.SplitAfter; DataIO.NextVolumeMissing=false; @@ -330,9 +334,9 @@ bool SkipSolid=false; #ifndef SFX_MODULE - if (FirstFile && (ExactMatch || Arc.Solid) && Arc.FileHead.SplitBefore) + if (FirstFile && (MatchFound || Arc.Solid) && Arc.FileHead.SplitBefore) { - if (ExactMatch) + if (MatchFound) { uiMsg(UIERROR_NEEDPREVVOL,Arc.FileName,ArcFileName); #ifdef RARDLL @@ -340,13 +344,13 @@ #endif ErrHandler.SetErrorCode(RARX_OPEN); } - ExactMatch=false; + MatchFound=false; } FirstFile=false; #endif - if (ExactMatch || (SkipSolid=Arc.Solid)!=0) + if (MatchFound || (SkipSolid=Arc.Solid)!=0) { // First common call of uiStartFileExtract. It is done before overwrite // prompts, so if SkipSolid state is changed below, we'll need to make @@ -406,13 +410,7 @@ #ifdef RARDLL if (*Cmd->DllDestName!=0) - { wcsncpyz(DestFileName,Cmd->DllDestName,ASIZE(DestFileName)); - -// Do we need this code? -// if (Cmd->DllOpMode!=RAR_EXTRACT) -// ExtrFile=false; - } #endif if (!CheckUnpVer(Arc,ArcFileName)) @@ -711,7 +709,7 @@ } } } - if (ExactMatch) + if (MatchFound) MatchedArgs++; if (DataIO.NextVolumeMissing) return false; @@ -882,8 +880,10 @@ { if (!Cmd->Password.IsSet()) { - if (!uiGetPassword(UIPASSWORD_FILE,ArcFileName,&Cmd->Password)) + if (!uiGetPassword(UIPASSWORD_FILE,ArcFileName,&Cmd->Password) || !Cmd->Password.IsSet()) { + // Suppress "test is ok" message in GUI if user entered + // an empty password or cancelled a password prompt. uiMsg(UIERROR_INCERRCOUNT); return false; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/filcreat.cpp new/unrar/filcreat.cpp --- old/unrar/filcreat.cpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/filcreat.cpp 2015-01-31 09:29:33.000000000 +0100 @@ -45,7 +45,6 @@ uint FileMode=WriteOnly ? FMF_WRITE|FMF_SHAREREAD:FMF_UPDATE|FMF_SHAREREAD; if (NewFile!=NULL && NewFile->Create(Name,FileMode)) return true; - PrepareToDelete(Name); CreatePath(Name,true); return NewFile!=NULL ? NewFile->Create(Name,FileMode):DelFile(Name); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/file.cpp new/unrar/file.cpp --- old/unrar/file.cpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/file.cpp 2015-01-31 09:29:33.000000000 +0100 @@ -281,10 +281,10 @@ } -void File::Write(const void *Data,size_t Size) +bool File::Write(const void *Data,size_t Size) { if (Size==0) - return; + return true; if (HandleType==FILE_HANDLESTD) { #ifdef _WIN_ALL @@ -301,9 +301,10 @@ } #endif } + bool Success; while (1) { - bool Success=false; + Success=false; #ifdef _WIN_ALL DWORD Written=0; if (HandleType!=FILE_HANDLENORMAL) @@ -352,6 +353,7 @@ break; } LastWrite=true; + return Success; // It can return false only if AllowExceptions is disabled. } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/file.hpp new/unrar/file.hpp --- old/unrar/file.hpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/file.hpp 2015-01-31 09:29:33.000000000 +0100 @@ -80,7 +80,7 @@ bool Close(); bool Delete(); bool Rename(const wchar *NewName); - void Write(const void *Data,size_t Size); + bool Write(const void *Data,size_t Size); virtual int Read(void *Data,size_t Size); int DirectRead(void *Data,size_t Size); virtual void Seek(int64 Offset,int Method); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/loclang.hpp new/unrar/loclang.hpp --- old/unrar/loclang.hpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/loclang.hpp 2015-01-31 09:29:33.000000000 +0100 @@ -99,7 +99,7 @@ #define MCHelpSwOC L"\n oc Set NTFS Compressed attribute" #define MCHelpSwOH L"\n oh Save hard links as the link instead of the file" #define MCHelpSwOI L"\n oi[0-4][:min] Save identical files as references" -#define MCHelpSwOL L"\n ol Save symbolic links as the link instead of the file" +#define MCHelpSwOL L"\n ol[a] Process symbolic links as the link [absolute paths]" #define MCHelpSwOR L"\n or Rename files automatically" #define MCHelpSwOS L"\n os Save NTFS streams" #define MCHelpSwOW L"\n ow Save or restore file owner and group" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/options.hpp new/unrar/options.hpp --- old/unrar/options.hpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/options.hpp 2015-01-31 09:29:33.000000000 +0100 @@ -132,6 +132,7 @@ bool ProcessOwners; bool SaveSymLinks; bool SaveHardLinks; + bool AbsoluteLinks; int Priority; int SleepTime; bool KeepBroken; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/os.hpp new/unrar/os.hpp --- old/unrar/os.hpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/os.hpp 2015-01-31 09:29:33.000000000 +0100 @@ -79,6 +79,7 @@ #include <time.h> #include <signal.h> + #define SAVE_LINKS #define ENABLE_ACCESS @@ -154,6 +155,7 @@ #include <utime.h> #include <locale.h> + #ifdef S_IFLNK #define SAVE_LINKS #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/pathfn.cpp new/unrar/pathfn.cpp --- old/unrar/pathfn.cpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/pathfn.cpp 2015-01-31 09:29:33.000000000 +0100 @@ -29,7 +29,7 @@ while (*DestPtr!=0) { const wchar *s=DestPtr; - if (s[0] && IsDriveDiv(s[1])) + if (s[0]!=0 && IsDriveDiv(s[1])) s+=2; if (s[0]=='\\' && s[1]=='\\') { @@ -541,6 +541,12 @@ } +bool IsFullRootPath(const wchar *Path) +{ + return IsFullPath(Path) || IsPathDiv(Path[0]); +} + + bool IsDiskLetter(const wchar *Path) { wchar Letter=etoupperw(Path[0]); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/pathfn.hpp new/unrar/pathfn.hpp --- old/unrar/pathfn.hpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/pathfn.hpp 2015-01-31 09:29:33.000000000 +0100 @@ -56,6 +56,7 @@ void ConvertNameToFull(const wchar *Src,wchar *Dest,size_t MaxSize); bool IsFullPath(const wchar *Path); +bool IsFullRootPath(const wchar *Path); bool IsDiskLetter(const wchar *Path); void GetPathRoot(const wchar *Path,wchar *Root,size_t MaxSize); int ParseVersionFileName(wchar *Name,bool Truncate); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/uicommon.cpp new/unrar/uicommon.cpp --- old/unrar/uicommon.cpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/uicommon.cpp 2015-01-31 09:29:33.000000000 +0100 @@ -22,11 +22,18 @@ // This check must be after OVERWRITE_AUTORENAME processing or -y switch // would override -or. if (Cmd->AllYes || Cmd->Overwrite==OVERWRITE_ALL) + { + PrepareToDelete(Name); return UIASKREP_R_REPLACE; + } wchar NewName[NM]; wcsncpyz(NewName,Name,ASIZE(NewName)); UIASKREP_RESULT Choice=uiAskReplace(NewName,ASIZE(NewName),FileSize,FileTime,Flags); + + if (Choice==UIASKREP_R_REPLACE || Choice==UIASKREP_R_REPLACEALL) + PrepareToDelete(Name); + if (Choice==UIASKREP_R_REPLACEALL) { Cmd->Overwrite=OVERWRITE_ALL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/ulinks.cpp new/unrar/ulinks.cpp --- old/unrar/ulinks.cpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/ulinks.cpp 2015-01-31 09:29:33.000000000 +0100 @@ -30,7 +30,13 @@ } -bool ExtractUnixLink30(ComprDataIO &DataIO,Archive &Arc,const wchar *LinkName) +static bool IsFullPath(const char *PathA) // Unix ASCII version. +{ + return *PathA==CPATHDIVIDER; +} + + +bool ExtractUnixLink30(CommandData *Cmd,ComprDataIO &DataIO,Archive &Arc,const wchar *LinkName) { char Target[NM]; if (IsLink(Arc.FileHead.FileAttr)) @@ -48,13 +54,16 @@ if (!DataIO.UnpHash.Cmp(&Arc.FileHead.FileHash,Arc.FileHead.UseHashKey ? Arc.FileHead.HashKey:NULL)) return true; + if (!Cmd->AbsoluteLinks && (IsFullPath(Target) || + !IsRelativeSymlinkSafe(Arc.FileHead.FileName,Arc.FileHead.RedirName))) + return UnixSymlink(Target,LinkName,&Arc.FileHead.mtime,&Arc.FileHead.atime); } return false; } -bool ExtractUnixLink50(const wchar *Name,FileHeader *hd) +bool ExtractUnixLink50(CommandData *Cmd,const wchar *Name,FileHeader *hd) { char Target[NM]; WideToChar(hd->RedirName,Target,ASIZE(Target)); @@ -68,5 +77,8 @@ return false; DosSlashToUnix(Target,Target,ASIZE(Target)); } + if (!Cmd->AbsoluteLinks && (IsFullPath(Target) || + !IsRelativeSymlinkSafe(hd->FileName,hd->RedirName))) + return false; return UnixSymlink(Target,Name,&hd->mtime,&hd->atime); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/unpack50.cpp new/unrar/unpack50.cpp --- old/unrar/unpack50.cpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/unpack50.cpp 2015-01-31 09:29:33.000000000 +0100 @@ -570,7 +570,7 @@ else { ZeroCount+=2; - while (ZeroCount-- > 0 && I<sizeof(BitLength)/sizeof(BitLength[0])) + while (ZeroCount-- > 0 && I<ASIZE(BitLength)) BitLength[I++]=0; I--; } @@ -587,7 +587,7 @@ { if (!Inp.ExternalBuffer && Inp.InAddr>ReadTop-5) if (!UnpReadBuf()) - return(false); + return false; int Number=DecodeNumber(Inp,&Tables.BD); if (Number<16) { @@ -633,12 +633,12 @@ } } if (!Inp.ExternalBuffer && Inp.InAddr>ReadTop) - return(false); + return false; MakeDecodeTables(&Table[0],&Tables.LD,NC); MakeDecodeTables(&Table[NC],&Tables.DD,DC); MakeDecodeTables(&Table[NC+DC],&Tables.LDD,LDC); MakeDecodeTables(&Table[NC+DC+LDC],&Tables.RD,RC); - return(true); + return true; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/unpack50mt.cpp new/unrar/unpack50mt.cpp --- old/unrar/unpack50mt.cpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/unpack50mt.cpp 2015-01-31 09:29:33.000000000 +0100 @@ -80,20 +80,22 @@ bool Done=false; while (!Done) { + // Data amount, which is guaranteed to fit block header and tables, + // so we can safely read them without additional checks. + const int TooSmallToProcess=1024; + int ReadSize=UnpIO->UnpRead(ReadBufMT+DataSize,(UNP_READ_SIZE_MT-DataSize)&~0xf); if (ReadSize<0) break; DataSize+=ReadSize; if (DataSize==0) break; + if (ReadSize>0 && DataSize<TooSmallToProcess) + continue; bool BufferProcessed=false; while (BlockStart<DataSize && !Done) { - // Data amount, which is guaranteed to fit block header and tables, - // so we can safely read them without additional checks. - const int TooSmallToProcess=1024; - uint BlockNumber=0,BlockNumberMT=0; while (BlockNumber<MaxUserThreads*UNP_BLOCKS_PER_THREAD) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/version.hpp new/unrar/version.hpp --- old/unrar/version.hpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/version.hpp 2015-01-31 09:29:33.000000000 +0100 @@ -1,6 +1,6 @@ #define RARVER_MAJOR 5 -#define RARVER_MINOR 20 -#define RARVER_BETA 0 -#define RARVER_DAY 2 -#define RARVER_MONTH 12 -#define RARVER_YEAR 2014 +#define RARVER_MINOR 21 +#define RARVER_BETA 2 +#define RARVER_DAY 31 +#define RARVER_MONTH 1 +#define RARVER_YEAR 2015 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/win32lnk.cpp new/unrar/win32lnk.cpp --- old/unrar/win32lnk.cpp 2014-12-02 11:10:35.000000000 +0100 +++ new/unrar/win32lnk.cpp 2015-01-31 09:29:33.000000000 +0100 @@ -40,23 +40,6 @@ PrivSet=true; } - CreatePath(Name,true); - - // 'DirTarget' check is important for Unix symlinks to directories. - // Unix symlinks do not have their own 'directory' attribute. - if (hd->Dir || hd->DirTarget) - { - if (!CreateDirectory(Name,NULL)) - return false; - } - else - { - HANDLE hFile=CreateFile(Name,GENERIC_WRITE,0,NULL,CREATE_NEW,FILE_ATTRIBUTE_NORMAL,NULL); - if (hFile == INVALID_HANDLE_VALUE) - return false; - CloseHandle(hFile); - } - const DWORD BufSize=sizeof(REPARSE_DATA_BUFFER)+2*NM+1024; Array<byte> Buf(BufSize); REPARSE_DATA_BUFFER *rdb=(REPARSE_DATA_BUFFER *)&Buf[0]; @@ -79,6 +62,26 @@ size_t PrintLength=wcslen(PrintName); bool AbsPath=WinPrefix; + if (!Cmd->AbsoluteLinks && (AbsPath || !IsRelativeSymlinkSafe(hd->FileName,hd->RedirName))) + return false; + + CreatePath(Name,true); + + // 'DirTarget' check is important for Unix symlinks to directories. + // Unix symlinks do not have their own 'directory' attribute. + if (hd->Dir || hd->DirTarget) + { + if (!CreateDirectory(Name,NULL)) + return false; + } + else + { + HANDLE hFile=CreateFile(Name,GENERIC_WRITE,0,NULL,CREATE_NEW,FILE_ATTRIBUTE_NORMAL,NULL); + if (hFile == INVALID_HANDLE_VALUE) + return false; + CloseHandle(hFile); + } + if (hd->RedirType==FSREDIR_JUNCTION) { -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
