Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package unrar for openSUSE:Factory:NonFree checked in at 2023-08-22 08:54:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory:NonFree/unrar (Old) and /work/SRC/openSUSE:Factory:NonFree/.unrar.new.1766 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unrar" Tue Aug 22 08:54:39 2023 rev:106 rq:1104843 version:6.2.10 Changes: -------- --- /work/SRC/openSUSE:Factory:NonFree/unrar/unrar.changes 2023-06-24 20:13:05.203840807 +0200 +++ /work/SRC/openSUSE:Factory:NonFree/.unrar.new.1766/unrar.changes 2023-08-22 08:54:40.258390599 +0200 @@ -1,0 +2,6 @@ +Thu Aug 17 15:27:30 UTC 2023 - Andrea Manzini <[email protected]> + +- Update to version 6.2.10 + * No upstream changelog available + +------------------------------------------------------------------- Old: ---- unrarsrc-6.2.8.tar.gz New: ---- unrarsrc-6.2.10.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ unrar.spec ++++++ --- /var/tmp/diff_new_pack.LtaYgV/_old 2023-08-22 08:54:41.198392386 +0200 +++ /var/tmp/diff_new_pack.LtaYgV/_new 2023-08-22 08:54:41.210392408 +0200 @@ -18,9 +18,9 @@ # majorversion should match the major version number. %define majorversion 6 -%define libsuffix 6_2_8 +%define libsuffix 6_2_10 Name: unrar -Version: 6.2.8 +Version: 6.2.10 Release: 0 Summary: A program to extract, test, and view RAR archives License: NonFree ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.LtaYgV/_old 2023-08-22 08:54:41.278392537 +0200 +++ /var/tmp/diff_new_pack.LtaYgV/_new 2023-08-22 08:54:41.282392545 +0200 @@ -1,2 +1,2 @@ -libunrar6_2_8 +libunrar6_2_10 ++++++ unrarsrc-6.2.8.tar.gz -> unrarsrc-6.2.10.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/cmddata.cpp new/unrar/cmddata.cpp --- old/unrar/cmddata.cpp 2023-05-29 18:05:16.000000000 +0200 +++ new/unrar/cmddata.cpp 2023-08-01 11:27:45.000000000 +0200 @@ -943,6 +943,7 @@ void CommandData::BadSwitch(const wchar *Switch) { mprintf(St(MUnknownOption),Switch); + mprintf(L"\n"); ErrHandler.Exit(RARX_USERERROR); } #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/dll.rc new/unrar/dll.rc --- old/unrar/dll.rc 2023-05-29 18:02:08.000000000 +0200 +++ new/unrar/dll.rc 2023-08-01 11:15:07.000000000 +0200 @@ -2,8 +2,8 @@ #include <commctrl.h> VS_VERSION_INFO VERSIONINFO -FILEVERSION 6, 22, 100, 880 -PRODUCTVERSION 6, 22, 100, 880 +FILEVERSION 6, 23, 100, 944 +PRODUCTVERSION 6, 23, 100, 944 FILEOS VOS__WINDOWS32 FILETYPE VFT_APP { @@ -14,8 +14,8 @@ VALUE "CompanyName", "Alexander Roshal\0" VALUE "ProductName", "RAR decompression library\0" VALUE "FileDescription", "RAR decompression library\0" - VALUE "FileVersion", "6.22.0\0" - VALUE "ProductVersion", "6.22.0\0" + VALUE "FileVersion", "6.23.0\0" + VALUE "ProductVersion", "6.23.0\0" VALUE "LegalCopyright", "Copyright © Alexander Roshal 1993-2023\0" VALUE "OriginalFilename", "Unrar.dll\0" } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/getbits.cpp new/unrar/getbits.cpp --- old/unrar/getbits.cpp 2023-05-29 18:05:16.000000000 +0200 +++ new/unrar/getbits.cpp 2023-08-01 11:27:45.000000000 +0200 @@ -5,11 +5,11 @@ ExternalBuffer=false; if (AllocBuffer) { - // getbits*() attempt to read data from InAddr, ... InAddr+3 positions. - // So let's allocate 3 additional bytes for situation, when we need to + // getbits*() attempt to read data from InAddr, ... InAddr+4 positions. + // So let's allocate 4 additional bytes for situation, when we need to // read only 1 byte from the last position of buffer and avoid a crash - // from access to next 3 bytes, which contents we do not need. - size_t BufSize=MAX_SIZE+3; + // from access to next 4 bytes, which contents we do not need. + size_t BufSize=MAX_SIZE+4; InBuf=new byte[BufSize]; // Ensure that we get predictable results when accessing bytes in area diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/loclang.hpp new/unrar/loclang.hpp --- old/unrar/loclang.hpp 2023-05-29 18:05:17.000000000 +0200 +++ new/unrar/loclang.hpp 2023-08-01 11:27:45.000000000 +0200 @@ -45,7 +45,7 @@ #define MCHelpCmdR L"\n r Repair archive" #define MCHelpCmdRC L"\n rc Reconstruct missing volumes" #define MCHelpCmdRN L"\n rn Rename archived files" -#define MCHelpCmdRR L"\n rr[N] Add data recovery record" +#define MCHelpCmdRR L"\n rr[N] Add the data recovery record" #define MCHelpCmdRV L"\n rv[N] Create recovery volumes" #define MCHelpCmdS L"\n s[name|-] Convert archive to or from SFX" #define MCHelpCmdT L"\n t Test archive files" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/pathfn.cpp new/unrar/pathfn.cpp --- old/unrar/pathfn.cpp 2023-05-29 18:05:17.000000000 +0200 +++ new/unrar/pathfn.cpp 2023-08-01 11:27:45.000000000 +0200 @@ -482,7 +482,7 @@ *s='_'; // No spaces or dots before the path separator are allowed on Windows - // shares. But they are allowed and automtically removed at the end of + // shares. But they are allowed and automatically removed at the end of // file or folder name, so it is useless to replace them here. // Since such files or folders are created successfully, a supposed // conversion here would never be invoked. @@ -746,7 +746,7 @@ // Here we ensure that we have enough 'N' characters to fit all digits // of archive number. We'll replace them by actual number later // in this function. - if (NCount<Digits) + if (NCount<Digits && wcslen(Mask)+Digits-NCount<ASIZE(Mask)) { wmemmove(Mask+I+Digits,Mask+I+NCount,wcslen(Mask+I+NCount)+1); wmemset(Mask+I,'N',Digits); @@ -783,7 +783,7 @@ if (StartWeekDay%7>=4) CurWeek++; - char Field[10][6]; + char Field[10][11]; sprintf(Field[0],"%04u",rlt.Year); sprintf(Field[1],"%02u",rlt.Month); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/recvol3.cpp new/unrar/recvol3.cpp --- old/unrar/recvol3.cpp 2023-05-29 18:05:17.000000000 +0200 +++ new/unrar/recvol3.cpp 2023-08-01 11:27:46.000000000 +0200 @@ -226,7 +226,7 @@ if (WrongParam) continue; } - if (P[1]+P[2]>255) + if (P[0]<=0 || P[1]<=0 || P[2]<=0 || P[1]+P[2]>255 || P[0]+P[2]-1>255) continue; if (RecVolNumber!=0 && RecVolNumber!=P[1] || FileNumber!=0 && FileNumber!=P[2]) { @@ -238,7 +238,14 @@ wcsncpyz(PrevName,CurName,ASIZE(PrevName)); File *NewFile=new File; NewFile->TOpen(CurName); - SrcFile[FileNumber+P[0]-1]=NewFile; + + // This check is redundant taking into account P[I]>255 and P[0]+P[2]-1>255 + // checks above. Still we keep it here for better clarity and security. + int SrcPos=FileNumber+P[0]-1; + if (SrcPos<0 || SrcPos>=ASIZE(SrcFile)) + continue; + SrcFile[SrcPos]=NewFile; + FoundRecVolumes++; if (RecFileSize==0) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/secpassword.cpp new/unrar/secpassword.cpp --- old/unrar/secpassword.cpp 2023-05-29 18:05:17.000000000 +0200 +++ new/unrar/secpassword.cpp 2023-08-01 11:27:46.000000000 +0200 @@ -70,7 +70,7 @@ { PasswordSet=false; if (Password.size()>0) - cleandata(&Password[0],Password.size()); + cleandata(&Password[0],Password.size()*sizeof(Password[0])); } @@ -141,7 +141,7 @@ wchar Plain[MAXPASSWORD]; Get(Plain,ASIZE(Plain)); size_t Length=wcslen(Plain); - cleandata(Plain,ASIZE(Plain)); + cleandata(Plain,sizeof(Plain)); return Length; } @@ -156,8 +156,8 @@ Get(Plain1,ASIZE(Plain1)); psw.Get(Plain2,ASIZE(Plain2)); bool Result=wcscmp(Plain1,Plain2)==0; - cleandata(Plain1,ASIZE(Plain1)); - cleandata(Plain2,ASIZE(Plain2)); + cleandata(Plain1,sizeof(Plain1)); + cleandata(Plain2,sizeof(Plain2)); return Result; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/version.hpp new/unrar/version.hpp --- old/unrar/version.hpp 2023-05-29 18:05:18.000000000 +0200 +++ new/unrar/version.hpp 2023-08-01 11:27:46.000000000 +0200 @@ -1,6 +1,6 @@ #define RARVER_MAJOR 6 -#define RARVER_MINOR 22 +#define RARVER_MINOR 23 #define RARVER_BETA 0 -#define RARVER_DAY 29 -#define RARVER_MONTH 5 +#define RARVER_DAY 1 +#define RARVER_MONTH 8 #define RARVER_YEAR 2023
