Hello community, here is the log from the commit of package unrar for openSUSE:Factory:NonFree checked in at 2015-10-14 16:46:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory:NonFree/unrar (Old) and /work/SRC/openSUSE:Factory:NonFree/.unrar.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unrar" Changes: -------- --- /work/SRC/openSUSE:Factory:NonFree/unrar/unrar.changes 2015-09-17 09:22:03.000000000 +0200 +++ /work/SRC/openSUSE:Factory:NonFree/.unrar.new/unrar.changes 2015-10-14 16:46:21.000000000 +0200 @@ -1,0 +2,7 @@ +Thu Oct 8 17:37:01 UTC 2015 - lazy.k...@opensuse.org + +- Update to 5.3.5. + * Fixed bug: unrar could crash when unpacking .rar archives with + corrupt file headers. + +------------------------------------------------------------------- Old: ---- unrarsrc-5.3.4.tar.gz New: ---- unrarsrc-5.3.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ unrar.spec ++++++ --- /var/tmp/diff_new_pack.woOtxz/_old 2015-10-14 16:46:22.000000000 +0200 +++ /var/tmp/diff_new_pack.woOtxz/_new 2015-10-14 16:46:22.000000000 +0200 @@ -18,10 +18,10 @@ # majorversion should match the major version number. %define majorversion 5 -%define libsuffix 5_3_4 +%define libsuffix 5_3_5 Name: unrar -Version: 5.3.4 +Version: 5.3.5 Release: 0 Summary: A program to extract, test, and view RAR archives License: SUSE-NonFree ++++++ unrarsrc-5.3.4.tar.gz -> unrarsrc-5.3.5.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/dll.rc new/unrar/dll.rc --- old/unrar/dll.rc 2015-09-13 11:04:13.000000000 +0200 +++ new/unrar/dll.rc 2015-10-01 23:48:14.000000000 +0200 @@ -2,8 +2,8 @@ #include <commctrl.h> VS_VERSION_INFO VERSIONINFO -FILEVERSION 5, 30, 4, 1719 -PRODUCTVERSION 5, 30, 4, 1719 +FILEVERSION 5, 30, 4, 1738 +PRODUCTVERSION 5, 30, 4, 1738 FILEOS VOS__WINDOWS32 FILETYPE VFT_APP { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/extract.cpp new/unrar/extract.cpp --- old/unrar/extract.cpp 2015-09-13 11:12:16.000000000 +0200 +++ new/unrar/extract.cpp 2015-10-02 00:34:56.000000000 +0200 @@ -206,6 +206,18 @@ bool CmdExtract::ExtractCurrentFile(Archive &Arc,size_t HeaderSize,bool &Repeat) { + // We can get negative sizes in corrupt archive and it is unacceptable + // for size comparisons in CmdExtract::UnstoreFile and ComprDataIO::UnpRead, + // where we cast sizes to size_t and can exceed another read or available + // size. We could fix it when reading an archive. But we prefer to do it + // here, because this function is called directly in unrar.dll, so we fix + // bad parameters passed to dll. Also we want to see real negative sizes + // in the listing of corrupt archive. + if (Arc.FileHead.PackSize<0) + Arc.FileHead.PackSize=0; + if (Arc.FileHead.UnpSize<0) + Arc.FileHead.UnpSize=0; + wchar Command=Cmd->Command[0]; if (HeaderSize==0) if (DataIO.UnpVolume) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/list.cpp new/unrar/list.cpp --- old/unrar/list.cpp 2015-09-13 11:12:17.000000000 +0200 +++ new/unrar/list.cpp 2015-10-02 00:34:56.000000000 +0200 @@ -215,7 +215,7 @@ TitleShown=true; } - wchar UnpSizeText[20],PackSizeText[20]; + wchar UnpSizeText[30],PackSizeText[30]; if (hd.UnpSize==INT64NDF) wcscpy(UnpSizeText,L"?"); else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/strfn.cpp new/unrar/strfn.cpp --- old/unrar/strfn.cpp 2015-09-13 11:12:17.000000000 +0200 +++ new/unrar/strfn.cpp 2015-10-02 00:34:56.000000000 +0200 @@ -290,14 +290,21 @@ char NumStr[50]; size_t Pos=0; + int Neg=n < 0 ? 1 : 0; + if (Neg) + n=-n; + do { - if (Pos+1>=MaxSize) + if (Pos+1>=MaxSize-Neg) break; NumStr[Pos++]=char(n%10)+'0'; n=n/10; } while (n!=0); + if (Neg) + NumStr[Pos++]='-'; + for (size_t I=0;I<Pos;I++) Str[I]=NumStr[Pos-I-1]; Str[Pos]=0; @@ -309,14 +316,21 @@ wchar NumStr[50]; size_t Pos=0; + int Neg=n < 0 ? 1 : 0; + if (Neg) + n=-n; + do { - if (Pos+1>=MaxSize) + if (Pos+1>=MaxSize-Neg) break; NumStr[Pos++]=wchar(n%10)+'0'; n=n/10; } while (n!=0); + if (Neg) + NumStr[Pos++]='-'; + for (size_t I=0;I<Pos;I++) Str[I]=NumStr[Pos-I-1]; Str[Pos]=0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/unrar/version.hpp new/unrar/version.hpp --- old/unrar/version.hpp 2015-09-13 11:12:17.000000000 +0200 +++ new/unrar/version.hpp 2015-10-02 00:34:56.000000000 +0200 @@ -1,6 +1,6 @@ #define RARVER_MAJOR 5 #define RARVER_MINOR 30 #define RARVER_BETA 4 -#define RARVER_DAY 13 -#define RARVER_MONTH 9 +#define RARVER_DAY 2 +#define RARVER_MONTH 10 #define RARVER_YEAR 2015