svn commit: r397361 - in head: devel/radare2 devel/radare2/files emulators/ppsspp emulators/ppsspp-devel emulators/ppsspp-devel/files emulators/ppsspp/files games/openlierox games/openlierox/files
Jan Beich
jbeich at FreeBSD.org
Sun Sep 20 09:22:47 UTC 2015
Author: jbeich
Date: Sun Sep 20 09:22:44 2015
New Revision: 397361
URL: https://svnweb.freebsd.org/changeset/ports/397361
Log:
Backport CVE-2015-2331 fix to bundled libzip
MFH: 2015Q3
Security: 264749ae-d565-11e4-b545-00269ee29e57
Added:
head/devel/radare2/files/
head/devel/radare2/files/patch-CVE-2015-2331 (contents, props changed)
head/emulators/ppsspp-devel/files/patch-CVE-2015-2331 (contents, props changed)
head/emulators/ppsspp/files/patch-CVE-2015-2331 (contents, props changed)
head/games/openlierox/files/
head/games/openlierox/files/patch-CVE-2015-2331 (contents, props changed)
Modified:
head/devel/radare2/Makefile (contents, props changed)
head/emulators/ppsspp-devel/Makefile (contents, props changed)
head/emulators/ppsspp/Makefile (contents, props changed)
head/games/openlierox/Makefile (contents, props changed)
Modified: head/devel/radare2/Makefile
==============================================================================
--- head/devel/radare2/Makefile Sun Sep 20 07:33:37 2015 (r397360)
+++ head/devel/radare2/Makefile Sun Sep 20 09:22:44 2015 (r397361)
@@ -3,6 +3,7 @@
PORTNAME= radare2
PORTVERSION= 0.9.8
+PORTREVISION= 1
CATEGORIES= devel
MASTER_SITES= http://rada.re/get/
Added: head/devel/radare2/files/patch-CVE-2015-2331
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/devel/radare2/files/patch-CVE-2015-2331 Sun Sep 20 09:22:44 2015 (r397361)
@@ -0,0 +1,17 @@
+changeset: 1718:9f11d54f692e
+user: Thomas Klausner <tk at giga.or.at>
+date: Sat Mar 21 12:28:42 2015 +0100
+summary: Avoid integer overflow. Addresses CVE-2015-2331.
+
+diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c
+--- shlr/zip/zip/zip_dirent.c
++++ shlr/zip/zip/zip_dirent.c
+@@ -110,7 +110,7 @@ _zip_cdir_new(zip_uint64_t nentry, struc
+
+ if (nentry == 0)
+ cd->entry = NULL;
+- else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*nentry)) == NULL) {
++ else if ((nentry > SIZE_MAX/sizeof(*(cd->entry))) || (cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
+ _zip_error_set(error, ZIP_ER_MEMORY, 0);
+ free(cd);
+ return NULL;
Modified: head/emulators/ppsspp-devel/Makefile
==============================================================================
--- head/emulators/ppsspp-devel/Makefile Sun Sep 20 07:33:37 2015 (r397360)
+++ head/emulators/ppsspp-devel/Makefile Sun Sep 20 09:22:44 2015 (r397361)
@@ -2,7 +2,7 @@
DISTVERSION= 1.0.1-2668
DISTVERSIONSUFFIX= -g253ed9f
-PORTREVISION= 0
+PORTREVISION= 1
PKGNAMESUFFIX= -devel
GH_TAGNAME= e22d7a5:lang a0b878f:ext_armips
Added: head/emulators/ppsspp-devel/files/patch-CVE-2015-2331
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/emulators/ppsspp-devel/files/patch-CVE-2015-2331 Sun Sep 20 09:22:44 2015 (r397361)
@@ -0,0 +1,18 @@
+From ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas at php.net>
+Date: Tue, 17 Mar 2015 21:59:56 -0700
+Subject: Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary
+
+diff --git a/ext/zip/lib/zip_dirent.c b/ext/zip/lib/zip_dirent.c
+index b9dac5c..0090801 100644
+--- ext/native/ext/libzip/zip_dirent.c
++++ ext/native/ext/libzip/zip_dirent.c
+@@ -101,7 +101,7 @@ _zip_cdir_new(int nentry, struct zip_error *error)
+ return NULL;
+ }
+
+- if ((cd->entry=(struct zip_dirent *)malloc(sizeof(*(cd->entry))*nentry))
++ if ( nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_dirent *)malloc(sizeof(*(cd->entry))*(size_t)nentry))
+ == NULL) {
+ _zip_error_set(error, ZIP_ER_MEMORY, 0);
+ free(cd);
Modified: head/emulators/ppsspp/Makefile
==============================================================================
--- head/emulators/ppsspp/Makefile Sun Sep 20 07:33:37 2015 (r397360)
+++ head/emulators/ppsspp/Makefile Sun Sep 20 09:22:44 2015 (r397361)
@@ -3,7 +3,7 @@
PORTNAME= ppsspp
DISTVERSIONPREFIX= v
DISTVERSION?= 1.0.1
-PORTREVISION?= 4
+PORTREVISION?= 5
CATEGORIES= emulators
.ifndef PKGNAMESUFFIX
Added: head/emulators/ppsspp/files/patch-CVE-2015-2331
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/emulators/ppsspp/files/patch-CVE-2015-2331 Sun Sep 20 09:22:44 2015 (r397361)
@@ -0,0 +1,18 @@
+From ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas at php.net>
+Date: Tue, 17 Mar 2015 21:59:56 -0700
+Subject: Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary
+
+diff --git a/ext/zip/lib/zip_dirent.c b/ext/zip/lib/zip_dirent.c
+index b9dac5c..0090801 100644
+--- native/ext/libzip/zip_dirent.c
++++ native/ext/libzip/zip_dirent.c
+@@ -101,7 +101,7 @@ _zip_cdir_new(int nentry, struct zip_error *error)
+ return NULL;
+ }
+
+- if ((cd->entry=(struct zip_dirent *)malloc(sizeof(*(cd->entry))*nentry))
++ if ( nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_dirent *)malloc(sizeof(*(cd->entry))*(size_t)nentry))
+ == NULL) {
+ _zip_error_set(error, ZIP_ER_MEMORY, 0);
+ free(cd);
Modified: head/games/openlierox/Makefile
==============================================================================
--- head/games/openlierox/Makefile Sun Sep 20 07:33:37 2015 (r397360)
+++ head/games/openlierox/Makefile Sun Sep 20 09:22:44 2015 (r397361)
@@ -3,7 +3,7 @@
PORTNAME= openlierox
DISTVERSION= 0.58_rc3
-PORTREVISION= 4
+PORTREVISION= 5
PORTEPOCH= 1
CATEGORIES= games
MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/OpenLieroX%20${DISTVERSION:C/_/%20/}
Added: head/games/openlierox/files/patch-CVE-2015-2331
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/games/openlierox/files/patch-CVE-2015-2331 Sun Sep 20 09:22:44 2015 (r397361)
@@ -0,0 +1,18 @@
+From ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas at php.net>
+Date: Tue, 17 Mar 2015 21:59:56 -0700
+Subject: Fix bug #69253 - ZIP Integer Overflow leads to writing past heap boundary
+
+diff --git a/ext/zip/lib/zip_dirent.c b/ext/zip/lib/zip_dirent.c
+index b9dac5c..0090801 100644
+--- libs/libzip/zip_dirent.c
++++ libs/libzip/zip_dirent.c
+@@ -101,7 +101,7 @@ _zip_cdir_new(int nentry, struct zip_error *error)
+ return NULL;
+ }
+
+- if ((cd->entry=(struct zip_dirent *)malloc(sizeof(*(cd->entry))*nentry))
++ if ( nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_dirent *)malloc(sizeof(*(cd->entry))*(size_t)nentry))
+ == NULL) {
+ _zip_error_set(error, ZIP_ER_MEMORY, 0);
+ free(cd);
More information about the svn-ports-all
mailing list