svn commit: r378383 - in branches/2015Q1/archivers/unzip: . files
Xin LI
delphij at FreeBSD.org
Tue Feb 3 22:46:14 UTC 2015
Author: delphij
Date: Tue Feb 3 22:46:13 2015
New Revision: 378383
URL: https://svnweb.freebsd.org/changeset/ports/378383
QAT: https://qat.redports.org/buildarchive/r378383/
Log:
MFH: r378382
Apply Debian patch for CVE-2014-9636 which fixes out of
boundary access issue in test_compr_eb.
PR: ports/197300
Submitted by: Robert Simmons <rsimmons0 gmail com>
Security: e543c6f8-abf2-11e4-8ac7-d050992ecde8
Approved by: ports-secteam
Modified:
branches/2015Q1/archivers/unzip/Makefile
branches/2015Q1/archivers/unzip/files/patch-extract.c
Directory Properties:
branches/2015Q1/ (props changed)
Modified: branches/2015Q1/archivers/unzip/Makefile
==============================================================================
--- branches/2015Q1/archivers/unzip/Makefile Tue Feb 3 22:37:45 2015 (r378382)
+++ branches/2015Q1/archivers/unzip/Makefile Tue Feb 3 22:46:13 2015 (r378383)
@@ -3,7 +3,7 @@
PORTNAME= unzip
PORTVERSION= 6.0
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= archivers
MASTER_SITES= SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \
SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce
Modified: branches/2015Q1/archivers/unzip/files/patch-extract.c
==============================================================================
--- branches/2015Q1/archivers/unzip/files/patch-extract.c Tue Feb 3 22:37:45 2015 (r378382)
+++ branches/2015Q1/archivers/unzip/files/patch-extract.c Tue Feb 3 22:46:13 2015 (r378383)
@@ -1,5 +1,5 @@
---- extract.c.orig 2015-01-16 10:05:03.994866726 +0100
-+++ extract.c 2015-01-16 09:57:31.606898193 +0100
+--- extract.c.orig 2009-03-14 01:32:52 UTC
++++ extract.c
@@ -1,5 +1,5 @@
/*
- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
@@ -7,7 +7,7 @@
See the accompanying file LICENSE, version 2009-Jan-02 or later
(the contents of which are also included in unzip.h) for terms of use.
-@@ -298,6 +298,8 @@
+@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] =
#ifndef SFX
static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
@@ -16,7 +16,7 @@
static ZCONST char Far InvalidComprDataEAs[] =
" invalid compressed data for EAs\n";
# if (defined(WIN32) && defined(NTSD_EAS))
-@@ -2023,7 +2025,8 @@
+@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_l
ebID = makeword(ef);
ebLen = (unsigned)makeword(ef+EB_LEN);
@@ -26,7 +26,7 @@
/* Discovered some extra field inconsistency! */
if (uO.qflag)
Info(slide, 1, ((char *)slide, "%-22s ",
-@@ -2032,6 +2035,16 @@
+@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_l
ebLen, (ef_len - EB_HEADSIZE)));
return PK_ERR;
}
@@ -43,7 +43,12 @@
switch (ebID) {
case EF_OS2:
-@@ -2221,10 +2234,17 @@
+@@ -2217,14 +2230,28 @@ static int test_compr_eb(__G__ eb, eb_si
+ ulg eb_ucsize;
+ uch *eb_ucptr;
+ int r;
++ ush method;
+
if (compr_offset < 4) /* field is not compressed: */
return PK_OK; /* do nothing and signal OK */
@@ -61,6 +66,12 @@
+ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
+ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
+ return IZ_EF_TRUNC; /* no/bad compressed data! */
++
++ method = makeword(eb + (EB_HEADSIZE + compr_offset));
++ if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
++ return PK_ERR; /* compressed & uncompressed
++ * should match in STORED
++ * method */
if (
#ifdef INT_16BIT
More information about the svn-ports-branches
mailing list