svn commit: r379192 - in head/archivers/unzip: . files

Jan Beich jbeich at FreeBSD.org
Tue Feb 17 22:51:15 UTC 2015 

Xin LI <delphij at FreeBSD.org> writes:

> Log:
>   Apply fix for CVE-2015-1315 from Marc Deslauriers
>   <marc.deslauriers at canonical.com>.
>   
>   MFH:		2015Q1
>   Approved by:	so
[...]
> Modified: head/archivers/unzip/files/extra-iconv-patch-unix_unix.c
> ==============================================================================
> --- head/archivers/unzip/files/extra-iconv-patch-unix_unix.c	Tue Feb 17 21:32:56 2015	(r379191)
> +++ head/archivers/unzip/files/extra-iconv-patch-unix_unix.c	Tue Feb 17 21:58:40 2015	(r379192)
> @@ -76,15 +76,27 @@
>  +
>  +    slen = strlen(string);
>  +    s = string;
> -+    dlen = buflen = 2*slen;
> -+    d = buf = malloc(buflen + 1);
> ++
> ++    /*  Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ
> ++     *  as this function also gets called with G.outbuf in fileio.c
> ++     */
> ++    buflen = FILNAMSIZ;
[...]

Why the underlying @@ line hasn't changed if number of ++ lines increased?
It makes my ICONV=on build fail

  $ make
  [...]
  --- unzipsfx ---
  fileio_.o: In function `do_string':
  fileio.c:(.text+0x14d5): undefined reference to `iso_intern'
  fileio.c:(.text+0x14e8): undefined reference to `oem_intern'
  fileio.c:(.text+0x1944): undefined reference to `iso_intern'
  fileio.c:(.text+0x1950): undefined reference to `oem_intern'
  cc: error: linker command failed with exit code 1 (use -v to see invocation)

Index: archivers/unzip/files/extra-iconv-patch-unix_unix.c
===================================================================
--- archivers/unzip/files/extra-iconv-patch-unix_unix.c	(revision 379194)
+++ archivers/unzip/files/extra-iconv-patch-unix_unix.c	(working copy)
@@ -10,7 +10,7 @@
  #ifdef SCO_XENIX
  #  define SYSNDIR
  #else  /* SCO Unix, AIX, DNIX, TI SysV, Coherent 4.x, ... */
-@@ -1874,3 +1877,90 @@ static void qlfix(__G__ ef_ptr, ef_len)
+@@ -1874,3 +1877,102 @@ static void qlfix(__G__ ef_ptr, ef_len)
      }
  }
  #endif /* QLZIP */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 602 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-ports-all/attachments/20150217/adb644d6/attachment.sig>

More information about the svn-ports-all mailing list