Date: Tue, 3 Feb 2015 22:37:45 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r378382 - in head/archivers/unzip: . files Message-ID: <201502032237.t13Mbjk9017327@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Feb 3 22:37:45 2015 New Revision: 378382 URL: https://svnweb.freebsd.org/changeset/ports/378382 QAT: https://qat.redports.org/buildarchive/r378382/ Log: Apply Debian patch for CVE-2014-9636 which fixes out of boundary access issue in test_compr_eb. PR: ports/197300 Submitted by: Robert Simmons <rsimmons0 gmail com> Approved by: so Security: e543c6f8-abf2-11e4-8ac7-d050992ecde8 MFH: 2015Q1 Modified: head/archivers/unzip/Makefile head/archivers/unzip/files/patch-extract.c Modified: head/archivers/unzip/Makefile ============================================================================== --- head/archivers/unzip/Makefile Tue Feb 3 22:35:06 2015 (r378381) +++ head/archivers/unzip/Makefile Tue Feb 3 22:37:45 2015 (r378382) @@ -3,7 +3,7 @@ PORTNAME= unzip PORTVERSION= 6.0 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= archivers MASTER_SITES= SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \ SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce Modified: head/archivers/unzip/files/patch-extract.c ============================================================================== --- head/archivers/unzip/files/patch-extract.c Tue Feb 3 22:35:06 2015 (r378381) +++ head/archivers/unzip/files/patch-extract.c Tue Feb 3 22:37:45 2015 (r378382) @@ -1,5 +1,5 @@ ---- extract.c.orig 2015-01-16 10:05:03.994866726 +0100 -+++ extract.c 2015-01-16 09:57:31.606898193 +0100 +--- extract.c.orig 2009-03-14 01:32:52 UTC ++++ extract.c @@ -1,5 +1,5 @@ /* - Copyright (c) 1990-2009 Info-ZIP. All rights reserved. @@ -7,7 +7,7 @@ See the accompanying file LICENSE, version 2009-Jan-02 or later (the contents of which are also included in unzip.h) for terms of use. -@@ -298,6 +298,8 @@ +@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] = #ifndef SFX static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; @@ -16,7 +16,7 @@ static ZCONST char Far InvalidComprDataEAs[] = " invalid compressed data for EAs\n"; # if (defined(WIN32) && defined(NTSD_EAS)) -@@ -2023,7 +2025,8 @@ +@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_l ebID = makeword(ef); ebLen = (unsigned)makeword(ef+EB_LEN); @@ -26,7 +26,7 @@ /* Discovered some extra field inconsistency! */ if (uO.qflag) Info(slide, 1, ((char *)slide, "%-22s ", -@@ -2032,6 +2035,16 @@ +@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_l ebLen, (ef_len - EB_HEADSIZE))); return PK_ERR; } @@ -43,7 +43,12 @@ switch (ebID) { case EF_OS2: -@@ -2221,10 +2234,17 @@ +@@ -2217,14 +2230,28 @@ static int test_compr_eb(__G__ eb, eb_si + ulg eb_ucsize; + uch *eb_ucptr; + int r; ++ ush method; + if (compr_offset < 4) /* field is not compressed: */ return PK_OK; /* do nothing and signal OK */ @@ -61,6 +66,12 @@ + ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) || + ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) + return IZ_EF_TRUNC; /* no/bad compressed data! */ ++ ++ method = makeword(eb + (EB_HEADSIZE + compr_offset)); ++ if ((method == STORED) && (eb_size - compr_offset != eb_ucsize)) ++ return PK_ERR; /* compressed & uncompressed ++ * should match in STORED ++ * method */ if ( #ifdef INT_16BIT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502032237.t13Mbjk9017327>