From owner-svn-ports-head@freebsd.org Tue Jan 5 13:08:36 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 461D9A62413; Tue, 5 Jan 2016 13:08:36 +0000 (UTC) (envelope-from ehaupt@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 22B77152E; Tue, 5 Jan 2016 13:08:36 +0000 (UTC) (envelope-from ehaupt@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u05D8ZjE028044; Tue, 5 Jan 2016 13:08:35 GMT (envelope-from ehaupt@FreeBSD.org) Received: (from ehaupt@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u05D8ZCR028041; Tue, 5 Jan 2016 13:08:35 GMT (envelope-from ehaupt@FreeBSD.org) Message-Id: <201601051308.u05D8ZCR028041@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ehaupt set sender to ehaupt@FreeBSD.org using -f From: Emanuel Haupt Date: Tue, 5 Jan 2016 13:08:35 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r405286 - in head/archivers/unzip: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jan 2016 13:08:36 -0000 Author: ehaupt Date: Tue Jan 5 13:08:34 2016 New Revision: 405286 URL: https://svnweb.freebsd.org/changeset/ports/405286 Log: Fix multiple vulnerabilities. PR: 204413 (based on) Notified by: venture37@geeklan.co.uk Security: CVE-2015-7696, CVE-2015-7697 MFH: 2016Q1 Added: head/archivers/unzip/files/patch-crypt.c (contents, props changed) Modified: head/archivers/unzip/Makefile head/archivers/unzip/files/patch-extract.c Modified: head/archivers/unzip/Makefile ============================================================================== --- head/archivers/unzip/Makefile Tue Jan 5 13:06:05 2016 (r405285) +++ head/archivers/unzip/Makefile Tue Jan 5 13:08:34 2016 (r405286) @@ -3,7 +3,7 @@ PORTNAME= unzip PORTVERSION= 6.0 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= archivers MASTER_SITES= SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \ SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce Added: head/archivers/unzip/files/patch-crypt.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/archivers/unzip/files/patch-crypt.c Tue Jan 5 13:08:34 2016 (r405286) @@ -0,0 +1,21 @@ +--- crypt.c.orig 2007-01-05 16:47:36.000000000 +0100 ++++ crypt.c 2016-01-04 14:39:27.300502995 +0100 +@@ -465,7 +465,17 @@ + GLOBAL(pInfo->encrypted) = FALSE; + defer_leftover_input(__G); + for (n = 0; n < RAND_HEAD_LEN; n++) { +- b = NEXTBYTE; ++ /* 2012-11-23 SMS. (OUSPG report.) ++ * Quit early if compressed size < HEAD_LEN. The resulting ++ * error message ("unable to get password") could be improved, ++ * but it's better than trying to read nonexistent data, and ++ * then continuing with a negative G.csize. (See ++ * fileio.c:readbyte()). ++ */ ++ if ((b = NEXTBYTE) == (ush)EOF) ++ { ++ return PK_ERR; ++ } + h[n] = (uch)b; + Trace((stdout, " (%02x)", h[n])); + } Modified: head/archivers/unzip/files/patch-extract.c ============================================================================== --- head/archivers/unzip/files/patch-extract.c Tue Jan 5 13:06:05 2016 (r405285) +++ head/archivers/unzip/files/patch-extract.c Tue Jan 5 13:08:34 2016 (r405286) @@ -1,5 +1,5 @@ ---- extract.c.orig 2009-03-14 01:32:52 UTC -+++ extract.c +--- extract.c.orig 2009-03-14 02:32:52.000000000 +0100 ++++ extract.c 2016-01-04 14:43:11.813488458 +0100 @@ -1,5 +1,5 @@ /* - Copyright (c) 1990-2009 Info-ZIP. All rights reserved. @@ -7,7 +7,7 @@ See the accompanying file LICENSE, version 2009-Jan-02 or later (the contents of which are also included in unzip.h) for terms of use. -@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] = +@@ -298,6 +298,8 @@ #ifndef SFX static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; @@ -16,7 +16,7 @@ static ZCONST char Far InvalidComprDataEAs[] = " invalid compressed data for EAs\n"; # if (defined(WIN32) && defined(NTSD_EAS)) -@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_l +@@ -2023,7 +2025,8 @@ ebID = makeword(ef); ebLen = (unsigned)makeword(ef+EB_LEN); @@ -26,7 +26,7 @@ /* Discovered some extra field inconsistency! */ if (uO.qflag) Info(slide, 1, ((char *)slide, "%-22s ", -@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_l +@@ -2032,6 +2035,16 @@ ebLen, (ef_len - EB_HEADSIZE))); return PK_ERR; } @@ -43,7 +43,7 @@ switch (ebID) { case EF_OS2: -@@ -2217,14 +2230,28 @@ static int test_compr_eb(__G__ eb, eb_si +@@ -2217,14 +2230,28 @@ ulg eb_ucsize; uch *eb_ucptr; int r; @@ -75,3 +75,16 @@ if ( #ifdef INT_16BIT +@@ -2701,6 +2728,12 @@ + int repeated_buf_err; + bz_stream bstrm; + ++ if (G.incnt <= 0 && G.csize <= 0L) { ++ /* avoid an infinite loop */ ++ Trace((stderr, "UZbunzip2() got empty input\n")); ++ return 2; ++ } ++ + #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) + if (G.redirect_slide) + wsize = G.redirect_size, redirSlide = G.redirect_buffer;