Date: Wed, 27 Sep 2017 16:52:20 +0000 (UTC) From: Raphael Kubo da Costa <rakuco@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r450768 - in head/archivers/libzip: . files Message-ID: <201709271652.v8RGqK82049523@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rakuco Date: Wed Sep 27 16:52:20 2017 New Revision: 450768 URL: https://svnweb.freebsd.org/changeset/ports/450768 Log: Add a patch for CVE-2017-14107. This is a minor security vulnerability that can lead to a denial of service issue in libzip when a specially crafted archive is used. PR: 222638 Security: b2952517-07e5-4d19-8850-21c5b7e0623f Security: CVE-2017-14107 Added: head/archivers/libzip/files/patch-CVE-2017-14107 (contents, props changed) Modified: head/archivers/libzip/Makefile Modified: head/archivers/libzip/Makefile ============================================================================== --- head/archivers/libzip/Makefile Wed Sep 27 16:50:21 2017 (r450767) +++ head/archivers/libzip/Makefile Wed Sep 27 16:52:20 2017 (r450768) @@ -3,6 +3,7 @@ PORTNAME= libzip PORTVERSION= 1.1.3 +PORTREVISION= 1 CATEGORIES= archivers devel MASTER_SITES= http://www.nih.at/libzip/ Added: head/archivers/libzip/files/patch-CVE-2017-14107 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/archivers/libzip/files/patch-CVE-2017-14107 Wed Sep 27 16:52:20 2017 (r450768) @@ -0,0 +1,27 @@ +From 9b46957ec98d85a572e9ef98301247f39338a3b5 Mon Sep 17 00:00:00 2001 +From: Thomas Klausner <tk@giga.or.at> +Date: Tue, 29 Aug 2017 10:25:03 +0200 +Subject: [PATCH] Make eocd checks more consistent between zip and zip64 cases. + +--- + lib/zip_open.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lib/zip_open.c b/lib/zip_open.c +index 3bd593b..9d3a4cb 100644 +--- lib/zip_open.c ++++ lib/zip_open.c +@@ -847,7 +847,12 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse + zip_error_set(error, ZIP_ER_SEEK, EFBIG); + return NULL; + } +- if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) { ++ if (offset+size > buf_offset + eocd_offset) { ++ /* cdir spans past EOCD record */ ++ zip_error_set(error, ZIP_ER_INCONS, 0); ++ return NULL; ++ } ++ if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) { + zip_error_set(error, ZIP_ER_INCONS, 0); + return NULL; + }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709271652.v8RGqK82049523>