From owner-svn-ports-head@freebsd.org Wed Sep 27 16:52:21 2017 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5734DE08F72; Wed, 27 Sep 2017 16:52:21 +0000 (UTC) (envelope-from rakuco@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 25B547E8AB; Wed, 27 Sep 2017 16:52:21 +0000 (UTC) (envelope-from rakuco@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v8RGqK1t049525; Wed, 27 Sep 2017 16:52:20 GMT (envelope-from rakuco@FreeBSD.org) Received: (from rakuco@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v8RGqK82049523; Wed, 27 Sep 2017 16:52:20 GMT (envelope-from rakuco@FreeBSD.org) Message-Id: <201709271652.v8RGqK82049523@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rakuco set sender to rakuco@FreeBSD.org using -f From: Raphael Kubo da Costa Date: Wed, 27 Sep 2017 16:52:20 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r450768 - in head/archivers/libzip: . files X-SVN-Group: ports-head X-SVN-Commit-Author: rakuco X-SVN-Commit-Paths: in head/archivers/libzip: . files X-SVN-Commit-Revision: 450768 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Sep 2017 16:52:21 -0000 Author: rakuco Date: Wed Sep 27 16:52:20 2017 New Revision: 450768 URL: https://svnweb.freebsd.org/changeset/ports/450768 Log: Add a patch for CVE-2017-14107. This is a minor security vulnerability that can lead to a denial of service issue in libzip when a specially crafted archive is used. PR: 222638 Security: b2952517-07e5-4d19-8850-21c5b7e0623f Security: CVE-2017-14107 Added: head/archivers/libzip/files/patch-CVE-2017-14107 (contents, props changed) Modified: head/archivers/libzip/Makefile Modified: head/archivers/libzip/Makefile ============================================================================== --- head/archivers/libzip/Makefile Wed Sep 27 16:50:21 2017 (r450767) +++ head/archivers/libzip/Makefile Wed Sep 27 16:52:20 2017 (r450768) @@ -3,6 +3,7 @@ PORTNAME= libzip PORTVERSION= 1.1.3 +PORTREVISION= 1 CATEGORIES= archivers devel MASTER_SITES= http://www.nih.at/libzip/ Added: head/archivers/libzip/files/patch-CVE-2017-14107 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/archivers/libzip/files/patch-CVE-2017-14107 Wed Sep 27 16:52:20 2017 (r450768) @@ -0,0 +1,27 @@ +From 9b46957ec98d85a572e9ef98301247f39338a3b5 Mon Sep 17 00:00:00 2001 +From: Thomas Klausner +Date: Tue, 29 Aug 2017 10:25:03 +0200 +Subject: [PATCH] Make eocd checks more consistent between zip and zip64 cases. + +--- + lib/zip_open.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lib/zip_open.c b/lib/zip_open.c +index 3bd593b..9d3a4cb 100644 +--- lib/zip_open.c ++++ lib/zip_open.c +@@ -847,7 +847,12 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse + zip_error_set(error, ZIP_ER_SEEK, EFBIG); + return NULL; + } +- if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) { ++ if (offset+size > buf_offset + eocd_offset) { ++ /* cdir spans past EOCD record */ ++ zip_error_set(error, ZIP_ER_INCONS, 0); ++ return NULL; ++ } ++ if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) { + zip_error_set(error, ZIP_ER_INCONS, 0); + return NULL; + }