From owner-svn-ports-branches@FreeBSD.ORG Fri Jan 16 09:29:07 2015 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3C2448C4; Fri, 16 Jan 2015 09:29:07 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 280BD349; Fri, 16 Jan 2015 09:29:07 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t0G9T7Ju049302; Fri, 16 Jan 2015 09:29:07 GMT (envelope-from ehaupt@FreeBSD.org) Received: (from ehaupt@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t0G9T6cJ049297; Fri, 16 Jan 2015 09:29:06 GMT (envelope-from ehaupt@FreeBSD.org) Message-Id: <201501160929.t0G9T6cJ049297@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: ehaupt set sender to ehaupt@FreeBSD.org using -f From: Emanuel Haupt Date: Fri, 16 Jan 2015 09:29:06 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r377160 - in branches/2015Q1/archivers/unzip: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jan 2015 09:29:07 -0000 Author: ehaupt Date: Fri Jan 16 09:29:06 2015 New Revision: 377160 URL: https://svnweb.freebsd.org/changeset/ports/377160 QAT: https://qat.redports.org/buildarchive/r377160/ Log: Add patch to fix multiple vulnerabilities. Obtained from: debian Approved by: portmgr (erwin) Security: d9360908-9d52-11e4-87fd-10bf48e1088e (VuXML) Added: branches/2015Q1/archivers/unzip/files/patch-extract.c (contents, props changed) Modified: branches/2015Q1/archivers/unzip/Makefile Modified: branches/2015Q1/archivers/unzip/Makefile ============================================================================== --- branches/2015Q1/archivers/unzip/Makefile Fri Jan 16 09:17:38 2015 (r377159) +++ branches/2015Q1/archivers/unzip/Makefile Fri Jan 16 09:29:06 2015 (r377160) @@ -3,7 +3,7 @@ PORTNAME= unzip PORTVERSION= 6.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= archivers MASTER_SITES= SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \ SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce Added: branches/2015Q1/archivers/unzip/files/patch-extract.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q1/archivers/unzip/files/patch-extract.c Fri Jan 16 09:29:06 2015 (r377160) @@ -0,0 +1,66 @@ +--- extract.c.orig 2015-01-16 10:05:03.994866726 +0100 ++++ extract.c 2015-01-16 09:57:31.606898193 +0100 +@@ -1,5 +1,5 @@ + /* +- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. ++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. + + See the accompanying file LICENSE, version 2009-Jan-02 or later + (the contents of which are also included in unzip.h) for terms of use. +@@ -298,6 +298,8 @@ + #ifndef SFX + static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ + EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; ++ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \ ++ EF block length (%u bytes) invalid (< %d)\n"; + static ZCONST char Far InvalidComprDataEAs[] = + " invalid compressed data for EAs\n"; + # if (defined(WIN32) && defined(NTSD_EAS)) +@@ -2023,7 +2025,8 @@ + ebID = makeword(ef); + ebLen = (unsigned)makeword(ef+EB_LEN); + +- if (ebLen > (ef_len - EB_HEADSIZE)) { ++ if (ebLen > (ef_len - EB_HEADSIZE)) ++ { + /* Discovered some extra field inconsistency! */ + if (uO.qflag) + Info(slide, 1, ((char *)slide, "%-22s ", +@@ -2032,6 +2035,16 @@ + ebLen, (ef_len - EB_HEADSIZE))); + return PK_ERR; + } ++ else if (ebLen < EB_HEADSIZE) ++ { ++ /* Extra block length smaller than header length. */ ++ if (uO.qflag) ++ Info(slide, 1, ((char *)slide, "%-22s ", ++ FnFilter1(G.filename))); ++ Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength), ++ ebLen, EB_HEADSIZE)); ++ return PK_ERR; ++ } + + switch (ebID) { + case EF_OS2: +@@ -2221,10 +2234,17 @@ + if (compr_offset < 4) /* field is not compressed: */ + return PK_OK; /* do nothing and signal OK */ + ++ /* Return no/bad-data error status if any problem is found: ++ * 1. eb_size is too small to hold the uncompressed size ++ * (eb_ucsize). (Else extract eb_ucsize.) ++ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS. ++ * 3. eb_ucsize is positive, but eb_size is too small to hold ++ * the compressed data header. ++ */ + if ((eb_size < (EB_UCSIZE_P + 4)) || +- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L && +- eb_size <= (compr_offset + EB_CMPRHEADLEN))) +- return IZ_EF_TRUNC; /* no compressed data! */ ++ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) || ++ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) ++ return IZ_EF_TRUNC; /* no/bad compressed data! */ + + if ( + #ifdef INT_16BIT