Date: Fri, 15 Jul 2016 13:45:51 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r418579 - in branches/2016Q3/archivers/p7zip: . files Message-ID: <201607151345.u6FDjp3M060444@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Fri Jul 15 13:45:50 2016 New Revision: 418579 URL: https://svnweb.freebsd.org/changeset/ports/418579 Log: MFH: r418576 Add patches for CVE-2016-2334 and CVE-2016-2335. While here, use PORTREVISION?= instead of PORTREVISION= to avoid needlessly bumping PORTREVISION in archivers/p7zip-codec-rar. PR: 211114 Submitted by: Piotr Kubaj <pkubaj@anongoth.pl> Security: a9bcaf57-4a7b-11e6-97f7-5453ed2e2b49 Security: d706a3a3-4a7c-11e6-97f7-5453ed2e2b49 Approved by: ports-secteam (with hat) Added: branches/2016Q3/archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp - copied unchanged from r418576, head/archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp branches/2016Q3/archivers/p7zip/files/patch-CPP_7zip_Archive_Udf_UdfIn.cpp - copied unchanged from r418576, head/archivers/p7zip/files/patch-CPP_7zip_Archive_Udf_UdfIn.cpp Modified: branches/2016Q3/archivers/p7zip/Makefile Directory Properties: branches/2016Q3/ (props changed) Modified: branches/2016Q3/archivers/p7zip/Makefile ============================================================================== --- branches/2016Q3/archivers/p7zip/Makefile Fri Jul 15 12:16:01 2016 (r418578) +++ branches/2016Q3/archivers/p7zip/Makefile Fri Jul 15 13:45:50 2016 (r418579) @@ -3,6 +3,7 @@ PORTNAME= p7zip PORTVERSION= 15.14 +PORTREVISION?= 1 CATEGORIES= archivers MASTER_SITES= SF DISTNAME= ${PORTNAME}_${DISTVERSION}_src_all Copied: branches/2016Q3/archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp (from r418576, head/archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q3/archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp Fri Jul 15 13:45:50 2016 (r418579, copy of r418576, head/archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp) @@ -0,0 +1,25 @@ +Patch for CVE-2016-2334. + +Obtained from: https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/ +--- CPP/7zip/Archive/HfsHandler.cpp.orig Fri Jun 19 06:52:08 2015 ++++ CPP/7zip/Archive/HfsHandler.cpp Mon May 23 20:37:42 2016 +@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFork &fork, cons + item.GroupID = Get32(r + 0x24); + item.AdminFlags = r[0x28]; + item.OwnerFlags = r[0x29]; ++ */ + item.FileMode = Get16(r + 0x2A); ++ /* + item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount + item.FileType = Get32(r + 0x30); + item.FileCreator = Get32(r + 0x34); +@@ -1571,6 +1573,9 @@ HRESULT CHandler::ExtractZlibFile( + blockSize = (UInt32)rem; + + UInt32 size = GetUi32(tableBuf + i * 8 + 4); ++ ++ if (size > buf.Size() || size > kCompressionBlockSize + 1) ++ return S_FALSE; + + RINOK(ReadStream_FALSE(inStream, buf, size)); + Copied: branches/2016Q3/archivers/p7zip/files/patch-CPP_7zip_Archive_Udf_UdfIn.cpp (from r418576, head/archivers/p7zip/files/patch-CPP_7zip_Archive_Udf_UdfIn.cpp) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q3/archivers/p7zip/files/patch-CPP_7zip_Archive_Udf_UdfIn.cpp Fri Jul 15 13:45:50 2016 (r418579, copy of r418576, head/archivers/p7zip/files/patch-CPP_7zip_Archive_Udf_UdfIn.cpp) @@ -0,0 +1,18 @@ +Patch for CVE-2016-2335. + +Obtained from: https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/ +--- CPP/7zip/Archive/Udf/UdfIn.cpp.orig Fri Nov 20 15:40:08 2015 ++++ CPP/7zip/Archive/Udf/UdfIn.cpp Mon May 23 20:37:46 2016 +@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int volIndex, int fsI + return S_FALSE; + CFile &file = Files.Back(); + const CLogVol &vol = LogVols[volIndex]; +- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex]; ++ unsigned partitionRef = lad.Location.PartitionRef; ++ ++ if (partitionRef >= vol.PartitionMaps.Size()) ++ return S_FALSE; ++ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex]; + + UInt32 key = lad.Location.Pos; + UInt32 value;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607151345.u6FDjp3M060444>