Date: Tue, 17 Feb 2015 23:50:33 +0100 From: Jan Beich <jbeich@FreeBSD.org> To: Xin LI <delphij@FreeBSD.org> Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r379192 - in head/archivers/unzip: . files Message-ID: <lhjw-5f0m-wny@FreeBSD.org> In-Reply-To: <201502172158.t1HLwe7N060649@svn.freebsd.org> (Xin LI's message of "Tue, 17 Feb 2015 21:58:40 %2B0000 (UTC)") References: <201502172158.t1HLwe7N060649@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Xin LI <delphij@FreeBSD.org> writes:
> Log:
> Apply fix for CVE-2015-1315 from Marc Deslauriers
> <marc.deslauriers@canonical.com>.
>=20=20=20
> MFH: 2015Q1
> Approved by: so
[...]
> Modified: head/archivers/unzip/files/extra-iconv-patch-unix_unix.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/archivers/unzip/files/extra-iconv-patch-unix_unix.c Tue Feb 17 2=
1:32:56 2015 (r379191)
> +++ head/archivers/unzip/files/extra-iconv-patch-unix_unix.c Tue Feb 17 2=
1:58:40 2015 (r379192)
> @@ -76,15 +76,27 @@
> +
> + slen =3D strlen(string);
> + s =3D string;
> -+ dlen =3D buflen =3D 2*slen;
> -+ d =3D buf =3D malloc(buflen + 1);
> ++
> ++ /* Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ
> ++ * as this function also gets called with G.outbuf in fileio.c
> ++ */
> ++ buflen =3D FILNAMSIZ;
[...]
Why the underlying @@ line hasn't changed if number of ++ lines increased?
It makes my ICONV=3Don build fail
$ make
[...]
--- unzipsfx ---
fileio_.o: In function `do_string':
fileio.c:(.text+0x14d5): undefined reference to `iso_intern'
fileio.c:(.text+0x14e8): undefined reference to `oem_intern'
fileio.c:(.text+0x1944): undefined reference to `iso_intern'
fileio.c:(.text+0x1950): undefined reference to `oem_intern'
cc: error: linker command failed with exit code 1 (use -v to see invocati=
on)
Index: archivers/unzip/files/extra-iconv-patch-unix_unix.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=2D-- archivers/unzip/files/extra-iconv-patch-unix_unix.c (revision 379194)
+++ archivers/unzip/files/extra-iconv-patch-unix_unix.c (working copy)
@@ -10,7 +10,7 @@
#ifdef SCO_XENIX
# define SYSNDIR
#else /* SCO Unix, AIX, DNIX, TI SysV, Coherent 4.x, ... */
=2D@@ -1874,3 +1877,90 @@ static void qlfix(__G__ ef_ptr, ef_len)
+@@ -1874,3 +1877,102 @@ static void qlfix(__G__ ef_ptr, ef_len)
}
}
#endif /* QLZIP */
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQF8BAEBCgBmBQJU48W5XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREQjQ0MzY3NEM3RDIzNTc4NkUxNDkyQ0VF
NEM3Nzg4MzQ3OURCRERCAAoJEOTHeINHnb3bnTIIAICE+3xRpebdSthi/r7rDi63
ZBHMzt5ySxyElq7tlwTMaiCFqpZlc+PfRMnLnMpMTL3/quu8b8Da2B6FBVbzbyye
kAzTZgViOJ3YxqMmrr/0Z33Jjhurve951Yg9ql7oJfRvjz4CIel2UZLdZ2ARTUW1
bcRzOSoS2Ay6CcaKPif0xfVbEvgUcLxWzO8m9n22euV5v47v0Oo69aSab8yPaIpv
58AV9moFXNDc/V0pd8VKmKmaetJ7lhyX6Fs54CQRnTN8ZESguJ997kVIcKh8rbGd
7lA6MTml8bLITqE8gpgCRqtZ0ukFHh+g7cVEcUPAh8D6RlAEThgq/rEVVIWn+rM=
=5Fo1
-----END PGP SIGNATURE-----
--=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lhjw-5f0m-wny>