Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 5 Jan 2016 13:08:35 +0000 (UTC)
From:      Emanuel Haupt <ehaupt@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r405286 - in head/archivers/unzip: . files
Message-ID:  <201601051308.u05D8ZCR028041@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: ehaupt
Date: Tue Jan  5 13:08:34 2016
New Revision: 405286
URL: https://svnweb.freebsd.org/changeset/ports/405286

Log:
  Fix multiple vulnerabilities.
  
  PR:		204413 (based on)
  Notified by:	venture37@geeklan.co.uk
  Security:	CVE-2015-7696, CVE-2015-7697
  MFH:		2016Q1

Added:
  head/archivers/unzip/files/patch-crypt.c   (contents, props changed)
Modified:
  head/archivers/unzip/Makefile
  head/archivers/unzip/files/patch-extract.c

Modified: head/archivers/unzip/Makefile
==============================================================================
--- head/archivers/unzip/Makefile	Tue Jan  5 13:06:05 2016	(r405285)
+++ head/archivers/unzip/Makefile	Tue Jan  5 13:08:34 2016	(r405286)
@@ -3,7 +3,7 @@
 
 PORTNAME=	unzip
 PORTVERSION=	6.0
-PORTREVISION=	6
+PORTREVISION=	7
 CATEGORIES=	archivers
 MASTER_SITES=	SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \
 		SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce

Added: head/archivers/unzip/files/patch-crypt.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/archivers/unzip/files/patch-crypt.c	Tue Jan  5 13:08:34 2016	(r405286)
@@ -0,0 +1,21 @@
+--- crypt.c.orig	2007-01-05 16:47:36.000000000 +0100
++++ crypt.c	2016-01-04 14:39:27.300502995 +0100
+@@ -465,7 +465,17 @@
+     GLOBAL(pInfo->encrypted) = FALSE;
+     defer_leftover_input(__G);
+     for (n = 0; n < RAND_HEAD_LEN; n++) {
+-        b = NEXTBYTE;
++        /* 2012-11-23 SMS.  (OUSPG report.)
++         * Quit early if compressed size < HEAD_LEN.  The resulting
++         * error message ("unable to get password") could be improved,
++         * but it's better than trying to read nonexistent data, and
++         * then continuing with a negative G.csize.  (See
++         * fileio.c:readbyte()).
++         */
++        if ((b = NEXTBYTE) == (ush)EOF)
++        {
++            return PK_ERR;
++        }
+         h[n] = (uch)b;
+         Trace((stdout, " (%02x)", h[n]));
+     }

Modified: head/archivers/unzip/files/patch-extract.c
==============================================================================
--- head/archivers/unzip/files/patch-extract.c	Tue Jan  5 13:06:05 2016	(r405285)
+++ head/archivers/unzip/files/patch-extract.c	Tue Jan  5 13:08:34 2016	(r405286)
@@ -1,5 +1,5 @@
---- extract.c.orig	2009-03-14 01:32:52 UTC
-+++ extract.c
+--- extract.c.orig	2009-03-14 02:32:52.000000000 +0100
++++ extract.c	2016-01-04 14:43:11.813488458 +0100
 @@ -1,5 +1,5 @@
  /*
 -  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
@@ -7,7 +7,7 @@
  
    See the accompanying file LICENSE, version 2009-Jan-02 or later
    (the contents of which are also included in unzip.h) for terms of use.
-@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] =
+@@ -298,6 +298,8 @@
  #ifndef SFX
     static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
       EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
@@ -16,7 +16,7 @@
     static ZCONST char Far InvalidComprDataEAs[] =
       " invalid compressed data for EAs\n";
  #  if (defined(WIN32) && defined(NTSD_EAS))
-@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_l
+@@ -2023,7 +2025,8 @@
          ebID = makeword(ef);
          ebLen = (unsigned)makeword(ef+EB_LEN);
  
@@ -26,7 +26,7 @@
             /* Discovered some extra field inconsistency! */
              if (uO.qflag)
                  Info(slide, 1, ((char *)slide, "%-22s ",
-@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_l
+@@ -2032,6 +2035,16 @@
                ebLen, (ef_len - EB_HEADSIZE)));
              return PK_ERR;
          }
@@ -43,7 +43,7 @@
  
          switch (ebID) {
              case EF_OS2:
-@@ -2217,14 +2230,28 @@ static int test_compr_eb(__G__ eb, eb_si
+@@ -2217,14 +2230,28 @@
      ulg eb_ucsize;
      uch *eb_ucptr;
      int r;
@@ -75,3 +75,16 @@
  
      if (
  #ifdef INT_16BIT
+@@ -2701,6 +2728,12 @@
+     int repeated_buf_err;
+     bz_stream bstrm;
+ 
++    if (G.incnt <= 0 && G.csize <= 0L) {
++        /* avoid an infinite loop */
++        Trace((stderr, "UZbunzip2() got empty input\n"));
++        return 2;
++    }
++
+ #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
+     if (G.redirect_slide)
+         wsize = G.redirect_size, redirSlide = G.redirect_buffer;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601051308.u05D8ZCR028041>