Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 3 Feb 2015 22:46:14 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r378383 - in branches/2015Q1/archivers/unzip: . files
Message-ID:  <201502032246.t13MkE9W022038@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: delphij
Date: Tue Feb  3 22:46:13 2015
New Revision: 378383
URL: https://svnweb.freebsd.org/changeset/ports/378383
QAT: https://qat.redports.org/buildarchive/r378383/

Log:
  MFH: r378382
  
  Apply Debian patch for CVE-2014-9636 which fixes out of
  boundary access issue in test_compr_eb.
  
  PR:		ports/197300
  Submitted by:	Robert Simmons <rsimmons0 gmail com>
  Security:	e543c6f8-abf2-11e4-8ac7-d050992ecde8
  Approved by:	ports-secteam

Modified:
  branches/2015Q1/archivers/unzip/Makefile
  branches/2015Q1/archivers/unzip/files/patch-extract.c
Directory Properties:
  branches/2015Q1/   (props changed)

Modified: branches/2015Q1/archivers/unzip/Makefile
==============================================================================
--- branches/2015Q1/archivers/unzip/Makefile	Tue Feb  3 22:37:45 2015	(r378382)
+++ branches/2015Q1/archivers/unzip/Makefile	Tue Feb  3 22:46:13 2015	(r378383)
@@ -3,7 +3,7 @@
 
 PORTNAME=	unzip
 PORTVERSION=	6.0
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	archivers
 MASTER_SITES=	SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \
 		SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce

Modified: branches/2015Q1/archivers/unzip/files/patch-extract.c
==============================================================================
--- branches/2015Q1/archivers/unzip/files/patch-extract.c	Tue Feb  3 22:37:45 2015	(r378382)
+++ branches/2015Q1/archivers/unzip/files/patch-extract.c	Tue Feb  3 22:46:13 2015	(r378383)
@@ -1,5 +1,5 @@
---- extract.c.orig	2015-01-16 10:05:03.994866726 +0100
-+++ extract.c	2015-01-16 09:57:31.606898193 +0100
+--- extract.c.orig	2009-03-14 01:32:52 UTC
++++ extract.c
 @@ -1,5 +1,5 @@
  /*
 -  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
@@ -7,7 +7,7 @@
  
    See the accompanying file LICENSE, version 2009-Jan-02 or later
    (the contents of which are also included in unzip.h) for terms of use.
-@@ -298,6 +298,8 @@
+@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] =
  #ifndef SFX
     static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
       EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
@@ -16,7 +16,7 @@
     static ZCONST char Far InvalidComprDataEAs[] =
       " invalid compressed data for EAs\n";
  #  if (defined(WIN32) && defined(NTSD_EAS))
-@@ -2023,7 +2025,8 @@
+@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_l
          ebID = makeword(ef);
          ebLen = (unsigned)makeword(ef+EB_LEN);
  
@@ -26,7 +26,7 @@
             /* Discovered some extra field inconsistency! */
              if (uO.qflag)
                  Info(slide, 1, ((char *)slide, "%-22s ",
-@@ -2032,6 +2035,16 @@
+@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_l
                ebLen, (ef_len - EB_HEADSIZE)));
              return PK_ERR;
          }
@@ -43,7 +43,12 @@
  
          switch (ebID) {
              case EF_OS2:
-@@ -2221,10 +2234,17 @@
+@@ -2217,14 +2230,28 @@ static int test_compr_eb(__G__ eb, eb_si
+     ulg eb_ucsize;
+     uch *eb_ucptr;
+     int r;
++    ush method;
+ 
      if (compr_offset < 4)                /* field is not compressed: */
          return PK_OK;                    /* do nothing and signal OK */
  
@@ -61,6 +66,12 @@
 +     ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
 +     ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
 +        return IZ_EF_TRUNC;             /* no/bad compressed data! */
++
++    method = makeword(eb + (EB_HEADSIZE + compr_offset));
++    if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
++	return PK_ERR;			  /* compressed & uncompressed
++					   * should match in STORED
++					   * method */
  
      if (
  #ifdef INT_16BIT



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502032246.t13MkE9W022038>