From owner-svn-ports-all@FreeBSD.ORG Tue Feb 3 22:46:14 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AC4BCAB3; Tue, 3 Feb 2015 22:46:14 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 96F04AA8; Tue, 3 Feb 2015 22:46:14 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t13MkE7K022042; Tue, 3 Feb 2015 22:46:14 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t13MkE9W022038; Tue, 3 Feb 2015 22:46:14 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201502032246.t13MkE9W022038@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Tue, 3 Feb 2015 22:46:14 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r378383 - in branches/2015Q1/archivers/unzip: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Feb 2015 22:46:14 -0000 Author: delphij Date: Tue Feb 3 22:46:13 2015 New Revision: 378383 URL: https://svnweb.freebsd.org/changeset/ports/378383 QAT: https://qat.redports.org/buildarchive/r378383/ Log: MFH: r378382 Apply Debian patch for CVE-2014-9636 which fixes out of boundary access issue in test_compr_eb. PR: ports/197300 Submitted by: Robert Simmons Security: e543c6f8-abf2-11e4-8ac7-d050992ecde8 Approved by: ports-secteam Modified: branches/2015Q1/archivers/unzip/Makefile branches/2015Q1/archivers/unzip/files/patch-extract.c Directory Properties: branches/2015Q1/ (props changed) Modified: branches/2015Q1/archivers/unzip/Makefile ============================================================================== --- branches/2015Q1/archivers/unzip/Makefile Tue Feb 3 22:37:45 2015 (r378382) +++ branches/2015Q1/archivers/unzip/Makefile Tue Feb 3 22:46:13 2015 (r378383) @@ -3,7 +3,7 @@ PORTNAME= unzip PORTVERSION= 6.0 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= archivers MASTER_SITES= SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \ SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce Modified: branches/2015Q1/archivers/unzip/files/patch-extract.c ============================================================================== --- branches/2015Q1/archivers/unzip/files/patch-extract.c Tue Feb 3 22:37:45 2015 (r378382) +++ branches/2015Q1/archivers/unzip/files/patch-extract.c Tue Feb 3 22:46:13 2015 (r378383) @@ -1,5 +1,5 @@ ---- extract.c.orig 2015-01-16 10:05:03.994866726 +0100 -+++ extract.c 2015-01-16 09:57:31.606898193 +0100 +--- extract.c.orig 2009-03-14 01:32:52 UTC ++++ extract.c @@ -1,5 +1,5 @@ /* - Copyright (c) 1990-2009 Info-ZIP. All rights reserved. @@ -7,7 +7,7 @@ See the accompanying file LICENSE, version 2009-Jan-02 or later (the contents of which are also included in unzip.h) for terms of use. -@@ -298,6 +298,8 @@ +@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] = #ifndef SFX static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; @@ -16,7 +16,7 @@ static ZCONST char Far InvalidComprDataEAs[] = " invalid compressed data for EAs\n"; # if (defined(WIN32) && defined(NTSD_EAS)) -@@ -2023,7 +2025,8 @@ +@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_l ebID = makeword(ef); ebLen = (unsigned)makeword(ef+EB_LEN); @@ -26,7 +26,7 @@ /* Discovered some extra field inconsistency! */ if (uO.qflag) Info(slide, 1, ((char *)slide, "%-22s ", -@@ -2032,6 +2035,16 @@ +@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_l ebLen, (ef_len - EB_HEADSIZE))); return PK_ERR; } @@ -43,7 +43,12 @@ switch (ebID) { case EF_OS2: -@@ -2221,10 +2234,17 @@ +@@ -2217,14 +2230,28 @@ static int test_compr_eb(__G__ eb, eb_si + ulg eb_ucsize; + uch *eb_ucptr; + int r; ++ ush method; + if (compr_offset < 4) /* field is not compressed: */ return PK_OK; /* do nothing and signal OK */ @@ -61,6 +66,12 @@ + ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) || + ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) + return IZ_EF_TRUNC; /* no/bad compressed data! */ ++ ++ method = makeword(eb + (EB_HEADSIZE + compr_offset)); ++ if ((method == STORED) && (eb_size - compr_offset != eb_ucsize)) ++ return PK_ERR; /* compressed & uncompressed ++ * should match in STORED ++ * method */ if ( #ifdef INT_16BIT