Date: Sat, 2 Nov 2019 12:23:40 +0000 (UTC) From: Raphael Kubo da Costa <rakuco@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r516311 - in head/sysutils/file: . files Message-ID: <201911021223.xA2CNeYs085136@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rakuco Date: Sat Nov 2 12:23:40 2019 New Revision: 516311 URL: https://svnweb.freebsd.org/changeset/ports/516311 Log: Update to 5.37 with patch for CVE-2019-18218. PR: 241424 Submitted by: Nathan Owens <ndowens04@gmail.com> Approved by: jharris@widomaker.com (maintainer) MFH: 2019Q4 Security: 381deebb-f5c9-11e9-9c4f-74d435e60b7c Added: head/sysutils/file/files/ head/sysutils/file/files/patch-src_cdf.c (contents, props changed) head/sysutils/file/files/patch-src_cdf.h (contents, props changed) Modified: head/sysutils/file/Makefile head/sysutils/file/distinfo Modified: head/sysutils/file/Makefile ============================================================================== --- head/sysutils/file/Makefile Sat Nov 2 12:22:16 2019 (r516310) +++ head/sysutils/file/Makefile Sat Nov 2 12:23:40 2019 (r516311) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= file -PORTVERSION= 5.36 +PORTVERSION= 5.37 CATEGORIES= sysutils MASTER_SITES= ftp://ftp.astron.com/pub/file/ \ ftp://ftp.fu-berlin.de/unix/tools/file/ Modified: head/sysutils/file/distinfo ============================================================================== --- head/sysutils/file/distinfo Sat Nov 2 12:22:16 2019 (r516310) +++ head/sysutils/file/distinfo Sat Nov 2 12:23:40 2019 (r516311) @@ -1,3 +1,3 @@ -TIMESTAMP = 1550771584 -SHA256 (file-5.36.tar.gz) = fb608290c0fd2405a8f63e5717abf6d03e22e183fb21884413d1edd918184379 -SIZE (file-5.36.tar.gz) = 875792 +TIMESTAMP = 1571780726 +SHA256 (file-5.37.tar.gz) = e9c13967f7dd339a3c241b7710ba093560b9a33013491318e88e6b8b57bae07f +SIZE (file-5.37.tar.gz) = 887682 Added: head/sysutils/file/files/patch-src_cdf.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/file/files/patch-src_cdf.c Sat Nov 2 12:23:40 2019 (r516311) @@ -0,0 +1,71 @@ +--- src/cdf.c.orig 2019-10-22 21:52:28 UTC ++++ src/cdf.c +@@ -35,7 +35,7 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: cdf.c,v 1.114 2019/02/20 02:35:27 christos Exp $") ++FILE_RCSID("@(#)$File: cdf.c,v 1.116 2019/08/26 14:31:39 christos Exp $") + #endif + + #include <assert.h> +@@ -53,6 +53,10 @@ FILE_RCSID("@(#)$File: cdf.c,v 1.114 2019/02/20 02:35: + #define EFTYPE EINVAL + #endif + ++#ifndef SIZE_T_MAX ++#define SIZE_T_MAX CAST(size_t, ~0ULL) ++#endif ++ + #include "cdf.h" + + #ifdef CDF_DEBUG +@@ -405,7 +409,12 @@ cdf_read_sector(const cdf_info_t *info, void *buf, siz + const cdf_header_t *h, cdf_secid_t id) + { + size_t ss = CDF_SEC_SIZE(h); +- size_t pos = CDF_SEC_POS(h, id); ++ size_t pos; ++ ++ if (SIZE_T_MAX / ss < CAST(size_t, id)) ++ return -1; ++ ++ pos = CDF_SEC_POS(h, id); + assert(ss == len); + return cdf_read(info, CAST(off_t, pos), RCAST(char *, buf) + offs, len); + } +@@ -415,7 +424,12 @@ cdf_read_short_sector(const cdf_stream_t *sst, void *b + size_t len, const cdf_header_t *h, cdf_secid_t id) + { + size_t ss = CDF_SHORT_SEC_SIZE(h); +- size_t pos = CDF_SHORT_SEC_POS(h, id); ++ size_t pos; ++ ++ if (SIZE_T_MAX / ss < CAST(size_t, id)) ++ return -1; ++ ++ pos = CDF_SHORT_SEC_POS(h, id); + assert(ss == len); + if (pos + len > CDF_SEC_SIZE(h) * sst->sst_len) { + DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %" +@@ -1013,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const + goto out; + } + nelements = CDF_GETUINT32(q, 1); +- if (nelements == 0) { +- DPRINTF(("CDF_VECTOR with nelements == 0\n")); ++ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) { ++ DPRINTF(("CDF_VECTOR with nelements == %" ++ SIZE_T_FORMAT "u\n", nelements)); + goto out; + } + slen = 2; +@@ -1056,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const + goto out; + inp += nelem; + } +- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", +- nelements)); + for (j = 0; j < nelements && i < sh.sh_properties; + j++, i++) + { Added: head/sysutils/file/files/patch-src_cdf.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/file/files/patch-src_cdf.h Sat Nov 2 12:23:40 2019 (r516311) @@ -0,0 +1,10 @@ +--- src/cdf.h.orig 2019-10-22 21:52:35 UTC ++++ src/cdf.h +@@ -48,6 +48,7 @@ + typedef int32_t cdf_secid_t; + + #define CDF_LOOP_LIMIT 10000 ++#define CDF_ELEMENT_LIMIT 100000 + + #define CDF_SECID_NULL 0 + #define CDF_SECID_FREE -1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201911021223.xA2CNeYs085136>