diff options
| author | wiz <wiz@pkgsrc.org> | 2015-03-26 09:30:01 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2015-03-26 09:30:01 +0000 |
| commit | 908afa28fe1ef9a81d2e37af49f269e175b0dfed (patch) | |
| tree | 547f679e9a3ea85dd73f9053b02d87767ed4c9ab | |
| parent | 0cd23628372200ddc64bb15f537e2c5a764736c6 (diff) | |
| download | pkgsrc-908afa28fe1ef9a81d2e37af49f269e175b0dfed.tar.gz | |
Avoid integer overflow. Addresses CVE-2015-2331.
Uses upstream patch.
Bump PKGREVISION.
| -rw-r--r-- | archivers/libzip/Makefile | 3 | ||||
| -rw-r--r-- | archivers/libzip/distinfo | 3 | ||||
| -rw-r--r-- | archivers/libzip/patches/patch-lib_zip__dirent.c | 28 |
3 files changed, 32 insertions, 2 deletions
diff --git a/archivers/libzip/Makefile b/archivers/libzip/Makefile index 136d753b229..6be6c828ccb 100644 --- a/archivers/libzip/Makefile +++ b/archivers/libzip/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.17 2013/12/31 11:07:14 wiz Exp $ +# $NetBSD: Makefile,v 1.18 2015/03/26 09:30:01 wiz Exp $ DISTNAME= libzip-0.11.2 +PKGREVISION= 1 CATEGORIES= archivers devel MASTER_SITES= http://www.nih.at/libzip/ EXTRACT_SUFX= .tar.xz diff --git a/archivers/libzip/distinfo b/archivers/libzip/distinfo index cf263a92f0e..d7ff74b8cd3 100644 --- a/archivers/libzip/distinfo +++ b/archivers/libzip/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.14 2013/12/31 11:07:14 wiz Exp $ +$NetBSD: distinfo,v 1.15 2015/03/26 09:30:01 wiz Exp $ SHA1 (libzip-0.11.2.tar.xz) = da86a7b4bb2b7ab7c8c5fb773f8a48a5adc7a405 RMD160 (libzip-0.11.2.tar.xz) = 4f94874c2f1d06c8c3020f22f17c9ef6da388051 Size (libzip-0.11.2.tar.xz) = 413352 bytes +SHA1 (patch-lib_zip__dirent.c) = e6d63693b29a3818943ed39ccd5353c146a2a7fc diff --git a/archivers/libzip/patches/patch-lib_zip__dirent.c b/archivers/libzip/patches/patch-lib_zip__dirent.c new file mode 100644 index 00000000000..a9476ae2349 --- /dev/null +++ b/archivers/libzip/patches/patch-lib_zip__dirent.c @@ -0,0 +1,28 @@ +$NetBSD: patch-lib_zip__dirent.c,v 1.1 2015/03/26 09:30:01 wiz Exp $ + +Based on: +# HG changeset patch +# User Thomas Klausner <tk@giga.or.at> +# Date 1426937322 -3600 +# Sat Mar 21 12:28:42 2015 +0100 +# Node ID 9f11d54f692edc152afef04178cdf16f906a21b4 +# Parent fa78ab51417f2fbf19586195dc3662497a5d790d +Avoid integer overflow. Addresses CVE-2015-2331. + +Fixed similarly to patch used in PHP copy of libzip: +https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 + +Thanks to Emmanuel Law <emmanuel.law@gmail.com> for the notification +about the bug. + +--- lib/zip_dirent.c.orig 2013-11-28 16:57:10.000000000 +0000 ++++ lib/zip_dirent.c +@@ -110,7 +110,7 @@ _zip_cdir_new(zip_uint64_t nentry, struc + + if (nentry == 0) + cd->entry = NULL; +- else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) { ++ else if ((nentry > SIZE_MAX/sizeof(*(cd->entry))) || (cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) { + _zip_error_set(error, ZIP_ER_MEMORY, 0); + free(cd); + return NULL; |