Newer version of a security fix patch reducing false positives.

http://www.openwall.com/lists/oss-security/2015/02/11/7 Bump PKGREVISION.
author: wiz <wiz@pkgsrc.org> 2015-02-11 12:35:42 +0000
committer: wiz <wiz@pkgsrc.org> 2015-02-11 12:35:42 +0000
commit: 9e032c16915152d38257c1ab6e26235725fff2e0 (patch)
tree: 7fcabe813cde986cc4d4df8b97ef1de97aad41d5 /archivers/unzip
parent: 6a77f0b67547cef8e01b828b52302d3121c580a3 (diff)
download: pkgsrc-9e032c16915152d38257c1ab6e26235725fff2e0.tar.gz
3 files changed, 25 insertions, 24 deletions
diff --git a/archivers/unzip/Makefile b/archivers/unzip/Makefile
index 6ab56cfcc83..8d6b6c21d1b 100644
--- a/archivers/unzip/Makefile
+++ b/archivers/unzip/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.88 2015/01/06 14:12:45 wiz Exp $
+# $NetBSD: Makefile,v 1.89 2015/02/11 12:35:42 wiz Exp $
 
 DISTNAME=	unzip60
 PKGNAME=	unzip-6.0
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	archivers
 MASTER_SITES=	ftp://ftp.info-zip.org/pub/infozip/src/
 EXTRACT_SUFX=	.tgz
diff --git a/archivers/unzip/distinfo b/archivers/unzip/distinfo
index 6d39c526dec..3e2133585d7 100644
--- a/archivers/unzip/distinfo
+++ b/archivers/unzip/distinfo
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.26 2015/01/06 14:12:45 wiz Exp $
+$NetBSD: distinfo,v 1.27 2015/02/11 12:35:42 wiz Exp $
 
 SHA1 (unzip60.tgz) = abf7de8a4018a983590ed6f5cbd990d4740f8a22
 RMD160 (unzip60.tgz) = 48af66606e9472e45fbb94bc4e285da23d1b89ba
 Size (unzip60.tgz) = 1376845 bytes
 SHA1 (patch-ab) = 672635c469e0a53ac9808f8155ee38643a8acf69
 SHA1 (patch-ac) = 27b91401d4d5ecc3842c91dc49c08f42c8646154
-SHA1 (patch-extract.c) = 8dda32c31226129464b9ef85c62051acded4642e
+SHA1 (patch-extract.c) = bba436910084ec43ef8f8e76a1cd0392c566e4ac
 SHA1 (patch-fileio.c) = 910ddb3b847cae92326697a399234b2948555534
 SHA1 (patch-list.c) = 7aa261ecef5e5cc14ad387070560730ff419d635
 SHA1 (patch-process.c) = d6e6ed05ef7c2977353e848d9e9cba2877577812
diff --git a/archivers/unzip/patches/patch-extract.c b/archivers/unzip/patches/patch-extract.c
index 09fa5053237..28f43e55a20 100644
--- a/archivers/unzip/patches/patch-extract.c
+++ b/archivers/unzip/patches/patch-extract.c
@@ -1,11 +1,22 @@
-$NetBSD: patch-extract.c,v 1.1 2014/12/25 16:48:33 wiz Exp $
+$NetBSD: patch-extract.c,v 1.2 2015/02/11 12:35:42 wiz Exp $
 
 Fixes for
 * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139
 * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8140
 * http://sf.net/projects/mancha/files/sec/unzip-6.0_overflow2.diff via
   http://seclists.org/oss-sec/2014/q4/1131 and
-  http://seclists.org/oss-sec/2014/q4/507
+  http://seclists.org/oss-sec/2014/q4/507 and later version
+  http://sf.net/projects/mancha/files/sec/unzip-6.0_overflow3.diff via
+  http://www.openwall.com/lists/oss-security/2015/02/11/7
+
+By carefully crafting a corrupt ZIP archive with "extra fields" that
+purport to have compressed blocks larger than the corresponding
+uncompressed blocks in STORED no-compression mode, an attacker can
+trigger a heap overflow that can result in application crash or
+possibly have other unspecified impact.
+
+This patch ensures that when extra fields use STORED mode, the
+"compressed" and uncompressed block sizes match.
 
 --- extract.c.orig	2009-03-14 01:32:52.000000000 +0000
 +++ extract.c
@@ -52,7 +63,7 @@ Fixes for
  
          switch (ebID) {
              case EF_OS2:
-@@ -2217,14 +2230,28 @@ static int test_compr_eb(__G__ eb, eb_si
+@@ -2217,6 +2230,7 @@ static int test_compr_eb(__G__ eb, eb_si
      ulg eb_ucsize;
      uch *eb_ucptr;
      int r;
@@ -60,27 +71,17 @@ Fixes for
  
      if (compr_offset < 4)                /* field is not compressed: */
          return PK_OK;                    /* do nothing and signal OK */
+@@ -2226,6 +2240,13 @@ static int test_compr_eb(__G__ eb, eb_si
+          eb_size <= (compr_offset + EB_CMPRHEADLEN)))
+         return IZ_EF_TRUNC;               /* no compressed data! */
  
-+    /* Return no/bad-data error status if any problem is found:
-+     *    1. eb_size is too small to hold the uncompressed size
-+     *       (eb_ucsize).  (Else extract eb_ucsize.)
-+     *    2. eb_ucsize is zero (invalid).  2014-12-04 SMS.
-+     *    3. eb_ucsize is positive, but eb_size is too small to hold
-+     *       the compressed data header.
-+     */
-     if ((eb_size < (EB_UCSIZE_P + 4)) ||
--        ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L &&
--         eb_size <= (compr_offset + EB_CMPRHEADLEN)))
--        return IZ_EF_TRUNC;               /* no compressed data! */
-+     ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
-+     ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
-+        return IZ_EF_TRUNC;             /* no/bad compressed data! */
-+
 +    method = makeword(eb + (EB_HEADSIZE + compr_offset));
-+    if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
++    if ((method == STORED) &&
++        (eb_size - compr_offset - EB_CMPRHEADLEN != eb_ucsize))
 +	return PK_ERR;			  /* compressed & uncompressed
 +					   * should match in STORED
 +					   * method */
- 
++
      if (
  #ifdef INT_16BIT
+         (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
author	wiz <wiz@pkgsrc.org>	2015-02-11 12:35:42 +0000
committer	wiz <wiz@pkgsrc.org>	2015-02-11 12:35:42 +0000
commit	9e032c16915152d38257c1ab6e26235725fff2e0 (patch)
tree	7fcabe813cde986cc4d4df8b97ef1de97aad41d5 /archivers/unzip
parent	6a77f0b67547cef8e01b828b52302d3121c580a3 (diff)
download	pkgsrc-9e032c16915152d38257c1ab6e26235725fff2e0.tar.gz