Add patch to bsdiff to fix CVE-2014-9862.

Bump PKGREVISION.

3 files changed, 21 insertions, 2 deletions

diff --git a/misc/bsdiff/Makefile b/misc/bsdiff/Makefile
index d87d0265d67..6fa4da07155 100644
--- a/misc/bsdiff/Makefile
+++ b/misc/bsdiff/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.12 2012/10/08 09:57:17 asau Exp $
+# $NetBSD: Makefile,v 1.13 2017/07/31 07:09:54 nros Exp $
 #
 
 DISTNAME=		bsdiff-4.3
+PKGREVISION=		1
 CATEGORIES=		misc
 MASTER_SITES=		http://www.daemonology.net/bsdiff/
 
diff --git a/misc/bsdiff/distinfo b/misc/bsdiff/distinfo
index 5a9317c316c..965873cd068 100644
--- a/misc/bsdiff/distinfo
+++ b/misc/bsdiff/distinfo
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.6 2016/09/08 14:37:05 jperkin Exp $
+$NetBSD: distinfo,v 1.7 2017/07/31 07:09:54 nros Exp $
 
 SHA1 (bsdiff-4.3.tar.gz) = 0c0a89d604fc55ef2b5e69cd18372b2972edd8b8
 RMD160 (bsdiff-4.3.tar.gz) = 27bb255b5dd5aa56d3a076dac9ca76d238a79a04
 SHA512 (bsdiff-4.3.tar.gz) = bde46b393b74bcc9f05532ea4d45b12c104c4f182fdd49d4176aad5f02a2b357f435819f13a5a7ddefe27df0ca82980f06fad764094014a6d068622263e319c3
 Size (bsdiff-4.3.tar.gz) = 5740 bytes
 SHA1 (patch-Makefile) = 203d6a8acfc001cc23abfba953b7f3d40b10b20e
+SHA1 (patch-bspatch.c) = e1b0f00a10fcb3b2b0eca5c86130be150c87e13f
diff --git a/misc/bsdiff/patches/patch-bspatch.c b/misc/bsdiff/patches/patch-bspatch.c
new file mode 100644
index 00000000000..1a21965054f
--- /dev/null
+++ b/misc/bsdiff/patches/patch-bspatch.c
@@ -0,0 +1,17 @@
+$NetBSD: patch-bspatch.c,v 1.1 2017/07/31 07:09:54 nros Exp $
+* Fix CVE-2014-9862
+  From the chromium project:
+  http://chromium-review.googlesource.com/c/199377/2/dev-util/bsdiff/files/4.3_sanity_check.patch
+--- bspatch.c.orig	2005-08-16 22:14:00.000000000 +0000
++++ bspatch.c
+@@ -152,6 +152,10 @@ int main(int argc,char * argv[])
+ 		};
+ 
+ 		/* Sanity-check */
++		if ((ctrl[0] < 0) || (ctrl[1] < 0))
++			errx(1,"Corrupt patch\n");
++
++		/* Sanity-check */
+ 		if(newpos+ctrl[0]>newsize)
+ 			errx(1,"Corrupt patch\n");
+