diff options
author | nros <nros@pkgsrc.org> | 2017-07-31 07:09:54 +0000 |
---|---|---|
committer | nros <nros@pkgsrc.org> | 2017-07-31 07:09:54 +0000 |
commit | f53bda54863aaf0da69771fc289a8635c9bd0f78 (patch) | |
tree | 8d3dd50b0639489dfb6e11608bc48909b6572e9d /misc | |
parent | e29631a974463cf088a82346e11c45b3be48d8f1 (diff) | |
download | pkgsrc-f53bda54863aaf0da69771fc289a8635c9bd0f78.tar.gz |
Add patch to bsdiff to fix CVE-2014-9862.
Bump PKGREVISION.
Diffstat (limited to 'misc')
-rw-r--r-- | misc/bsdiff/Makefile | 3 | ||||
-rw-r--r-- | misc/bsdiff/distinfo | 3 | ||||
-rw-r--r-- | misc/bsdiff/patches/patch-bspatch.c | 17 |
3 files changed, 21 insertions, 2 deletions
diff --git a/misc/bsdiff/Makefile b/misc/bsdiff/Makefile index d87d0265d67..6fa4da07155 100644 --- a/misc/bsdiff/Makefile +++ b/misc/bsdiff/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.12 2012/10/08 09:57:17 asau Exp $ +# $NetBSD: Makefile,v 1.13 2017/07/31 07:09:54 nros Exp $ # DISTNAME= bsdiff-4.3 +PKGREVISION= 1 CATEGORIES= misc MASTER_SITES= http://www.daemonology.net/bsdiff/ diff --git a/misc/bsdiff/distinfo b/misc/bsdiff/distinfo index 5a9317c316c..965873cd068 100644 --- a/misc/bsdiff/distinfo +++ b/misc/bsdiff/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.6 2016/09/08 14:37:05 jperkin Exp $ +$NetBSD: distinfo,v 1.7 2017/07/31 07:09:54 nros Exp $ SHA1 (bsdiff-4.3.tar.gz) = 0c0a89d604fc55ef2b5e69cd18372b2972edd8b8 RMD160 (bsdiff-4.3.tar.gz) = 27bb255b5dd5aa56d3a076dac9ca76d238a79a04 SHA512 (bsdiff-4.3.tar.gz) = bde46b393b74bcc9f05532ea4d45b12c104c4f182fdd49d4176aad5f02a2b357f435819f13a5a7ddefe27df0ca82980f06fad764094014a6d068622263e319c3 Size (bsdiff-4.3.tar.gz) = 5740 bytes SHA1 (patch-Makefile) = 203d6a8acfc001cc23abfba953b7f3d40b10b20e +SHA1 (patch-bspatch.c) = e1b0f00a10fcb3b2b0eca5c86130be150c87e13f diff --git a/misc/bsdiff/patches/patch-bspatch.c b/misc/bsdiff/patches/patch-bspatch.c new file mode 100644 index 00000000000..1a21965054f --- /dev/null +++ b/misc/bsdiff/patches/patch-bspatch.c @@ -0,0 +1,17 @@ +$NetBSD: patch-bspatch.c,v 1.1 2017/07/31 07:09:54 nros Exp $ +* Fix CVE-2014-9862 + From the chromium project: + http://chromium-review.googlesource.com/c/199377/2/dev-util/bsdiff/files/4.3_sanity_check.patch +--- bspatch.c.orig 2005-08-16 22:14:00.000000000 +0000 ++++ bspatch.c +@@ -152,6 +152,10 @@ int main(int argc,char * argv[]) + }; + + /* Sanity-check */ ++ if ((ctrl[0] < 0) || (ctrl[1] < 0)) ++ errx(1,"Corrupt patch\n"); ++ ++ /* Sanity-check */ + if(newpos+ctrl[0]>newsize) + errx(1,"Corrupt patch\n"); + |