Add two officially recommended patch to sysutils/dmidecode

2018-08-01: Avoid OOB read on invalid entry point length

	Don't let the entry point checksum verification run beyond the end
	of the buffer holding it (32 bytes). This bug was discovered by
	Lionel Debroux using the AFL fuzzer and AddressSanitizer.
	Signed-off-by: Jean Delvare <jdelvare@suse.de>

2018-08-01: Validate structure completeness before decoding

	Ensure that the whole DMI structure fits in the announced table
	length before performing any action on it. Otherwise we might end
	up reading beyond the end of our memory buffer. This bug was
	discovered by Lionel Debroux using the AFL fuzzer and
	AddressSanitizer. Its probability is very low, as it requires a DMI
	table corrupted in one of two very specific ways to trigger. This
	bug exists since dmidecode version 2.9, although it is hard to
	test because option --from-dump was only introduced in version
	2.10.
	Signed-off-by: Jean Delvare <jdelvare@suse.de>

1 files changed, 4 insertions, 2 deletions

diff --git a/sysutils/dmidecode/Makefile b/sysutils/dmidecode/Makefile
index 954fdb37caf..0c04c6d01a6 100644
--- a/sysutils/dmidecode/Makefile
+++ b/sysutils/dmidecode/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.21 2018/05/16 05:10:30 msaitoh Exp $
+# $NetBSD: Makefile,v 1.22 2018/08/02 02:45:50 msaitoh Exp $
 #
 
 DISTNAME=	dmidecode-3.1
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	sysutils
 MASTER_SITES=	http://download.savannah.gnu.org/releases/dmidecode/
 
@@ -16,6 +16,8 @@ DIST_SUBDIR=	dmidecode-patches
 PATCHFILES=	ee07a1b4249560d620d05194eb8ff61b40d3ce23
 PATCHFILES+=	174387405e98cd94c627832ae23abcb9be7e5623
 PATCHFILES+=	2ba4fab210e23cc97db57217af9a6f3b35a9b666
+PATCHFILES+=	8ff32018e8dd53c26d1f0daef118037fdae58c68
+PATCHFILES+=	4cbba9a8e76ffc640eaf7dd25acbd3c1c6504669
 PATCH_DIST_STRIP= -p1
 
 MAKE_FLAGS+=	CFLAGS=${CFLAGS:Q}