FreeBSD Bugzilla – Attachment 152529 Details for
Bug 197300
archivers/unzip: Port should be marked vulnerable to CVE-2014-9636
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
patch for CVE-2014-9636
patch.txt (text/plain), 1.76 KB, created by
rsimmons0
on 2015-02-03 20:41:54 UTC
(
hide
)
Description:
patch for CVE-2014-9636
Filename:
MIME Type:
Creator:
rsimmons0
Created:
2015-02-03 20:41:54 UTC
Size:
1.76 KB
patch
obsolete
>diff -r -u unzip/Makefile unzip.new/Makefile >--- unzip/Makefile 2015-01-16 09:11:35.000000000 +0000 >+++ unzip.new/Makefile 2015-02-03 20:34:16.811037892 +0000 >@@ -3,7 +3,7 @@ > > PORTNAME= unzip > PORTVERSION= 6.0 >-PORTREVISION= 3 >+PORTREVISION= 4 > CATEGORIES= archivers > MASTER_SITES= SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \ > SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce >diff -r -u unzip/files/patch-extract.c unzip.new/files/patch-extract.c >--- unzip/files/patch-extract.c 2015-01-16 09:11:35.000000000 +0000 >+++ unzip.new/files/patch-extract.c 2015-02-03 20:31:16.491292481 +0000 >@@ -1,5 +1,5 @@ >---- extract.c.orig 2015-01-16 10:05:03.994866726 +0100 >-+++ extract.c 2015-01-16 09:57:31.606898193 +0100 >+--- extract.c.orig 2009-03-14 01:32:52.000000000 +0000 >++++ extract.c 2015-02-03 20:30:32.972827840 +0000 > @@ -1,5 +1,5 @@ > /* > - Copyright (c) 1990-2009 Info-ZIP. All rights reserved. >@@ -43,7 +43,12 @@ > > switch (ebID) { > case EF_OS2: >-@@ -2221,10 +2234,17 @@ >+@@ -2217,14 +2230,28 @@ >+ ulg eb_ucsize; >+ uch *eb_ucptr; >+ int r; >++ ush method; >+ > if (compr_offset < 4) /* field is not compressed: */ > return PK_OK; /* do nothing and signal OK */ > >@@ -61,6 +66,12 @@ > + ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) || > + ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) > + return IZ_EF_TRUNC; /* no/bad compressed data! */ >++ >++ method = makeword(eb + (EB_HEADSIZE + compr_offset)); >++ if ((method == STORED) && (eb_size - compr_offset != eb_ucsize)) >++ return PK_ERR; /* compressed & uncompressed >++ * should match in STORED >++ * method */ > > if ( > #ifdef INT_16BIT
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=152529">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 197300
: 152529