kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

MFH: r418576

Browse source 
Add patches for CVE-2016-2334 and CVE-2016-2335.

While here, use PORTREVISION?= instead of PORTREVISION= to avoid needlessly
bumping PORTREVISION in archivers/p7zip-codec-rar.

PR:		211114
Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>
Security:	a9bcaf57-4a7b-11e6-97f7-5453ed2e2b49
Security:	d706a3a3-4a7c-11e6-97f7-5453ed2e2b49

Approved by:	ports-secteam (with hat)
This commit is contained in:
Mark Felder 2016-07-15 13:45:50 +00:00
parent f850c45e00
commit 218e5b170b
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/branches/2016Q3/; revision=418579
3 changed files with 44 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
archivers/p7zip/Makefile
View file

@ -3,6 +3,7 @@
PORTNAME= p7zip
PORTVERSION= 15.14
PORTREVISION?= 1
CATEGORIES= archivers
MASTER_SITES= SF
DISTNAME= ${PORTNAME}_${DISTVERSION}_src_all

25
archivers/p7zip/files/patch-CPP_7zip_Archive_HfsHandler.cpp Normal file
View file

@ -0,0 +1,25 @@
Patch for CVE-2016-2334.
Obtained from: https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
--- CPP/7zip/Archive/HfsHandler.cpp.orig Fri Jun 19 06:52:08 2015
+++ CPP/7zip/Archive/HfsHandler.cpp Mon May 23 20:37:42 2016
@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFork &fork, cons
item.GroupID = Get32(r + 0x24);
item.AdminFlags = r[0x28];
item.OwnerFlags = r[0x29];
+ */
item.FileMode = Get16(r + 0x2A);
+ /*
item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
item.FileType = Get32(r + 0x30);
item.FileCreator = Get32(r + 0x34);
@@ -1571,6 +1573,9 @@ HRESULT CHandler::ExtractZlibFile(
blockSize = (UInt32)rem;
UInt32 size = GetUi32(tableBuf + i * 8 + 4);
+
+ if (size > buf.Size() || size > kCompressionBlockSize + 1)
+ return S_FALSE;
RINOK(ReadStream_FALSE(inStream, buf, size));

18
archivers/p7zip/files/patch-CPP_7zip_Archive_Udf_UdfIn.cpp Normal file
View file

@ -0,0 +1,18 @@
Patch for CVE-2016-2335.
Obtained from: https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/
--- CPP/7zip/Archive/Udf/UdfIn.cpp.orig Fri Nov 20 15:40:08 2015
+++ CPP/7zip/Archive/Udf/UdfIn.cpp Mon May 23 20:37:46 2016
@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int volIndex, int fsI
return S_FALSE;
CFile &file = Files.Back();
const CLogVol &vol = LogVols[volIndex];
- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
+ unsigned partitionRef = lad.Location.PartitionRef;
+
+ if (partitionRef >= vol.PartitionMaps.Size())
+ return S_FALSE;
+ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
UInt32 key = lad.Location.Pos;
UInt32 value;