pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2019Q2]: pkgsrc/archivers/unzip Pullup ticket #5999 - requeste...
details: https://anonhg.NetBSD.org/pkgsrc/rev/6687e011a508
branches: pkgsrc-2019Q2
changeset: 336604:6687e011a508
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Thu Jul 18 13:11:59 2019 +0000
description:
Pullup ticket #5999 - requested by nia
archivers/unzip: security fix
Revisions pulled up:
- archivers/unzip/Makefile 1.96
- archivers/unzip/distinfo 1.31
- archivers/unzip/patches/patch-list.c 1.3
---
Module Name: pkgsrc
Committed By: nia
Date: Mon Jul 15 14:08:03 UTC 2019
Modified Files:
pkgsrc/archivers/unzip: Makefile distinfo
pkgsrc/archivers/unzip/patches: patch-list.c
Log Message:
unzip: Apply a patch from CVE-2018-18384
from infozip's sourceforge / debian.
diffstat:
archivers/unzip/Makefile | 4 ++--
archivers/unzip/distinfo | 4 ++--
archivers/unzip/patches/patch-list.c | 19 +++++++++++++++++--
3 files changed, 21 insertions(+), 6 deletions(-)
diffs (70 lines):
diff -r f761e4267240 -r 6687e011a508 archivers/unzip/Makefile
--- a/archivers/unzip/Makefile Thu Jul 18 13:08:19 2019 +0000
+++ b/archivers/unzip/Makefile Thu Jul 18 13:11:59 2019 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.95 2017/02/04 23:25:59 wiz Exp $
+# $NetBSD: Makefile,v 1.95.22.1 2019/07/18 13:11:59 bsiegert Exp $
DISTNAME= unzip60
PKGNAME= unzip-6.0
-PKGREVISION= 8
+PKGREVISION= 9
CATEGORIES= archivers
MASTER_SITES= ftp://ftp.info-zip.org/pub/infozip/src/
EXTRACT_SUFX= .tgz
diff -r f761e4267240 -r 6687e011a508 archivers/unzip/distinfo
--- a/archivers/unzip/distinfo Thu Jul 18 13:08:19 2019 +0000
+++ b/archivers/unzip/distinfo Thu Jul 18 13:11:59 2019 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.30 2017/02/04 23:25:59 wiz Exp $
+$NetBSD: distinfo,v 1.30.22.1 2019/07/18 13:11:59 bsiegert Exp $
SHA1 (unzip60.tgz) = abf7de8a4018a983590ed6f5cbd990d4740f8a22
RMD160 (unzip60.tgz) = 48af66606e9472e45fbb94bc4e285da23d1b89ba
@@ -9,7 +9,7 @@
SHA1 (patch-crypt.c) = e44e14ba2c8e5651659c6756a5adbe88b4385ca4
SHA1 (patch-extract.c) = 042fe7d233d0b3cb1e978902c901e8239f7a3732
SHA1 (patch-fileio.c) = 910ddb3b847cae92326697a399234b2948555534
-SHA1 (patch-list.c) = 56ac008e42570d60d58ca84ea773819640461961
+SHA1 (patch-list.c) = 29e6dc3f5d40bb087a8bff58f75eb02568f3ad87
SHA1 (patch-process.c) = d6e6ed05ef7c2977353e848d9e9cba2877577812
SHA1 (patch-unix_unxcfg.h) = b2831f38b2245dacedd4eb2eef12ee1e3cf20613
SHA1 (patch-zipinfo.c) = 0d93fd9b145e7e707762119ee30ddf8eac9c2f31
diff -r f761e4267240 -r 6687e011a508 archivers/unzip/patches/patch-list.c
--- a/archivers/unzip/patches/patch-list.c Thu Jul 18 13:08:19 2019 +0000
+++ b/archivers/unzip/patches/patch-list.c Thu Jul 18 13:11:59 2019 +0000
@@ -1,10 +1,16 @@
-$NetBSD: patch-list.c,v 1.2 2017/02/04 23:25:59 wiz Exp $
+$NetBSD: patch-list.c,v 1.2.22.1 2019/07/18 13:11:59 bsiegert Exp $
chunk 1:
+CVE-2018-18384 fix from
+https://sourceforge.net/p/infozip/bugs/53/
+and
+https://sources.debian.org/patches/unzip/6.0-24/07-increase-size-of-cfactorstr.patch/
+
+chunk 2:
Big-hammer fix for
http://seclists.org/oss-sec/2014/q4/497
-chunk 2:
+chunk 3:
CVE-2014-9913 fix from
https://people.debian.org/~sanvila/unzip/cve-2014-9913/cve-2014-9913-unzip-buffer-overflow.txt
via
@@ -12,6 +18,15 @@
--- list.c.orig 2009-02-08 17:11:34.000000000 +0000
+++ list.c
+@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type
+ {
+ int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
+ #ifndef WINDLL
+- char sgn, cfactorstr[10];
++ char sgn, cfactorstr[12];
+ int longhdr=(uO.vflag>1);
+ #endif
+ int date_format;
@@ -116,7 +116,7 @@ int list_files(__G) /* return PK-type
ulg acl_size, tot_aclsize=0L, tot_aclfiles=0L;
#endif
Home |
Main Index |
Thread Index |
Old Index