Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-libs/libzip/files
diff options
context:
space:
mode:
authorAndreas Sturmlechner <asturm@gentoo.org>2017-10-24 01:25:22 +0200
committerAndreas Sturmlechner <asturm@gentoo.org>2017-10-24 01:25:22 +0200
commitb4a9cb3e5493b414c2d671e6e5c1e8bcf084915c (patch)
treeeed152f451a60c4ab72f1c17d463e86d514ae1d5 /dev-libs/libzip/files
parentsys-libs/glibc: x86 stable (bug #628180) (diff)
downloadgentoo-b4a9cb3e5493b414c2d671e6e5c1e8bcf084915c.tar.gz
gentoo-b4a9cb3e5493b414c2d671e6e5c1e8bcf084915c.tar.bz2
gentoo-b4a9cb3e5493b414c2d671e6e5c1e8bcf084915c.zip
dev-libs/libzip: Security cleanup, bug #629574
Package-Manager: Portage-2.3.12, Repoman-2.3.3
Diffstat (limited to 'dev-libs/libzip/files')
-rw-r--r--dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch37
-rw-r--r--dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch27
2 files changed, 0 insertions, 64 deletions
diff --git a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch b/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch
deleted file mode 100644
index 26236510fee8..000000000000
--- a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 2217022b7d1142738656d891e00b3d2d9179b796 Mon Sep 17 00:00:00 2001
-From: Thomas Klausner <tk@giga.or.at>
-Date: Mon, 14 Aug 2017 10:55:44 +0200
-Subject: [PATCH] Fix double free().
-
-Found by Brian 'geeknik' Carpenter using AFL.
----
- THANKS | 1 +
- lib/zip_dirent.c | 3 ---
- 2 files changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/THANKS b/THANKS
-index be0cca9..a80ee1d 100644
---- a/THANKS
-+++ b/THANKS
-@@ -12,6 +12,7 @@ BALATON Zoltan <balaton@eik.bme.hu>
- Benjamin Gilbert <bgilbert@backtick.net>
- Boaz Stolk <bstolk@aweta.nl>
- Bogdan <bogiebog@gmail.com>
-+Brian 'geeknik' Carpenter <geeknik@protonmail.ch>
- Chris Nehren <cnehren+libzip@pobox.com>
- Coverity <info@coverity.com>
- Dane Springmeyer <dane.springmeyer@gmail.com>
-diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c
-index a369900..e5a7cc9 100644
---- a/lib/zip_dirent.c
-+++ b/lib/zip_dirent.c
-@@ -579,9 +579,6 @@ _zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, boo
- }
-
- if (!_zip_dirent_process_winzip_aes(zde, error)) {
-- if (!from_buffer) {
-- _zip_buffer_free(buffer);
-- }
- return -1;
- }
-
diff --git a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch b/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch
deleted file mode 100644
index 3d1f9a0aabc3..000000000000
--- a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 9b46957ec98d85a572e9ef98301247f39338a3b5 Mon Sep 17 00:00:00 2001
-From: Thomas Klausner <tk@giga.or.at>
-Date: Tue, 29 Aug 2017 10:25:03 +0200
-Subject: [PATCH] Make eocd checks more consistent between zip and zip64 cases.
-
----
- lib/zip_open.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/lib/zip_open.c b/lib/zip_open.c
-index 3bd593b..9d3a4cb 100644
---- a/lib/zip_open.c
-+++ b/lib/zip_open.c
-@@ -847,7 +847,12 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
- zip_error_set(error, ZIP_ER_SEEK, EFBIG);
- return NULL;
- }
-- if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) {
-+ if (offset+size > buf_offset + eocd_offset) {
-+ /* cdir spans past EOCD record */
-+ zip_error_set(error, ZIP_ER_INCONS, 0);
-+ return NULL;
-+ }
-+ if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) {
- zip_error_set(error, ZIP_ER_INCONS, 0);
- return NULL;
- }