diff options
author | Andreas Sturmlechner <asturm@gentoo.org> | 2017-10-24 01:25:22 +0200 |
---|---|---|
committer | Andreas Sturmlechner <asturm@gentoo.org> | 2017-10-24 01:25:22 +0200 |
commit | b4a9cb3e5493b414c2d671e6e5c1e8bcf084915c (patch) | |
tree | eed152f451a60c4ab72f1c17d463e86d514ae1d5 /dev-libs/libzip/files | |
parent | sys-libs/glibc: x86 stable (bug #628180) (diff) | |
download | gentoo-b4a9cb3e5493b414c2d671e6e5c1e8bcf084915c.tar.gz gentoo-b4a9cb3e5493b414c2d671e6e5c1e8bcf084915c.tar.bz2 gentoo-b4a9cb3e5493b414c2d671e6e5c1e8bcf084915c.zip |
dev-libs/libzip: Security cleanup, bug #629574
Package-Manager: Portage-2.3.12, Repoman-2.3.3
Diffstat (limited to 'dev-libs/libzip/files')
-rw-r--r-- | dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch | 37 | ||||
-rw-r--r-- | dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch | 27 |
2 files changed, 0 insertions, 64 deletions
diff --git a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch b/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch deleted file mode 100644 index 26236510fee8..000000000000 --- a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 2217022b7d1142738656d891e00b3d2d9179b796 Mon Sep 17 00:00:00 2001 -From: Thomas Klausner <tk@giga.or.at> -Date: Mon, 14 Aug 2017 10:55:44 +0200 -Subject: [PATCH] Fix double free(). - -Found by Brian 'geeknik' Carpenter using AFL. ---- - THANKS | 1 + - lib/zip_dirent.c | 3 --- - 2 files changed, 1 insertion(+), 3 deletions(-) - -diff --git a/THANKS b/THANKS -index be0cca9..a80ee1d 100644 ---- a/THANKS -+++ b/THANKS -@@ -12,6 +12,7 @@ BALATON Zoltan <balaton@eik.bme.hu> - Benjamin Gilbert <bgilbert@backtick.net> - Boaz Stolk <bstolk@aweta.nl> - Bogdan <bogiebog@gmail.com> -+Brian 'geeknik' Carpenter <geeknik@protonmail.ch> - Chris Nehren <cnehren+libzip@pobox.com> - Coverity <info@coverity.com> - Dane Springmeyer <dane.springmeyer@gmail.com> -diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c -index a369900..e5a7cc9 100644 ---- a/lib/zip_dirent.c -+++ b/lib/zip_dirent.c -@@ -579,9 +579,6 @@ _zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, boo - } - - if (!_zip_dirent_process_winzip_aes(zde, error)) { -- if (!from_buffer) { -- _zip_buffer_free(buffer); -- } - return -1; - } - diff --git a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch b/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch deleted file mode 100644 index 3d1f9a0aabc3..000000000000 --- a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 9b46957ec98d85a572e9ef98301247f39338a3b5 Mon Sep 17 00:00:00 2001 -From: Thomas Klausner <tk@giga.or.at> -Date: Tue, 29 Aug 2017 10:25:03 +0200 -Subject: [PATCH] Make eocd checks more consistent between zip and zip64 cases. - ---- - lib/zip_open.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/lib/zip_open.c b/lib/zip_open.c -index 3bd593b..9d3a4cb 100644 ---- a/lib/zip_open.c -+++ b/lib/zip_open.c -@@ -847,7 +847,12 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse - zip_error_set(error, ZIP_ER_SEEK, EFBIG); - return NULL; - } -- if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) { -+ if (offset+size > buf_offset + eocd_offset) { -+ /* cdir spans past EOCD record */ -+ zip_error_set(error, ZIP_ER_INCONS, 0); -+ return NULL; -+ } -+ if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) { - zip_error_set(error, ZIP_ER_INCONS, 0); - return NULL; - } |