Fix multiple vulnerabilities.

PR: 204413 (based on) Notified by: venture37@geeklan.co.uk Security: CVE-2015-7696, CVE-2015-7697 MFH: 2016Q1
svn path=/head/; revision=405286
2025-01-04 06:15:24 +00:00 · 2016-01-05 13:08:34 +00:00 · 2016-01-05 13:08:34 +00:00 · dc7e952bb3 · 2021-03-31 03:12:20 +00:00
commit dc7e952bb3
parent 9aee8d04a2
3 changed files with 41 additions and 7 deletions
--- a/archivers/unzip/Makefile
+++ b/archivers/unzip/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	unzip
 PORTVERSION=	6.0
-PORTREVISION=	6
+PORTREVISION=	7
 CATEGORIES=	archivers
 MASTER_SITES=	SF/infozip/UnZip%206.x%20%28latest%29/UnZip%20${PORTVERSION}/:main \
 		SF/infozip/UnZip%205.x%20and%20earlier/5.51/:unreduce
--- a/archivers/unzip/files/patch-crypt.c
+++ b/archivers/unzip/files/patch-crypt.c
@ -0,0 +1,21 @@
+--- crypt.c.orig	2007-01-05 16:47:36.000000000 +0100
+++ crypt.c	2016-01-04 14:39:27.300502995 +0100
+@@ -465,7 +465,17 @@
+     GLOBAL(pInfo->encrypted) = FALSE;
+     defer_leftover_input(__G);
+     for (n = 0; n < RAND_HEAD_LEN; n++) {
+-        b = NEXTBYTE;
+        /* 2012-11-23 SMS.  (OUSPG report.)
+         * Quit early if compressed size < HEAD_LEN.  The resulting
+         * error message ("unable to get password") could be improved,
+         * but it's better than trying to read nonexistent data, and
+         * then continuing with a negative G.csize.  (See
+         * fileio.c:readbyte()).
+         */
+        if ((b = NEXTBYTE) == (ush)EOF)
+        {
+            return PK_ERR;
+        }
+         h[n] = (uch)b;
+         Trace((stdout, " (%02x)", h[n]));
+     }
--- a/archivers/unzip/files/patch-extract.c
+++ b/archivers/unzip/files/patch-extract.c
@ -1,5 +1,5 @@
--- extract.c.orig	2009-03-14 01:32:52 UTC
-+++ extract.c
+--- extract.c.orig	2009-03-14 02:32:52.000000000 +0100
+++ extract.c	2016-01-04 14:43:11.813488458 +0100
@@ -1,5 +1,5 @@
 /*
 -  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
@ -7,7 +7,7 @@
 
   See the accompanying file LICENSE, version 2009-Jan-02 or later
   (the contents of which are also included in unzip.h) for terms of use.
-@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] =
+@@ -298,6 +298,8 @@
 #ifndef SFX
    static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
      EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
@ -16,7 +16,7 @@
    static ZCONST char Far InvalidComprDataEAs[] =
      " invalid compressed data for EAs\n";
 #  if (defined(WIN32) && defined(NTSD_EAS))
-@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_l
+@@ -2023,7 +2025,8 @@
         ebID = makeword(ef);
         ebLen = (unsigned)makeword(ef+EB_LEN);
 
@ -26,7 +26,7 @@
            /* Discovered some extra field inconsistency! */
             if (uO.qflag)
                 Info(slide, 1, ((char *)slide, "%-22s ",
-@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_l
+@@ -2032,6 +2035,16 @@
               ebLen, (ef_len - EB_HEADSIZE)));
             return PK_ERR;
         }
@ -43,7 +43,7 @@
 
         switch (ebID) {
             case EF_OS2:
-@@ -2217,14 +2230,28 @@ static int test_compr_eb(__G__ eb, eb_si
+@@ -2217,14 +2230,28 @@
     ulg eb_ucsize;
     uch *eb_ucptr;
     int r;
@ -75,3 +75,16 @@
 
     if (
 #ifdef INT_16BIT
+@@ -2701,6 +2728,12 @@
+     int repeated_buf_err;
+     bz_stream bstrm;
+ 
+    if (G.incnt <= 0 && G.csize <= 0L) {
+        /* avoid an infinite loop */
+        Trace((stderr, "UZbunzip2() got empty input\n"));
+        return 2;
+    }
+
+ #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
+     if (G.redirect_slide)
+         wsize = G.redirect_size, redirSlide = G.redirect_buffer;