Minix/pkgsrc-ng
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Import of pkgsrc-2016Q3

Browse Source
This commit is contained in:
Lionel Sambuc
2016-10-14 07:49:11 +02:00
committed by Lionel Sambuc
parent 9d819b6d54
commit 1242aa1e36
35952 changed files with 949749 additions and 377083 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
archivers/unzip/Makefile
View File

@@ -1,8 +1,8 @@
# $NetBSD: Makefile,v 1.90 2015/06/05 12:22:28 sevan Exp $
# $NetBSD: Makefile,v 1.94 2016/09/13 14:49:16 jperkin Exp $
DISTNAME= unzip60
PKGNAME= unzip-6.0
PKGREVISION= 4
PKGREVISION= 7
CATEGORIES= archivers
MASTER_SITES= ftp://ftp.info-zip.org/pub/infozip/src/
EXTRACT_SUFX= .tgz
@@ -33,11 +33,12 @@ CPPFLAGS+= -DBSD
${OPSYS} == "Cygwin" || \
(${OPSYS} == "Darwin" && !empty(OS_VERSION:M[01234678].*))) || \
${OS_VARIANT} == "SCOOSR5" || \
${OPSYS} == "Linux" || \
${OPSYS} == "Bitrig"
CPPFLAGS+= -DNO_LCHMOD
.endif
CPPFLAGS+= -DUNIX -Dunix -DUSE_UNSHRINK -I.
.if (${OPSYS} != "SunOS")
.if empty(MACHINE_PLATFORM:MSunOS-*-sparc)
CPPFLAGS+= -DLARGE_FILE_SUPPORT
.endif

6
archivers/unzip/distinfo
View File

@@ -1,11 +1,13 @@
$NetBSD: distinfo,v 1.27 2015/02/11 12:35:42 wiz Exp $
$NetBSD: distinfo,v 1.29 2015/11/11 12:47:26 wiz Exp $
SHA1 (unzip60.tgz) = abf7de8a4018a983590ed6f5cbd990d4740f8a22
RMD160 (unzip60.tgz) = 48af66606e9472e45fbb94bc4e285da23d1b89ba
SHA512 (unzip60.tgz) = 0694e403ebc57b37218e00ec1a406cae5cc9c5b52b6798e0d4590840b6cdbf9ddc0d9471f67af783e960f8fa2e620394d51384257dca23d06bcd90224a80ce5d
Size (unzip60.tgz) = 1376845 bytes
SHA1 (patch-ab) = 672635c469e0a53ac9808f8155ee38643a8acf69
SHA1 (patch-ac) = 27b91401d4d5ecc3842c91dc49c08f42c8646154
SHA1 (patch-extract.c) = bba436910084ec43ef8f8e76a1cd0392c566e4ac
SHA1 (patch-crypt.c) = e44e14ba2c8e5651659c6756a5adbe88b4385ca4
SHA1 (patch-extract.c) = 042fe7d233d0b3cb1e978902c901e8239f7a3732
SHA1 (patch-fileio.c) = 910ddb3b847cae92326697a399234b2948555534
SHA1 (patch-list.c) = 7aa261ecef5e5cc14ad387070560730ff419d635
SHA1 (patch-process.c) = d6e6ed05ef7c2977353e848d9e9cba2877577812

26
archivers/unzip/patches/patch-crypt.c Normal file
View File

@@ -0,0 +1,26 @@
$NetBSD: patch-crypt.c,v 1.1 2015/11/11 12:47:27 wiz Exp $
Bug fix for heap overflow, from Debian.
CVE-2015-7696
--- crypt.c.orig 2007-01-05 15:47:36.000000000 +0000
+++ crypt.c
@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd)
GLOBAL(pInfo->encrypted) = FALSE;
defer_leftover_input(__G);
for (n = 0; n < RAND_HEAD_LEN; n++) {
- b = NEXTBYTE;
+ /* 2012-11-23 SMS. (OUSPG report.)
+ * Quit early if compressed size < HEAD_LEN. The resulting
+ * error message ("unable to get password") could be improved,
+ * but it's better than trying to read nonexistent data, and
+ * then continuing with a negative G.csize. (See
+ * fileio.c:readbyte()).
+ */
+ if ((b = NEXTBYTE) == (ush)EOF)
+ {
+ return PK_ERR;
+ }
h[n] = (uch)b;
Trace((stdout, " (%02x)", h[n]));
}

46
archivers/unzip/patches/patch-extract.c
View File

@@ -1,4 +1,4 @@
$NetBSD: patch-extract.c,v 1.2 2015/02/11 12:35:42 wiz Exp $
$NetBSD: patch-extract.c,v 1.3 2015/11/11 12:47:27 wiz Exp $
Fixes for
* https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139
@@ -17,6 +17,10 @@ possibly have other unspecified impact.
This patch ensures that when extra fields use STORED mode, the
"compressed" and uncompressed block sizes match.
* CVE-2015-7697 (from Debian)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802160
* integer underflow
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802160
--- extract.c.orig 2009-03-14 01:32:52.000000000 +0000
+++ extract.c
@@ -36,7 +40,26 @@ This patch ensures that when extra fields use STORED mode, the
static ZCONST char Far InvalidComprDataEAs[] =
" invalid compressed data for EAs\n";
# if (defined(WIN32) && defined(NTSD_EAS))
@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_l
@@ -1255,8 +1257,17 @@ static int extract_or_test_entrylist(__G
if (G.lrec.compression_method == STORED) {
zusz_t csiz_decrypted = G.lrec.csize;
- if (G.pInfo->encrypted)
+ if (G.pInfo->encrypted) {
+ if (csiz_decrypted <= 12) {
+ /* handle the error now to prevent unsigned overflow */
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarStringSmall(ErrUnzipNoFile),
+ LoadFarString(InvalidComprData),
+ LoadFarStringSmall2(Inflate)));
+ return PK_ERR;
+ }
csiz_decrypted -= 12;
+ }
if (G.lrec.ucsize != csiz_decrypted) {
Info(slide, 0x401, ((char *)slide,
LoadFarStringSmall2(WrnStorUCSizCSizDiff),
@@ -2023,7 +2034,8 @@ static int TestExtraField(__G__ ef, ef_l
ebID = makeword(ef);
ebLen = (unsigned)makeword(ef+EB_LEN);
@@ -46,7 +69,7 @@ This patch ensures that when extra fields use STORED mode, the
/* Discovered some extra field inconsistency! */
if (uO.qflag)
Info(slide, 1, ((char *)slide, "%-22s ",
@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_l
@@ -2032,6 +2044,16 @@ static int TestExtraField(__G__ ef, ef_l
ebLen, (ef_len - EB_HEADSIZE)));
return PK_ERR;
}
@@ -63,7 +86,7 @@ This patch ensures that when extra fields use STORED mode, the
switch (ebID) {
case EF_OS2:
@@ -2217,6 +2230,7 @@ static int test_compr_eb(__G__ eb, eb_si
@@ -2217,6 +2239,7 @@ static int test_compr_eb(__G__ eb, eb_si
ulg eb_ucsize;
uch *eb_ucptr;
int r;
@@ -71,7 +94,7 @@ This patch ensures that when extra fields use STORED mode, the
if (compr_offset < 4) /* field is not compressed: */
return PK_OK; /* do nothing and signal OK */
@@ -2226,6 +2240,13 @@ static int test_compr_eb(__G__ eb, eb_si
@@ -2226,6 +2249,13 @@ static int test_compr_eb(__G__ eb, eb_si
eb_size <= (compr_offset + EB_CMPRHEADLEN)))
return IZ_EF_TRUNC; /* no compressed data! */
@@ -85,3 +108,16 @@ This patch ensures that when extra fields use STORED mode, the
if (
#ifdef INT_16BIT
(((ulg)(extent)eb_ucsize) != eb_ucsize) ||
@@ -2701,6 +2731,12 @@ __GDEF
int repeated_buf_err;
bz_stream bstrm;
+ if (G.incnt <= 0 && G.csize <= 0L) {
+ /* avoid an infinite loop */
+ Trace((stderr, "UZbunzip2() got empty input\n"));
+ return 2;
+ }
+
#if (defined(DLL) && !defined(NO_SLIDE_REDIR))
if (G.redirect_slide)
wsize = G.redirect_size, redirSlide = G.redirect_buffer;