[pkgsrc/trunk]: pkgsrc/archivers/libzip Avoid integer overflow. Addresses CVE...

[wiz <wiz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ac73907f7303
branches:  trunk
changeset: 648971:ac73907f7303
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Thu Mar 26 09:30:01 2015 +0000

description:
Avoid integer overflow. Addresses CVE-2015-2331.

Uses upstream patch.
Bump PKGREVISION.

diffstat:

 archivers/libzip/Makefile                        |   3 +-
 archivers/libzip/distinfo                        |   3 +-
 archivers/libzip/patches/patch-lib_zip__dirent.c |  28 ++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 2 deletions(-)

diffs (55 lines):

diff -r 685218c7b587 -r ac73907f7303 archivers/libzip/Makefile
--- a/archivers/libzip/Makefile Thu Mar 26 08:05:02 2015 +0000
+++ b/archivers/libzip/Makefile Thu Mar 26 09:30:01 2015 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.17 2013/12/31 11:07:14 wiz Exp $
+# $NetBSD: Makefile,v 1.18 2015/03/26 09:30:01 wiz Exp $
 
 DISTNAME=              libzip-0.11.2
+PKGREVISION=           1
 CATEGORIES=            archivers devel
 MASTER_SITES=          http://www.nih.at/libzip/
 EXTRACT_SUFX=          .tar.xz
diff -r 685218c7b587 -r ac73907f7303 archivers/libzip/distinfo
--- a/archivers/libzip/distinfo Thu Mar 26 08:05:02 2015 +0000
+++ b/archivers/libzip/distinfo Thu Mar 26 09:30:01 2015 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.14 2013/12/31 11:07:14 wiz Exp $
+$NetBSD: distinfo,v 1.15 2015/03/26 09:30:01 wiz Exp $
 
 SHA1 (libzip-0.11.2.tar.xz) = da86a7b4bb2b7ab7c8c5fb773f8a48a5adc7a405
 RMD160 (libzip-0.11.2.tar.xz) = 4f94874c2f1d06c8c3020f22f17c9ef6da388051
 Size (libzip-0.11.2.tar.xz) = 413352 bytes
+SHA1 (patch-lib_zip__dirent.c) = e6d63693b29a3818943ed39ccd5353c146a2a7fc
diff -r 685218c7b587 -r ac73907f7303 archivers/libzip/patches/patch-lib_zip__dirent.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/libzip/patches/patch-lib_zip__dirent.c  Thu Mar 26 09:30:01 2015 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-lib_zip__dirent.c,v 1.1 2015/03/26 09:30:01 wiz Exp $
+
+Based on:
+# HG changeset patch
+# User Thomas Klausner <tk%giga.or.at@localhost>
+# Date 1426937322 -3600
+#      Sat Mar 21 12:28:42 2015 +0100
+# Node ID 9f11d54f692edc152afef04178cdf16f906a21b4
+# Parent  fa78ab51417f2fbf19586195dc3662497a5d790d
+Avoid integer overflow. Addresses CVE-2015-2331.
+
+Fixed similarly to patch used in PHP copy of libzip:
+https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5
+
+Thanks to Emmanuel Law <emmanuel.law%gmail.com@localhost> for the notification
+about the bug.
+
+--- lib/zip_dirent.c.orig      2013-11-28 16:57:10.000000000 +0000
++++ lib/zip_dirent.c
+@@ -110,7 +110,7 @@ _zip_cdir_new(zip_uint64_t nentry, struc
+ 
+     if (nentry == 0)
+       cd->entry = NULL;
+-    else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
++    else if ((nentry > SIZE_MAX/sizeof(*(cd->entry))) || (cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
+       _zip_error_set(error, ZIP_ER_MEMORY, 0);
+       free(cd);
+       return NULL;