pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/archivers/unzip Add fix for the security vulnerability...
details: https://anonhg.NetBSD.org/pkgsrc/rev/227f9e56af30
branches: trunk
changeset: 540038:227f9e56af30
user: tron <tron%pkgsrc.org@localhost>
date: Sun Mar 23 13:03:13 2008 +0000
description:
Add fix for the security vulnerability reported in CVE-2008-0888 taken
from Debian. Bump package revision.
diffstat:
archivers/unzip/distinfo | 3 +-
archivers/unzip/patches/patch-ae | 52 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 54 insertions(+), 1 deletions(-)
diffs (70 lines):
diff -r 4081a054887c -r 227f9e56af30 archivers/unzip/distinfo
--- a/archivers/unzip/distinfo Sun Mar 23 12:59:57 2008 +0000
+++ b/archivers/unzip/distinfo Sun Mar 23 13:03:13 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2007/06/05 05:54:51 wiz Exp $
+$NetBSD: distinfo,v 1.18 2008/03/23 13:03:13 tron Exp $
SHA1 (unzip-5.52/unzip552.tgz) = 1831bd59b9e607a69052f83b263384895e2d4a19
RMD160 (unzip-5.52/unzip552.tgz) = b749b0923bc4cceaa6f937aef688e9713a84328c
@@ -7,3 +7,4 @@
SHA1 (patch-ab) = dd426fdf4b774bd73f4ee46da470ffa3c2cf6513
SHA1 (patch-ac) = ada9059d9b3384396bbf6437f55fa40f2f6c0c73
SHA1 (patch-ad) = a0ad66bc1f13dd1ec9f9d7c9eb5b49ca3edb09be
+SHA1 (patch-ae) = b6f50523a0020b57e3385731dd0c7b447b1a9242
diff -r 4081a054887c -r 227f9e56af30 archivers/unzip/patches/patch-ae
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/unzip/patches/patch-ae Sun Mar 23 13:03:13 2008 +0000
@@ -0,0 +1,52 @@
+$NetBSD: patch-ae,v 1.1 2008/03/23 13:03:13 tron Exp $
+
+--- inflate.c.orig 2005-02-27 06:08:46.000000000 +0000
++++ inflate.c 2008-03-23 12:58:42.000000000 +0000
+@@ -983,6 +983,7 @@
+ unsigned l; /* last length */
+ unsigned m; /* mask for bit lengths table */
+ unsigned n; /* number of lengths to get */
++ struct huft *tlp;
+ struct huft *tl; /* literal/length code table */
+ struct huft *td; /* distance code table */
+ unsigned bl; /* lookup bits for tl */
+@@ -996,6 +997,8 @@
+ int retval = 0; /* error code returned: initialized to "no error" */
+
+
++ td = tlp = tl = (struct huft *)NULL;
++
+ /* make local bit buffer */
+ Trace((stderr, "\ndynamic block"));
+ b = G.bb;
+@@ -1047,9 +1050,9 @@
+ while (i < n)
+ {
+ NEEDBITS(bl)
+- j = (td = tl + ((unsigned)b & m))->b;
++ j = (tlp = tl + ((unsigned)b & m))->b;
+ DUMPBITS(j)
+- j = td->v.n;
++ j = tlp->v.n;
+ if (j < 16) /* length of code in bits (0..15) */
+ ll[i++] = l = j; /* save last length in l */
+ else if (j == 16) /* repeat last length 3 to 6 times */
+@@ -1141,6 +1144,7 @@
+ huft_free(td);
+ }
+ huft_free(tl);
++
+ return retval;
+ }
+
+@@ -1149,8 +1153,8 @@
+
+ cleanup_and_exit:
+ /* free the decoding tables, return */
+- huft_free(tl);
+- huft_free(td);
++ if (tl) huft_free(tl);
++ if (td) huft_free(td);
+ return retval;
+ }
+
Home |
Main Index |
Thread Index |
Old Index