[gentoo-commits] repo/gentoo:master commit in: app-arch/rzip/files/, app-arch/rzip/

Fri, 29 Dec 2017 05:17:43 -0800 

commit:     5eb9348bf05fc2aa8bb21426e1446223a10fe5e9
Author:     David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 29 12:45:49 2017 +0000
Commit:     David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Fri Dec 29 13:16:33 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5eb9348b

app-arch/rzip: Revbump for CVE-2017-8364

Bug: https://bugs.gentoo.org/618020
Package-Manager: Portage-2.3.19, Repoman-2.3.6

 app-arch/rzip/files/rzip-2.1-CVE-2017-8364.patch   | 33 ++++++++++++++++++++++
 .../{rzip-2.1-r2.ebuild => rzip-2.1-r3.ebuild}     |  5 +++-
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/app-arch/rzip/files/rzip-2.1-CVE-2017-8364.patch 
b/app-arch/rzip/files/rzip-2.1-CVE-2017-8364.patch
new file mode 100644
index 00000000000..3c65e6f1939
--- /dev/null
+++ b/app-arch/rzip/files/rzip-2.1-CVE-2017-8364.patch
@@ -0,0 +1,33 @@
+Index: rzip-2.1/stream.c
+===================================================================
+--- rzip-2.1.orig/stream.c
++++ rzip-2.1/stream.c
+@@ -147,16 +147,16 @@ static int write_u32(int f, u32 v)
+       return 0;
+ }
+ 
+-static int read_buf(int f, uchar *p, int len)
++static int read_buf(int f, uchar *p, unsigned int len)
+ {
+       int ret;
+       ret = read(f, p, len);
+       if (ret == -1) {
+-              err_msg("Read of length %d failed - %s\n", len, 
strerror(errno));
++              err_msg("Read of length %u failed - %s\n", len, 
strerror(errno));
+               return -1;
+       }
+       if (ret != len) {
+-              err_msg("Partial read!? asked for %d bytes but got %d\n", len, 
ret);
++              err_msg("Partial read!? asked for %u bytes but got %d\n", len, 
ret);
+               return -1;
+       }
+       return 0;
+@@ -399,7 +399,7 @@ static int fill_buffer(struct stream_inf
+       if (sinfo->s[stream].buf) {
+               free(sinfo->s[stream].buf);
+       }
+-      sinfo->s[stream].buf = malloc(u_len);
++      sinfo->s[stream].buf = malloc(c_len > u_len ? c_len : u_len);
+       if (!sinfo->s[stream].buf) {
+               return -1;
+       }

diff --git a/app-arch/rzip/rzip-2.1-r2.ebuild b/app-arch/rzip/rzip-2.1-r3.ebuild
similarity index 91%
rename from app-arch/rzip/rzip-2.1-r2.ebuild
rename to app-arch/rzip/rzip-2.1-r3.ebuild
index 75233dfea45..915c6deeef2 100644
--- a/app-arch/rzip/rzip-2.1-r2.ebuild
+++ b/app-arch/rzip/rzip-2.1-r3.ebuild
@@ -17,7 +17,10 @@ IUSE=""
 RDEPEND="app-arch/bzip2:="
 DEPEND="${DEPEND}"
 
-PATCHES=( "${FILESDIR}"/${PN}-2.1-darwin.patch )
+PATCHES=(
+       "${FILESDIR}"/${PN}-2.1-darwin.patch
+       "${FILESDIR}"/${PN}-2.1-CVE-2017-8364.patch
+)
 
 src_prepare() {
        default

Reply via email to