diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2008-03-29 02:37:33 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2008-03-29 02:37:33 +0000 |
| commit | bdbfefadfcaf4749c2d703cd5bb7a4fbf24d2262 (patch) | |
| tree | ff43b7d0a409ebd972dcb4365dfb31dfb71b149c | |
| parent | old (diff) | |
| download | gentoo-2-bdbfefadfcaf4749c2d703cd5bb7a4fbf24d2262.tar.gz gentoo-2-bdbfefadfcaf4749c2d703cd5bb7a4fbf24d2262.tar.bz2 gentoo-2-bdbfefadfcaf4749c2d703cd5bb7a4fbf24d2262.zip | |
Fix for CVE-2008-0888 #213761.
(Portage version: 2.2_pre5)
| -rw-r--r-- | app-arch/unzip/ChangeLog | 8 | ||||
| -rw-r--r-- | app-arch/unzip/files/unzip-5.52-CVE-2008-0888.patch | 35 | ||||
| -rw-r--r-- | app-arch/unzip/unzip-5.52-r2.ebuild | 57 |
3 files changed, 99 insertions, 1 deletions
diff --git a/app-arch/unzip/ChangeLog b/app-arch/unzip/ChangeLog index ba64ab9a2f02..99e3349d3cc0 100644 --- a/app-arch/unzip/ChangeLog +++ b/app-arch/unzip/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-arch/unzip # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-arch/unzip/ChangeLog,v 1.50 2008/02/08 15:09:57 cla Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-arch/unzip/ChangeLog,v 1.51 2008/03/29 02:37:33 vapier Exp $ + +*unzip-5.52-r2 (29 Mar 2008) + + 29 Mar 2008; Mike Frysinger <vapier@gentoo.org> + +files/unzip-5.52-CVE-2008-0888.patch, +unzip-5.52-r2.ebuild: + Fix for CVE-2008-0888 #213761. 08 Feb 2008; Dawid Węgliński <cla@gentoo.org> unzip-5.52-r1.ebuild: Change SRC_URI as the old url wasn't fetchable diff --git a/app-arch/unzip/files/unzip-5.52-CVE-2008-0888.patch b/app-arch/unzip/files/unzip-5.52-CVE-2008-0888.patch new file mode 100644 index 000000000000..368b3eeb122d --- /dev/null +++ b/app-arch/unzip/files/unzip-5.52-CVE-2008-0888.patch @@ -0,0 +1,35 @@ +http://bugs.gentoo.org/213761 + +fix for CVE-2008-0888 + +--- inflate.c ++++ inflate.c +@@ -983,6 +983,7 @@ + unsigned l; /* last length */ + unsigned m; /* mask for bit lengths table */ + unsigned n; /* number of lengths to get */ ++ struct huft *tlp; + struct huft *tl; /* literal/length code table */ + struct huft *td; /* distance code table */ + unsigned bl; /* lookup bits for tl */ +@@ -996,6 +997,8 @@ + int retval = 0; /* error code returned: initialized to "no error" */ + + ++ td = tlp = tl = (struct huft *)NULL; ++ + /* make local bit buffer */ + Trace((stderr, "\ndynamic block")); + b = G.bb; +@@ -1047,9 +1050,9 @@ + while (i < n) + { + NEEDBITS(bl) +- j = (td = tl + ((unsigned)b & m))->b; ++ j = (tlp = tl + ((unsigned)b & m))->b; + DUMPBITS(j) +- j = td->v.n; ++ j = tlp->v.n; + if (j < 16) /* length of code in bits (0..15) */ + ll[i++] = l = j; /* save last length in l */ + else if (j == 16) /* repeat last length 3 to 6 times */ diff --git a/app-arch/unzip/unzip-5.52-r2.ebuild b/app-arch/unzip/unzip-5.52-r2.ebuild new file mode 100644 index 000000000000..4f59fd43fa10 --- /dev/null +++ b/app-arch/unzip/unzip-5.52-r2.ebuild @@ -0,0 +1,57 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-arch/unzip/unzip-5.52-r2.ebuild,v 1.1 2008/03/29 02:37:33 vapier Exp $ + +inherit eutils toolchain-funcs flag-o-matic + +DESCRIPTION="unzipper for pkzip-compressed files" +HOMEPAGE="http://www.info-zip.org/" +SRC_URI="mirror://gentoo/${PN}${PV/.}.tar.gz" + +LICENSE="Info-ZIP" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" +IUSE="" + +DEPEND="" + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}"/${P}-no-exec-stack.patch + epatch "${FILESDIR}"/${P}-CVE-2008-0888.patch #213761 + sed -i \ + -e 's:-O3:$(CFLAGS) $(CPPFLAGS):' \ + -e 's:-O :$(CFLAGS) $(CPPFLAGS) :' \ + -e "s:CC=gcc :CC=$(tc-getCC) :" \ + -e "s:LD=gcc :LD=$(tc-getCC) :" \ + -e 's:LF2 = -s:LF2 = :' \ + -e 's:LF = :LF = $(LDFLAGS) :' \ + -e 's:SL = :SL = $(LDFLAGS) :' \ + -e 's:FL = :FL = $(LDFLAGS) :' \ + unix/Makefile \ + || die "sed unix/Makefile failed" +} + +src_compile() { + local TARGET + case ${CHOST} in + i?86*-linux*) TARGET=linux_asm ;; + *-linux*) TARGET=linux_noasm ;; + i?86*-freebsd* | i?86*-dragonfly* | i?86*-openbsd* | i?86*-netbsd*) + TARGET=freebsd ;; # mislabelled bsd with x86 asm + *-freebsd* | *-dragonfly* | *-openbsd* | *-netbsd*) + TARGET=bsd ;; + *-darwin*) TARGET=macosx ;; + *) die "Unknown target, you suck" ;; + esac + append-lfs-flags #104315 + emake -f unix/Makefile ${TARGET} || die "emake failed" +} + +src_install() { + dobin unzip funzip unzipsfx unix/zipgrep || die "dobin failed" + dosym unzip /usr/bin/zipinfo || die + doman man/*.1 + dodoc BUGS History* README ToDo WHERE +} |