diff options
| author |   Maciej Mrozowski <reavertm@gentoo.org> | 2017-08-24 21:59:13 +0200 |
|---|---|---|
| committer | Maciej Mrozowski <reavertm@gentoo.org> | 2017-08-24 21:59:27 +0200 |
| commit | f6f41d931a86fc8b6aad0078b3a8a20e7ebff8bf (patch) | |
| tree | 311040990327c527ddd5e0f6cae7dcfbc33d0a95 /dev-libs | |
| parent | net-misc/openvswitch: switch to split twisted bug 628028 (diff) | |
| download | gentoo-f6f41d931a86fc8b6aad0078b3a8a20e7ebff8bf.tar.gz gentoo-f6f41d931a86fc8b6aad0078b3a8a20e7ebff8bf.tar.bz2 gentoo-f6f41d931a86fc8b6aad0078b3a8a20e7ebff8bf.zip | |
dev-libs/libmspack: CVE-2017-6419, bug 628684.
Package-Manager: Portage-2.3.6, Repoman-2.3.3
Diffstat (limited to 'dev-libs')
| -rw-r--r-- | dev-libs/libmspack/files/libmspack-0.5_alpha-CVE-2017-6419.patch | 41 | ||||
| -rw-r--r-- | dev-libs/libmspack/libmspack-0.5_alpha-r1.ebuild | 50 |
2 files changed, 91 insertions, 0 deletions
diff --git a/dev-libs/libmspack/files/libmspack-0.5_alpha-CVE-2017-6419.patch b/dev-libs/libmspack/files/libmspack-0.5_alpha-CVE-2017-6419.patch new file mode 100644 index 000000000000..1b81fdcbfcd4 --- /dev/null +++ b/dev-libs/libmspack/files/libmspack-0.5_alpha-CVE-2017-6419.patch @@ -0,0 +1,41 @@ +From a83773682e856ad6529ba6db8d1792e6d515d7f1 Mon Sep 17 00:00:00 2001 +From: Mickey Sola <msola@sourcefire.com> +Date: Wed, 29 Mar 2017 14:55:26 -0400 +Subject: [PATCH] fixing potential OOB window write when unpacking chm files + +--- + libclamav/libmspack-0.5alpha/mspack/lzxd.c | 11 +++++++++-- + libclamav/libmspack.c | 6 +++++- + 2 files changed, 14 insertions(+), 3 deletions(-) + +diff --git a/libclamav/libmspack-0.5alpha/mspack/lzxd.c b/libclamav/libmspack-0.5alpha/mspack/lzxd.c +index 2281e7b9d..45105a583 100644 +--- a/mspack/lzxd.c ++++ b/mspack/lzxd.c +@@ -766,8 +766,13 @@ int lzxd_decompress(struct lzxd_stream *lzx, off_t out_bytes) { + case LZX_BLOCKTYPE_UNCOMPRESSED: + /* as this_run is limited not to wrap a frame, this also means it + * won't wrap the window (as the window is a multiple of 32k) */ ++ if (window_posn + this_run > lzx->window_size) { ++ D(("match ran over window boundary")) ++ return lzx->error = MSPACK_ERR_DECRUNCH; ++ } + rundest = &window[window_posn]; + window_posn += this_run; ++ + while (this_run > 0) { + if ((i = i_end - i_ptr) == 0) { + READ_IF_NEEDED; +@@ -888,8 +893,10 @@ void lzxd_free(struct lzxd_stream *lzx) { + struct mspack_system *sys; + if (lzx) { + sys = lzx->sys; +- sys->free(lzx->inbuf); +- sys->free(lzx->window); ++ if(lzx->inbuf) ++ sys->free(lzx->inbuf); ++ if(lzx->window) ++ sys->free(lzx->window); + sys->free(lzx); + } + } diff --git a/dev-libs/libmspack/libmspack-0.5_alpha-r1.ebuild b/dev-libs/libmspack/libmspack-0.5_alpha-r1.ebuild new file mode 100644 index 000000000000..f8c7bd3ce1d1 --- /dev/null +++ b/dev-libs/libmspack/libmspack-0.5_alpha-r1.ebuild @@ -0,0 +1,50 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit eutils multilib-minimal + +MY_PV="${PV/_alpha/alpha}" +MY_P="${PN}-${MY_PV}" + +DESCRIPTION="A library for Microsoft compression formats" +HOMEPAGE="https://www.cabextract.org.uk/libmspack/" +SRC_URI="https://www.cabextract.org.uk/libmspack/libmspack-${MY_PV}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="debug doc static-libs" + +DEPEND="" +RDEPEND="" + +PATCHES=( + "${FILESDIR}/${P}-CVE-2017-6419.patch" +) + +S="${WORKDIR}/${MY_P}" + +multilib_src_configure() { + ECONF_SOURCE="${S}" econf \ + $(use_enable debug) \ + $(use_enable static-libs static) +} + +multilib_src_test() { + if multilib_is_native_abi; then + default + cd "${S}"/test && "${BUILD_DIR}"/test/cabd_test || die + fi +} + +multilib_src_install_all() { + DOCS=(AUTHORS ChangeLog NEWS README TODO) + prune_libtool_files --all + use doc && HTML_DOCS=(doc/*) + default_src_install + if use doc; then + rm "${ED}"/usr/share/doc/"${PF}"/html/{Makefile*,Doxyfile*} || die + fi +} |