dev-libs/libzip: Security revbump for CVE-2017-14107

Package-Manager: Portage-2.3.8, Repoman-2.3.3

2 files changed, 28 insertions, 1 deletions

diff --git a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch b/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch
index b7586e45a568..26236510fee8 100644
--- a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch
+++ b/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch
@@ -34,4 +34,4 @@ index a369900..e5a7cc9 100644
 -	}
  	return -1;
      }
- 
\ No newline at end of file
+ 
diff --git a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch b/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch
new file mode 100644
index 000000000000..3d1f9a0aabc3
--- /dev/null
+++ b/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch
@@ -0,0 +1,27 @@
+From 9b46957ec98d85a572e9ef98301247f39338a3b5 Mon Sep 17 00:00:00 2001
+From: Thomas Klausner <tk@giga.or.at>
+Date: Tue, 29 Aug 2017 10:25:03 +0200
+Subject: [PATCH] Make eocd checks more consistent between zip and zip64 cases.
+
+---
+ lib/zip_open.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/zip_open.c b/lib/zip_open.c
+index 3bd593b..9d3a4cb 100644
+--- a/lib/zip_open.c
++++ b/lib/zip_open.c
+@@ -847,7 +847,12 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
+         zip_error_set(error, ZIP_ER_SEEK, EFBIG);
+         return NULL;
+     }
+-    if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) {
++    if (offset+size > buf_offset + eocd_offset) {
++	/* cdir spans past EOCD record */
++	zip_error_set(error, ZIP_ER_INCONS, 0);
++	return NULL;
++    }
++    if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) {
+ 	zip_error_set(error, ZIP_ER_INCONS, 0);
+ 	return NULL;
+     }