diff options
| -rw-r--r-- | app-arch/rzip/files/rzip-2.1-CVE-2017-8364.patch | 33 | ||||
| -rw-r--r-- | app-arch/rzip/rzip-2.1-r3.ebuild (renamed from app-arch/rzip/rzip-2.1-r2.ebuild) | 5 |
2 files changed, 37 insertions, 1 deletions
diff --git a/app-arch/rzip/files/rzip-2.1-CVE-2017-8364.patch b/app-arch/rzip/files/rzip-2.1-CVE-2017-8364.patch new file mode 100644 index 000000000000..3c65e6f1939d --- /dev/null +++ b/app-arch/rzip/files/rzip-2.1-CVE-2017-8364.patch @@ -0,0 +1,33 @@ +Index: rzip-2.1/stream.c +=================================================================== +--- rzip-2.1.orig/stream.c ++++ rzip-2.1/stream.c +@@ -147,16 +147,16 @@ static int write_u32(int f, u32 v) + return 0; + } + +-static int read_buf(int f, uchar *p, int len) ++static int read_buf(int f, uchar *p, unsigned int len) + { + int ret; + ret = read(f, p, len); + if (ret == -1) { +- err_msg("Read of length %d failed - %s\n", len, strerror(errno)); ++ err_msg("Read of length %u failed - %s\n", len, strerror(errno)); + return -1; + } + if (ret != len) { +- err_msg("Partial read!? asked for %d bytes but got %d\n", len, ret); ++ err_msg("Partial read!? asked for %u bytes but got %d\n", len, ret); + return -1; + } + return 0; +@@ -399,7 +399,7 @@ static int fill_buffer(struct stream_inf + if (sinfo->s[stream].buf) { + free(sinfo->s[stream].buf); + } +- sinfo->s[stream].buf = malloc(u_len); ++ sinfo->s[stream].buf = malloc(c_len > u_len ? c_len : u_len); + if (!sinfo->s[stream].buf) { + return -1; + } diff --git a/app-arch/rzip/rzip-2.1-r2.ebuild b/app-arch/rzip/rzip-2.1-r3.ebuild index 75233dfea457..915c6deeef2b 100644 --- a/app-arch/rzip/rzip-2.1-r2.ebuild +++ b/app-arch/rzip/rzip-2.1-r3.ebuild @@ -17,7 +17,10 @@ IUSE="" RDEPEND="app-arch/bzip2:=" DEPEND="${DEPEND}" -PATCHES=( "${FILESDIR}"/${PN}-2.1-darwin.patch ) +PATCHES=( + "${FILESDIR}"/${PN}-2.1-darwin.patch + "${FILESDIR}"/${PN}-2.1-CVE-2017-8364.patch +) src_prepare() { default |