Hi,
this here would incorporate the unzip security fix for CVE-2008-0888
that is floating about on the net for a few days now.
The patch is credited to Tavis Ormandy from Google Security in the
various security bulletins. At least Debian and Ubuntu already ship
patched versions of unzip that have this patch applied.
I did not go through the diff myself and verify that it is the
correct fix, however. If anyone can comment on that issue, I'd like to
hear from you.
Any comments or OKs?
Index: Makefile
===================================================================
RCS file: /cvs/ports/archivers/unzip/Makefile,v
retrieving revision 1.39
diff -u -p -r1.39 Makefile
--- Makefile 15 Sep 2007 10:14:33 -0000 1.39
+++ Makefile 25 Mar 2008 16:47:25 -0000
@@ -4,7 +4,7 @@ COMMENT= extract, list & test files in a
VERSION= 5.52
DISTNAME= unzip${VERSION:S/.//}
-PKGNAME= unzip-${VERSION}
+PKGNAME= unzip-${VERSION}p0
CATEGORIES= archivers
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=infozip/} \
http://mirror.switch.ch/ftp/mirror/infozip/src/ \
Index: patches/patch-inflate_c
===================================================================
RCS file: patches/patch-inflate_c
diff -N patches/patch-inflate_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-inflate_c 25 Mar 2008 16:45:44 -0000
@@ -0,0 +1,50 @@
+$OpenBSD$
+--- inflate.c.orig Tue Mar 25 17:40:53 2008
++++ inflate.c Tue Mar 25 17:43:17 2008
+@@ -983,6 +983,7 @@ static int inflate_dynamic(__G)
+ unsigned l; /* last length */
+ unsigned m; /* mask for bit lengths table */
+ unsigned n; /* number of lengths to get */
++ struct huft *tlp;
+ struct huft *tl; /* literal/length code table */
+ struct huft *td; /* distance code table */
+ unsigned bl; /* lookup bits for tl */
+@@ -995,6 +996,7 @@ static int inflate_dynamic(__G)
+ register unsigned k; /* number of bits in bit buffer */
+ int retval = 0; /* error code returned: initialized to "no error" */
+
++ td = tlp = tl = (struct huft *)NULL;
+
+ /* make local bit buffer */
+ Trace((stderr, "\ndynamic block"));
+@@ -1047,9 +1049,9 @@ static int inflate_dynamic(__G)
+ while (i < n)
+ {
+ NEEDBITS(bl)
+- j = (td = tl + ((unsigned)b & m))->b;
++ j = (tlp = tl + ((unsigned)b & m))->b;
+ DUMPBITS(j)
+- j = td->v.n;
++ j = tlp->v.n;
+ if (j < 16) /* length of code in bits (0..15) */
+ ll[i++] = l = j; /* save last length in l */
+ else if (j == 16) /* repeat last length 3 to 6 times */
+@@ -1141,6 +1143,7 @@ static int inflate_dynamic(__G)
+ huft_free(td);
+ }
+ huft_free(tl);
++
+ return retval;
+ }
+
+@@ -1149,8 +1152,8 @@ static int inflate_dynamic(__G)
+
+ cleanup_and_exit:
+ /* free the decoding tables, return */
+- huft_free(tl);
+- huft_free(td);
++ if (tl) huft_free(tl);
++ if (td) huft_free(td);
+ return retval;
+ }
+
--
Alexander "grunk" von Gernler PGP 0xEBC27515
http://www.de.openbsd.org/ -- Free, functional, secure
