commit: f6f41d931a86fc8b6aad0078b3a8a20e7ebff8bf
Author: Maciej Mrozowski <reavertm <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 24 19:59:13 2017 +0000
Commit: Maciej Mrozowski <reavertm <AT> gentoo <DOT> org>
CommitDate: Thu Aug 24 19:59:27 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6f41d93
dev-libs/libmspack: CVE-2017-6419, bug 628684.
Package-Manager: Portage-2.3.6, Repoman-2.3.3
.../files/libmspack-0.5_alpha-CVE-2017-6419.patch | 41 ++++++++++++++++++
dev-libs/libmspack/libmspack-0.5_alpha-r1.ebuild | 50 ++++++++++++++++++++++
2 files changed, 91 insertions(+)
diff --git a/dev-libs/libmspack/files/libmspack-0.5_alpha-CVE-2017-6419.patch
b/dev-libs/libmspack/files/libmspack-0.5_alpha-CVE-2017-6419.patch
new file mode 100644
index 00000000000..1b81fdcbfcd
--- /dev/null
+++ b/dev-libs/libmspack/files/libmspack-0.5_alpha-CVE-2017-6419.patch
@@ -0,0 +1,41 @@
+From a83773682e856ad6529ba6db8d1792e6d515d7f1 Mon Sep 17 00:00:00 2001
+From: Mickey Sola <ms...@sourcefire.com>
+Date: Wed, 29 Mar 2017 14:55:26 -0400
+Subject: [PATCH] fixing potential OOB window write when unpacking chm files
+
+---
+ libclamav/libmspack-0.5alpha/mspack/lzxd.c | 11 +++++++++--
+ libclamav/libmspack.c | 6 +++++-
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/libclamav/libmspack-0.5alpha/mspack/lzxd.c
b/libclamav/libmspack-0.5alpha/mspack/lzxd.c
+index 2281e7b9d..45105a583 100644
+--- a/mspack/lzxd.c
++++ b/mspack/lzxd.c
+@@ -766,8 +766,13 @@ int lzxd_decompress(struct lzxd_stream *lzx, off_t
out_bytes) {
+ case LZX_BLOCKTYPE_UNCOMPRESSED:
+ /* as this_run is limited not to wrap a frame, this also means it
+ * won't wrap the window (as the window is a multiple of 32k) */
++ if (window_posn + this_run > lzx->window_size) {
++ D(("match ran over window boundary"))
++ return lzx->error = MSPACK_ERR_DECRUNCH;
++ }
+ rundest = &window[window_posn];
+ window_posn += this_run;
++
+ while (this_run > 0) {
+ if ((i = i_end - i_ptr) == 0) {
+ READ_IF_NEEDED;
+@@ -888,8 +893,10 @@ void lzxd_free(struct lzxd_stream *lzx) {
+ struct mspack_system *sys;
+ if (lzx) {
+ sys = lzx->sys;
+- sys->free(lzx->inbuf);
+- sys->free(lzx->window);
++ if(lzx->inbuf)
++ sys->free(lzx->inbuf);
++ if(lzx->window)
++ sys->free(lzx->window);
+ sys->free(lzx);
+ }
+ }
diff --git a/dev-libs/libmspack/libmspack-0.5_alpha-r1.ebuild
b/dev-libs/libmspack/libmspack-0.5_alpha-r1.ebuild
new file mode 100644
index 00000000000..f8c7bd3ce1d
--- /dev/null
+++ b/dev-libs/libmspack/libmspack-0.5_alpha-r1.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils multilib-minimal
+
+MY_PV="${PV/_alpha/alpha}"
+MY_P="${PN}-${MY_PV}"
+
+DESCRIPTION="A library for Microsoft compression formats"
+HOMEPAGE="https://www.cabextract.org.uk/libmspack/";
+SRC_URI="https://www.cabextract.org.uk/libmspack/libmspack-${MY_PV}.tar.gz";
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug doc static-libs"
+
+DEPEND=""
+RDEPEND=""
+
+PATCHES=(
+ "${FILESDIR}/${P}-CVE-2017-6419.patch"
+)
+
+S="${WORKDIR}/${MY_P}"
+
+multilib_src_configure() {
+ ECONF_SOURCE="${S}" econf \
+ $(use_enable debug) \
+ $(use_enable static-libs static)
+}
+
+multilib_src_test() {
+ if multilib_is_native_abi; then
+ default
+ cd "${S}"/test && "${BUILD_DIR}"/test/cabd_test || die
+ fi
+}
+
+multilib_src_install_all() {
+ DOCS=(AUTHORS ChangeLog NEWS README TODO)
+ prune_libtool_files --all
+ use doc && HTML_DOCS=(doc/*)
+ default_src_install
+ if use doc; then
+ rm "${ED}"/usr/share/doc/"${PF}"/html/{Makefile*,Doxyfile*} ||
die
+ fi
+}
