r15961 - in packages/trunk/libphysfs/debian: . patches

Patrick Matthäi pmatthaei at moszumanska.debian.org
Mon Apr 3 17:47:59 UTC 2017 

Author: pmatthaei
Date: 2017-04-03 17:47:58 +0000 (Mon, 03 Apr 2017)
New Revision: 15961

Added:
   packages/trunk/libphysfs/debian/patches/02-zip-seek.diff
Modified:
   packages/trunk/libphysfs/debian/changelog
   packages/trunk/libphysfs/debian/patches/series
Log:
*  Add patch 02-zip-seek to fix a buffer overflow in physfs with zlib version
   >= 1.2.11.


Modified: packages/trunk/libphysfs/debian/changelog
===================================================================
--- packages/trunk/libphysfs/debian/changelog	2017-03-15 18:48:55 UTC (rev 15960)
+++ packages/trunk/libphysfs/debian/changelog	2017-04-03 17:47:58 UTC (rev 15961)
@@ -1,3 +1,10 @@
+libphysfs (2.0.3-5) UNRELEASED; urgency=low
+
+  * Add patch 02-zip-seek to fix a buffer overflow in physfs with zlib version
+    >= 1.2.11.
+
+ -- Patrick Matthäi <pmatthaei at debian.org>  Mon, 03 Apr 2017 19:40:29 +0200
+
 libphysfs (2.0.3-4) unstable; urgency=medium
 
   * Enable full hardening.

Added: packages/trunk/libphysfs/debian/patches/02-zip-seek.diff
===================================================================
--- packages/trunk/libphysfs/debian/patches/02-zip-seek.diff	                        (rev 0)
+++ packages/trunk/libphysfs/debian/patches/02-zip-seek.diff	2017-04-03 17:47:58 UTC (rev 15961)
@@ -0,0 +1,19 @@
+# Fix buffer overflow in physfs if you use zlib >= 1.2.11.
+#
+# zlib link: https://github.com/madler/zlib/issues/206
+# Upstream report: http://icculus.org/pipermail/physfs/2017-January/001215.html
+# Author and patch founder: http://manaplus.org/physfs_bugs
+
+diff -r 34ebe997c5c0 archivers/zip.c
+--- a/archivers/zip.c	Fri Jan 01 12:53:41 2016 -0500
++++ b/archivers/zip.c	Wed Jan 25 20:56:26 2017 +0300
+@@ -327,7 +327,8 @@
+                 return(0);
+ 
+             inflateEnd(&finfo->stream);
+-            memcpy(&finfo->stream, &str, sizeof (z_stream));
++            inflateCopy(&finfo->stream, &str);
++            inflateEnd(&str);
+             finfo->uncompressed_position = finfo->compressed_position = 0;
+         } /* if */
+ 

Modified: packages/trunk/libphysfs/debian/patches/series
===================================================================
--- packages/trunk/libphysfs/debian/patches/series	2017-03-15 18:48:55 UTC (rev 15960)
+++ packages/trunk/libphysfs/debian/patches/series	2017-04-03 17:47:58 UTC (rev 15961)
@@ -1 +1,2 @@
 01-do-not-link-against-curses.diff
+02-zip-seek.diff

More information about the Pkg-games-commits mailing list