3 files changed, 67 insertions, 4 deletions

diff --git a/sys-freebsd/freebsd-ubin/ChangeLog b/sys-freebsd/freebsd-ubin/ChangeLog
index 3587d7eff7fd..e4eecb30c872 100644
--- a/sys-freebsd/freebsd-ubin/ChangeLog
+++ b/sys-freebsd/freebsd-ubin/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-freebsd/freebsd-ubin
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-ubin/ChangeLog,v 1.76 2012/03/30 15:49:52 aballier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-ubin/ChangeLog,v 1.77 2012/04/02 10:22:58 naota Exp $
+
+*freebsd-ubin-8.2-r1 (02 Apr 2012)
+
+  02 Apr 2012; Naohiro Aota <naota@gentoo.org>
+  +files/freebsd-ubin-8.2-compress.patch, +freebsd-ubin-8.2-r1.ebuild,
+  -freebsd-ubin-8.2.ebuild:
+  Add patch to fix CVE-2011-2895. #408887
 
   30 Mar 2012; Alexis Ballier <aballier@gentoo.org>
   -freebsd-ubin-9.0_rc1.ebuild, -freebsd-ubin-9.0_rc2.ebuild,
diff --git a/sys-freebsd/freebsd-ubin/files/freebsd-ubin-8.2-compress.patch b/sys-freebsd/freebsd-ubin/files/freebsd-ubin-8.2-compress.patch
new file mode 100644
index 000000000000..5bd1d5524c31
--- /dev/null
+++ b/sys-freebsd/freebsd-ubin/files/freebsd-ubin-8.2-compress.patch
@@ -0,0 +1,55 @@
+Index: usr.bin/compress/zopen.c
+===================================================================
+--- usr.bin/compress/zopen.c	(revision 225020)
++++ usr.bin/compress/zopen.c	(working copy)
+@@ -486,7 +486,7 @@ zread(void *cookie, char *rbp, int num)
+ 	block_compress = maxbits & BLOCK_MASK;
+ 	maxbits &= BIT_MASK;
+ 	maxmaxcode = 1L << maxbits;
+-	if (maxbits > BITS) {
++	if (maxbits > BITS || maxbits < 12) {
+ 		errno = EFTYPE;
+ 		return (-1);
+ 	}
+@@ -513,17 +513,28 @@ zread(void *cookie, char *rbp, int num)
+ 			for (code = 255; code >= 0; code--)
+ 				tab_prefixof(code) = 0;
+ 			clear_flg = 1;
+-			free_ent = FIRST - 1;
+-			if ((code = getcode(zs)) == -1)	/* O, untimely death! */
+-				break;
++			free_ent = FIRST;
++			oldcode = -1;
++			continue;
+ 		}
+ 		incode = code;
+ 
+-		/* Special case for KwKwK string. */
++		/* Special case for kWkWk string. */
+ 		if (code >= free_ent) {
++			if (code > free_ent || oldcode == -1) {
++				/* Bad stream. */
++				errno = EINVAL;
++				return (-1);
++			}
+ 			*stackp++ = finchar;
+ 			code = oldcode;
+ 		}
++		/*
++		 * The above condition ensures that code < free_ent.
++		 * The construction of tab_prefixof in turn guarantees that
++		 * each iteration decreases code and therefore stack usage is
++		 * bound by 1 << BITS - 256.
++		 */
+ 
+ 		/* Generate output characters in reverse order. */
+ 		while (code >= 256) {
+@@ -540,7 +551,7 @@ middle:		do {
+ 		} while (stackp > de_stack);
+ 
+ 		/* Generate the new entry. */
+-		if ((code = free_ent) < maxmaxcode) {
++		if ((code = free_ent) < maxmaxcode && oldcode != -1) {
+ 			tab_prefixof(code) = (u_short) oldcode;
+ 			tab_suffixof(code) = finchar;
+ 			free_ent = code + 1;
diff --git a/sys-freebsd/freebsd-ubin/freebsd-ubin-8.2.ebuild b/sys-freebsd/freebsd-ubin/freebsd-ubin-8.2-r1.ebuild
index 6da997cf5ce8..9a5874db1903 100644
--- a/sys-freebsd/freebsd-ubin/freebsd-ubin-8.2.ebuild
+++ b/sys-freebsd/freebsd-ubin/freebsd-ubin-8.2-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2011 Gentoo Foundation
+# Copyright 1999-2012 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-ubin/freebsd-ubin-8.2.ebuild,v 1.3 2011/08/13 03:05:39 the_paya Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-ubin/freebsd-ubin-8.2-r1.ebuild,v 1.1 2012/04/02 10:22:58 naota Exp $
 
 EAPI=2
 
@@ -47,7 +47,8 @@ PATCHES=( "${FILESDIR}/${PN}-6.0-bsdcmp.patch"
 	"${FILESDIR}/${PN}-lint-stdarg.patch"
 	"${FILESDIR}/${PN}-6.0-kdump-ioctl.patch"
 	"${FILESDIR}/${PN}-8.0-xinstall.patch"
-	"${FILESDIR}/${PN}-8.0-bsdar.patch" )
+	"${FILESDIR}/${PN}-8.0-bsdar.patch"
+	"${FILESDIR}/${P}-compress.patch" )
 
 # Here we remove some sources we don't need because they are already
 # provided by portage's packages or similar. In order: