diff options
| author | Michael Forney <mforney@mforney.org> | 2016-12-11 16:04:20 -0800 |
|---|---|---|
| committer | Michael Forney <mforney@mforney.org> | 2016-12-13 23:10:30 -0800 |
| commit | 293f5a93b77d92fd65db7f3d0df654f102e46cfb (patch) | |
| tree | 6ecd1170e3dd793862dd852814dc1b4cd5e44260 /pkg/unzip/patch/0013-extract-prevent-unsigned-overflow-on-invalid-input.patch | |
| parent | 9a506a6834df01a26795cea222b410f206efa9fa (diff) | |
Move to flat package hierarchy
Note to self: never try to move submodules again
To migrate your existing submodules (more or less):
set -x
set -e
mkdir .git/modules/pkg
for old in */*/src ; do
new="pkg/${old#*/}"
if ! [ -f "$old/.git" ] || [ "${old%%/*}" = pkg ] ; then
continue
fi
git -C ".git/modules/$old" config core.worktree "../../../../../$new"
rmdir "$new"
mv "$old" "$new"
sed -e "s,$old,$new," "$new/.git" > "$new/.git.tmp"
mv "$new/.git.tmp" "$new/.git"
mkdir ".git/modules/${new%/src}"
mv ".git/modules/$old" ".git/modules/$new"
rm "${old%/src}"/*.ninja
mv "${old%/src}"/*.tar.{gz,xz,bz2} "${new%/src}/"
rmdir "${old%/src}" || true
done
sed -e 's,^\[submodule "[^/]*/,[submodule "pkg/,' .git/config > .git/config.tmp
mv .git/config.tmp .git/config
Diffstat (limited to 'pkg/unzip/patch/0013-extract-prevent-unsigned-overflow-on-invalid-input.patch')
| -rw-r--r-- | pkg/unzip/patch/0013-extract-prevent-unsigned-overflow-on-invalid-input.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/pkg/unzip/patch/0013-extract-prevent-unsigned-overflow-on-invalid-input.patch b/pkg/unzip/patch/0013-extract-prevent-unsigned-overflow-on-invalid-input.patch new file mode 100644 index 00000000..9f816a7a --- /dev/null +++ b/pkg/unzip/patch/0013-extract-prevent-unsigned-overflow-on-invalid-input.patch @@ -0,0 +1,37 @@ +From 91f3ce1672778ebb41317c2cad4b0a75cf3d002f Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Thu, 16 Jun 2016 22:42:33 -0700 +Subject: [PATCH] extract: prevent unsigned overflow on invalid input + +From 16-fix-integer-underflow-csiz-decrypted in +unzip_6.0-16+deb8u2.debian.tar.xz. +--- + extract.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/extract.c b/extract.c +index ad8b3f7..3ec8813 100644 +--- a/extract.c ++++ b/extract.c +@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk, + if (G.lrec.compression_method == STORED) { + zusz_t csiz_decrypted = G.lrec.csize; + +- if (G.pInfo->encrypted) ++ if (G.pInfo->encrypted) { ++ if (csiz_decrypted < 12) { ++ /* handle the error now to prevent unsigned overflow */ ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarStringSmall(ErrUnzipNoFile), ++ LoadFarString(InvalidComprData), ++ LoadFarStringSmall2(Inflate))); ++ return PK_ERR; ++ } + csiz_decrypted -= 12; ++ } + if (G.lrec.ucsize != csiz_decrypted) { + Info(slide, 0x401, ((char *)slide, + LoadFarStringSmall2(WrnStorUCSizCSizDiff), +-- +2.8.1 + |