diff options
| author | Michael Forney <mforney@mforney.org> | 2019-06-15 18:15:50 -0700 |
|---|---|---|
| committer | Michael Forney <mforney@mforney.org> | 2019-06-15 18:20:20 -0700 |
| commit | 52b1cb8097da659fc1fd84cb4d2e6868d8abee10 (patch) | |
| tree | 46926a253eaac1a683f437fde6421acdef9e5151 /pkg/unzip/patch | |
| parent | ce9ba02aa51a3c0b1cfbb91b056e6075c8ded619 (diff) | |
unzip: Update to 6.0-23 patches from Debian
Diffstat (limited to 'pkg/unzip/patch')
21 files changed, 332 insertions, 78 deletions
diff --git a/pkg/unzip/patch/0001-Drop-L-suffix-from-man-page-sections.patch b/pkg/unzip/patch/0001-In-Debian-manpages-are-in-section-1-not-in-section-1.patch index 27d1f048..1a0acad5 100644 --- a/pkg/unzip/patch/0001-Drop-L-suffix-from-man-page-sections.patch +++ b/pkg/unzip/patch/0001-In-Debian-manpages-are-in-section-1-not-in-section-1.patch @@ -1,10 +1,8 @@ -From 099364ef5cdd7801c9744815ef5ec75f5f267222 Mon Sep 17 00:00:00 2001 +From 85238f823da4858625f482c696f48e460ba27625 Mon Sep 17 00:00:00 2001 From: Santiago Vila <sanvila@debian.org> -Date: Thu, 16 Jun 2016 22:39:42 -0700 -Subject: [PATCH] Drop L suffix from man page sections +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] In Debian, manpages are in section 1, not in section 1L -From 01-manpages-in-section-1-not-in-section-1l in -unzip_6.0-16+deb8u2.debian.tar.xz. --- man/funzip.1 | 8 ++++---- man/unzip.1 | 24 ++++++++++++------------ @@ -315,5 +313,5 @@ index 428e4b9..22d1fa2 100644 .\" ========================================================================= .SH URL -- -2.8.1 +2.20.1 diff --git a/pkg/unzip/patch/0002-Branding-patch-UnZip-by-Debian.-Original-by-Info-ZIP.patch b/pkg/unzip/patch/0002-Branding-patch-UnZip-by-Debian.-Original-by-Info-ZIP.patch new file mode 100644 index 00000000..d3c285ad --- /dev/null +++ b/pkg/unzip/patch/0002-Branding-patch-UnZip-by-Debian.-Original-by-Info-ZIP.patch @@ -0,0 +1,26 @@ +From 2561e7b7057dcca65b1ff2d5d2e12b4a1ba254fe Mon Sep 17 00:00:00 2001 +From: Santiago Vila <sanvila@debian.org> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] "Branding patch": UnZip by Debian. Original by Info-ZIP. + +--- + unzip.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/unzip.c b/unzip.c +index 8dbfc95..1abaccb 100644 +--- a/unzip.c ++++ b/unzip.c +@@ -570,8 +570,7 @@ Send bug reports using //www.info-zip.org/zip-bug.html; see README for details.\ + #else /* !VMS */ + # ifdef COPYRIGHT_CLEAN + static ZCONST char Far UnzipUsageLine1[] = "\ +-UnZip %d.%d%d%s of %s, by Info-ZIP. Maintained by C. Spieler. Send\n\ +-bug reports using http://www.info-zip.org/zip-bug.html; see README for details.\ ++UnZip %d.%d%d%s of %s, by Debian. Original by Info-ZIP.\ + \n\n"; + # else + static ZCONST char Far UnzipUsageLine1[] = "\ +-- +2.20.1 + diff --git a/pkg/unzip/patch/0003-include-unistd.h-for-kFreeBSD.patch b/pkg/unzip/patch/0003-include-unistd.h-for-kFreeBSD.patch new file mode 100644 index 00000000..f511f7f1 --- /dev/null +++ b/pkg/unzip/patch/0003-include-unistd.h-for-kFreeBSD.patch @@ -0,0 +1,24 @@ +From d27f3482cf46603d05d46bbc290ce6bb0f7ff210 Mon Sep 17 00:00:00 2001 +From: Aurelien Jarno <aurel32@debian.org> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] #include <unistd.h> for kFreeBSD + +--- + unix/unxcfg.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/unix/unxcfg.h b/unix/unxcfg.h +index e39b283..c98c3b9 100644 +--- a/unix/unxcfg.h ++++ b/unix/unxcfg.h +@@ -52,6 +52,7 @@ + + #include <sys/types.h> /* off_t, time_t, dev_t, ... */ + #include <sys/stat.h> ++#include <unistd.h> + + #ifdef NO_OFF_T + typedef long zoff_t; +-- +2.20.1 + diff --git a/pkg/unzip/patch/0002-Handle-the-PKWare-verification-bit-of-internal-attri.patch b/pkg/unzip/patch/0004-Handle-the-PKWare-verification-bit-of-internal-attri.patch index f7d9caab..60ce4cda 100644 --- a/pkg/unzip/patch/0002-Handle-the-PKWare-verification-bit-of-internal-attri.patch +++ b/pkg/unzip/patch/0004-Handle-the-PKWare-verification-bit-of-internal-attri.patch @@ -1,10 +1,8 @@ -From 4a125f29b8d313456ad91ab6694d84db7d1685da Mon Sep 17 00:00:00 2001 -From: Steven Schweda <sms@antinode.info> -Date: Thu, 16 Jun 2016 22:41:39 -0700 +From af50c278c5b2c57a76771825a80ca3ff9d315acd Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 Subject: [PATCH] Handle the PKWare verification bit of internal attributes -From 04-handle-pkware-verification-bit in -unzip_6.0-16+deb8u2.debian.tar.xz. --- process.c | 7 +++++++ 1 file changed, 7 insertions(+) @@ -28,5 +26,5 @@ index 1e9a1e1..ed314e1 100644 if (IS_VOLID(G.crec.external_file_attributes) && (G.pInfo->hostnum == FS_FAT_ || G.pInfo->hostnum == FS_HPFS_ || -- -2.8.1 +2.20.1 diff --git a/pkg/unzip/patch/0003-Restore-uid-and-gid-information-when-requested.patch b/pkg/unzip/patch/0005-Restore-uid-and-gid-information-when-requested.patch index ce3b3f0b..9c61573c 100644 --- a/pkg/unzip/patch/0003-Restore-uid-and-gid-information-when-requested.patch +++ b/pkg/unzip/patch/0005-Restore-uid-and-gid-information-when-requested.patch @@ -1,9 +1,8 @@ -From a32a7b300ba2a8df9468a2c029c3a8d20971e823 Mon Sep 17 00:00:00 2001 -From: Steven Schweda <sms@antinode.info> -Date: Thu, 16 Jun 2016 22:41:43 -0700 +From 8e82b2116b190c9dd4ef2b56e1282ca2c6e30b62 Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 Subject: [PATCH] Restore uid and gid information when requested -From 05-fix-uid-gid-handling in unzip_6.0-16+deb8u2.debian.tar.xz. --- process.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) @@ -35,5 +34,5 @@ index ed314e1..df58d28 100644 flags |= EB_UX2_VALID; /* signal success */ } -- -2.8.1 +2.20.1 diff --git a/pkg/unzip/patch/0004-Initialize-the-symlink-flag.patch b/pkg/unzip/patch/0006-Initialize-the-symlink-flag.patch index d8f4d38d..64bbf515 100644 --- a/pkg/unzip/patch/0004-Initialize-the-symlink-flag.patch +++ b/pkg/unzip/patch/0006-Initialize-the-symlink-flag.patch @@ -1,10 +1,8 @@ -From 6e7edd8d5093795a96a80e36b7c019de3f637cc8 Mon Sep 17 00:00:00 2001 +From d160eb934654c2a52ef7f8273a7f651fd6178b7d Mon Sep 17 00:00:00 2001 From: Andreas Schwab <schwab@linux-m68k.org> -Date: Thu, 16 Jun 2016 22:41:53 -0700 +Date: Sat, 15 Jun 2019 18:13:11 -0700 Subject: [PATCH] Initialize the symlink flag -From 06-initialize-the-symlink-flag in -unzip_6.0-16+deb8u2.debian.tar.xz. --- process.c | 6 ++++++ 1 file changed, 6 insertions(+) @@ -27,5 +25,5 @@ index df58d28..3228bde 100644 } /* end function process_cdir_file_hdr() */ -- -2.8.1 +2.20.1 diff --git a/pkg/unzip/patch/0005-Increase-size-of-cfactorstr-array-to-avoid-buffer-ov.patch b/pkg/unzip/patch/0007-Increase-size-of-cfactorstr-array-to-avoid-buffer-ov.patch index e58bbdd5..e7b44ceb 100644 --- a/pkg/unzip/patch/0005-Increase-size-of-cfactorstr-array-to-avoid-buffer-ov.patch +++ b/pkg/unzip/patch/0007-Increase-size-of-cfactorstr-array-to-avoid-buffer-ov.patch @@ -1,10 +1,8 @@ -From 638801fa4a9ffb16839d6dd42e70afc3e989e510 Mon Sep 17 00:00:00 2001 -From: Steven Schweda <sms@antinode.info> -Date: Thu, 16 Jun 2016 22:41:56 -0700 +From 5ba63850818457aa3147ab40adc376ff7dc0f1c9 Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 Subject: [PATCH] Increase size of cfactorstr array to avoid buffer overflow -From 07-increase-size-of-cfactorstr in -unzip_6.0-16+deb8u2.debian.tar.xz. --- list.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -23,5 +21,5 @@ index 15e0011..5de41e5 100644 #endif int date_format; -- -2.8.1 +2.20.1 diff --git a/pkg/unzip/patch/0006-zipinfo.c-Do-not-crash-when-hostver-byte-is-100.patch b/pkg/unzip/patch/0008-zipinfo.c-Do-not-crash-when-hostver-byte-is-100.patch index f7ea35fa..f0333885 100644 --- a/pkg/unzip/patch/0006-zipinfo.c-Do-not-crash-when-hostver-byte-is-100.patch +++ b/pkg/unzip/patch/0008-zipinfo.c-Do-not-crash-when-hostver-byte-is-100.patch @@ -1,10 +1,8 @@ -From 0a3f8770bbe8fbd71a62a806a3fe9681a9e14c9e Mon Sep 17 00:00:00 2001 +From 4d3698e4c587e5071ebedaa12daa8e86e2fcffc2 Mon Sep 17 00:00:00 2001 From: Santiago Vila <sanvila@debian.org> -Date: Thu, 16 Jun 2016 22:42:02 -0700 +Date: Sat, 15 Jun 2019 18:13:11 -0700 Subject: [PATCH] zipinfo.c: Do not crash when hostver byte is >= 100 -From 08-allow-greater-hostver-values in -unzip_6.0-16+deb8u2.debian.tar.xz. --- zipinfo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -23,5 +21,5 @@ index a92bca9..5e77018 100644 } /* end switch (hostnum: external attributes format) */ -- -2.8.1 +2.20.1 diff --git a/pkg/unzip/patch/0007-Fix-CVE-2014-8139-CRC32-verification-heap-based-over.patch b/pkg/unzip/patch/0009-Fix-CVE-2014-8139-CRC32-verification-heap-based-over.patch index cbf42c2e..b89a0db2 100644 --- a/pkg/unzip/patch/0007-Fix-CVE-2014-8139-CRC32-verification-heap-based-over.patch +++ b/pkg/unzip/patch/0009-Fix-CVE-2014-8139-CRC32-verification-heap-based-over.patch @@ -1,9 +1,8 @@ -From 52cb9b4a9bfc63f0fce3ffe41cf7a61cb3bb625a Mon Sep 17 00:00:00 2001 -From: Steven Schweda <sms@antinode.info> -Date: Thu, 16 Jun 2016 22:42:06 -0700 +From 9decdbe830f233fad7428df99e0c2d34887ac3cf Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 Subject: [PATCH] Fix CVE-2014-8139: CRC32 verification heap-based overflow -From 09-cve-2014-8139-crc-overflow in unzip_6.0-16+deb8u2.debian.tar.xz. --- extract.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) @@ -60,5 +59,5 @@ index 1acd769..df0fa1c 100644 case EF_PKW32: case EF_PKUNIX: -- -2.8.1 +2.20.1 diff --git a/pkg/unzip/patch/0008-Fix-CVE-2014-8140-out-of-bounds-write-issue-in-test_.patch b/pkg/unzip/patch/0010-Fix-CVE-2014-8140-out-of-bounds-write-issue-in-test_.patch index b60fc149..d6273d89 100644 --- a/pkg/unzip/patch/0008-Fix-CVE-2014-8140-out-of-bounds-write-issue-in-test_.patch +++ b/pkg/unzip/patch/0010-Fix-CVE-2014-8140-out-of-bounds-write-issue-in-test_.patch @@ -1,11 +1,9 @@ -From 74f5aaa429f14d8888504127921e9da6554425af Mon Sep 17 00:00:00 2001 -From: Steven Schweda <sms@antinode.info> -Date: Thu, 16 Jun 2016 22:42:11 -0700 +From a8ce86155076505d0d6e3d8a3e44c26bb89d9524 Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 Subject: [PATCH] Fix CVE-2014-8140: out-of-bounds write issue in test_compr_eb() -From 10-cve-2014-8140-test-compr-eb in -unzip_6.0-16+deb8u2.debian.tar.xz. --- extract.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) @@ -36,5 +34,5 @@ index df0fa1c..ec31e60 100644 if ( #ifdef INT_16BIT -- -2.8.1 +2.20.1 diff --git a/pkg/unzip/patch/0009-Fix-CVE-2014-8141-out-of-bounds-read-issues-in-getZi.patch b/pkg/unzip/patch/0011-Fix-CVE-2014-8141-out-of-bounds-read-issues-in-getZi.patch index b34ae1a8..b7904783 100644 --- a/pkg/unzip/patch/0009-Fix-CVE-2014-8141-out-of-bounds-read-issues-in-getZi.patch +++ b/pkg/unzip/patch/0011-Fix-CVE-2014-8141-out-of-bounds-read-issues-in-getZi.patch @@ -1,13 +1,12 @@ -From 2fbede051e0344ac5fcc6e6bcb865d4cb8a45f21 Mon Sep 17 00:00:00 2001 -From: Steven Schweda <sms@antinode.info> -Date: Thu, 16 Jun 2016 22:42:14 -0700 +From 0bec3de89a03c7c998b755ff6091ab1e0f6c43b7 Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 Subject: [PATCH] Fix CVE-2014-8141: out-of-bounds read issues in getZip64Data() -From 11-cve-2014-8141-getzip64data in unzip_6.0-16+deb8u2.debian.tar.xz. --- - fileio.c | 9 ++++++++- - process.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++---------------- + fileio.c | 9 +++++++- + process.c | 68 +++++++++++++++++++++++++++++++++++++++++-------------- 2 files changed, 59 insertions(+), 18 deletions(-) diff --git a/fileio.c b/fileio.c @@ -148,5 +147,5 @@ index 3228bde..df683ea 100644 ef_len -= (eb_len + EB_HEADSIZE); } -- -2.8.1 +2.20.1 diff --git a/pkg/unzip/patch/0010-Info-ZIP-UnZip-buffer-overflow.patch b/pkg/unzip/patch/0012-Info-ZIP-UnZip-buffer-overflow.patch index edd9706f..2bd9a41e 100644 --- a/pkg/unzip/patch/0010-Info-ZIP-UnZip-buffer-overflow.patch +++ b/pkg/unzip/patch/0012-Info-ZIP-UnZip-buffer-overflow.patch @@ -1,16 +1,22 @@ -From fb09687478043d64dc433bd034d063f33f718084 Mon Sep 17 00:00:00 2001 +From 14342a8a5ddafa76a8aa9800da078d415f50af71 Mon Sep 17 00:00:00 2001 From: mancha <mancha1@zoho.com> -Date: Thu, 16 Jun 2016 22:42:17 -0700 +Date: Wed, 11 Feb 2015 12:27:06 +0000 Subject: [PATCH] Info-ZIP UnZip buffer overflow -From 12-cve-2014-9636-test-compr-eb in -unzip_6.0-16+deb8u2.debian.tar.xz. +By carefully crafting a corrupt ZIP archive with "extra fields" that +purport to have compressed blocks larger than the corresponding +uncompressed blocks in STORED no-compression mode, an attacker can +trigger a heap overflow that can result in application crash or +possibly have other unspecified impact. + +This patch ensures that when extra fields use STORED mode, the +"compressed" and uncompressed block sizes match. --- - extract.c | 9 +++++++++ - 1 file changed, 9 insertions(+) + extract.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) diff --git a/extract.c b/extract.c -index ec31e60..d816603 100644 +index ec31e60..f951b9f 100644 --- a/extract.c +++ b/extract.c @@ -2228,6 +2228,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) @@ -21,21 +27,22 @@ index ec31e60..d816603 100644 if (compr_offset < 4) /* field is not compressed: */ return PK_OK; /* do nothing and signal OK */ -@@ -2244,6 +2245,14 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) +@@ -2244,6 +2245,15 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) return IZ_EF_TRUNC; /* no/bad compressed data! */ -+ /* 2014-11-03 Michal Zalewski, SMS. ++ /* 2015-02-10 Mancha(?), Michal Zalewski, Tomas Hoger, SMS. + * For STORE method, compressed and uncompressed sizes must agree. + * http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450 + */ + eb_compr_method = makeword( eb + (EB_HEADSIZE + compr_offset)); -+ if ((eb_compr_method == STORED) && (eb_size - compr_offset != eb_ucsize)) ++ if ((eb_compr_method == STORED) && ++ (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize)) + return PK_ERR; + if ( #ifdef INT_16BIT (((ulg)(extent)eb_ucsize) != eb_ucsize) || -- -2.8.1 +2.20.1 diff --git a/pkg/unzip/patch/0013-Remove-build-date.patch b/pkg/unzip/patch/0013-Remove-build-date.patch new file mode 100644 index 00000000..48fe5e33 --- /dev/null +++ b/pkg/unzip/patch/0013-Remove-build-date.patch @@ -0,0 +1,25 @@ +From f6fa609c9074df6df59023e032f5397c44b40e8d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Bobbio?= <lunar@debian.org> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Remove build date + +--- + unix/unix.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/unix/unix.c b/unix/unix.c +index efa97fc..816e3da 100644 +--- a/unix/unix.c ++++ b/unix/unix.c +@@ -1705,7 +1705,7 @@ void version(__G) + #endif /* Sun */ + #endif /* SGI */ + +-#ifdef __DATE__ ++#if 0 + " on ", __DATE__ + #else + "", "" +-- +2.20.1 + diff --git a/pkg/unzip/patch/0011-Upstream-fix-for-heap-overflow.patch b/pkg/unzip/patch/0014-Upstream-fix-for-heap-overflow.patch index 52681e0b..f4fabc0c 100644 --- a/pkg/unzip/patch/0011-Upstream-fix-for-heap-overflow.patch +++ b/pkg/unzip/patch/0014-Upstream-fix-for-heap-overflow.patch @@ -1,9 +1,8 @@ -From 0fbf62b364615cd0566c0803fff8b0dae4118402 Mon Sep 17 00:00:00 2001 +From d97748a061a3beb8bdf4d5d0a2458086951960ff Mon Sep 17 00:00:00 2001 From: Petr Stodulka <pstodulk@redhat.com> -Date: Thu, 16 Jun 2016 22:42:25 -0700 +Date: Mon, 14 Sep 2015 18:23:17 +0200 Subject: [PATCH] Upstream fix for heap overflow -From 14-cve-2015-7696 in unzip_6.0-16+deb8u2.debian.tar.xz. --- crypt.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) @@ -32,5 +31,5 @@ index 784e411..a8975f2 100644 Trace((stdout, " (%02x)", h[n])); } -- -2.8.1 +2.20.1 diff --git a/pkg/unzip/patch/0012-fix-infinite-loop-when-extracting-empty-bzip2-data.patch b/pkg/unzip/patch/0015-fix-infinite-loop-when-extracting-empty-bzip2-data.patch index 7e15d681..b238bf56 100644 --- a/pkg/unzip/patch/0012-fix-infinite-loop-when-extracting-empty-bzip2-data.patch +++ b/pkg/unzip/patch/0015-fix-infinite-loop-when-extracting-empty-bzip2-data.patch @@ -1,18 +1,17 @@ -From b2833dbb4beddd027f46d1bea62cdac40ec3b343 Mon Sep 17 00:00:00 2001 +From e646271050da793fe50fe829b465c4e692fb7d53 Mon Sep 17 00:00:00 2001 From: Kamil Dudka <kdudka@redhat.com> -Date: Thu, 16 Jun 2016 22:42:29 -0700 +Date: Mon, 14 Sep 2015 18:24:56 +0200 Subject: [PATCH] fix infinite loop when extracting empty bzip2 data -From 15-cve-2015-7697 in unzip_6.0-16+deb8u2.debian.tar.xz. --- extract.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/extract.c b/extract.c -index d816603..ad8b3f7 100644 +index f951b9f..188f1cf 100644 --- a/extract.c +++ b/extract.c -@@ -2728,6 +2728,12 @@ __GDEF +@@ -2729,6 +2729,12 @@ __GDEF int repeated_buf_err; bz_stream bstrm; @@ -26,5 +25,5 @@ index d816603..ad8b3f7 100644 if (G.redirect_slide) wsize = G.redirect_size, redirSlide = G.redirect_buffer; -- -2.8.1 +2.20.1 diff --git a/pkg/unzip/patch/0013-extract-prevent-unsigned-overflow-on-invalid-input.patch b/pkg/unzip/patch/0016-extract-prevent-unsigned-overflow-on-invalid-input.patch index 9f816a7a..6af90219 100644 --- a/pkg/unzip/patch/0013-extract-prevent-unsigned-overflow-on-invalid-input.patch +++ b/pkg/unzip/patch/0016-extract-prevent-unsigned-overflow-on-invalid-input.patch @@ -1,16 +1,15 @@ -From 91f3ce1672778ebb41317c2cad4b0a75cf3d002f Mon Sep 17 00:00:00 2001 +From c2b00ce1582efdb781355dfa7b161b5393cfa56f Mon Sep 17 00:00:00 2001 From: Kamil Dudka <kdudka@redhat.com> -Date: Thu, 16 Jun 2016 22:42:33 -0700 +Date: Tue, 22 Sep 2015 18:52:23 +0200 Subject: [PATCH] extract: prevent unsigned overflow on invalid input -From 16-fix-integer-underflow-csiz-decrypted in -unzip_6.0-16+deb8u2.debian.tar.xz. +Suggested-by: Stefan Cornelius --- extract.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/extract.c b/extract.c -index ad8b3f7..3ec8813 100644 +index 188f1cf..549a5eb 100644 --- a/extract.c +++ b/extract.c @@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk, @@ -33,5 +32,5 @@ index ad8b3f7..3ec8813 100644 Info(slide, 0x401, ((char *)slide, LoadFarStringSmall2(WrnStorUCSizCSizDiff), -- -2.8.1 +2.20.1 diff --git a/pkg/unzip/patch/0017-Do-not-ignore-extra-fields-containing-Unix-Timestamp.patch b/pkg/unzip/patch/0017-Do-not-ignore-extra-fields-containing-Unix-Timestamp.patch new file mode 100644 index 00000000..9e7f9e95 --- /dev/null +++ b/pkg/unzip/patch/0017-Do-not-ignore-extra-fields-containing-Unix-Timestamp.patch @@ -0,0 +1,50 @@ +From 528161b86e74c3afbe640c70761e6734119bea1c Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Do not ignore extra fields containing Unix Timestamps + +--- + process.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/process.c b/process.c +index df683ea..e4f2405 100644 +--- a/process.c ++++ b/process.c +@@ -2914,10 +2914,13 @@ unsigned ef_scan_for_izux(ef_buf, ef_len, ef_is_c, dos_mdatetime, + break; + + case EF_IZUNIX2: +- if (have_new_type_eb == 0) { +- flags &= ~0x0ff; /* ignore any previous IZUNIX field */ ++ if (have_new_type_eb == 0) { /* (< 1) */ + have_new_type_eb = 1; + } ++ if (have_new_type_eb <= 1) { ++ /* Ignore any prior (EF_IZUNIX/EF_PKUNIX) UID/GID. */ ++ flags &= 0x0ff; ++ } + #ifdef IZ_HAVE_UXUIDGID + if (have_new_type_eb > 1) + break; /* IZUNIX3 overrides IZUNIX2 e.f. block ! */ +@@ -2933,6 +2936,8 @@ unsigned ef_scan_for_izux(ef_buf, ef_len, ef_is_c, dos_mdatetime, + /* new 3rd generation Unix ef */ + have_new_type_eb = 2; + ++ /* Ignore any prior EF_IZUNIX/EF_PKUNIX/EF_IZUNIX2 UID/GID. */ ++ flags &= 0x0ff; + /* + Version 1 byte version of this extra field, currently 1 + UIDSize 1 byte Size of UID field +@@ -2953,8 +2958,6 @@ unsigned ef_scan_for_izux(ef_buf, ef_len, ef_is_c, dos_mdatetime, + uid_size = *((EB_HEADSIZE + 1) + ef_buf); + gid_size = *((EB_HEADSIZE + uid_size + 2) + ef_buf); + +- flags &= ~0x0ff; /* ignore any previous UNIX field */ +- + if ( read_ux3_value((EB_HEADSIZE + 2) + ef_buf, + uid_size, &z_uidgid[0]) + && +-- +2.20.1 + diff --git a/pkg/unzip/patch/0018-Fix-CVE-2014-9913-buffer-overflow-in-unzip.patch b/pkg/unzip/patch/0018-Fix-CVE-2014-9913-buffer-overflow-in-unzip.patch new file mode 100644 index 00000000..bef0a359 --- /dev/null +++ b/pkg/unzip/patch/0018-Fix-CVE-2014-9913-buffer-overflow-in-unzip.patch @@ -0,0 +1,36 @@ +From 27b0cd89656d39266da7dcab7eb1812dcfc34192 Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Fix CVE-2014-9913, buffer overflow in unzip + +--- + list.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/list.c b/list.c +index 5de41e5..e488109 100644 +--- a/list.c ++++ b/list.c +@@ -339,7 +339,18 @@ int list_files(__G) /* return PK-type error code */ + G.crec.compression_method == ENHDEFLATED) { + methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; + } else if (methnum >= NUM_METHODS) { +- sprintf(&methbuf[4], "%03u", G.crec.compression_method); ++ /* 2013-02-26 SMS. ++ * http://sourceforge.net/p/infozip/bugs/27/ CVE-2014-9913. ++ * Unexpectedly large compression methods overflow ++ * &methbuf[]. Use the old, three-digit decimal format ++ * for values which fit. Otherwise, sacrifice the ++ * colon, and use four-digit hexadecimal. ++ */ ++ if (G.crec.compression_method <= 999) { ++ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method); ++ } else { ++ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method); ++ } + } + + #if 0 /* GRR/Euro: add this? */ +-- +2.20.1 + diff --git a/pkg/unzip/patch/0019-Fix-CVE-2016-9844-buffer-overflow-in-zipinfo.patch b/pkg/unzip/patch/0019-Fix-CVE-2016-9844-buffer-overflow-in-zipinfo.patch new file mode 100644 index 00000000..55919183 --- /dev/null +++ b/pkg/unzip/patch/0019-Fix-CVE-2016-9844-buffer-overflow-in-zipinfo.patch @@ -0,0 +1,36 @@ +From 7e0435546230ecebe3bfe1ac27eb0186c702c509 Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Fix CVE-2016-9844, buffer overflow in zipinfo + +--- + zipinfo.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/zipinfo.c b/zipinfo.c +index 5e77018..0be3e5b 100644 +--- a/zipinfo.c ++++ b/zipinfo.c +@@ -1921,7 +1921,18 @@ static int zi_short(__G) /* return PK-type error code */ + ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3); + methbuf[3] = dtype[dnum]; + } else if (methnum >= NUM_METHODS) { /* unknown */ +- sprintf(&methbuf[1], "%03u", G.crec.compression_method); ++ /* 2016-12-05 SMS. ++ * https://launchpad.net/bugs/1643750 ++ * Unexpectedly large compression methods overflow ++ * &methbuf[]. Use the old, three-digit decimal format ++ * for values which fit. Otherwise, sacrifice the "u", ++ * and use four-digit hexadecimal. ++ */ ++ if (G.crec.compression_method <= 999) { ++ sprintf( &methbuf[ 1], "%03u", G.crec.compression_method); ++ } else { ++ sprintf( &methbuf[ 0], "%04X", G.crec.compression_method); ++ } + } + + for (k = 0; k < 15; ++k) +-- +2.20.1 + diff --git a/pkg/unzip/patch/0020-Fix-buffer-overflow-in-password-protected-zip-archiv.patch b/pkg/unzip/patch/0020-Fix-buffer-overflow-in-password-protected-zip-archiv.patch new file mode 100644 index 00000000..f327ba98 --- /dev/null +++ b/pkg/unzip/patch/0020-Fix-buffer-overflow-in-password-protected-zip-archiv.patch @@ -0,0 +1,44 @@ +From d8d3475850d883e90d79086293279149d42658fd Mon Sep 17 00:00:00 2001 +From: Karol Babioch <kbabioch@suse.com> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Fix buffer overflow in password protected zip archives + +--- + fileio.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/fileio.c b/fileio.c +index 36bfea3..7c21ed0 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -1582,6 +1582,10 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn) + int r = IZ_PW_ENTERED; + char *m; + char *prompt; ++ char *zfnf; ++ char *efnf; ++ size_t zfnfl; ++ int isOverflow; + + #ifndef REENTRANT + /* tell picky compilers to shut up about "unused variable" warnings */ +@@ -1590,7 +1594,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn) + + if (*rcnt == 0) { /* First call for current entry */ + *rcnt = 2; +- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { ++ zfnf = FnFilter1(zfn); ++ efnf = FnFilter2(efn); ++ zfnfl = strlen(zfnf); ++ isOverflow = TRUE; ++ if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf)) ++ { ++ isOverflow = FALSE; ++ } ++ if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) { + sprintf(prompt, LoadFarString(PasswPrompt), + FnFilter1(zfn), FnFilter2(efn)); + m = prompt; +-- +2.20.1 + diff --git a/pkg/unzip/patch/0021-Fix-lame-code-in-fileio.c.patch b/pkg/unzip/patch/0021-Fix-lame-code-in-fileio.c.patch new file mode 100644 index 00000000..07af8f07 --- /dev/null +++ b/pkg/unzip/patch/0021-Fix-lame-code-in-fileio.c.patch @@ -0,0 +1,24 @@ +From 365c0c559506ce300793fe469394ca748dd81b50 Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Fix lame code in fileio.c + +--- + fileio.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fileio.c b/fileio.c +index 7c21ed0..c10ff63 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -2477,6 +2477,7 @@ zusz_t makeint64(sig) + */ + return (((zusz_t)sig[7]) << 56) + + (((zusz_t)sig[6]) << 48) ++ + (((zusz_t)sig[5]) << 40) + + (((zusz_t)sig[4]) << 32) + + (zusz_t)((((ulg)sig[3]) << 24) + + (((ulg)sig[2]) << 16) +-- +2.20.1 + |