From 14570ef165563eab60f2eefbf2f56ea669d30194df627e69a7c2f2c3edc2b2f4 Mon Sep 17 00:00:00 2001 From: Kristyna Streitova Date: Mon, 10 Jul 2017 08:34:29 +0000 Subject: [PATCH] Accepting request 508580 from home:NicoK:branches:Archiving apply newer version of Fix-CVE-2014-8139-unzip.patch that fixes jar file testing, taken from Fedora OBS-URL: https://build.opensuse.org/request/show/508580 OBS-URL: https://build.opensuse.org/package/show/Archiving/unzip?expand=0&rev=43 --- Fix-CVE-2014-8139-unzip.patch | 82 +++++++++++++++++++++-------------- unzip-rcc.changes | 14 ++++++ unzip-rcc.spec | 3 +- unzip.changes | 14 ++++++ unzip.spec | 3 +- 5 files changed, 82 insertions(+), 34 deletions(-) diff --git a/Fix-CVE-2014-8139-unzip.patch b/Fix-CVE-2014-8139-unzip.patch index 40c611c..6770559 100644 --- a/Fix-CVE-2014-8139-unzip.patch +++ b/Fix-CVE-2014-8139-unzip.patch @@ -1,15 +1,5 @@ -From 916cf1e7907f9d660bd160eb9a84f6e1cab3af5a Mon Sep 17 00:00:00 2001 -From: Thorsten Behrens -Date: Sat, 20 Dec 2014 00:24:54 +0100 -Subject: [PATCH 1/2] Fix CVE-2014-8139 unzip - -Fix heap overflow condition in the CRC32 verification. ---- - extract.c | 17 +++++++++++++++-- - 1 file changed, 15 insertions(+), 2 deletions(-) - diff --git a/extract.c b/extract.c -index 9582da5..78f637e 100644 +index 9ef80b3..c741b5f 100644 --- a/extract.c +++ b/extract.c @@ -1,5 +1,5 @@ @@ -23,12 +13,12 @@ index 9582da5..78f637e 100644 #ifndef SFX static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; -+ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \ ++ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \ + EF block length (%u bytes) invalid (< %d)\n"; static ZCONST char Far InvalidComprDataEAs[] = " invalid compressed data for EAs\n"; # if (defined(WIN32) && defined(NTSD_EAS)) -@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_len) +@@ -2020,7 +2022,8 @@ static int TestExtraField(__G__ ef, ef_len) ebID = makeword(ef); ebLen = (unsigned)makeword(ef+EB_LEN); @@ -38,23 +28,51 @@ index 9582da5..78f637e 100644 /* Discovered some extra field inconsistency! */ if (uO.qflag) Info(slide, 1, ((char *)slide, "%-22s ", -@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_len) - ebLen, (ef_len - EB_HEADSIZE))); - return PK_ERR; - } -+ else if (ebLen < EB_HEADSIZE) -+ { -+ /* Extra block length smaller than header length. */ -+ if (uO.qflag) -+ Info(slide, 1, ((char *)slide, "%-22s ", -+ FnFilter1(G.filename))); -+ Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength), -+ ebLen, EB_HEADSIZE)); -+ return PK_ERR; -+ } +@@ -2155,11 +2158,29 @@ static int TestExtraField(__G__ ef, ef_len) + } + break; + case EF_PKVMS: +- if (makelong(ef+EB_HEADSIZE) != +- crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4), +- (extent)(ebLen-4))) +- Info(slide, 1, ((char *)slide, +- LoadFarString(BadCRC_EAs))); ++ /* 2015-01-30 SMS. Added sufficient-bytes test/message ++ * here. (Removed defective ebLen test above.) ++ * ++ * If sufficient bytes (EB_PKVMS_MINLEN) are available, ++ * then compare the stored CRC value with the calculated ++ * CRC for the remainder of the data (and complain about ++ * a mismatch). ++ */ ++ if (ebLen < EB_PKVMS_MINLEN) ++ { ++ /* Insufficient bytes available. */ ++ Info( slide, 1, ++ ((char *)slide, LoadFarString( TooSmallEBlength), ++ ebLen, EB_PKVMS_MINLEN)); ++ } ++ else if (makelong(ef+ EB_HEADSIZE) != ++ crc32(CRCVAL_INITIAL, ++ (ef+ EB_HEADSIZE+ EB_PKVMS_MINLEN), ++ (extent)(ebLen- EB_PKVMS_MINLEN))) ++ { ++ Info(slide, 1, ((char *)slide, ++ LoadFarString(BadCRC_EAs))); ++ } + break; + case EF_PKW32: + case EF_PKUNIX: +diff --git a/unzpriv.h b/unzpriv.h +index 005cee0..5c83a6e 100644 +--- a/unzpriv.h ++++ b/unzpriv.h +@@ -1806,6 +1806,8 @@ + #define EB_NTSD_VERSION 4 /* offset of NTSD version byte */ + #define EB_NTSD_MAX_VER (0) /* maximum version # we know how to handle */ + ++#define EB_PKVMS_MINLEN 4 /* minimum data length of PKVMS extra block */ ++ + #define EB_ASI_CRC32 0 /* offset of ASI Unix field's crc32 checksum */ + #define EB_ASI_MODE 4 /* offset of ASI Unix permission mode field */ - switch (ebID) { - case EF_OS2: --- -1.8.4.5 - diff --git a/unzip-rcc.changes b/unzip-rcc.changes index 55b07a3..7257ea0 100644 --- a/unzip-rcc.changes +++ b/unzip-rcc.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Thu Jul 6 13:25:44 UTC 2017 - nico.kruber@gmail.com + +- Updated Fix-CVE-2014-8139-unzip.patch: the original patch was + causing errors testing valid jar files: + $ unzip -t foo.jar + Archive: foo.jar + testing: META-INF/ bad extra-field entry: + EF block length (0 bytes) invalid (< 4) + testing: META-INF/MANIFEST.MF OK + testing: foo OK + (see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139 + where the updated patch was taken from) + ------------------------------------------------------------------- Wed Feb 15 08:31:05 UTC 2017 - josef.moellers@suse.com diff --git a/unzip-rcc.spec b/unzip-rcc.spec index 0d9fa17..ee64cb8 100644 --- a/unzip-rcc.spec +++ b/unzip-rcc.spec @@ -1,7 +1,7 @@ # # spec file for package unzip-rcc # -# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -50,6 +50,7 @@ Patch10: unzip-5.52-use_librcc.patch Patch11: unzip-no-build-date.patch Patch12: unzip-dont_call_isprint.patch Patch13: Fix-CVE-2014-8139-unzip.patch +# http://pkgs.fedoraproject.org/cgit/rpms/unzip.git/plain/unzip-6.0-cve-2014-8139.patch Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch Patch15: CVE-2015-7696.patch Patch16: CVE-2015-7697.patch diff --git a/unzip.changes b/unzip.changes index 55b07a3..7257ea0 100644 --- a/unzip.changes +++ b/unzip.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Thu Jul 6 13:25:44 UTC 2017 - nico.kruber@gmail.com + +- Updated Fix-CVE-2014-8139-unzip.patch: the original patch was + causing errors testing valid jar files: + $ unzip -t foo.jar + Archive: foo.jar + testing: META-INF/ bad extra-field entry: + EF block length (0 bytes) invalid (< 4) + testing: META-INF/MANIFEST.MF OK + testing: foo OK + (see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139 + where the updated patch was taken from) + ------------------------------------------------------------------- Wed Feb 15 08:31:05 UTC 2017 - josef.moellers@suse.com diff --git a/unzip.spec b/unzip.spec index e3e442f..fe374cc 100644 --- a/unzip.spec +++ b/unzip.spec @@ -1,7 +1,7 @@ # # spec file for package unzip # -# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -50,6 +50,7 @@ Patch10: unzip-5.52-use_librcc.patch Patch11: unzip-no-build-date.patch Patch12: unzip-dont_call_isprint.patch Patch13: Fix-CVE-2014-8139-unzip.patch +# http://pkgs.fedoraproject.org/cgit/rpms/unzip.git/plain/unzip-6.0-cve-2014-8139.patch Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch Patch15: CVE-2015-7696.patch Patch16: CVE-2015-7697.patch