Accepting request 457352 from home:jmoellers:branches:Archiving

OBS-URL: https://build.opensuse.org/request/show/457352
OBS-URL: https://build.opensuse.org/package/show/Archiving/unzip?expand=0&rev=39
This commit is contained in:
Ismail Dönmez 2017-02-15 08:59:36 +00:00 committed by Git OBS Bridge
parent 35014b5bbc
commit 3a6d849f81
7 changed files with 92 additions and 3 deletions

24
CVE-2014-9913.patch Normal file
View File

@ -0,0 +1,24 @@
Index: unzip60/list.c
===================================================================
--- unzip60.orig/list.c
+++ unzip60/list.c
@@ -339,7 +339,18 @@ int list_files(__G) /* return PK-type
G.crec.compression_method == ENHDEFLATED) {
methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
} else if (methnum >= NUM_METHODS) {
- sprintf(&methbuf[4], "%03u", G.crec.compression_method);
+ /* 2013-02-26 SMS.
+ * http://sourceforge.net/p/infozip/bugs/27/ CVE-2014-9913.
+ * Unexpectedly large compression methods overflow
+ * &methbuf[]. Use the old, three-digit decimal format
+ * for values which fit. Otherwise, sacrifice the
+ * colon, and use four-digit hexadecimal.
+ */
+ if (G.crec.compression_method <= 999) {
+ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method);
+ } else {
+ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method);
+ }
}
#if 0 /* GRR/Euro: add this? */

View File

@ -26,3 +26,16 @@ Index: unzip60/extract.c
#if (defined(DLL) && !defined(NO_SLIDE_REDIR)) #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
if (G.redirect_slide) if (G.redirect_slide)
wsize = G.redirect_size, redirSlide = G.redirect_buffer; wsize = G.redirect_size, redirSlide = G.redirect_buffer;
Index: unzip60/zipinfo.c
===================================================================
--- unzip60.orig/zipinfo.c
+++ unzip60/zipinfo.c
@@ -1888,7 +1888,7 @@ static int zi_short(__G) /* return PK-
int k, error, error_in_archive=PK_COOL;
unsigned hostnum, hostver, methid, methnum, xattr;
char *p, workspace[12], attribs[16];
- char methbuf[5];
+ char methbuf[1+5+1]; /* large enough to hold 1 character + an unsigned short + NUL */
static ZCONST char dtype[5]="NXFS"; /* normal, maximum, fast, superfast */
static ZCONST char Far os[NUM_HOSTS+1][4] = {
"fat", "ami", "vms", "unx", "cms", "atr", "hpf", "mac", "zzz",

24
CVE-2016-9844.patch Normal file
View File

@ -0,0 +1,24 @@
Index: unzip60/zipinfo.c
===================================================================
--- unzip60.orig/zipinfo.c
+++ unzip60/zipinfo.c
@@ -1927,7 +1927,18 @@ static int zi_short(__G) /* return PK-
ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3);
methbuf[3] = dtype[dnum];
} else if (methnum >= NUM_METHODS) { /* unknown */
- sprintf(&methbuf[1], "%03u", G.crec.compression_method);
+ /* 2016-12-05 SMS.
+ * https://launchpad.net/bugs/1643750 CVE-2016-9844.
+ * Unexpectedly large compression methods overflow
+ * &methbuf[]. Use the old, three-digit decimal format
+ * for values which fit. Otherwise, sacrifice the "u",
+ * and use four-digit hexadecimal.
+ */
+ if (G.crec.compression_method <= 999) {
+ sprintf( &methbuf[ 1], "%03u", G.crec.compression_method);
+ } else {
+ sprintf( &methbuf[ 0], "%04X", G.crec.compression_method);
+ }
}
for (k = 0; k < 15; ++k)

View File

@ -1,5 +1,15 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Oct 12 07:24:12 UTC 2016 - josef.moellers@suse.com Wed Feb 15 08:31:05 UTC 2017 - josef.moellers@suse.com
- Fixed two potential buffer overflows.
The patches were extracted from
http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and
http://antinode.info/ftp/info-zip/unzip60/list.c
(bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913,
CVE-2016-9844.patch, CVE-2014-9913)
-------------------------------------------------------------------
Wed Oct 12 07:23:03 UTC 2016 - josef.moellers@suse.com
- When decrypting an encrypted file, - When decrypting an encrypted file,
quit early if compressed size < HEAD_LEN. quit early if compressed size < HEAD_LEN.

View File

@ -1,7 +1,7 @@
# #
# spec file for package unzip-rcc # spec file for package unzip-rcc
# #
# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -53,6 +53,8 @@ Patch13: Fix-CVE-2014-8139-unzip.patch
Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch
Patch15: CVE-2015-7696.patch Patch15: CVE-2015-7696.patch
Patch16: CVE-2015-7697.patch Patch16: CVE-2015-7697.patch
Patch17: CVE-2016-9844.patch
Patch18: CVE-2014-9913.patch
Requires(post): update-alternatives Requires(post): update-alternatives
Requires(preun): update-alternatives Requires(preun): update-alternatives
Recommends: %{_name}-doc Recommends: %{_name}-doc
@ -93,6 +95,8 @@ functionality. This version can also extract encrypted archives.
%patch14 -p1 %patch14 -p1
%patch15 -p1 %patch15 -p1
%patch16 -p1 %patch16 -p1
%patch17 -p1
%patch18 -p1
%build %build
export RPM_OPT_FLAGS="%{optflags} \ export RPM_OPT_FLAGS="%{optflags} \

View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Wed Feb 15 08:31:05 UTC 2017 - josef.moellers@suse.com
- Fixed two potential buffer overflows.
The patches were extracted from
http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and
http://antinode.info/ftp/info-zip/unzip60/list.c
(bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913,
CVE-2016-9844.patch, CVE-2014-9913)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Oct 12 07:23:03 UTC 2016 - josef.moellers@suse.com Wed Oct 12 07:23:03 UTC 2016 - josef.moellers@suse.com

View File

@ -1,7 +1,7 @@
# #
# spec file for package unzip # spec file for package unzip
# #
# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -53,6 +53,8 @@ Patch13: Fix-CVE-2014-8139-unzip.patch
Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch
Patch15: CVE-2015-7696.patch Patch15: CVE-2015-7696.patch
Patch16: CVE-2015-7697.patch Patch16: CVE-2015-7697.patch
Patch17: CVE-2016-9844.patch
Patch18: CVE-2014-9913.patch
Requires(post): update-alternatives Requires(post): update-alternatives
Requires(preun): update-alternatives Requires(preun): update-alternatives
Recommends: %{_name}-doc Recommends: %{_name}-doc
@ -93,6 +95,8 @@ functionality. This version can also extract encrypted archives.
%patch14 -p1 %patch14 -p1
%patch15 -p1 %patch15 -p1
%patch16 -p1 %patch16 -p1
%patch17 -p1
%patch18 -p1
%build %build
export RPM_OPT_FLAGS="%{optflags} \ export RPM_OPT_FLAGS="%{optflags} \