forked from pool/unzip
Accepting request 509110 from Archiving
1 OBS-URL: https://build.opensuse.org/request/show/509110 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/unzip?expand=0&rev=40
This commit is contained in:
commit
8d768afbc5
@ -1,15 +1,5 @@
|
||||
From 916cf1e7907f9d660bd160eb9a84f6e1cab3af5a Mon Sep 17 00:00:00 2001
|
||||
From: Thorsten Behrens <tbehrens@suse.com>
|
||||
Date: Sat, 20 Dec 2014 00:24:54 +0100
|
||||
Subject: [PATCH 1/2] Fix CVE-2014-8139 unzip
|
||||
|
||||
Fix heap overflow condition in the CRC32 verification.
|
||||
---
|
||||
extract.c | 17 +++++++++++++++--
|
||||
1 file changed, 15 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/extract.c b/extract.c
|
||||
index 9582da5..78f637e 100644
|
||||
index 9ef80b3..c741b5f 100644
|
||||
--- a/extract.c
|
||||
+++ b/extract.c
|
||||
@@ -1,5 +1,5 @@
|
||||
@ -23,12 +13,12 @@ index 9582da5..78f637e 100644
|
||||
#ifndef SFX
|
||||
static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
|
||||
EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
|
||||
+ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
|
||||
+ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \
|
||||
+ EF block length (%u bytes) invalid (< %d)\n";
|
||||
static ZCONST char Far InvalidComprDataEAs[] =
|
||||
" invalid compressed data for EAs\n";
|
||||
# if (defined(WIN32) && defined(NTSD_EAS))
|
||||
@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_len)
|
||||
@@ -2020,7 +2022,8 @@ static int TestExtraField(__G__ ef, ef_len)
|
||||
ebID = makeword(ef);
|
||||
ebLen = (unsigned)makeword(ef+EB_LEN);
|
||||
|
||||
@ -38,23 +28,51 @@ index 9582da5..78f637e 100644
|
||||
/* Discovered some extra field inconsistency! */
|
||||
if (uO.qflag)
|
||||
Info(slide, 1, ((char *)slide, "%-22s ",
|
||||
@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_len)
|
||||
ebLen, (ef_len - EB_HEADSIZE)));
|
||||
return PK_ERR;
|
||||
@@ -2155,11 +2158,29 @@ static int TestExtraField(__G__ ef, ef_len)
|
||||
}
|
||||
+ else if (ebLen < EB_HEADSIZE)
|
||||
break;
|
||||
case EF_PKVMS:
|
||||
- if (makelong(ef+EB_HEADSIZE) !=
|
||||
- crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4),
|
||||
- (extent)(ebLen-4)))
|
||||
- Info(slide, 1, ((char *)slide,
|
||||
- LoadFarString(BadCRC_EAs)));
|
||||
+ /* 2015-01-30 SMS. Added sufficient-bytes test/message
|
||||
+ * here. (Removed defective ebLen test above.)
|
||||
+ *
|
||||
+ * If sufficient bytes (EB_PKVMS_MINLEN) are available,
|
||||
+ * then compare the stored CRC value with the calculated
|
||||
+ * CRC for the remainder of the data (and complain about
|
||||
+ * a mismatch).
|
||||
+ */
|
||||
+ if (ebLen < EB_PKVMS_MINLEN)
|
||||
+ {
|
||||
+ /* Extra block length smaller than header length. */
|
||||
+ if (uO.qflag)
|
||||
+ Info(slide, 1, ((char *)slide, "%-22s ",
|
||||
+ FnFilter1(G.filename)));
|
||||
+ Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
|
||||
+ ebLen, EB_HEADSIZE));
|
||||
+ return PK_ERR;
|
||||
+ /* Insufficient bytes available. */
|
||||
+ Info( slide, 1,
|
||||
+ ((char *)slide, LoadFarString( TooSmallEBlength),
|
||||
+ ebLen, EB_PKVMS_MINLEN));
|
||||
+ }
|
||||
+ else if (makelong(ef+ EB_HEADSIZE) !=
|
||||
+ crc32(CRCVAL_INITIAL,
|
||||
+ (ef+ EB_HEADSIZE+ EB_PKVMS_MINLEN),
|
||||
+ (extent)(ebLen- EB_PKVMS_MINLEN)))
|
||||
+ {
|
||||
+ Info(slide, 1, ((char *)slide,
|
||||
+ LoadFarString(BadCRC_EAs)));
|
||||
+ }
|
||||
break;
|
||||
case EF_PKW32:
|
||||
case EF_PKUNIX:
|
||||
diff --git a/unzpriv.h b/unzpriv.h
|
||||
index 005cee0..5c83a6e 100644
|
||||
--- a/unzpriv.h
|
||||
+++ b/unzpriv.h
|
||||
@@ -1806,6 +1806,8 @@
|
||||
#define EB_NTSD_VERSION 4 /* offset of NTSD version byte */
|
||||
#define EB_NTSD_MAX_VER (0) /* maximum version # we know how to handle */
|
||||
|
||||
switch (ebID) {
|
||||
case EF_OS2:
|
||||
--
|
||||
1.8.4.5
|
||||
+#define EB_PKVMS_MINLEN 4 /* minimum data length of PKVMS extra block */
|
||||
+
|
||||
#define EB_ASI_CRC32 0 /* offset of ASI Unix field's crc32 checksum */
|
||||
#define EB_ASI_MODE 4 /* offset of ASI Unix permission mode field */
|
||||
|
||||
|
@ -1,3 +1,17 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 6 13:25:44 UTC 2017 - nico.kruber@gmail.com
|
||||
|
||||
- Updated Fix-CVE-2014-8139-unzip.patch: the original patch was
|
||||
causing errors testing valid jar files:
|
||||
$ unzip -t foo.jar
|
||||
Archive: foo.jar
|
||||
testing: META-INF/ bad extra-field entry:
|
||||
EF block length (0 bytes) invalid (< 4)
|
||||
testing: META-INF/MANIFEST.MF OK
|
||||
testing: foo OK
|
||||
(see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139
|
||||
where the updated patch was taken from)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 15 08:31:05 UTC 2017 - josef.moellers@suse.com
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package unzip-rcc
|
||||
#
|
||||
# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -50,6 +50,7 @@ Patch10: unzip-5.52-use_librcc.patch
|
||||
Patch11: unzip-no-build-date.patch
|
||||
Patch12: unzip-dont_call_isprint.patch
|
||||
Patch13: Fix-CVE-2014-8139-unzip.patch
|
||||
# http://pkgs.fedoraproject.org/cgit/rpms/unzip.git/plain/unzip-6.0-cve-2014-8139.patch
|
||||
Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch
|
||||
Patch15: CVE-2015-7696.patch
|
||||
Patch16: CVE-2015-7697.patch
|
||||
|
@ -1,3 +1,17 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 6 13:25:44 UTC 2017 - nico.kruber@gmail.com
|
||||
|
||||
- Updated Fix-CVE-2014-8139-unzip.patch: the original patch was
|
||||
causing errors testing valid jar files:
|
||||
$ unzip -t foo.jar
|
||||
Archive: foo.jar
|
||||
testing: META-INF/ bad extra-field entry:
|
||||
EF block length (0 bytes) invalid (< 4)
|
||||
testing: META-INF/MANIFEST.MF OK
|
||||
testing: foo OK
|
||||
(see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139
|
||||
where the updated patch was taken from)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 15 08:31:05 UTC 2017 - josef.moellers@suse.com
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package unzip
|
||||
#
|
||||
# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -50,6 +50,7 @@ Patch10: unzip-5.52-use_librcc.patch
|
||||
Patch11: unzip-no-build-date.patch
|
||||
Patch12: unzip-dont_call_isprint.patch
|
||||
Patch13: Fix-CVE-2014-8139-unzip.patch
|
||||
# http://pkgs.fedoraproject.org/cgit/rpms/unzip.git/plain/unzip-6.0-cve-2014-8139.patch
|
||||
Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch
|
||||
Patch15: CVE-2015-7696.patch
|
||||
Patch16: CVE-2015-7697.patch
|
||||
|
Loading…
Reference in New Issue
Block a user