forked from pool/unzip
Accepting request 457358 from Archiving
OBS-URL: https://build.opensuse.org/request/show/457358 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/unzip?expand=0&rev=39
This commit is contained in:
commit
c5aba5b98c
24
CVE-2014-9913.patch
Normal file
24
CVE-2014-9913.patch
Normal file
@ -0,0 +1,24 @@
|
||||
Index: unzip60/list.c
|
||||
===================================================================
|
||||
--- unzip60.orig/list.c
|
||||
+++ unzip60/list.c
|
||||
@@ -339,7 +339,18 @@ int list_files(__G) /* return PK-type
|
||||
G.crec.compression_method == ENHDEFLATED) {
|
||||
methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
|
||||
} else if (methnum >= NUM_METHODS) {
|
||||
- sprintf(&methbuf[4], "%03u", G.crec.compression_method);
|
||||
+ /* 2013-02-26 SMS.
|
||||
+ * http://sourceforge.net/p/infozip/bugs/27/ CVE-2014-9913.
|
||||
+ * Unexpectedly large compression methods overflow
|
||||
+ * &methbuf[]. Use the old, three-digit decimal format
|
||||
+ * for values which fit. Otherwise, sacrifice the
|
||||
+ * colon, and use four-digit hexadecimal.
|
||||
+ */
|
||||
+ if (G.crec.compression_method <= 999) {
|
||||
+ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method);
|
||||
+ } else {
|
||||
+ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method);
|
||||
+ }
|
||||
}
|
||||
|
||||
#if 0 /* GRR/Euro: add this? */
|
@ -26,3 +26,16 @@ Index: unzip60/extract.c
|
||||
#if (defined(DLL) && !defined(NO_SLIDE_REDIR))
|
||||
if (G.redirect_slide)
|
||||
wsize = G.redirect_size, redirSlide = G.redirect_buffer;
|
||||
Index: unzip60/zipinfo.c
|
||||
===================================================================
|
||||
--- unzip60.orig/zipinfo.c
|
||||
+++ unzip60/zipinfo.c
|
||||
@@ -1888,7 +1888,7 @@ static int zi_short(__G) /* return PK-
|
||||
int k, error, error_in_archive=PK_COOL;
|
||||
unsigned hostnum, hostver, methid, methnum, xattr;
|
||||
char *p, workspace[12], attribs[16];
|
||||
- char methbuf[5];
|
||||
+ char methbuf[1+5+1]; /* large enough to hold 1 character + an unsigned short + NUL */
|
||||
static ZCONST char dtype[5]="NXFS"; /* normal, maximum, fast, superfast */
|
||||
static ZCONST char Far os[NUM_HOSTS+1][4] = {
|
||||
"fat", "ami", "vms", "unx", "cms", "atr", "hpf", "mac", "zzz",
|
||||
|
24
CVE-2016-9844.patch
Normal file
24
CVE-2016-9844.patch
Normal file
@ -0,0 +1,24 @@
|
||||
Index: unzip60/zipinfo.c
|
||||
===================================================================
|
||||
--- unzip60.orig/zipinfo.c
|
||||
+++ unzip60/zipinfo.c
|
||||
@@ -1927,7 +1927,18 @@ static int zi_short(__G) /* return PK-
|
||||
ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3);
|
||||
methbuf[3] = dtype[dnum];
|
||||
} else if (methnum >= NUM_METHODS) { /* unknown */
|
||||
- sprintf(&methbuf[1], "%03u", G.crec.compression_method);
|
||||
+ /* 2016-12-05 SMS.
|
||||
+ * https://launchpad.net/bugs/1643750 CVE-2016-9844.
|
||||
+ * Unexpectedly large compression methods overflow
|
||||
+ * &methbuf[]. Use the old, three-digit decimal format
|
||||
+ * for values which fit. Otherwise, sacrifice the "u",
|
||||
+ * and use four-digit hexadecimal.
|
||||
+ */
|
||||
+ if (G.crec.compression_method <= 999) {
|
||||
+ sprintf( &methbuf[ 1], "%03u", G.crec.compression_method);
|
||||
+ } else {
|
||||
+ sprintf( &methbuf[ 0], "%04X", G.crec.compression_method);
|
||||
+ }
|
||||
}
|
||||
|
||||
for (k = 0; k < 15; ++k)
|
@ -1,5 +1,15 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 12 07:24:12 UTC 2016 - josef.moellers@suse.com
|
||||
Wed Feb 15 08:31:05 UTC 2017 - josef.moellers@suse.com
|
||||
|
||||
- Fixed two potential buffer overflows.
|
||||
The patches were extracted from
|
||||
http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and
|
||||
http://antinode.info/ftp/info-zip/unzip60/list.c
|
||||
(bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913,
|
||||
CVE-2016-9844.patch, CVE-2014-9913.patch)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 12 07:23:03 UTC 2016 - josef.moellers@suse.com
|
||||
|
||||
- When decrypting an encrypted file,
|
||||
quit early if compressed size < HEAD_LEN.
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package unzip-rcc
|
||||
#
|
||||
# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -53,6 +53,8 @@ Patch13: Fix-CVE-2014-8139-unzip.patch
|
||||
Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch
|
||||
Patch15: CVE-2015-7696.patch
|
||||
Patch16: CVE-2015-7697.patch
|
||||
Patch17: CVE-2016-9844.patch
|
||||
Patch18: CVE-2014-9913.patch
|
||||
Requires(post): update-alternatives
|
||||
Requires(preun): update-alternatives
|
||||
Recommends: %{_name}-doc
|
||||
@ -93,6 +95,8 @@ functionality. This version can also extract encrypted archives.
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
|
||||
%build
|
||||
export RPM_OPT_FLAGS="%{optflags} \
|
||||
|
@ -1,3 +1,13 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 15 08:31:05 UTC 2017 - josef.moellers@suse.com
|
||||
|
||||
- Fixed two potential buffer overflows.
|
||||
The patches were extracted from
|
||||
http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and
|
||||
http://antinode.info/ftp/info-zip/unzip60/list.c
|
||||
(bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913,
|
||||
CVE-2016-9844.patch, CVE-2014-9913.patch)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 12 07:23:03 UTC 2016 - josef.moellers@suse.com
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package unzip
|
||||
#
|
||||
# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -53,6 +53,8 @@ Patch13: Fix-CVE-2014-8139-unzip.patch
|
||||
Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch
|
||||
Patch15: CVE-2015-7696.patch
|
||||
Patch16: CVE-2015-7697.patch
|
||||
Patch17: CVE-2016-9844.patch
|
||||
Patch18: CVE-2014-9913.patch
|
||||
Requires(post): update-alternatives
|
||||
Requires(preun): update-alternatives
|
||||
Recommends: %{_name}-doc
|
||||
@ -93,6 +95,8 @@ functionality. This version can also extract encrypted archives.
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
|
||||
%build
|
||||
export RPM_OPT_FLAGS="%{optflags} \
|
||||
|
Loading…
Reference in New Issue
Block a user