[arch-commits] Commit in unzip/repos/extra-x86_64 (18 files)
Jelle van der Waa
jelle at archlinux.org
Fri Apr 24 13:12:53 UTC 2020
Date: Friday, April 24, 2020 @ 13:12:53
Author: jelle
Revision: 381491
archrelease: copy trunk to extra-x86_64
Added:
unzip/repos/extra-x86_64/PKGBUILD
(from rev 381490, unzip/trunk/PKGBUILD)
unzip/repos/extra-x86_64/crc32.patch
(from rev 381490, unzip/trunk/crc32.patch)
unzip/repos/extra-x86_64/csiz-underflow.patch
(from rev 381490, unzip/trunk/csiz-underflow.patch)
unzip/repos/extra-x86_64/cve20149636.patch
(from rev 381490, unzip/trunk/cve20149636.patch)
unzip/repos/extra-x86_64/empty-input.patch
(from rev 381490, unzip/trunk/empty-input.patch)
unzip/repos/extra-x86_64/getZip64Data.patch
(from rev 381490, unzip/trunk/getZip64Data.patch)
unzip/repos/extra-x86_64/nextbyte-overflow.patch
(from rev 381490, unzip/trunk/nextbyte-overflow.patch)
unzip/repos/extra-x86_64/overflow-fsize.patch
(from rev 381490, unzip/trunk/overflow-fsize.patch)
unzip/repos/extra-x86_64/test_compr_eb.patch
(from rev 381490, unzip/trunk/test_compr_eb.patch)
Deleted:
unzip/repos/extra-x86_64/PKGBUILD
unzip/repos/extra-x86_64/crc32.patch
unzip/repos/extra-x86_64/csiz-underflow.patch
unzip/repos/extra-x86_64/cve20149636.patch
unzip/repos/extra-x86_64/empty-input.patch
unzip/repos/extra-x86_64/getZip64Data.patch
unzip/repos/extra-x86_64/nextbyte-overflow.patch
unzip/repos/extra-x86_64/overflow-fsize.patch
unzip/repos/extra-x86_64/test_compr_eb.patch
-------------------------+
PKGBUILD | 130 +++++++++++-----------
crc32.patch | 90 +++++++--------
csiz-underflow.patch | 64 +++++------
cve20149636.patch | 50 ++++----
empty-input.patch | 52 ++++----
getZip64Data.patch | 266 +++++++++++++++++++++++-----------------------
nextbyte-overflow.patch | 66 +++++------
overflow-fsize.patch | 68 +++++------
test_compr_eb.patch | 46 +++----
9 files changed, 416 insertions(+), 416 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2020-04-24 13:12:35 UTC (rev 381490)
+++ PKGBUILD 2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,65 +0,0 @@
-# Maintainer: Lukas Fleischer <lfleischer at archlinux.org>
-# Contributor: Gaetan Bisson <bisson at archlinux.org>
-# Contributor: Douglas Soares de Andrade <douglas at archlinux.org>
-# Contributor: Robson Peixoto
-
-pkgname=unzip
-pkgver=6.0
-_pkgver=${pkgver/./}
-pkgrel=13
-pkgdesc='For extracting and viewing files in .zip archives'
-url='http://www.info-zip.org/UnZip.html'
-arch=('x86_64')
-license=('custom')
-depends=('bzip2' 'bash')
-source=("http://downloads.sourceforge.net/infozip/${pkgname}${_pkgver}.tar.gz"
- 'overflow-fsize.patch'
- 'cve20149636.patch'
- 'test_compr_eb.patch'
- 'getZip64Data.patch'
- 'crc32.patch'
- 'empty-input.patch'
- 'csiz-underflow.patch'
- 'nextbyte-overflow.patch')
-sha1sums=('abf7de8a4018a983590ed6f5cbd990d4740f8a22'
- '2852ce1a9db8d646516f8828436a44d34785a0b3'
- 'e8c0bc17c63eeed97ad62b86845d75c849bcf4f8'
- '614c3e7fa7d6da7c60ea2aa79e36f4cbd17c3824'
- '691d0751bf0bc98cf9f9889dee39baccabefdc4d'
- '82c9fe9172779a0ee92a187d544e74e8f512b013'
- '4f77b01454fd2ffa69bfad985bfbdc579ee26010'
- 'dccc6d6a5aed0098031bbd7cc4275ab9b10a2177'
- 'b325fac556abf169264ed5ae364b9136016e43f3')
-
-prepare() {
- cd "${srcdir}/${pkgname}${_pkgver}"
- sed -i "/MANDIR =/s#)/#)/share/#" unix/Makefile
- patch -p1 -i ../overflow-fsize.patch #FS#44171
- patch -p1 -i ../cve20149636.patch #FS#44171
- patch -i ../test_compr_eb.patch # FS#43391
- patch -i ../getZip64Data.patch # FS#43300
- patch -i ../crc32.patch # FS#43300
- patch -p1 -i ../empty-input.patch # FS#46955
- patch -p1 -i ../csiz-underflow.patch # FS#46955
- patch -p1 -i ../nextbyte-overflow.patch # FS#46955
-}
-
-build() {
- cd "${srcdir}/${pkgname}${_pkgver}"
-
- # DEFINES, make, and install args from Debian
- DEFINES='-DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR -DLARGE_FILE_SUPPORT \
- -DUNICODE_SUPPORT -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \
- -DDATE_FORMAT=DF_YMD -DUSE_BZIP2 -DNOMEMCPY -DNO_WORKING_ISPRINT'
-
- make -f unix/Makefile prefix=/usr \
- D_USE_BZ2=-DUSE_BZIP2 L_BZ2=-lbz2 \
- LF2="$LDFLAGS" CF="$CFLAGS $CPPFLAGS -I. $DEFINES" \
- unzips
-}
-
-package() {
- cd "${srcdir}/${pkgname}${_pkgver}"
- make -f unix/Makefile prefix="${pkgdir}"/usr install
- install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
-}
Copied: unzip/repos/extra-x86_64/PKGBUILD (from rev 381490, unzip/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,65 @@
+# Maintainer: Lukas Fleischer <lfleischer at archlinux.org>
+# Contributor: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Douglas Soares de Andrade <douglas at archlinux.org>
+# Contributor: Robson Peixoto
+
+pkgname=unzip
+pkgver=6.0
+_pkgver=${pkgver/./}
+pkgrel=14
+pkgdesc='For extracting and viewing files in .zip archives'
+url='https://www.info-zip.org/UnZip.html'
+arch=('x86_64')
+license=('custom')
+depends=('bzip2' 'bash')
+source=("https://downloads.sourceforge.net/infozip/${pkgname}${_pkgver}.tar.gz"
+ 'overflow-fsize.patch'
+ 'cve20149636.patch'
+ 'test_compr_eb.patch'
+ 'getZip64Data.patch'
+ 'crc32.patch'
+ 'empty-input.patch'
+ 'csiz-underflow.patch'
+ 'nextbyte-overflow.patch')
+sha1sums=('abf7de8a4018a983590ed6f5cbd990d4740f8a22'
+ '2852ce1a9db8d646516f8828436a44d34785a0b3'
+ 'e8c0bc17c63eeed97ad62b86845d75c849bcf4f8'
+ '614c3e7fa7d6da7c60ea2aa79e36f4cbd17c3824'
+ '691d0751bf0bc98cf9f9889dee39baccabefdc4d'
+ '82c9fe9172779a0ee92a187d544e74e8f512b013'
+ '4f77b01454fd2ffa69bfad985bfbdc579ee26010'
+ 'dccc6d6a5aed0098031bbd7cc4275ab9b10a2177'
+ 'b325fac556abf169264ed5ae364b9136016e43f3')
+
+prepare() {
+ cd "${srcdir}/${pkgname}${_pkgver}"
+ sed -i "/MANDIR =/s#)/#)/share/#" unix/Makefile
+ patch -p1 -i ../overflow-fsize.patch #FS#44171
+ patch -p1 -i ../cve20149636.patch #FS#44171
+ patch -i ../test_compr_eb.patch # FS#43391
+ patch -i ../getZip64Data.patch # FS#43300
+ patch -i ../crc32.patch # FS#43300
+ patch -p1 -i ../empty-input.patch # FS#46955
+ patch -p1 -i ../csiz-underflow.patch # FS#46955
+ patch -p1 -i ../nextbyte-overflow.patch # FS#46955
+}
+
+build() {
+ cd "${srcdir}/${pkgname}${_pkgver}"
+
+ # DEFINES, make, and install args from Debian
+ DEFINES='-DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR -DLARGE_FILE_SUPPORT \
+ -DUNICODE_SUPPORT -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \
+ -DDATE_FORMAT=DF_YMD -DUSE_BZIP2 -DNOMEMCPY -DNO_WORKING_ISPRINT'
+
+ make -f unix/Makefile prefix=/usr \
+ D_USE_BZ2=-DUSE_BZIP2 L_BZ2=-lbz2 \
+ LF2="$LDFLAGS" CF="$CFLAGS $CPPFLAGS -I. $DEFINES" \
+ unzips
+}
+
+package() {
+ cd "${srcdir}/${pkgname}${_pkgver}"
+ make -f unix/Makefile prefix="${pkgdir}"/usr install
+ install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+}
Deleted: crc32.patch
===================================================================
--- crc32.patch 2020-04-24 13:12:35 UTC (rev 381490)
+++ crc32.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,45 +0,0 @@
---- unzip60/extract.c 2010-04-03 14:41:55 -0500
-+++ unzip60/extract.c 2014-12-03 15:33:35 -0600
-@@ -1,5 +1,5 @@
- /*
-- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
-+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
-
- See the accompanying file LICENSE, version 2009-Jan-02 or later
- (the contents of which are also included in unzip.h) for terms of use.
-@@ -298,6 +298,8 @@
- #ifndef SFX
- static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
- EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
-+ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
-+ EF block length (%u bytes) invalid (< %d)\n";
- static ZCONST char Far InvalidComprDataEAs[] =
- " invalid compressed data for EAs\n";
- # if (defined(WIN32) && defined(NTSD_EAS))
-@@ -2023,7 +2025,8 @@
- ebID = makeword(ef);
- ebLen = (unsigned)makeword(ef+EB_LEN);
-
-- if (ebLen > (ef_len - EB_HEADSIZE)) {
-+ if (ebLen > (ef_len - EB_HEADSIZE))
-+ {
- /* Discovered some extra field inconsistency! */
- if (uO.qflag)
- Info(slide, 1, ((char *)slide, "%-22s ",
-@@ -2032,6 +2035,16 @@
- ebLen, (ef_len - EB_HEADSIZE)));
- return PK_ERR;
- }
-+ else if (ebLen < EB_HEADSIZE)
-+ {
-+ /* Extra block length smaller than header length. */
-+ if (uO.qflag)
-+ Info(slide, 1, ((char *)slide, "%-22s ",
-+ FnFilter1(G.filename)));
-+ Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
-+ ebLen, EB_HEADSIZE));
-+ return PK_ERR;
-+ }
-
- switch (ebID) {
- case EF_OS2:
Copied: unzip/repos/extra-x86_64/crc32.patch (from rev 381490, unzip/trunk/crc32.patch)
===================================================================
--- crc32.patch (rev 0)
+++ crc32.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,45 @@
+--- unzip60/extract.c 2010-04-03 14:41:55 -0500
++++ unzip60/extract.c 2014-12-03 15:33:35 -0600
+@@ -1,5 +1,5 @@
+ /*
+- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
+
+ See the accompanying file LICENSE, version 2009-Jan-02 or later
+ (the contents of which are also included in unzip.h) for terms of use.
+@@ -298,6 +298,8 @@
+ #ifndef SFX
+ static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
+ EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
++ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
++ EF block length (%u bytes) invalid (< %d)\n";
+ static ZCONST char Far InvalidComprDataEAs[] =
+ " invalid compressed data for EAs\n";
+ # if (defined(WIN32) && defined(NTSD_EAS))
+@@ -2023,7 +2025,8 @@
+ ebID = makeword(ef);
+ ebLen = (unsigned)makeword(ef+EB_LEN);
+
+- if (ebLen > (ef_len - EB_HEADSIZE)) {
++ if (ebLen > (ef_len - EB_HEADSIZE))
++ {
+ /* Discovered some extra field inconsistency! */
+ if (uO.qflag)
+ Info(slide, 1, ((char *)slide, "%-22s ",
+@@ -2032,6 +2035,16 @@
+ ebLen, (ef_len - EB_HEADSIZE)));
+ return PK_ERR;
+ }
++ else if (ebLen < EB_HEADSIZE)
++ {
++ /* Extra block length smaller than header length. */
++ if (uO.qflag)
++ Info(slide, 1, ((char *)slide, "%-22s ",
++ FnFilter1(G.filename)));
++ Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
++ ebLen, EB_HEADSIZE));
++ return PK_ERR;
++ }
+
+ switch (ebID) {
+ case EF_OS2:
Deleted: csiz-underflow.patch
===================================================================
--- csiz-underflow.patch 2020-04-24 13:12:35 UTC (rev 381490)
+++ csiz-underflow.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,32 +0,0 @@
-From: Kamil Dudka <kdudka at redhat.com>
-Date: Tue, 22 Sep 2015 18:52:23 +0200
-Subject: [PATCH] extract: prevent unsigned overflow on invalid input
-Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1075942
-Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
-
-Suggested-by: Stefan Cornelius
----
- extract.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
---- a/extract.c
-+++ b/extract.c
-@@ -1257,8 +1257,17 @@
- if (G.lrec.compression_method == STORED) {
- zusz_t csiz_decrypted = G.lrec.csize;
-
-- if (G.pInfo->encrypted)
-+ if (G.pInfo->encrypted) {
-+ if (csiz_decrypted < 12) {
-+ /* handle the error now to prevent unsigned overflow */
-+ Info(slide, 0x401, ((char *)slide,
-+ LoadFarStringSmall(ErrUnzipNoFile),
-+ LoadFarString(InvalidComprData),
-+ LoadFarStringSmall2(Inflate)));
-+ return PK_ERR;
-+ }
- csiz_decrypted -= 12;
-+ }
- if (G.lrec.ucsize != csiz_decrypted) {
- Info(slide, 0x401, ((char *)slide,
- LoadFarStringSmall2(WrnStorUCSizCSizDiff),
Copied: unzip/repos/extra-x86_64/csiz-underflow.patch (from rev 381490, unzip/trunk/csiz-underflow.patch)
===================================================================
--- csiz-underflow.patch (rev 0)
+++ csiz-underflow.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,32 @@
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Tue, 22 Sep 2015 18:52:23 +0200
+Subject: [PATCH] extract: prevent unsigned overflow on invalid input
+Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1075942
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
+
+Suggested-by: Stefan Cornelius
+---
+ extract.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/extract.c
++++ b/extract.c
+@@ -1257,8 +1257,17 @@
+ if (G.lrec.compression_method == STORED) {
+ zusz_t csiz_decrypted = G.lrec.csize;
+
+- if (G.pInfo->encrypted)
++ if (G.pInfo->encrypted) {
++ if (csiz_decrypted < 12) {
++ /* handle the error now to prevent unsigned overflow */
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarStringSmall(ErrUnzipNoFile),
++ LoadFarString(InvalidComprData),
++ LoadFarStringSmall2(Inflate)));
++ return PK_ERR;
++ }
+ csiz_decrypted -= 12;
++ }
+ if (G.lrec.ucsize != csiz_decrypted) {
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarStringSmall2(WrnStorUCSizCSizDiff),
Deleted: cve20149636.patch
===================================================================
--- cve20149636.patch 2020-04-24 13:12:35 UTC (rev 381490)
+++ cve20149636.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,25 +0,0 @@
-diff --git a/extract.c b/extract.c
-index a0a4929..9ef80b3 100644
---- a/extract.c
-+++ b/extract.c
-@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
- ulg eb_ucsize;
- uch *eb_ucptr;
- int r;
-+ ush method;
-
- if (compr_offset < 4) /* field is not compressed: */
- return PK_OK; /* do nothing and signal OK */
-@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
- eb_size <= (compr_offset + EB_CMPRHEADLEN)))
- return IZ_EF_TRUNC; /* no compressed data! */
-
-+ method = makeword(eb + (EB_HEADSIZE + compr_offset));
-+ if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
-+ return PK_ERR; /* compressed & uncompressed
-+ * should match in STORED
-+ * method */
-+
- if (
- #ifdef INT_16BIT
- (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
Copied: unzip/repos/extra-x86_64/cve20149636.patch (from rev 381490, unzip/trunk/cve20149636.patch)
===================================================================
--- cve20149636.patch (rev 0)
+++ cve20149636.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,25 @@
+diff --git a/extract.c b/extract.c
+index a0a4929..9ef80b3 100644
+--- a/extract.c
++++ b/extract.c
+@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
+ ulg eb_ucsize;
+ uch *eb_ucptr;
+ int r;
++ ush method;
+
+ if (compr_offset < 4) /* field is not compressed: */
+ return PK_OK; /* do nothing and signal OK */
+@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
+ eb_size <= (compr_offset + EB_CMPRHEADLEN)))
+ return IZ_EF_TRUNC; /* no compressed data! */
+
++ method = makeword(eb + (EB_HEADSIZE + compr_offset));
++ if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
++ return PK_ERR; /* compressed & uncompressed
++ * should match in STORED
++ * method */
++
+ if (
+ #ifdef INT_16BIT
+ (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
Deleted: empty-input.patch
===================================================================
--- empty-input.patch 2020-04-24 13:12:35 UTC (rev 381490)
+++ empty-input.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,26 +0,0 @@
-From: Kamil Dudka <kdudka at redhat.com>
-Date: Mon, 14 Sep 2015 18:24:56 +0200
-Subject: fix infinite loop when extracting empty bzip2 data
-Bug-Debian: https://bugs.debian.org/802160
-Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
-Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339
-
----
- extract.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
---- a/extract.c
-+++ b/extract.c
-@@ -2728,6 +2728,12 @@
- int repeated_buf_err;
- bz_stream bstrm;
-
-+ if (G.incnt <= 0 && G.csize <= 0L) {
-+ /* avoid an infinite loop */
-+ Trace((stderr, "UZbunzip2() got empty input\n"));
-+ return 2;
-+ }
-+
- #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
- if (G.redirect_slide)
- wsize = G.redirect_size, redirSlide = G.redirect_buffer;
Copied: unzip/repos/extra-x86_64/empty-input.patch (from rev 381490, unzip/trunk/empty-input.patch)
===================================================================
--- empty-input.patch (rev 0)
+++ empty-input.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,26 @@
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Mon, 14 Sep 2015 18:24:56 +0200
+Subject: fix infinite loop when extracting empty bzip2 data
+Bug-Debian: https://bugs.debian.org/802160
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
+Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339
+
+---
+ extract.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/extract.c
++++ b/extract.c
+@@ -2728,6 +2728,12 @@
+ int repeated_buf_err;
+ bz_stream bstrm;
+
++ if (G.incnt <= 0 && G.csize <= 0L) {
++ /* avoid an infinite loop */
++ Trace((stderr, "UZbunzip2() got empty input\n"));
++ return 2;
++ }
++
+ #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
+ if (G.redirect_slide)
+ wsize = G.redirect_size, redirSlide = G.redirect_buffer;
Deleted: getZip64Data.patch
===================================================================
--- getZip64Data.patch 2020-04-24 13:12:35 UTC (rev 381490)
+++ getZip64Data.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,133 +0,0 @@
---- process.c 2009-03-06 02:25:10.000000000 +0100
-+++ process.c 2014-12-05 22:42:39.000000000 +0100
-@@ -1,5 +1,5 @@
- /*
-- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
-+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
-
- See the accompanying file LICENSE, version 2009-Jan-02 or later
- (the contents of which are also included in unzip.h) for terms of use.
-@@ -1888,48 +1888,82 @@ int getZip64Data(__G__ ef_buf, ef_len)
- and a 4-byte version of disk start number.
- Sets both local header and central header fields. Not terribly clever,
- but it means that this procedure is only called in one place.
-+
-+ 2014-12-05 SMS.
-+ Added checks to ensure that enough data are available before calling
-+ makeint64() or makelong(). Replaced various sizeof() values with
-+ simple ("4" or "8") constants. (The Zip64 structures do not depend
-+ on our variable sizes.) Error handling is crude, but we should now
-+ stay within the buffer.
- ---------------------------------------------------------------------------*/
-
-+#define Z64FLGS 0xffff
-+#define Z64FLGL 0xffffffff
-+
- if (ef_len == 0 || ef_buf == NULL)
- return PK_COOL;
-
- Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n",
- ef_len));
-
-- while (ef_len >= EB_HEADSIZE) {
-+ while (ef_len >= EB_HEADSIZE)
-+ {
- eb_id = makeword(EB_ID + ef_buf);
- eb_len = makeword(EB_LEN + ef_buf);
-
-- if (eb_len > (ef_len - EB_HEADSIZE)) {
-- /* discovered some extra field inconsistency! */
-+ if (eb_len > (ef_len - EB_HEADSIZE))
-+ {
-+ /* Extra block length exceeds remaining extra field length. */
- Trace((stderr,
- "getZip64Data: block length %u > rest ef_size %u\n", eb_len,
- ef_len - EB_HEADSIZE));
- break;
- }
-- if (eb_id == EF_PKSZ64) {
--
-+ if (eb_id == EF_PKSZ64)
-+ {
- int offset = EB_HEADSIZE;
-
-- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
-- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
-- offset += sizeof(G.crec.ucsize);
-+ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
-+ {
-+ if (offset+ 8 > ef_len)
-+ return PK_ERR;
-+
-+ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);
-+ offset += 8;
- }
-- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){
-- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf);
-- offset += sizeof(G.crec.csize);
-+
-+ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL))
-+ {
-+ if (offset+ 8 > ef_len)
-+ return PK_ERR;
-+
-+ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf);
-+ offset += 8;
- }
-- if (G.crec.relative_offset_local_header == 0xffffffff){
-+
-+ if (G.crec.relative_offset_local_header == Z64FLGL)
-+ {
-+ if (offset+ 8 > ef_len)
-+ return PK_ERR;
-+
- G.crec.relative_offset_local_header = makeint64(offset + ef_buf);
-- offset += sizeof(G.crec.relative_offset_local_header);
-+ offset += 8;
- }
-- if (G.crec.disk_number_start == 0xffff){
-+
-+ if (G.crec.disk_number_start == Z64FLGS)
-+ {
-+ if (offset+ 4 > ef_len)
-+ return PK_ERR;
-+
- G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
-- offset += sizeof(G.crec.disk_number_start);
-+ offset += 4;
- }
-+#if 0
-+ break; /* Expect only one EF_PKSZ64 block. */
-+#endif /* 0 */
- }
-
-- /* Skip this extra field block */
-+ /* Skip this extra field block. */
- ef_buf += (eb_len + EB_HEADSIZE);
- ef_len -= (eb_len + EB_HEADSIZE);
- }
---- fileio.c 2009-04-20 02:03:44.000000000 +0200
-+++ fileio.c 2014-12-05 22:44:16.000000000 +0100
-@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTr
- #endif
- static ZCONST char Far ExtraFieldTooLong[] =
- "warning: extra field too long (%d). Ignoring...\n";
-+static ZCONST char Far ExtraFieldCorrupt[] =
-+ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n";
-
- #ifdef WINDLL
- static ZCONST char Far DiskFullQuery[] =
-@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option) /*
- if (readbuf(__G__ (char *)G.extra_field, length) == 0)
- return PK_EOF;
- /* Looks like here is where extra fields are read */
-- getZip64Data(__G__ G.extra_field, length);
-+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
-+ {
-+ Info(slide, 0x401, ((char *)slide,
-+ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
-+ error = PK_WARN;
-+ }
- #ifdef UNICODE_SUPPORT
- G.unipath_filename = NULL;
- if (G.UzO.U_flag < 2) {
Copied: unzip/repos/extra-x86_64/getZip64Data.patch (from rev 381490, unzip/trunk/getZip64Data.patch)
===================================================================
--- getZip64Data.patch (rev 0)
+++ getZip64Data.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,133 @@
+--- process.c 2009-03-06 02:25:10.000000000 +0100
++++ process.c 2014-12-05 22:42:39.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
+
+ See the accompanying file LICENSE, version 2009-Jan-02 or later
+ (the contents of which are also included in unzip.h) for terms of use.
+@@ -1888,48 +1888,82 @@ int getZip64Data(__G__ ef_buf, ef_len)
+ and a 4-byte version of disk start number.
+ Sets both local header and central header fields. Not terribly clever,
+ but it means that this procedure is only called in one place.
++
++ 2014-12-05 SMS.
++ Added checks to ensure that enough data are available before calling
++ makeint64() or makelong(). Replaced various sizeof() values with
++ simple ("4" or "8") constants. (The Zip64 structures do not depend
++ on our variable sizes.) Error handling is crude, but we should now
++ stay within the buffer.
+ ---------------------------------------------------------------------------*/
+
++#define Z64FLGS 0xffff
++#define Z64FLGL 0xffffffff
++
+ if (ef_len == 0 || ef_buf == NULL)
+ return PK_COOL;
+
+ Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n",
+ ef_len));
+
+- while (ef_len >= EB_HEADSIZE) {
++ while (ef_len >= EB_HEADSIZE)
++ {
+ eb_id = makeword(EB_ID + ef_buf);
+ eb_len = makeword(EB_LEN + ef_buf);
+
+- if (eb_len > (ef_len - EB_HEADSIZE)) {
+- /* discovered some extra field inconsistency! */
++ if (eb_len > (ef_len - EB_HEADSIZE))
++ {
++ /* Extra block length exceeds remaining extra field length. */
+ Trace((stderr,
+ "getZip64Data: block length %u > rest ef_size %u\n", eb_len,
+ ef_len - EB_HEADSIZE));
+ break;
+ }
+- if (eb_id == EF_PKSZ64) {
+-
++ if (eb_id == EF_PKSZ64)
++ {
+ int offset = EB_HEADSIZE;
+
+- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
+- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
+- offset += sizeof(G.crec.ucsize);
++ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
++ {
++ if (offset+ 8 > ef_len)
++ return PK_ERR;
++
++ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);
++ offset += 8;
+ }
+- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){
+- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf);
+- offset += sizeof(G.crec.csize);
++
++ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL))
++ {
++ if (offset+ 8 > ef_len)
++ return PK_ERR;
++
++ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf);
++ offset += 8;
+ }
+- if (G.crec.relative_offset_local_header == 0xffffffff){
++
++ if (G.crec.relative_offset_local_header == Z64FLGL)
++ {
++ if (offset+ 8 > ef_len)
++ return PK_ERR;
++
+ G.crec.relative_offset_local_header = makeint64(offset + ef_buf);
+- offset += sizeof(G.crec.relative_offset_local_header);
++ offset += 8;
+ }
+- if (G.crec.disk_number_start == 0xffff){
++
++ if (G.crec.disk_number_start == Z64FLGS)
++ {
++ if (offset+ 4 > ef_len)
++ return PK_ERR;
++
+ G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
+- offset += sizeof(G.crec.disk_number_start);
++ offset += 4;
+ }
++#if 0
++ break; /* Expect only one EF_PKSZ64 block. */
++#endif /* 0 */
+ }
+
+- /* Skip this extra field block */
++ /* Skip this extra field block. */
+ ef_buf += (eb_len + EB_HEADSIZE);
+ ef_len -= (eb_len + EB_HEADSIZE);
+ }
+--- fileio.c 2009-04-20 02:03:44.000000000 +0200
++++ fileio.c 2014-12-05 22:44:16.000000000 +0100
+@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTr
+ #endif
+ static ZCONST char Far ExtraFieldTooLong[] =
+ "warning: extra field too long (%d). Ignoring...\n";
++static ZCONST char Far ExtraFieldCorrupt[] =
++ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n";
+
+ #ifdef WINDLL
+ static ZCONST char Far DiskFullQuery[] =
+@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option) /*
+ if (readbuf(__G__ (char *)G.extra_field, length) == 0)
+ return PK_EOF;
+ /* Looks like here is where extra fields are read */
+- getZip64Data(__G__ G.extra_field, length);
++ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
++ {
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
++ error = PK_WARN;
++ }
+ #ifdef UNICODE_SUPPORT
+ G.unipath_filename = NULL;
+ if (G.UzO.U_flag < 2) {
Deleted: nextbyte-overflow.patch
===================================================================
--- nextbyte-overflow.patch 2020-04-24 13:12:35 UTC (rev 381490)
+++ nextbyte-overflow.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,33 +0,0 @@
-From: Petr Stodulka <pstodulk at redhat.com>
-Date: Mon, 14 Sep 2015 18:23:17 +0200
-Subject: Upstream fix for heap overflow
-Bug-Debian: https://bugs.debian.org/802162
-Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
-Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002
-Forwarded: yes
-
----
- crypt.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
---- a/crypt.c
-+++ b/crypt.c
-@@ -465,7 +465,17 @@
- GLOBAL(pInfo->encrypted) = FALSE;
- defer_leftover_input(__G);
- for (n = 0; n < RAND_HEAD_LEN; n++) {
-- b = NEXTBYTE;
-+ /* 2012-11-23 SMS. (OUSPG report.)
-+ * Quit early if compressed size < HEAD_LEN. The resulting
-+ * error message ("unable to get password") could be improved,
-+ * but it's better than trying to read nonexistent data, and
-+ * then continuing with a negative G.csize. (See
-+ * fileio.c:readbyte()).
-+ */
-+ if ((b = NEXTBYTE) == (ush)EOF)
-+ {
-+ return PK_ERR;
-+ }
- h[n] = (uch)b;
- Trace((stdout, " (%02x)", h[n]));
- }
Copied: unzip/repos/extra-x86_64/nextbyte-overflow.patch (from rev 381490, unzip/trunk/nextbyte-overflow.patch)
===================================================================
--- nextbyte-overflow.patch (rev 0)
+++ nextbyte-overflow.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,33 @@
+From: Petr Stodulka <pstodulk at redhat.com>
+Date: Mon, 14 Sep 2015 18:23:17 +0200
+Subject: Upstream fix for heap overflow
+Bug-Debian: https://bugs.debian.org/802162
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
+Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002
+Forwarded: yes
+
+---
+ crypt.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+--- a/crypt.c
++++ b/crypt.c
+@@ -465,7 +465,17 @@
+ GLOBAL(pInfo->encrypted) = FALSE;
+ defer_leftover_input(__G);
+ for (n = 0; n < RAND_HEAD_LEN; n++) {
+- b = NEXTBYTE;
++ /* 2012-11-23 SMS. (OUSPG report.)
++ * Quit early if compressed size < HEAD_LEN. The resulting
++ * error message ("unable to get password") could be improved,
++ * but it's better than trying to read nonexistent data, and
++ * then continuing with a negative G.csize. (See
++ * fileio.c:readbyte()).
++ */
++ if ((b = NEXTBYTE) == (ush)EOF)
++ {
++ return PK_ERR;
++ }
+ h[n] = (uch)b;
+ Trace((stdout, " (%02x)", h[n]));
+ }
Deleted: overflow-fsize.patch
===================================================================
--- overflow-fsize.patch 2020-04-24 13:12:35 UTC (rev 381490)
+++ overflow-fsize.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,34 +0,0 @@
-t a/list.c b/list.c
-index f7359c3..4c3d703 100644
---- a/list.c
-+++ b/list.c
-@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type error code */
- {
- int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
- #ifndef WINDLL
-- char sgn, cfactorstr[10];
-+ char sgn, cfactorstr[13];
- int longhdr=(uO.vflag>1);
- #endif
- int date_format;
-@@ -339,7 +339,19 @@ int list_files(__G) /* return PK-type error code */
- G.crec.compression_method == ENHDEFLATED) {
- methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
- } else if (methnum >= NUM_METHODS) {
-- sprintf(&methbuf[4], "%03u", G.crec.compression_method);
-+ /* 2013-02-26 SMS.
-+ * http://sourceforge.net/tracker/?func=detail
-+ * &aid=2861648&group_id=118012&atid=679786
-+ * Unexpectedly large compression methods overflow
-+ * &methbuf[]. Use the old, three-digit decimal format
-+ * for values which fit. Otherwise, sacrifice the
-+ * colon, and use four-digit hexadecimal.
-+ */
-+ if (G.crec.compression_method <= 999) {
-+ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method);
-+ } else {
-+ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method);
-+ }
- }
-
- #if 0 /* GRR/Euro: add this? */
Copied: unzip/repos/extra-x86_64/overflow-fsize.patch (from rev 381490, unzip/trunk/overflow-fsize.patch)
===================================================================
--- overflow-fsize.patch (rev 0)
+++ overflow-fsize.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,34 @@
+t a/list.c b/list.c
+index f7359c3..4c3d703 100644
+--- a/list.c
++++ b/list.c
+@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type error code */
+ {
+ int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
+ #ifndef WINDLL
+- char sgn, cfactorstr[10];
++ char sgn, cfactorstr[13];
+ int longhdr=(uO.vflag>1);
+ #endif
+ int date_format;
+@@ -339,7 +339,19 @@ int list_files(__G) /* return PK-type error code */
+ G.crec.compression_method == ENHDEFLATED) {
+ methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
+ } else if (methnum >= NUM_METHODS) {
+- sprintf(&methbuf[4], "%03u", G.crec.compression_method);
++ /* 2013-02-26 SMS.
++ * http://sourceforge.net/tracker/?func=detail
++ * &aid=2861648&group_id=118012&atid=679786
++ * Unexpectedly large compression methods overflow
++ * &methbuf[]. Use the old, three-digit decimal format
++ * for values which fit. Otherwise, sacrifice the
++ * colon, and use four-digit hexadecimal.
++ */
++ if (G.crec.compression_method <= 999) {
++ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method);
++ } else {
++ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method);
++ }
+ }
+
+ #if 0 /* GRR/Euro: add this? */
Deleted: test_compr_eb.patch
===================================================================
--- test_compr_eb.patch 2020-04-24 13:12:35 UTC (rev 381490)
+++ test_compr_eb.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,23 +0,0 @@
---- extract.c 2009-03-14 02:32:52.000000000 +0100
-+++ extract.c 2014-12-05 22:43:13.000000000 +0100
-@@ -2221,10 +2234,17 @@ static int test_compr_eb(__G__ eb, eb_si
- if (compr_offset < 4) /* field is not compressed: */
- return PK_OK; /* do nothing and signal OK */
-
-+ /* Return no/bad-data error status if any problem is found:
-+ * 1. eb_size is too small to hold the uncompressed size
-+ * (eb_ucsize). (Else extract eb_ucsize.)
-+ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS.
-+ * 3. eb_ucsize is positive, but eb_size is too small to hold
-+ * the compressed data header.
-+ */
- if ((eb_size < (EB_UCSIZE_P + 4)) ||
-- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L &&
-- eb_size <= (compr_offset + EB_CMPRHEADLEN)))
-- return IZ_EF_TRUNC; /* no compressed data! */
-+ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
-+ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
-+ return IZ_EF_TRUNC; /* no/bad compressed data! */
-
- if (
- #ifdef INT_16BIT
Copied: unzip/repos/extra-x86_64/test_compr_eb.patch (from rev 381490, unzip/trunk/test_compr_eb.patch)
===================================================================
--- test_compr_eb.patch (rev 0)
+++ test_compr_eb.patch 2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,23 @@
+--- extract.c 2009-03-14 02:32:52.000000000 +0100
++++ extract.c 2014-12-05 22:43:13.000000000 +0100
+@@ -2221,10 +2234,17 @@ static int test_compr_eb(__G__ eb, eb_si
+ if (compr_offset < 4) /* field is not compressed: */
+ return PK_OK; /* do nothing and signal OK */
+
++ /* Return no/bad-data error status if any problem is found:
++ * 1. eb_size is too small to hold the uncompressed size
++ * (eb_ucsize). (Else extract eb_ucsize.)
++ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS.
++ * 3. eb_ucsize is positive, but eb_size is too small to hold
++ * the compressed data header.
++ */
+ if ((eb_size < (EB_UCSIZE_P + 4)) ||
+- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L &&
+- eb_size <= (compr_offset + EB_CMPRHEADLEN)))
+- return IZ_EF_TRUNC; /* no compressed data! */
++ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
++ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
++ return IZ_EF_TRUNC; /* no/bad compressed data! */
+
+ if (
+ #ifdef INT_16BIT
More information about the arch-commits
mailing list