[arch-commits] Commit in unzip/repos (10 files)
Jonas Witschel
diabonas at gemini.archlinux.org
Wed Nov 3 13:28:15 UTC 2021
Date: Wednesday, November 3, 2021 @ 13:28:15
Author: diabonas
Revision: 427052
archrelease: copy trunk to testing-x86_64
Added:
unzip/repos/testing-x86_64/
unzip/repos/testing-x86_64/PKGBUILD
(from rev 427051, unzip/trunk/PKGBUILD)
unzip/repos/testing-x86_64/crc32.patch
(from rev 427051, unzip/trunk/crc32.patch)
unzip/repos/testing-x86_64/csiz-underflow.patch
(from rev 427051, unzip/trunk/csiz-underflow.patch)
unzip/repos/testing-x86_64/cve20149636.patch
(from rev 427051, unzip/trunk/cve20149636.patch)
unzip/repos/testing-x86_64/empty-input.patch
(from rev 427051, unzip/trunk/empty-input.patch)
unzip/repos/testing-x86_64/getZip64Data.patch
(from rev 427051, unzip/trunk/getZip64Data.patch)
unzip/repos/testing-x86_64/nextbyte-overflow.patch
(from rev 427051, unzip/trunk/nextbyte-overflow.patch)
unzip/repos/testing-x86_64/overflow-fsize.patch
(from rev 427051, unzip/trunk/overflow-fsize.patch)
unzip/repos/testing-x86_64/test_compr_eb.patch
(from rev 427051, unzip/trunk/test_compr_eb.patch)
-------------------------+
PKGBUILD | 129 ++++++++++++++++++++++++++++++++++++++++++++
crc32.patch | 45 +++++++++++++++
csiz-underflow.patch | 32 +++++++++++
cve20149636.patch | 25 ++++++++
empty-input.patch | 26 ++++++++
getZip64Data.patch | 133 ++++++++++++++++++++++++++++++++++++++++++++++
nextbyte-overflow.patch | 33 +++++++++++
overflow-fsize.patch | 34 +++++++++++
test_compr_eb.patch | 23 +++++++
9 files changed, 480 insertions(+)
Copied: unzip/repos/testing-x86_64/PKGBUILD (from rev 427051, unzip/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2021-11-03 13:28:15 UTC (rev 427052)
@@ -0,0 +1,129 @@
+# Maintainer: Lukas Fleischer <lfleischer at archlinux.org>
+# Contributor: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Douglas Soares de Andrade <douglas at archlinux.org>
+# Contributor: Robson Peixoto
+
+pkgname=unzip
+pkgver=6.0
+_pkgver=${pkgver/./}
+pkgrel=15
+pkgdesc='For extracting and viewing files in .zip archives'
+url='http://infozip.sourceforge.net/UnZip.html'
+arch=('x86_64')
+license=('custom')
+depends=('bzip2' 'bash')
+source=("https://downloads.sourceforge.net/infozip/${pkgname}${_pkgver}.tar.gz"
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-exec-shield.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-close.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-attribs-overflow.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-fix-recmatch.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-symlink.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-caseinsensitive.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-format-secure.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-valgrind.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-x-option.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-overflow.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2014-8139.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2014-8140.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2014-8141.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-overflow-long-fsize.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-heap-overflow-infloop.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-alt-iconv-utf8.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-alt-iconv-utf8-print.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/0001-Fix-CVE-2016-9844-rhbz-1404283.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-timestamp.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2018-18384.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-COVSCAN-fix-unterminated-string.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part1.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part2.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part3.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-manpage.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch'
+ 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch'
+ )
+sha512sums=('0694e403ebc57b37218e00ec1a406cae5cc9c5b52b6798e0d4590840b6cdbf9ddc0d9471f67af783e960f8fa2e620394d51384257dca23d06bcd90224a80ce5d'
+ '3c7f525687b198aaa8547a8b30e744f7f184943624279d5c70170d5b9bb3f0c0f27f3e69bc808dd0d144690107bc76a10c06e160bf99c54fd5684246208b7cff'
+ '8423e32bbc1e1fe9366118bd10795bb8307f5a9a1afba1f0f62e46443d198b7f3cfcc41dedf57f31830f4c7328c9f5ae573982ca8664822b5f2a2ecdbc389df9'
+ '0aea88ccb4e141f4b23559a6802d0ceccaf4897addbe9d4ec465909ddf5f910a44d5e7907c815211e4b086cbd73c200c9b972f197a256e44f74468e3909928c9'
+ '161f70d57689f342c830e517c4d5259ceb80237c449a3d7a15f65943cefcb2b39714f23b7104f1a230e6b185f91334cb6888ccda4981646f94c19de6f5ef401e'
+ 'a3be30ce8c9eb903db636e786bea4e0c12ecb3f63af16eeac819f0b11db6984dfd93133fdbba2fdce228f5f57283973f64e3e3a81ec28cf46ea2e0b7593046d2'
+ '992dfc646347e52d7a84728b5d1b3563be1c77635c167301010661da1fa033395325de7fb514e8cdb6a10332fc43f890a3a8cde3bba4241fc433f6941e9d50d2'
+ '94560c730437ac2561d5e7550b91688dad1b828e1da96c9477e228e17b37e455ecdcd3a774e7db94dd902bbe12547d910602c0656b803768e5865b045d452dd7'
+ '8e1e3c88ff4191c325696984a52df50ba70ec0d0e68938ba06bbcdf9de96c0a26c9802db28b762bd14bc1a5c1c7d33d67e1cce91a3e44c92f3bb90509ea0f15f'
+ 'ec09ee6017fed66ebae2921b50fb7419eed627d49e78a3a072bec7256841e7829b6a3121f776a1ccc5d2cc3589006902465d73c28b3bd0937b9c3417ab0a0446'
+ '7e5274db1d0e9b1db87ce543ddb4edea67cea193ee5394a5a46f3813169c33508cbea96cc0ce88eb4ffc64b21df02c18724d0fe8f7d2814954233f646c386b3a'
+ '217a923ff8101823d7555c5999e63b2be0bb5898911f0f39dd46c85c69ce2e59c29135e69b5cbb084f40b5beb8dc52e1b47d3b21cd801ebb06dc08984c85f292'
+ 'a23f48924852046500547921f7b52e861a75dc2521f184fba87b3ff338c9d0598e8493f2a3c8eb1cb80412e0d057fb4b3c21e457f7295c8c8158d821709fb000'
+ '5969a2de0e11d00dfb690f67b1ae96d7a4f587a1cf3dd80572f5e10ba970a69958f04bb826a49338fc93204a3cb7aeb34bf735a681383f8e89691d09a7b26cce'
+ '6b37c1e72bea789051624c72c0aaa0522f4eecf83e82efb1d9c1844536903ed253b7448bea4a6e6aa116be86a50cad6911a0e218eacb8e5bee27a4457145b03f'
+ 'b0b745cff474756447e699a13ff003871b33a4f7a24a91150e5a947eba5132fd90fbacf7580379fc13c5f638483b25cbc226f85b9cac9c7662b2f91927eb2bb3'
+ 'a00e41feede53d42e0eb03d8280664b2a904918fab3c52459d02c07a298dd12e482eb3318c1842933ac3a527308dc5e4871f029b6b79e5bc2b2e1d84fee4fd0f'
+ '48e6c143eb55aad68d49b6dab640f824b88eaeadfb35e4962199b833e8e7adc87ded7bf8846ee43e1b4974e883fdc6b1d1f558eb72705d0c7af0455ee1ffccbb'
+ 'b73fde8e3568ccb8d26a787ac27127f87625dec372fa0ccaafd1266ddaaee46f9767bb67e874574cb27ec13fd3c90195e60be719b9996a7c5e194da7bf700c97'
+ 'e387dc533142f0f702c04092da297e8dfc9b51e4ec7001e6e657d93a9a0f6382b1b39196f239190b8d52b8ecfa46a965627e503aaecdab86e59272af84bbc2c6'
+ '6f757385a23fe6a034f676df6bf233243afa8743761e3d715e532d066fcd7dc8f8dcd6192be693258f3855837e5534490784378768abe7ce710fb869258d49b7'
+ 'd506d50897c164ee87e860e97a25b6725f1e724cad74cbd79cb8ac4cd68ef6dfb42bcd8dcf954112340d9b943b8d1d34bf166b2ca958f0045d6f7298954fbf20'
+ 'f50bc2d6ff9859bdbc9122be558a7119d693687424260bf90663e594223a9247f5a3f24a490e3345f5e9b8c6501446da752e51d4b63a35531e37c20cbc9456ab'
+ '4f940afa1f6628a47faf6eb13116eab384bda05c841b0b286b18cafad9c4b567ef332a301b8fbdf07259acdf8f6bdb452487e086bce2a3f092daa4e9d9daefa6'
+ 'e20e97722e0daf48b97df540added603325d356c6597634afd694af3972bb62952dd0f92c10d98f8c9f28eb9d089f6f5b022e0beb8c6224e32fd2cfaadffa200'
+ '7e11e29dde260f0245bc25eeb811d794515d1c523b42ea6004c7c6a2eda19b9de4dd7a8ecc03e5ff7d376e28a96c6f1b2b922d6b8b3963a9e4746231f3c257f4'
+ 'f31b0b70025651397235ee7d759c04f0f4658908287c82d1253a2048ace170f05f67fa19930061fe2b7ac48a8b6989a95117ab93ac0081422dad9203ac9f8ec1'
+ '27d45a25a6a51415af609a4fdefcb7c95a1105d511a6e18e2a7464e9d3773ba2ccb25f138a3cc6ddc6e5e9c558b633ee60d273cebf562c2a7d1e99d3f229d1ba'
+ '48875d7e08d669637e26a7e800f8b2a3812d477e6f249c8d4962fdf93ba6d346f5b22b83d82cb65317b506dff84c441d42c0fe7d1c042a065619d39bdf25fdd0'
+ 'a788d57fe0fb9ae6106381d2a8fe566aa35bb037012139dc7c283fe5eb316056835dffa9ea9778c15a5b39e50a75329a135a0dffdfc6a53d575ef2013b1d478a')
+
+prepare() {
+ cd "${srcdir}/${pkgname}${_pkgver}"
+ sed -i "/MANDIR =/s#)/#)/share/#" unix/Makefile
+ patch -p1 -i ../unzip-6.0-exec-shield.patch
+ patch -p1 -i ../unzip-6.0-close.patch
+ patch -p1 -i ../unzip-6.0-attribs-overflow.patch
+ patch -p1 -i ../unzip-6.0-fix-recmatch.patch
+ patch -p1 -i ../unzip-6.0-symlink.patch # FS#60433
+ patch -p1 -i ../unzip-6.0-caseinsensitive.patch
+ patch -p1 -i ../unzip-6.0-format-secure.patch
+ patch -p1 -i ../unzip-6.0-valgrind.patch
+ patch -p1 -i ../unzip-6.0-x-option.patch
+ patch -p1 -i ../unzip-6.0-overflow.patch # FS#44171
+ patch -p1 -i ../unzip-6.0-cve-2014-8139.patch # FS#43300
+ patch -p1 -i ../unzip-6.0-cve-2014-8140.patch # FS#43391
+ patch -p1 -i ../unzip-6.0-cve-2014-8141.patch # FS#43300
+ patch -p1 -i ../unzip-6.0-overflow-long-fsize.patch # FS#44171
+ patch -p1 -i ../unzip-6.0-heap-overflow-infloop.patch # FS#46955
+ patch -p1 -i ../unzip-6.0-alt-iconv-utf8.patch
+ patch -p1 -i ../unzip-6.0-alt-iconv-utf8-print.patch
+ patch -p1 -i ../0001-Fix-CVE-2016-9844-rhbz-1404283.patch
+ patch -p1 -i ../unzip-6.0-timestamp.patch
+ patch -p1 -i ../unzip-6.0-cve-2018-1000035-heap-based-overflow.patch # FS#69739
+ patch -p1 -i ../unzip-6.0-cve-2018-18384.patch
+ patch -p1 -i ../unzip-6.0-COVSCAN-fix-unterminated-string.patch
+ patch -p1 -i ../unzip-zipbomb-part1.patch
+ patch -p1 -i ../unzip-zipbomb-part2.patch
+ patch -p1 -i ../unzip-zipbomb-part3.patch
+ patch -p1 -i ../unzip-zipbomb-manpage.patch
+ patch -p1 -i ../unzip-zipbomb-part4.patch
+ patch -p1 -i ../unzip-zipbomb-part5.patch
+ patch -p1 -i ../unzip-zipbomb-part6.patch
+}
+
+build() {
+ cd "${srcdir}/${pkgname}${_pkgver}"
+
+ # DEFINES, make, and install args from Debian
+ DEFINES='-DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR -DLARGE_FILE_SUPPORT \
+ -DUNICODE_SUPPORT -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \
+ -DDATE_FORMAT=DF_YMD -DUSE_BZIP2 -DNOMEMCPY -DNO_WORKING_ISPRINT'
+
+ make -f unix/Makefile prefix=/usr \
+ D_USE_BZ2=-DUSE_BZIP2 L_BZ2=-lbz2 \
+ LF2="$LDFLAGS" CF="$CFLAGS $CPPFLAGS -I. $DEFINES" \
+ unzips
+}
+
+package() {
+ cd "${srcdir}/${pkgname}${_pkgver}"
+ make -f unix/Makefile prefix="${pkgdir}"/usr install
+ install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+}
Copied: unzip/repos/testing-x86_64/crc32.patch (from rev 427051, unzip/trunk/crc32.patch)
===================================================================
--- testing-x86_64/crc32.patch (rev 0)
+++ testing-x86_64/crc32.patch 2021-11-03 13:28:15 UTC (rev 427052)
@@ -0,0 +1,45 @@
+--- unzip60/extract.c 2010-04-03 14:41:55 -0500
++++ unzip60/extract.c 2014-12-03 15:33:35 -0600
+@@ -1,5 +1,5 @@
+ /*
+- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
+
+ See the accompanying file LICENSE, version 2009-Jan-02 or later
+ (the contents of which are also included in unzip.h) for terms of use.
+@@ -298,6 +298,8 @@
+ #ifndef SFX
+ static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
+ EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
++ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
++ EF block length (%u bytes) invalid (< %d)\n";
+ static ZCONST char Far InvalidComprDataEAs[] =
+ " invalid compressed data for EAs\n";
+ # if (defined(WIN32) && defined(NTSD_EAS))
+@@ -2023,7 +2025,8 @@
+ ebID = makeword(ef);
+ ebLen = (unsigned)makeword(ef+EB_LEN);
+
+- if (ebLen > (ef_len - EB_HEADSIZE)) {
++ if (ebLen > (ef_len - EB_HEADSIZE))
++ {
+ /* Discovered some extra field inconsistency! */
+ if (uO.qflag)
+ Info(slide, 1, ((char *)slide, "%-22s ",
+@@ -2032,6 +2035,16 @@
+ ebLen, (ef_len - EB_HEADSIZE)));
+ return PK_ERR;
+ }
++ else if (ebLen < EB_HEADSIZE)
++ {
++ /* Extra block length smaller than header length. */
++ if (uO.qflag)
++ Info(slide, 1, ((char *)slide, "%-22s ",
++ FnFilter1(G.filename)));
++ Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
++ ebLen, EB_HEADSIZE));
++ return PK_ERR;
++ }
+
+ switch (ebID) {
+ case EF_OS2:
Copied: unzip/repos/testing-x86_64/csiz-underflow.patch (from rev 427051, unzip/trunk/csiz-underflow.patch)
===================================================================
--- testing-x86_64/csiz-underflow.patch (rev 0)
+++ testing-x86_64/csiz-underflow.patch 2021-11-03 13:28:15 UTC (rev 427052)
@@ -0,0 +1,32 @@
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Tue, 22 Sep 2015 18:52:23 +0200
+Subject: [PATCH] extract: prevent unsigned overflow on invalid input
+Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1075942
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
+
+Suggested-by: Stefan Cornelius
+---
+ extract.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/extract.c
++++ b/extract.c
+@@ -1257,8 +1257,17 @@
+ if (G.lrec.compression_method == STORED) {
+ zusz_t csiz_decrypted = G.lrec.csize;
+
+- if (G.pInfo->encrypted)
++ if (G.pInfo->encrypted) {
++ if (csiz_decrypted < 12) {
++ /* handle the error now to prevent unsigned overflow */
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarStringSmall(ErrUnzipNoFile),
++ LoadFarString(InvalidComprData),
++ LoadFarStringSmall2(Inflate)));
++ return PK_ERR;
++ }
+ csiz_decrypted -= 12;
++ }
+ if (G.lrec.ucsize != csiz_decrypted) {
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarStringSmall2(WrnStorUCSizCSizDiff),
Copied: unzip/repos/testing-x86_64/cve20149636.patch (from rev 427051, unzip/trunk/cve20149636.patch)
===================================================================
--- testing-x86_64/cve20149636.patch (rev 0)
+++ testing-x86_64/cve20149636.patch 2021-11-03 13:28:15 UTC (rev 427052)
@@ -0,0 +1,25 @@
+diff --git a/extract.c b/extract.c
+index a0a4929..9ef80b3 100644
+--- a/extract.c
++++ b/extract.c
+@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
+ ulg eb_ucsize;
+ uch *eb_ucptr;
+ int r;
++ ush method;
+
+ if (compr_offset < 4) /* field is not compressed: */
+ return PK_OK; /* do nothing and signal OK */
+@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
+ eb_size <= (compr_offset + EB_CMPRHEADLEN)))
+ return IZ_EF_TRUNC; /* no compressed data! */
+
++ method = makeword(eb + (EB_HEADSIZE + compr_offset));
++ if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
++ return PK_ERR; /* compressed & uncompressed
++ * should match in STORED
++ * method */
++
+ if (
+ #ifdef INT_16BIT
+ (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
Copied: unzip/repos/testing-x86_64/empty-input.patch (from rev 427051, unzip/trunk/empty-input.patch)
===================================================================
--- testing-x86_64/empty-input.patch (rev 0)
+++ testing-x86_64/empty-input.patch 2021-11-03 13:28:15 UTC (rev 427052)
@@ -0,0 +1,26 @@
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Mon, 14 Sep 2015 18:24:56 +0200
+Subject: fix infinite loop when extracting empty bzip2 data
+Bug-Debian: https://bugs.debian.org/802160
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
+Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339
+
+---
+ extract.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/extract.c
++++ b/extract.c
+@@ -2728,6 +2728,12 @@
+ int repeated_buf_err;
+ bz_stream bstrm;
+
++ if (G.incnt <= 0 && G.csize <= 0L) {
++ /* avoid an infinite loop */
++ Trace((stderr, "UZbunzip2() got empty input\n"));
++ return 2;
++ }
++
+ #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
+ if (G.redirect_slide)
+ wsize = G.redirect_size, redirSlide = G.redirect_buffer;
Copied: unzip/repos/testing-x86_64/getZip64Data.patch (from rev 427051, unzip/trunk/getZip64Data.patch)
===================================================================
--- testing-x86_64/getZip64Data.patch (rev 0)
+++ testing-x86_64/getZip64Data.patch 2021-11-03 13:28:15 UTC (rev 427052)
@@ -0,0 +1,133 @@
+--- process.c 2009-03-06 02:25:10.000000000 +0100
++++ process.c 2014-12-05 22:42:39.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
+
+ See the accompanying file LICENSE, version 2009-Jan-02 or later
+ (the contents of which are also included in unzip.h) for terms of use.
+@@ -1888,48 +1888,82 @@ int getZip64Data(__G__ ef_buf, ef_len)
+ and a 4-byte version of disk start number.
+ Sets both local header and central header fields. Not terribly clever,
+ but it means that this procedure is only called in one place.
++
++ 2014-12-05 SMS.
++ Added checks to ensure that enough data are available before calling
++ makeint64() or makelong(). Replaced various sizeof() values with
++ simple ("4" or "8") constants. (The Zip64 structures do not depend
++ on our variable sizes.) Error handling is crude, but we should now
++ stay within the buffer.
+ ---------------------------------------------------------------------------*/
+
++#define Z64FLGS 0xffff
++#define Z64FLGL 0xffffffff
++
+ if (ef_len == 0 || ef_buf == NULL)
+ return PK_COOL;
+
+ Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n",
+ ef_len));
+
+- while (ef_len >= EB_HEADSIZE) {
++ while (ef_len >= EB_HEADSIZE)
++ {
+ eb_id = makeword(EB_ID + ef_buf);
+ eb_len = makeword(EB_LEN + ef_buf);
+
+- if (eb_len > (ef_len - EB_HEADSIZE)) {
+- /* discovered some extra field inconsistency! */
++ if (eb_len > (ef_len - EB_HEADSIZE))
++ {
++ /* Extra block length exceeds remaining extra field length. */
+ Trace((stderr,
+ "getZip64Data: block length %u > rest ef_size %u\n", eb_len,
+ ef_len - EB_HEADSIZE));
+ break;
+ }
+- if (eb_id == EF_PKSZ64) {
+-
++ if (eb_id == EF_PKSZ64)
++ {
+ int offset = EB_HEADSIZE;
+
+- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
+- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
+- offset += sizeof(G.crec.ucsize);
++ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
++ {
++ if (offset+ 8 > ef_len)
++ return PK_ERR;
++
++ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);
++ offset += 8;
+ }
+- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){
+- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf);
+- offset += sizeof(G.crec.csize);
++
++ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL))
++ {
++ if (offset+ 8 > ef_len)
++ return PK_ERR;
++
++ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf);
++ offset += 8;
+ }
+- if (G.crec.relative_offset_local_header == 0xffffffff){
++
++ if (G.crec.relative_offset_local_header == Z64FLGL)
++ {
++ if (offset+ 8 > ef_len)
++ return PK_ERR;
++
+ G.crec.relative_offset_local_header = makeint64(offset + ef_buf);
+- offset += sizeof(G.crec.relative_offset_local_header);
++ offset += 8;
+ }
+- if (G.crec.disk_number_start == 0xffff){
++
++ if (G.crec.disk_number_start == Z64FLGS)
++ {
++ if (offset+ 4 > ef_len)
++ return PK_ERR;
++
+ G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
+- offset += sizeof(G.crec.disk_number_start);
++ offset += 4;
+ }
++#if 0
++ break; /* Expect only one EF_PKSZ64 block. */
++#endif /* 0 */
+ }
+
+- /* Skip this extra field block */
++ /* Skip this extra field block. */
+ ef_buf += (eb_len + EB_HEADSIZE);
+ ef_len -= (eb_len + EB_HEADSIZE);
+ }
+--- fileio.c 2009-04-20 02:03:44.000000000 +0200
++++ fileio.c 2014-12-05 22:44:16.000000000 +0100
+@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTr
+ #endif
+ static ZCONST char Far ExtraFieldTooLong[] =
+ "warning: extra field too long (%d). Ignoring...\n";
++static ZCONST char Far ExtraFieldCorrupt[] =
++ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n";
+
+ #ifdef WINDLL
+ static ZCONST char Far DiskFullQuery[] =
+@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option) /*
+ if (readbuf(__G__ (char *)G.extra_field, length) == 0)
+ return PK_EOF;
+ /* Looks like here is where extra fields are read */
+- getZip64Data(__G__ G.extra_field, length);
++ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
++ {
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
++ error = PK_WARN;
++ }
+ #ifdef UNICODE_SUPPORT
+ G.unipath_filename = NULL;
+ if (G.UzO.U_flag < 2) {
Copied: unzip/repos/testing-x86_64/nextbyte-overflow.patch (from rev 427051, unzip/trunk/nextbyte-overflow.patch)
===================================================================
--- testing-x86_64/nextbyte-overflow.patch (rev 0)
+++ testing-x86_64/nextbyte-overflow.patch 2021-11-03 13:28:15 UTC (rev 427052)
@@ -0,0 +1,33 @@
+From: Petr Stodulka <pstodulk at redhat.com>
+Date: Mon, 14 Sep 2015 18:23:17 +0200
+Subject: Upstream fix for heap overflow
+Bug-Debian: https://bugs.debian.org/802162
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
+Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002
+Forwarded: yes
+
+---
+ crypt.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+--- a/crypt.c
++++ b/crypt.c
+@@ -465,7 +465,17 @@
+ GLOBAL(pInfo->encrypted) = FALSE;
+ defer_leftover_input(__G);
+ for (n = 0; n < RAND_HEAD_LEN; n++) {
+- b = NEXTBYTE;
++ /* 2012-11-23 SMS. (OUSPG report.)
++ * Quit early if compressed size < HEAD_LEN. The resulting
++ * error message ("unable to get password") could be improved,
++ * but it's better than trying to read nonexistent data, and
++ * then continuing with a negative G.csize. (See
++ * fileio.c:readbyte()).
++ */
++ if ((b = NEXTBYTE) == (ush)EOF)
++ {
++ return PK_ERR;
++ }
+ h[n] = (uch)b;
+ Trace((stdout, " (%02x)", h[n]));
+ }
Copied: unzip/repos/testing-x86_64/overflow-fsize.patch (from rev 427051, unzip/trunk/overflow-fsize.patch)
===================================================================
--- testing-x86_64/overflow-fsize.patch (rev 0)
+++ testing-x86_64/overflow-fsize.patch 2021-11-03 13:28:15 UTC (rev 427052)
@@ -0,0 +1,34 @@
+t a/list.c b/list.c
+index f7359c3..4c3d703 100644
+--- a/list.c
++++ b/list.c
+@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type error code */
+ {
+ int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
+ #ifndef WINDLL
+- char sgn, cfactorstr[10];
++ char sgn, cfactorstr[13];
+ int longhdr=(uO.vflag>1);
+ #endif
+ int date_format;
+@@ -339,7 +339,19 @@ int list_files(__G) /* return PK-type error code */
+ G.crec.compression_method == ENHDEFLATED) {
+ methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
+ } else if (methnum >= NUM_METHODS) {
+- sprintf(&methbuf[4], "%03u", G.crec.compression_method);
++ /* 2013-02-26 SMS.
++ * http://sourceforge.net/tracker/?func=detail
++ * &aid=2861648&group_id=118012&atid=679786
++ * Unexpectedly large compression methods overflow
++ * &methbuf[]. Use the old, three-digit decimal format
++ * for values which fit. Otherwise, sacrifice the
++ * colon, and use four-digit hexadecimal.
++ */
++ if (G.crec.compression_method <= 999) {
++ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method);
++ } else {
++ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method);
++ }
+ }
+
+ #if 0 /* GRR/Euro: add this? */
Copied: unzip/repos/testing-x86_64/test_compr_eb.patch (from rev 427051, unzip/trunk/test_compr_eb.patch)
===================================================================
--- testing-x86_64/test_compr_eb.patch (rev 0)
+++ testing-x86_64/test_compr_eb.patch 2021-11-03 13:28:15 UTC (rev 427052)
@@ -0,0 +1,23 @@
+--- extract.c 2009-03-14 02:32:52.000000000 +0100
++++ extract.c 2014-12-05 22:43:13.000000000 +0100
+@@ -2221,10 +2234,17 @@ static int test_compr_eb(__G__ eb, eb_si
+ if (compr_offset < 4) /* field is not compressed: */
+ return PK_OK; /* do nothing and signal OK */
+
++ /* Return no/bad-data error status if any problem is found:
++ * 1. eb_size is too small to hold the uncompressed size
++ * (eb_ucsize). (Else extract eb_ucsize.)
++ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS.
++ * 3. eb_ucsize is positive, but eb_size is too small to hold
++ * the compressed data header.
++ */
+ if ((eb_size < (EB_UCSIZE_P + 4)) ||
+- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L &&
+- eb_size <= (compr_offset + EB_CMPRHEADLEN)))
+- return IZ_EF_TRUNC; /* no compressed data! */
++ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
++ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
++ return IZ_EF_TRUNC; /* no/bad compressed data! */
+
+ if (
+ #ifdef INT_16BIT
More information about the arch-commits
mailing list