diff options
author | sl1pkn07 | 2015-11-03 16:30:48 +0100 |
---|---|---|
committer | sl1pkn07 | 2015-11-03 16:33:42 +0100 |
commit | d1e584e41563a5ac0949fa2d3333603ea73b252b (patch) | |
tree | ff90d4ee6c94fb1fc34ffa856c87cd27089c63a4 | |
parent | 16303db219bcd331538bb31b4101004a8e75e3b2 (diff) | |
download | aur-d1e584e41563a5ac0949fa2d3333603ea73b252b.tar.gz |
Fix FS#46955 and update patchset
-rw-r--r-- | .SRCINFO | 32 | ||||
-rw-r--r-- | .gitignore | 13 | ||||
-rw-r--r-- | CVE-2014-8139.patch | 78 | ||||
-rw-r--r-- | CVE-2014-8140.patch (renamed from test_compr_eb.patch) | 0 | ||||
-rw-r--r-- | CVE-2014-8141.patch (renamed from getZip64Data.patch) | 2 | ||||
-rw-r--r-- | CVE-2014-9636_pt1.patch (renamed from cve20149636.patch) | 0 | ||||
-rw-r--r-- | CVE-2014-9636_pt2.patch (renamed from overflow-fsize.patch) | 0 | ||||
-rw-r--r-- | CVE-2015-7696+CVE-2015-7697_pt1.patch | 66 | ||||
-rw-r--r-- | CVE-2015-7696+CVE-2015-7697_pt2.patch | 36 | ||||
-rw-r--r-- | PKGBUILD | 60 | ||||
-rw-r--r-- | crc32.patch | 45 | ||||
-rw-r--r-- | iconv-utf8+CVE-2015-1315.patch | 398 |
12 files changed, 641 insertions, 89 deletions
@@ -1,29 +1,35 @@ pkgbase = unzip-iconv pkgdesc = Unpacks .zip archives such as those made by PKZIP. With iconv patch for -O / -I goodness. pkgver = 6.0 - pkgrel = 3 - url = http://www.info-zip.org + pkgrel = 4 + url = http://www.info-zip.org/UnZip.html arch = i686 arch = x86_64 - license = custom + license = custom::Info-ZIP depends = bzip2 depends = bash provides = unzip conflicts = unzip source = http://downloads.sourceforge.net/infozip/unzip60.tar.gz - source = http://www.conostix.com/pub/adv/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch - source = overflow-fsize.patch - source = cve20149636.patch - source = test_compr_eb.patch - source = getZip64Data.patch - source = crc32.patch + source = iconv-utf8+CVE-2015-1315.patch::http://www.conostix.com/pub/adv/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch + source = CVE-2014-8139.patch::https://bugzilla.redhat.com/attachment.cgi?id=990132 + source = CVE-2014-8140.patch::https://bugzilla.redhat.com/attachment.cgi?id=969621 + source = CVE-2014-8141.patch::https://bugzilla.redhat.com/attachment.cgi?id=969625 + source = CVE-2014-9636_pt1.patch::https://bugzilla.redhat.com/attachment.cgi?id=990649 + source = CVE-2014-9636_pt2.patch::https://projects.archlinux.org/svntogit/packages.git/plain/trunk/overflow-fsize.patch?h=packages/unzip&id=15e9a8c67463aaf62a718c6e74b1c972de654346 + source = iconv-utf8+CVE-2015-1315.patch::http://www.conostix.com/pub/adv/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch + source = CVE-2015-7696+CVE-2015-7697_pt1.patch::https://bugzilla.redhat.com/attachment.cgi?id=1073339 + source = CVE-2015-7696+CVE-2015-7697_pt2.patch::https://bugzilla.redhat.com/attachment.cgi?id=1075942 sha1sums = abf7de8a4018a983590ed6f5cbd990d4740f8a22 sha1sums = 9b5d552cc6ab1f9e8b74fbbbcebfee84d46218c2 - sha1sums = 2852ce1a9db8d646516f8828436a44d34785a0b3 - sha1sums = e8c0bc17c63eeed97ad62b86845d75c849bcf4f8 + sha1sums = 8ab9aa19e3743245696223035b04cba9d34aa4f6 sha1sums = 614c3e7fa7d6da7c60ea2aa79e36f4cbd17c3824 - sha1sums = 691d0751bf0bc98cf9f9889dee39baccabefdc4d - sha1sums = 82c9fe9172779a0ee92a187d544e74e8f512b013 + sha1sums = 9904365069c5fc72d10e42ce86eb9b4041aedc98 + sha1sums = e8c0bc17c63eeed97ad62b86845d75c849bcf4f8 + sha1sums = 2852ce1a9db8d646516f8828436a44d34785a0b3 + sha1sums = 9b5d552cc6ab1f9e8b74fbbbcebfee84d46218c2 + sha1sums = 1a412abf0861225767c776721a5cd75b7e2011d7 + sha1sums = e4cc8772737e8c606ad8abb0e899a1ad631a3fa6 pkgname = unzip-iconv diff --git a/.gitignore b/.gitignore index bd5db2b5660c..3b431bd4aaa9 100644 --- a/.gitignore +++ b/.gitignore @@ -2,8 +2,11 @@ !.gitignore !.SRCINFO !PKGBUILD -!crc32.patch -!cve20149636.patch -!getZip64Data.patch -!overflow-fsize.patch -!test_compr_eb.patch +!CVE-2014-8139.patch +!CVE-2014-8140.patch +!CVE-2014-8141.patch +!CVE-2014-9636_pt1.patch +!CVE-2014-9636_pt2.patch +!CVE-2015-7696+CVE-2015-7697_pt1.patch +!CVE-2015-7696+CVE-2015-7697_pt2.patch +!iconv-utf8+CVE-2015-1315.patch diff --git a/CVE-2014-8139.patch b/CVE-2014-8139.patch new file mode 100644 index 000000000000..276a671499c5 --- /dev/null +++ b/CVE-2014-8139.patch @@ -0,0 +1,78 @@ +diff --git a/extract.c b/extract.c
+index 9ef80b3..c741b5f 100644
+--- a/extract.c
++++ b/extract.c
+@@ -1,5 +1,5 @@
+ /*
+- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
+
+ See the accompanying file LICENSE, version 2009-Jan-02 or later
+ (the contents of which are also included in unzip.h) for terms of use.
+@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] =
+ #ifndef SFX
+ static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
+ EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
++ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \
++ EF block length (%u bytes) invalid (< %d)\n";
+ static ZCONST char Far InvalidComprDataEAs[] =
+ " invalid compressed data for EAs\n";
+ # if (defined(WIN32) && defined(NTSD_EAS))
+@@ -2020,7 +2022,8 @@ static int TestExtraField(__G__ ef, ef_len)
+ ebID = makeword(ef);
+ ebLen = (unsigned)makeword(ef+EB_LEN);
+
+- if (ebLen > (ef_len - EB_HEADSIZE)) {
++ if (ebLen > (ef_len - EB_HEADSIZE))
++ {
+ /* Discovered some extra field inconsistency! */
+ if (uO.qflag)
+ Info(slide, 1, ((char *)slide, "%-22s ",
+@@ -2155,11 +2158,29 @@ static int TestExtraField(__G__ ef, ef_len)
+ }
+ break;
+ case EF_PKVMS:
+- if (makelong(ef+EB_HEADSIZE) !=
+- crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4),
+- (extent)(ebLen-4)))
+- Info(slide, 1, ((char *)slide,
+- LoadFarString(BadCRC_EAs)));
++ /* 2015-01-30 SMS. Added sufficient-bytes test/message
++ * here. (Removed defective ebLen test above.)
++ *
++ * If sufficient bytes (EB_PKVMS_MINLEN) are available,
++ * then compare the stored CRC value with the calculated
++ * CRC for the remainder of the data (and complain about
++ * a mismatch).
++ */
++ if (ebLen < EB_PKVMS_MINLEN)
++ {
++ /* Insufficient bytes available. */
++ Info( slide, 1,
++ ((char *)slide, LoadFarString( TooSmallEBlength),
++ ebLen, EB_PKVMS_MINLEN));
++ }
++ else if (makelong(ef+ EB_HEADSIZE) !=
++ crc32(CRCVAL_INITIAL,
++ (ef+ EB_HEADSIZE+ EB_PKVMS_MINLEN),
++ (extent)(ebLen- EB_PKVMS_MINLEN)))
++ {
++ Info(slide, 1, ((char *)slide,
++ LoadFarString(BadCRC_EAs)));
++ }
+ break;
+ case EF_PKW32:
+ case EF_PKUNIX:
+diff --git a/unzpriv.h b/unzpriv.h
+index 005cee0..5c83a6e 100644
+--- a/unzpriv.h
++++ b/unzpriv.h
+@@ -1806,6 +1806,8 @@
+ #define EB_NTSD_VERSION 4 /* offset of NTSD version byte */
+ #define EB_NTSD_MAX_VER (0) /* maximum version # we know how to handle */
+
++#define EB_PKVMS_MINLEN 4 /* minimum data length of PKVMS extra block */
++
+ #define EB_ASI_CRC32 0 /* offset of ASI Unix field's crc32 checksum */
+ #define EB_ASI_MODE 4 /* offset of ASI Unix permission mode field */
+
diff --git a/test_compr_eb.patch b/CVE-2014-8140.patch index 7e8c2976e4e0..7e8c2976e4e0 100644 --- a/test_compr_eb.patch +++ b/CVE-2014-8140.patch diff --git a/getZip64Data.patch b/CVE-2014-8141.patch index 1684c7391aa5..cf4368c54d61 100644 --- a/getZip64Data.patch +++ b/CVE-2014-8141.patch @@ -1,6 +1,6 @@ --- process.c 2009-03-06 02:25:10.000000000 +0100 +++ process.c 2014-12-05 22:42:39.000000000 +0100 -@@ -1,5 +1,5 @@ +@@ -1,5 +1,5 @@ /* - Copyright (c) 1990-2009 Info-ZIP. All rights reserved. + Copyright (c) 1990-2014 Info-ZIP. All rights reserved. diff --git a/cve20149636.patch b/CVE-2014-9636_pt1.patch index 228c28377ff9..228c28377ff9 100644 --- a/cve20149636.patch +++ b/CVE-2014-9636_pt1.patch diff --git a/overflow-fsize.patch b/CVE-2014-9636_pt2.patch index 910b22d5634d..910b22d5634d 100644 --- a/overflow-fsize.patch +++ b/CVE-2014-9636_pt2.patch diff --git a/CVE-2015-7696+CVE-2015-7697_pt1.patch b/CVE-2015-7696+CVE-2015-7697_pt1.patch new file mode 100644 index 000000000000..3aad17bddd78 --- /dev/null +++ b/CVE-2015-7696+CVE-2015-7697_pt1.patch @@ -0,0 +1,66 @@ +From 68efed87fabddd450c08f3112f62a73f61d493c9 Mon Sep 17 00:00:00 2001 +From: Petr Stodulka <pstodulk@redhat.com> +Date: Mon, 14 Sep 2015 18:23:17 +0200 +Subject: [PATCH 1/2] upstream fix for heap overflow + +https://bugzilla.redhat.com/attachment.cgi?id=1073002 +--- + crypt.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/crypt.c b/crypt.c +index 784e411..a8975f2 100644 +--- a/crypt.c ++++ b/crypt.c +@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd) + GLOBAL(pInfo->encrypted) = FALSE; + defer_leftover_input(__G); + for (n = 0; n < RAND_HEAD_LEN; n++) { +- b = NEXTBYTE; ++ /* 2012-11-23 SMS. (OUSPG report.) ++ * Quit early if compressed size < HEAD_LEN. The resulting ++ * error message ("unable to get password") could be improved, ++ * but it's better than trying to read nonexistent data, and ++ * then continuing with a negative G.csize. (See ++ * fileio.c:readbyte()). ++ */ ++ if ((b = NEXTBYTE) == (ush)EOF) ++ { ++ return PK_ERR; ++ } + h[n] = (uch)b; + Trace((stdout, " (%02x)", h[n])); + } +-- +2.4.6 + + +From bd8a743ee0a77e65ad07ef4196c4cd366add3f26 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Mon, 14 Sep 2015 18:24:56 +0200 +Subject: [PATCH 2/2] fix infinite loop when extracting empty bzip2 data + +--- + extract.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/extract.c b/extract.c +index 7134bfe..29db027 100644 +--- a/extract.c ++++ b/extract.c +@@ -2733,6 +2733,12 @@ __GDEF + int repeated_buf_err; + bz_stream bstrm; + ++ if (G.incnt <= 0 && G.csize <= 0L) { ++ /* avoid an infinite loop */ ++ Trace((stderr, "UZbunzip2() got empty input\n")); ++ return 2; ++ } ++ + #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) + if (G.redirect_slide) + wsize = G.redirect_size, redirSlide = G.redirect_buffer; +-- +2.4.6 + diff --git a/CVE-2015-7696+CVE-2015-7697_pt2.patch b/CVE-2015-7696+CVE-2015-7697_pt2.patch new file mode 100644 index 000000000000..98ebf53c4782 --- /dev/null +++ b/CVE-2015-7696+CVE-2015-7697_pt2.patch @@ -0,0 +1,36 @@ +From bd150334fb4084f5555a6be26b015a0671cb5b74 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Tue, 22 Sep 2015 18:52:23 +0200 +Subject: [PATCH] extract: prevent unsigned overflow on invalid input + +Suggested-by: Stefan Cornelius +--- + extract.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/extract.c b/extract.c +index 29db027..b9ae667 100644 +--- a/extract.c ++++ b/extract.c +@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk, + if (G.lrec.compression_method == STORED) { + zusz_t csiz_decrypted = G.lrec.csize; + +- if (G.pInfo->encrypted) ++ if (G.pInfo->encrypted) { ++ if (csiz_decrypted <= 12) { ++ /* handle the error now to prevent unsigned overflow */ ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarStringSmall(ErrUnzipNoFile), ++ LoadFarString(InvalidComprData), ++ LoadFarStringSmall2(Inflate))); ++ return PK_ERR; ++ } + csiz_decrypted -= 12; ++ } + if (G.lrec.ucsize != csiz_decrypted) { + Info(slide, 0x401, ((char *)slide, + LoadFarStringSmall2(WrnStorUCSizCSizDiff), +-- +2.5.2 + @@ -1,4 +1,5 @@ # Contributor: Procyon +# Maintainer: Gustavo Alvarez <sl1pkn07@gmail.com> # Contributor: Thayer Williams <thayer@archlinux.org> # Contributor: Douglas Soares de Andrade <douglas@archlinux.org> # Contributor: Robson Peixoto @@ -6,38 +7,47 @@ pkgname=unzip-iconv pkgver=6.0 -pkgrel=3 +pkgrel=4 pkgdesc="Unpacks .zip archives such as those made by PKZIP. With iconv patch for -O / -I goodness." arch=('i686' 'x86_64') -url='http://www.info-zip.org' -license=('custom') -depends=('bzip2' 'bash') +url='http://www.info-zip.org/UnZip.html' +license=('custom::Info-ZIP') +depends=('bzip2' + 'bash') provides=('unzip') conflicts=('unzip') -source=('http://downloads.sourceforge.net/infozip/unzip60.tar.gz' - 'http://www.conostix.com/pub/adv/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch' - 'overflow-fsize.patch' - 'cve20149636.patch' - 'test_compr_eb.patch' - 'getZip64Data.patch' - 'crc32.patch') +source=("http://downloads.sourceforge.net/infozip/unzip${pkgver/./}.tar.gz" + 'iconv-utf8+CVE-2015-1315.patch::http://www.conostix.com/pub/adv/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch' + 'CVE-2014-8139.patch::https://bugzilla.redhat.com/attachment.cgi?id=990132' + 'CVE-2014-8140.patch::https://bugzilla.redhat.com/attachment.cgi?id=969621' + 'CVE-2014-8141.patch::https://bugzilla.redhat.com/attachment.cgi?id=969625' + 'CVE-2014-9636_pt1.patch::https://bugzilla.redhat.com/attachment.cgi?id=990649' + 'CVE-2014-9636_pt2.patch::https://projects.archlinux.org/svntogit/packages.git/plain/trunk/overflow-fsize.patch?h=packages/unzip&id=15e9a8c67463aaf62a718c6e74b1c972de654346' + 'iconv-utf8+CVE-2015-1315.patch::http://www.conostix.com/pub/adv/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch' + 'CVE-2015-7696+CVE-2015-7697_pt1.patch::https://bugzilla.redhat.com/attachment.cgi?id=1073339' + 'CVE-2015-7696+CVE-2015-7697_pt2.patch::https://bugzilla.redhat.com/attachment.cgi?id=1075942') sha1sums=('abf7de8a4018a983590ed6f5cbd990d4740f8a22' '9b5d552cc6ab1f9e8b74fbbbcebfee84d46218c2' - '2852ce1a9db8d646516f8828436a44d34785a0b3' - 'e8c0bc17c63eeed97ad62b86845d75c849bcf4f8' + '8ab9aa19e3743245696223035b04cba9d34aa4f6' '614c3e7fa7d6da7c60ea2aa79e36f4cbd17c3824' - '691d0751bf0bc98cf9f9889dee39baccabefdc4d' - '82c9fe9172779a0ee92a187d544e74e8f512b013') + '9904365069c5fc72d10e42ce86eb9b4041aedc98' + 'e8c0bc17c63eeed97ad62b86845d75c849bcf4f8' + '2852ce1a9db8d646516f8828436a44d34785a0b3' + '9b5d552cc6ab1f9e8b74fbbbcebfee84d46218c2' + '1a412abf0861225767c776721a5cd75b7e2011d7' + 'e4cc8772737e8c606ad8abb0e899a1ad631a3fa6') prepare() { cd "unzip${pkgver/./}" - patch -Np1 -i ../06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch #iconv patch+CEV fix http://seclists.org/oss-sec/2015/q1/579 - patch -p1 -i ../overflow-fsize.patch #FS#44171 - patch -p1 -i ../cve20149636.patch #FS#44171 - patch -i ../test_compr_eb.patch # FS#43391 - patch -i ../getZip64Data.patch # FS#43300 - patch -i ../crc32.patch # FS#43300 + patch -Np1 -i ../CVE-2014-8139.patch # FS#43300 + patch -Np0 -i ../CVE-2014-8140.patch # FS#43391 + patch -Np0 -i ../CVE-2014-8141.patch # FS#43300 + patch -Np1 -i ../CVE-2014-9636_pt1.patch # FS#44171 + patch -Np1 -i ../CVE-2014-9636_pt2.patch # FS#44171 + patch -Np1 -i ../iconv-utf8+CVE-2015-1315.patch # iconv patch + CEV 2015-1315 fix http://seclists.org/oss-sec/2015/q1/579 + patch -Np1 -i ../CVE-2015-7696+CVE-2015-7697_pt1.patch # FS#46955 + patch -Np1 -i ../CVE-2015-7696+CVE-2015-7697_pt2.patch # FS#46955 } build() { @@ -45,8 +55,8 @@ build() { # set CFLAGS -- from Debian DEFINES='-DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR -DLARGE_FILE_SUPPORT \ --DUNICODE_SUPPORT -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \ --DDATE_FORMAT=DF_YMD -DUSE_BZIP2 -DNOMEMCPY -DNO_WORKING_ISPRINT' + -DUNICODE_SUPPORT -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \ + -DDATE_FORMAT=DF_YMD -DUSE_BZIP2 -DNOMEMCPY -DNO_WORKING_ISPRINT' # make -- from Debian make -f unix/Makefile prefix=/usr \ @@ -59,8 +69,8 @@ package() { cd "unzip${pkgver/./}" # install -- from Debian - make -f unix/Makefile prefix="${pkgdir}"/usr MANDIR="${pkgdir}/usr/share/man/man\$(manext)" install + make -f unix/Makefile prefix="${pkgdir}/usr" MANDIR="${pkgdir}/usr/share/man/man\$(manext)" install # install the license file - install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/unzip/LICENSE + install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/unzip-iconv/LICENSE } diff --git a/crc32.patch b/crc32.patch deleted file mode 100644 index 43b29d78332b..000000000000 --- a/crc32.patch +++ /dev/null @@ -1,45 +0,0 @@ ---- unzip60/extract.c 2010-04-03 14:41:55 -0500 -+++ unzip60/extract.c 2014-12-03 15:33:35 -0600 -@@ -1,5 +1,5 @@ - /* -- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. -+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. - - See the accompanying file LICENSE, version 2009-Jan-02 or later - (the contents of which are also included in unzip.h) for terms of use. -@@ -298,6 +298,8 @@ - #ifndef SFX - static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ - EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; -+ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \ -+ EF block length (%u bytes) invalid (< %d)\n"; - static ZCONST char Far InvalidComprDataEAs[] = - " invalid compressed data for EAs\n"; - # if (defined(WIN32) && defined(NTSD_EAS)) -@@ -2023,7 +2025,8 @@ - ebID = makeword(ef); - ebLen = (unsigned)makeword(ef+EB_LEN); - -- if (ebLen > (ef_len - EB_HEADSIZE)) { -+ if (ebLen > (ef_len - EB_HEADSIZE)) -+ { - /* Discovered some extra field inconsistency! */ - if (uO.qflag) - Info(slide, 1, ((char *)slide, "%-22s ", -@@ -2032,6 +2035,16 @@ - ebLen, (ef_len - EB_HEADSIZE))); - return PK_ERR; - } -+ else if (ebLen < EB_HEADSIZE) -+ { -+ /* Extra block length smaller than header length. */ -+ if (uO.qflag) -+ Info(slide, 1, ((char *)slide, "%-22s ", -+ FnFilter1(G.filename))); -+ Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength), -+ ebLen, EB_HEADSIZE)); -+ return PK_ERR; -+ } - - switch (ebID) { - case EF_OS2: diff --git a/iconv-utf8+CVE-2015-1315.patch b/iconv-utf8+CVE-2015-1315.patch new file mode 100644 index 000000000000..b9e37774e224 --- /dev/null +++ b/iconv-utf8+CVE-2015-1315.patch @@ -0,0 +1,398 @@ +From: Giovanni Scafora <giovanni.archlinux.org> +Subject: unzip files encoded with non-latin, non-unicode file names +Last-Update: 2015-02-11 + +Updated 2015-02-11 by Marc Deslauriers <marc.deslauriers@canonical.com> +to fix buffer overflow in charset_to_intern() + +Index: unzip-6.0/unix/unix.c +=================================================================== +--- unzip-6.0.orig/unix/unix.c 2015-02-11 08:46:43.675324290 -0500 ++++ unzip-6.0/unix/unix.c 2015-02-11 09:18:04.902081319 -0500 +@@ -30,6 +30,9 @@ + #define UNZIP_INTERNAL + #include "unzip.h" + ++#include <iconv.h> ++#include <langinfo.h> ++ + #ifdef SCO_XENIX + # define SYSNDIR + #else /* SCO Unix, AIX, DNIX, TI SysV, Coherent 4.x, ... */ +@@ -1874,3 +1877,102 @@ + } + } + #endif /* QLZIP */ ++ ++ ++typedef struct { ++ char *local_charset; ++ char *archive_charset; ++} CHARSET_MAP; ++ ++/* A mapping of local <-> archive charsets used by default to convert filenames ++ * of DOS/Windows Zip archives. Currently very basic. */ ++static CHARSET_MAP dos_charset_map[] = { ++ { "ANSI_X3.4-1968", "CP850" }, ++ { "ISO-8859-1", "CP850" }, ++ { "CP1252", "CP850" }, ++ { "UTF-8", "CP866" }, ++ { "KOI8-R", "CP866" }, ++ { "KOI8-U", "CP866" }, ++ { "ISO-8859-5", "CP866" } ++}; ++ ++char OEM_CP[MAX_CP_NAME] = ""; ++char ISO_CP[MAX_CP_NAME] = ""; ++ ++/* Try to guess the default value of OEM_CP based on the current locale. ++ * ISO_CP is left alone for now. */ ++void init_conversion_charsets() ++{ ++ const char *local_charset; ++ int i; ++ ++ /* Make a guess only if OEM_CP not already set. */ ++ if(*OEM_CP == '\0') { ++ local_charset = nl_langinfo(CODESET); ++ for(i = 0; i < sizeof(dos_charset_map)/sizeof(CHARSET_MAP); i++) ++ if(!strcasecmp(local_charset, dos_charset_map[i].local_charset)) { ++ strncpy(OEM_CP, dos_charset_map[i].archive_charset, ++ sizeof(OEM_CP)); ++ break; ++ } ++ } ++} ++ ++/* Convert a string from one encoding to the current locale using iconv(). ++ * Be as non-intrusive as possible. If error is encountered during covertion ++ * just leave the string intact. */ ++static void charset_to_intern(char *string, char *from_charset) ++{ ++ iconv_t cd; ++ char *s,*d, *buf; ++ size_t slen, dlen, buflen; ++ const char *local_charset; ++ ++ if(*from_charset == '\0') ++ return; ++ ++ buf = NULL; ++ local_charset = nl_langinfo(CODESET); ++ ++ if((cd = iconv_open(local_charset, from_charset)) == (iconv_t)-1) ++ return; ++ ++ slen = strlen(string); ++ s = string; ++ ++ /* Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ ++ * as this function also gets called with G.outbuf in fileio.c ++ */ ++ buflen = FILNAMSIZ; ++ if (OUTBUFSIZ + 1 < FILNAMSIZ) ++ { ++ buflen = OUTBUFSIZ + 1; ++ } ++ ++ d = buf = malloc(buflen); ++ if(!d) ++ goto cleanup; ++ ++ bzero(buf,buflen); ++ dlen = buflen - 1; ++ ++ if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1) ++ goto cleanup; ++ strncpy(string, buf, buflen); ++ ++ cleanup: ++ free(buf); ++ iconv_close(cd); ++} ++ ++/* Convert a string from OEM_CP to the current locale charset. */ ++inline void oem_intern(char *string) ++{ ++ charset_to_intern(string, OEM_CP); ++} ++ ++/* Convert a string from ISO_CP to the current locale charset. */ ++inline void iso_intern(char *string) ++{ ++ charset_to_intern(string, ISO_CP); ++} +Index: unzip-6.0/unix/unxcfg.h +=================================================================== +--- unzip-6.0.orig/unix/unxcfg.h 2015-02-11 08:46:43.675324290 -0500 ++++ unzip-6.0/unix/unxcfg.h 2015-02-11 08:46:43.671324260 -0500 +@@ -228,4 +228,30 @@ + /* wild_dir, dirname, wildname, matchname[], dirnamelen, have_dirname, */ + /* and notfirstcall are used by do_wild(). */ + ++ ++#define MAX_CP_NAME 25 ++ ++#ifdef SETLOCALE ++# undef SETLOCALE ++#endif ++#define SETLOCALE(category, locale) setlocale(category, locale) ++#include <locale.h> ++ ++#ifdef _ISO_INTERN ++# undef _ISO_INTERN ++#endif ++#define _ISO_INTERN(str1) iso_intern(str1) ++ ++#ifdef _OEM_INTERN ++# undef _OEM_INTERN ++#endif ++#ifndef IZ_OEM2ISO_ARRAY ++# define IZ_OEM2ISO_ARRAY ++#endif ++#define _OEM_INTERN(str1) oem_intern(str1) ++ ++void iso_intern(char *); ++void oem_intern(char *); ++void init_conversion_charsets(void); ++ + #endif /* !__unxcfg_h */ +Index: unzip-6.0/unzip.c +=================================================================== +--- unzip-6.0.orig/unzip.c 2015-02-11 08:46:43.675324290 -0500 ++++ unzip-6.0/unzip.c 2015-02-11 08:46:43.675324290 -0500 +@@ -327,11 +327,21 @@ + -2 just filenames but allow -h/-t/-z -l long Unix \"ls -l\" format\n\ + -v verbose, multi-page format\n"; + ++#ifndef UNIX + static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\ + -h print header line -t print totals for listed files or for all\n\ + -z print zipfile comment -T print file times in sortable decimal format\ + \n -C be case-insensitive %s\ + -x exclude filenames that follow from listing\n"; ++#else /* UNIX */ ++static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\ ++ -h print header line -t print totals for listed files or for all\n\ ++ -z print zipfile comment %c-T%c print file times in sortable decimal format\ ++\n %c-C%c be case-insensitive %s\ ++ -x exclude filenames that follow from listing\n\ ++ -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\ ++ -I CHARSET specify a character encoding for UNIX and other archives\n"; ++#endif /* !UNIX */ + #ifdef MORE + static ZCONST char Far ZipInfoUsageLine4[] = + " -M page output through built-in \"more\"\n"; +@@ -664,6 +674,17 @@ + -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\ + -C match filenames case-insensitively -L make (some) names \ + lowercase\n %-42s -V retain VMS version numbers\n%s"; ++#elif (defined UNIX) ++static ZCONST char Far UnzipUsageLine4[] = "\ ++modifiers:\n\ ++ -n never overwrite existing files -q quiet mode (-qq => quieter)\n\ ++ -o overwrite files WITHOUT prompting -a auto-convert any text files\n\ ++ -j junk paths (do not make directories) -aa treat ALL files as text\n\ ++ -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\ ++ -C match filenames case-insensitively -L make (some) names \ ++lowercase\n %-42s -V retain VMS version numbers\n%s\ ++ -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\ ++ -I CHARSET specify a character encoding for UNIX and other archives\n\n"; + #else /* !VMS */ + static ZCONST char Far UnzipUsageLine4[] = "\ + modifiers:\n\ +@@ -802,6 +823,10 @@ + #endif /* UNICODE_SUPPORT */ + + ++#ifdef UNIX ++ init_conversion_charsets(); ++#endif ++ + #if (defined(__IBMC__) && defined(__DEBUG_ALLOC__)) + extern void DebugMalloc(void); + +@@ -1335,6 +1360,11 @@ + argc = *pargc; + argv = *pargv; + ++#ifdef UNIX ++ extern char OEM_CP[MAX_CP_NAME]; ++ extern char ISO_CP[MAX_CP_NAME]; ++#endif ++ + while (++argv, (--argc > 0 && *argv != NULL && **argv == '-')) { + s = *argv + 1; + while ((c = *s++) != 0) { /* "!= 0": prevent Turbo C warning */ +@@ -1516,6 +1546,35 @@ + } + break; + #endif /* MACOS */ ++#ifdef UNIX ++ case ('I'): ++ if (negative) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: encodings can't be negated")); ++ return(PK_PARAM); ++ } else { ++ if(*s) { /* Handle the -Icharset case */ ++ /* Assume that charsets can't start with a dash to spot arguments misuse */ ++ if(*s == '-') { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -I argument")); ++ return(PK_PARAM); ++ } ++ strncpy(ISO_CP, s, sizeof(ISO_CP)); ++ } else { /* -I charset */ ++ ++argv; ++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -I argument")); ++ return(PK_PARAM); ++ } ++ s = *argv; ++ strncpy(ISO_CP, s, sizeof(ISO_CP)); ++ } ++ while(*(++s)); /* No params straight after charset name */ ++ } ++ break; ++#endif /* ?UNIX */ + case ('j'): /* junk pathnames/directory structure */ + if (negative) + uO.jflag = FALSE, negative = 0; +@@ -1591,6 +1650,35 @@ + } else + ++uO.overwrite_all; + break; ++#ifdef UNIX ++ case ('O'): ++ if (negative) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: encodings can't be negated")); ++ return(PK_PARAM); ++ } else { ++ if(*s) { /* Handle the -Ocharset case */ ++ /* Assume that charsets can't start with a dash to spot arguments misuse */ ++ if(*s == '-') { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -I argument")); ++ return(PK_PARAM); ++ } ++ strncpy(OEM_CP, s, sizeof(OEM_CP)); ++ } else { /* -O charset */ ++ ++argv; ++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -O argument")); ++ return(PK_PARAM); ++ } ++ s = *argv; ++ strncpy(OEM_CP, s, sizeof(OEM_CP)); ++ } ++ while(*(++s)); /* No params straight after charset name */ ++ } ++ break; ++#endif /* ?UNIX */ + case ('p'): /* pipes: extract to stdout, no messages */ + if (negative) { + uO.cflag = FALSE; +Index: unzip-6.0/unzpriv.h +=================================================================== +--- unzip-6.0.orig/unzpriv.h 2015-02-11 08:46:43.675324290 -0500 ++++ unzip-6.0/unzpriv.h 2015-02-11 08:46:43.675324290 -0500 +@@ -3008,7 +3008,7 @@ + !(((islochdr) || (isuxatt)) && \ + ((hostver) == 25 || (hostver) == 26 || (hostver) == 40))) || \ + (hostnum) == FS_HPFS_ || \ +- ((hostnum) == FS_NTFS_ && (hostver) == 50)) { \ ++ ((hostnum) == FS_NTFS_ /* && (hostver) == 50 */ )) { \ + _OEM_INTERN((string)); \ + } else { \ + _ISO_INTERN((string)); \ +Index: unzip-6.0/zipinfo.c +=================================================================== +--- unzip-6.0.orig/zipinfo.c 2015-02-11 08:46:43.675324290 -0500 ++++ unzip-6.0/zipinfo.c 2015-02-11 08:46:43.675324290 -0500 +@@ -457,6 +457,10 @@ + int tflag_slm=TRUE, tflag_2v=FALSE; + int explicit_h=FALSE, explicit_t=FALSE; + ++#ifdef UNIX ++ extern char OEM_CP[MAX_CP_NAME]; ++ extern char ISO_CP[MAX_CP_NAME]; ++#endif + + #ifdef MACOS + uO.lflag = LFLAG; /* reset default on each call */ +@@ -501,6 +505,35 @@ + uO.lflag = 0; + } + break; ++#ifdef UNIX ++ case ('I'): ++ if (negative) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: encodings can't be negated")); ++ return(PK_PARAM); ++ } else { ++ if(*s) { /* Handle the -Icharset case */ ++ /* Assume that charsets can't start with a dash to spot arguments misuse */ ++ if(*s == '-') { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -I argument")); ++ return(PK_PARAM); ++ } ++ strncpy(ISO_CP, s, sizeof(ISO_CP)); ++ } else { /* -I charset */ ++ ++argv; ++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -I argument")); ++ return(PK_PARAM); ++ } ++ s = *argv; ++ strncpy(ISO_CP, s, sizeof(ISO_CP)); ++ } ++ while(*(++s)); /* No params straight after charset name */ ++ } ++ break; ++#endif /* ?UNIX */ + case 'l': /* longer form of "ls -l" type listing */ + if (negative) + uO.lflag = -2, negative = 0; +@@ -521,6 +554,35 @@ + G.M_flag = TRUE; + break; + #endif ++#ifdef UNIX ++ case ('O'): ++ if (negative) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: encodings can't be negated")); ++ return(PK_PARAM); ++ } else { ++ if(*s) { /* Handle the -Ocharset case */ ++ /* Assume that charsets can't start with a dash to spot arguments misuse */ ++ if(*s == '-') { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -I argument")); ++ return(PK_PARAM); ++ } ++ strncpy(OEM_CP, s, sizeof(OEM_CP)); ++ } else { /* -O charset */ ++ ++argv; ++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) { ++ Info(slide, 0x401, ((char *)slide, ++ "error: a valid character encoding should follow the -O argument")); ++ return(PK_PARAM); ++ } ++ s = *argv; ++ strncpy(OEM_CP, s, sizeof(OEM_CP)); ++ } ++ while(*(++s)); /* No params straight after charset name */ ++ } ++ break; ++#endif /* ?UNIX */ + case 's': /* default: shorter "ls -l" type listing */ + if (negative) + uO.lflag = -2, negative = 0; |