diff options
author | Natrio | 2015-11-04 18:11:28 +0300 |
---|---|---|
committer | Natrio | 2015-11-04 18:11:28 +0300 |
commit | 11d6e3741e26621265bd0371dbc937e7246f181e (patch) | |
tree | feab542163aafe65e88f2ab82ad2a72438bbebfc | |
parent | 584df57b04e692adf657ae781ac11d28a193c7de (diff) | |
download | aur-11d6e3741e26621265bd0371dbc937e7246f181e.tar.gz |
Update to 6.0-6 (sync patches to unzip 6.0-11)
-rw-r--r-- | .SRCINFO | 12 | ||||
-rw-r--r-- | PKGBUILD | 20 | ||||
-rw-r--r-- | csiz-underflow.patch | 32 | ||||
-rw-r--r-- | cve20149636.patch | 25 | ||||
-rw-r--r-- | empty-input.patch | 26 | ||||
-rw-r--r-- | nextbyte-overflow.patch | 33 | ||||
-rw-r--r-- | overflow-fsize.patch | 34 |
7 files changed, 177 insertions, 5 deletions
@@ -1,7 +1,7 @@ pkgbase = unzip-natspec pkgdesc = Unpacks .zip archives with non-latin filenames, using libnatspec patch from AltLinux. pkgver = 6.0 - pkgrel = 5 + pkgrel = 6 url = http://www.info-zip.org/ arch = i686 arch = x86_64 @@ -15,14 +15,24 @@ pkgbase = unzip-natspec conflicts = unzip source = http://downloads.sourceforge.net/infozip/unzip60.tar.gz source = unzip-6.0-alt-natspec.patch + source = overflow-fsize.patch + source = cve20149636.patch source = test_compr_eb.patch source = getZip64Data.patch source = crc32.patch + source = empty-input.patch + source = csiz-underflow.patch + source = nextbyte-overflow.patch sha256sums = 036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37 sha256sums = SKIP sha256sums = SKIP sha256sums = SKIP sha256sums = SKIP + sha256sums = SKIP + sha256sums = SKIP + sha256sums = SKIP + sha256sums = SKIP + sha256sums = SKIP pkgname = unzip-natspec @@ -5,7 +5,7 @@ pkgname=unzip-natspec pkgver=6.0 -pkgrel=5 +pkgrel=6 pkgdesc="Unpacks .zip archives with non-latin filenames, using libnatspec patch from AltLinux." arch=('i686' 'x86_64' 'armv7h' 'armv6h') url="http://www.info-zip.org/" @@ -14,17 +14,29 @@ depends=('bzip2' 'bash' 'libnatspec') conflicts=('unzip') provides=('unzip') source=('http://downloads.sourceforge.net/infozip/unzip60.tar.gz' - unzip-6.0-alt-natspec.patch - test_compr_eb.patch getZip64Data.patch crc32.patch ) + 'unzip-6.0-alt-natspec.patch' + 'overflow-fsize.patch' + 'cve20149636.patch' + 'test_compr_eb.patch' + 'getZip64Data.patch' + 'crc32.patch' + 'empty-input.patch' + 'csiz-underflow.patch' + 'nextbyte-overflow.patch' ) sha256sums=('036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37' - SKIP SKIP SKIP SKIP ) + SKIP SKIP SKIP SKIP SKIP SKIP SKIP SKIP SKIP ) build() { cd ${srcdir}/${pkgname/-natspec/}${pkgver/./} patch -p1 -i ${srcdir}/unzip-6.0-alt-natspec.patch || return 1 + patch -p1 -i ${srcdir}/overflow-fsize.patch || return 1 #FS#44171 + patch -p1 -i ${srcdir}/cve20149636.patch || return 1 #FS#44171 patch -i ${srcdir}/test_compr_eb.patch || return 1 # FS#43391 patch -i ${srcdir}/getZip64Data.patch || return 1 # FS#43300 patch -i ${srcdir}/crc32.patch || return 1 # FS#43300 + patch -p1 -i ${srcdir}/empty-input.patch || return 1 # FS#46955 + patch -p1 -i ${srcdir}/csiz-underflow.patch || return 1 # FS#46955 + patch -p1 -i ${srcdir}/nextbyte-overflow.patch || return 1 # FS#46955 export CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -DACORN_FTYPE_NFS \ -DWILD_STOP_AT_DIR -DLARGE_FILE_SUPPORT -DUNICODE_SUPPORT \ -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD -DDATE_FORMAT=DF_YMD \ diff --git a/csiz-underflow.patch b/csiz-underflow.patch new file mode 100644 index 000000000000..52321c208a1a --- /dev/null +++ b/csiz-underflow.patch @@ -0,0 +1,32 @@ +From: Kamil Dudka <kdudka@redhat.com> +Date: Tue, 22 Sep 2015 18:52:23 +0200 +Subject: [PATCH] extract: prevent unsigned overflow on invalid input +Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1075942 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 + +Suggested-by: Stefan Cornelius +--- + extract.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/extract.c ++++ b/extract.c +@@ -1257,8 +1257,17 @@ + if (G.lrec.compression_method == STORED) { + zusz_t csiz_decrypted = G.lrec.csize; + +- if (G.pInfo->encrypted) ++ if (G.pInfo->encrypted) { ++ if (csiz_decrypted <= 12) { ++ /* handle the error now to prevent unsigned overflow */ ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarStringSmall(ErrUnzipNoFile), ++ LoadFarString(InvalidComprData), ++ LoadFarStringSmall2(Inflate))); ++ return PK_ERR; ++ } + csiz_decrypted -= 12; ++ } + if (G.lrec.ucsize != csiz_decrypted) { + Info(slide, 0x401, ((char *)slide, + LoadFarStringSmall2(WrnStorUCSizCSizDiff), diff --git a/cve20149636.patch b/cve20149636.patch new file mode 100644 index 000000000000..228c28377ff9 --- /dev/null +++ b/cve20149636.patch @@ -0,0 +1,25 @@ +diff --git a/extract.c b/extract.c +index a0a4929..9ef80b3 100644 +--- a/extract.c ++++ b/extract.c +@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) + ulg eb_ucsize; + uch *eb_ucptr; + int r; ++ ush method; + + if (compr_offset < 4) /* field is not compressed: */ + return PK_OK; /* do nothing and signal OK */ +@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) + eb_size <= (compr_offset + EB_CMPRHEADLEN))) + return IZ_EF_TRUNC; /* no compressed data! */ + ++ method = makeword(eb + (EB_HEADSIZE + compr_offset)); ++ if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize)) ++ return PK_ERR; /* compressed & uncompressed ++ * should match in STORED ++ * method */ ++ + if ( + #ifdef INT_16BIT + (((ulg)(extent)eb_ucsize) != eb_ucsize) || diff --git a/empty-input.patch b/empty-input.patch new file mode 100644 index 000000000000..45cbe92787c4 --- /dev/null +++ b/empty-input.patch @@ -0,0 +1,26 @@ +From: Kamil Dudka <kdudka@redhat.com> +Date: Mon, 14 Sep 2015 18:24:56 +0200 +Subject: fix infinite loop when extracting empty bzip2 data +Bug-Debian: https://bugs.debian.org/802160 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 +Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339 + +--- + extract.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/extract.c ++++ b/extract.c +@@ -2728,6 +2728,12 @@ + int repeated_buf_err; + bz_stream bstrm; + ++ if (G.incnt <= 0 && G.csize <= 0L) { ++ /* avoid an infinite loop */ ++ Trace((stderr, "UZbunzip2() got empty input\n")); ++ return 2; ++ } ++ + #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) + if (G.redirect_slide) + wsize = G.redirect_size, redirSlide = G.redirect_buffer; diff --git a/nextbyte-overflow.patch b/nextbyte-overflow.patch new file mode 100644 index 000000000000..91482dae059a --- /dev/null +++ b/nextbyte-overflow.patch @@ -0,0 +1,33 @@ +From: Petr Stodulka <pstodulk@redhat.com> +Date: Mon, 14 Sep 2015 18:23:17 +0200 +Subject: Upstream fix for heap overflow +Bug-Debian: https://bugs.debian.org/802162 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 +Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002 +Forwarded: yes + +--- + crypt.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +--- a/crypt.c ++++ b/crypt.c +@@ -465,7 +465,17 @@ + GLOBAL(pInfo->encrypted) = FALSE; + defer_leftover_input(__G); + for (n = 0; n < RAND_HEAD_LEN; n++) { +- b = NEXTBYTE; ++ /* 2012-11-23 SMS. (OUSPG report.) ++ * Quit early if compressed size < HEAD_LEN. The resulting ++ * error message ("unable to get password") could be improved, ++ * but it's better than trying to read nonexistent data, and ++ * then continuing with a negative G.csize. (See ++ * fileio.c:readbyte()). ++ */ ++ if ((b = NEXTBYTE) == (ush)EOF) ++ { ++ return PK_ERR; ++ } + h[n] = (uch)b; + Trace((stdout, " (%02x)", h[n])); + } diff --git a/overflow-fsize.patch b/overflow-fsize.patch new file mode 100644 index 000000000000..910b22d5634d --- /dev/null +++ b/overflow-fsize.patch @@ -0,0 +1,34 @@ +t a/list.c b/list.c +index f7359c3..4c3d703 100644 +--- a/list.c ++++ b/list.c +@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type error code */ + { + int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; + #ifndef WINDLL +- char sgn, cfactorstr[10]; ++ char sgn, cfactorstr[13]; + int longhdr=(uO.vflag>1); + #endif + int date_format; +@@ -339,7 +339,19 @@ int list_files(__G) /* return PK-type error code */ + G.crec.compression_method == ENHDEFLATED) { + methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; + } else if (methnum >= NUM_METHODS) { +- sprintf(&methbuf[4], "%03u", G.crec.compression_method); ++ /* 2013-02-26 SMS. ++ * http://sourceforge.net/tracker/?func=detail ++ * &aid=2861648&group_id=118012&atid=679786 ++ * Unexpectedly large compression methods overflow ++ * &methbuf[]. Use the old, three-digit decimal format ++ * for values which fit. Otherwise, sacrifice the ++ * colon, and use four-digit hexadecimal. ++ */ ++ if (G.crec.compression_method <= 999) { ++ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method); ++ } else { ++ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method); ++ } + } + + #if 0 /* GRR/Euro: add this? */ |