summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO4
-rw-r--r--.gitignore1
-rw-r--r--PKGBUILD6
-rw-r--r--unzip-6.0_CVE-2021-4217.patch19
4 files changed, 27 insertions, 3 deletions
diff --git a/.SRCINFO b/.SRCINFO
index d80f5c44f70f..f505a8a9941b 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
pkgbase = unzip-iconv
pkgdesc = Unpacks .zip archives such as those made by PKZIP. With iconv patch for -O / -I goodness.
pkgver = 6.0
- pkgrel = 10
+ pkgrel = 11
url = http://infozip.sourceforge.net/UnZip.html
arch = x86_64
license = custom::Info-ZIP
@@ -28,6 +28,7 @@ pkgbase = unzip-iconv
source = http://cgit.openembedded.org/openembedded-core/plain/meta/recipes-extended/unzip/unzip/symlink.patch
source = http://cgit.openembedded.org/openembedded-core/plain/meta/recipes-extended/unzip/unzip/avoid-strip.patch
source = http://cgit.openembedded.org/openembedded-core/plain/meta/recipes-extended/unzip/unzip/define-ldflags.patch
+ source = unzip-6.0_CVE-2021-4217.patch
sha256sums = 036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37
sha256sums = d628193875fd6881d8797cfc7fabda6ff21558550e830bd6aa9cefd49af5df15
sha256sums = aea4d52e2a328a22674f030c27492592e8edaf945e77ea63240df296e902fdc1
@@ -47,5 +48,6 @@ pkgbase = unzip-iconv
sha256sums = 547be7926c0d9350b6bf4b43dc6404d8dd0d5a8601e5aaab6691b21c2cc81b0d
sha256sums = 3dc2aefeb58823a5b1bf3a28f9c459dc07aef7395c2864e968e4f83d98971699
sha256sums = 7934a7123a4acc1d971c60e7ee609af1d18dd01827cf27bdc63004e263c5c742
+ sha256sums = cb88ba5a2c9bdffd5867206a48841f638e2a7970e88cc009b90202bdca988b8b
pkgname = unzip-iconv
diff --git a/.gitignore b/.gitignore
index 05c6d4d4c97b..3ba304bffd3b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
!.gitignore
!.SRCINFO
!PKGBUILD
+!unzip-6.0_CVE-2021-4217.patch
diff --git a/PKGBUILD b/PKGBUILD
index bef18113694a..93cabfeb2871 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -8,7 +8,7 @@
pkgname=unzip-iconv
pkgver=6.0
-pkgrel=10
+pkgrel=11
pkgdesc="Unpacks .zip archives such as those made by PKZIP. With iconv patch for -O / -I goodness."
arch=('x86_64')
url='http://infozip.sourceforge.net/UnZip.html'
@@ -36,6 +36,7 @@ source=("http://downloads.sourceforge.net/infozip/unzip${pkgver/./}.tar.gz"
'http://cgit.openembedded.org/openembedded-core/plain/meta/recipes-extended/unzip/unzip/symlink.patch'
'http://cgit.openembedded.org/openembedded-core/plain/meta/recipes-extended/unzip/unzip/avoid-strip.patch'
'http://cgit.openembedded.org/openembedded-core/plain/meta/recipes-extended/unzip/unzip/define-ldflags.patch'
+ 'unzip-6.0_CVE-2021-4217.patch'
)
sha256sums=('036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37'
'd628193875fd6881d8797cfc7fabda6ff21558550e830bd6aa9cefd49af5df15'
@@ -56,7 +57,7 @@ sha256sums=('036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37'
'547be7926c0d9350b6bf4b43dc6404d8dd0d5a8601e5aaab6691b21c2cc81b0d'
'3dc2aefeb58823a5b1bf3a28f9c459dc07aef7395c2864e968e4f83d98971699'
'7934a7123a4acc1d971c60e7ee609af1d18dd01827cf27bdc63004e263c5c742'
- )
+ 'cb88ba5a2c9bdffd5867206a48841f638e2a7970e88cc009b90202bdca988b8b')
prepare() {
cd "unzip${pkgver/./}"
@@ -77,6 +78,7 @@ prepare() {
patch -Np1 -i "${srcdir}/symlink.patch"
patch -Np1 -i "${srcdir}/avoid-strip.patch"
patch -Np1 -i "${srcdir}/define-ldflags.patch"
+ patch -Np1 -i "${srcdir}/unzip-6.0_CVE-2021-4217.patch"
}
build() {
diff --git a/unzip-6.0_CVE-2021-4217.patch b/unzip-6.0_CVE-2021-4217.patch
new file mode 100644
index 000000000000..37b83cca0575
--- /dev/null
+++ b/unzip-6.0_CVE-2021-4217.patch
@@ -0,0 +1,19 @@
+diff --git a/process.c b/process.c
+index d2a846e..cba2463 100644
+--- a/process.c
++++ b/process.c
+@@ -2064,10 +2064,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
+ G.unipath_checksum = makelong(offset + ef_buf);
+ offset += 4;
+
++ if (!G.filename_full) {
++ /* Check if we have a unicode extra section but no filename set */
++ return PK_ERR;
++ }
++
+ /*
+ * Compute 32-bit crc
+ */
+-
+ chksum = crc32(chksum, (uch *)(G.filename_full),
+ strlen(G.filename_full));