diff options
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | PKGBUILD | 6 | ||||
-rw-r--r-- | unzip-6.0_CVE-2021-4217.patch | 19 |
4 files changed, 27 insertions, 3 deletions
@@ -1,7 +1,7 @@ pkgbase = unzip-iconv pkgdesc = Unpacks .zip archives such as those made by PKZIP. With iconv patch for -O / -I goodness. pkgver = 6.0 - pkgrel = 10 + pkgrel = 11 url = http://infozip.sourceforge.net/UnZip.html arch = x86_64 license = custom::Info-ZIP @@ -28,6 +28,7 @@ pkgbase = unzip-iconv source = http://cgit.openembedded.org/openembedded-core/plain/meta/recipes-extended/unzip/unzip/symlink.patch source = http://cgit.openembedded.org/openembedded-core/plain/meta/recipes-extended/unzip/unzip/avoid-strip.patch source = http://cgit.openembedded.org/openembedded-core/plain/meta/recipes-extended/unzip/unzip/define-ldflags.patch + source = unzip-6.0_CVE-2021-4217.patch sha256sums = 036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37 sha256sums = d628193875fd6881d8797cfc7fabda6ff21558550e830bd6aa9cefd49af5df15 sha256sums = aea4d52e2a328a22674f030c27492592e8edaf945e77ea63240df296e902fdc1 @@ -47,5 +48,6 @@ pkgbase = unzip-iconv sha256sums = 547be7926c0d9350b6bf4b43dc6404d8dd0d5a8601e5aaab6691b21c2cc81b0d sha256sums = 3dc2aefeb58823a5b1bf3a28f9c459dc07aef7395c2864e968e4f83d98971699 sha256sums = 7934a7123a4acc1d971c60e7ee609af1d18dd01827cf27bdc63004e263c5c742 + sha256sums = cb88ba5a2c9bdffd5867206a48841f638e2a7970e88cc009b90202bdca988b8b pkgname = unzip-iconv diff --git a/.gitignore b/.gitignore index 05c6d4d4c97b..3ba304bffd3b 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ !.gitignore !.SRCINFO !PKGBUILD +!unzip-6.0_CVE-2021-4217.patch @@ -8,7 +8,7 @@ pkgname=unzip-iconv pkgver=6.0 -pkgrel=10 +pkgrel=11 pkgdesc="Unpacks .zip archives such as those made by PKZIP. With iconv patch for -O / -I goodness." arch=('x86_64') url='http://infozip.sourceforge.net/UnZip.html' @@ -36,6 +36,7 @@ source=("http://downloads.sourceforge.net/infozip/unzip${pkgver/./}.tar.gz" 'http://cgit.openembedded.org/openembedded-core/plain/meta/recipes-extended/unzip/unzip/symlink.patch' 'http://cgit.openembedded.org/openembedded-core/plain/meta/recipes-extended/unzip/unzip/avoid-strip.patch' 'http://cgit.openembedded.org/openembedded-core/plain/meta/recipes-extended/unzip/unzip/define-ldflags.patch' + 'unzip-6.0_CVE-2021-4217.patch' ) sha256sums=('036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37' 'd628193875fd6881d8797cfc7fabda6ff21558550e830bd6aa9cefd49af5df15' @@ -56,7 +57,7 @@ sha256sums=('036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37' '547be7926c0d9350b6bf4b43dc6404d8dd0d5a8601e5aaab6691b21c2cc81b0d' '3dc2aefeb58823a5b1bf3a28f9c459dc07aef7395c2864e968e4f83d98971699' '7934a7123a4acc1d971c60e7ee609af1d18dd01827cf27bdc63004e263c5c742' - ) + 'cb88ba5a2c9bdffd5867206a48841f638e2a7970e88cc009b90202bdca988b8b') prepare() { cd "unzip${pkgver/./}" @@ -77,6 +78,7 @@ prepare() { patch -Np1 -i "${srcdir}/symlink.patch" patch -Np1 -i "${srcdir}/avoid-strip.patch" patch -Np1 -i "${srcdir}/define-ldflags.patch" + patch -Np1 -i "${srcdir}/unzip-6.0_CVE-2021-4217.patch" } build() { diff --git a/unzip-6.0_CVE-2021-4217.patch b/unzip-6.0_CVE-2021-4217.patch new file mode 100644 index 000000000000..37b83cca0575 --- /dev/null +++ b/unzip-6.0_CVE-2021-4217.patch @@ -0,0 +1,19 @@ +diff --git a/process.c b/process.c +index d2a846e..cba2463 100644 +--- a/process.c ++++ b/process.c +@@ -2064,10 +2064,14 @@ int getUnicodeData(__G__ ef_buf, ef_len) + G.unipath_checksum = makelong(offset + ef_buf); + offset += 4; + ++ if (!G.filename_full) { ++ /* Check if we have a unicode extra section but no filename set */ ++ return PK_ERR; ++ } ++ + /* + * Compute 32-bit crc + */ +- + chksum = crc32(chksum, (uch *)(G.filename_full), + strlen(G.filename_full)); |