Date: Friday, April 24, 2020 @ 13:12:53 Author: jelle Revision: 381491
archrelease: copy trunk to extra-x86_64 Added: unzip/repos/extra-x86_64/PKGBUILD (from rev 381490, unzip/trunk/PKGBUILD) unzip/repos/extra-x86_64/crc32.patch (from rev 381490, unzip/trunk/crc32.patch) unzip/repos/extra-x86_64/csiz-underflow.patch (from rev 381490, unzip/trunk/csiz-underflow.patch) unzip/repos/extra-x86_64/cve20149636.patch (from rev 381490, unzip/trunk/cve20149636.patch) unzip/repos/extra-x86_64/empty-input.patch (from rev 381490, unzip/trunk/empty-input.patch) unzip/repos/extra-x86_64/getZip64Data.patch (from rev 381490, unzip/trunk/getZip64Data.patch) unzip/repos/extra-x86_64/nextbyte-overflow.patch (from rev 381490, unzip/trunk/nextbyte-overflow.patch) unzip/repos/extra-x86_64/overflow-fsize.patch (from rev 381490, unzip/trunk/overflow-fsize.patch) unzip/repos/extra-x86_64/test_compr_eb.patch (from rev 381490, unzip/trunk/test_compr_eb.patch) Deleted: unzip/repos/extra-x86_64/PKGBUILD unzip/repos/extra-x86_64/crc32.patch unzip/repos/extra-x86_64/csiz-underflow.patch unzip/repos/extra-x86_64/cve20149636.patch unzip/repos/extra-x86_64/empty-input.patch unzip/repos/extra-x86_64/getZip64Data.patch unzip/repos/extra-x86_64/nextbyte-overflow.patch unzip/repos/extra-x86_64/overflow-fsize.patch unzip/repos/extra-x86_64/test_compr_eb.patch -------------------------+ PKGBUILD | 130 +++++++++++----------- crc32.patch | 90 +++++++-------- csiz-underflow.patch | 64 +++++------ cve20149636.patch | 50 ++++---- empty-input.patch | 52 ++++---- getZip64Data.patch | 266 +++++++++++++++++++++++----------------------- nextbyte-overflow.patch | 66 +++++------ overflow-fsize.patch | 68 +++++------ test_compr_eb.patch | 46 +++---- 9 files changed, 416 insertions(+), 416 deletions(-) Deleted: PKGBUILD =================================================================== --- PKGBUILD 2020-04-24 13:12:35 UTC (rev 381490) +++ PKGBUILD 2020-04-24 13:12:53 UTC (rev 381491) @@ -1,65 +0,0 @@ -# Maintainer: Lukas Fleischer <lfleisc...@archlinux.org> -# Contributor: Gaetan Bisson <bis...@archlinux.org> -# Contributor: Douglas Soares de Andrade <doug...@archlinux.org> -# Contributor: Robson Peixoto - -pkgname=unzip -pkgver=6.0 -_pkgver=${pkgver/./} -pkgrel=13 -pkgdesc='For extracting and viewing files in .zip archives' -url='http://www.info-zip.org/UnZip.html' -arch=('x86_64') -license=('custom') -depends=('bzip2' 'bash') -source=("http://downloads.sourceforge.net/infozip/${pkgname}${_pkgver}.tar.gz" - 'overflow-fsize.patch' - 'cve20149636.patch' - 'test_compr_eb.patch' - 'getZip64Data.patch' - 'crc32.patch' - 'empty-input.patch' - 'csiz-underflow.patch' - 'nextbyte-overflow.patch') -sha1sums=('abf7de8a4018a983590ed6f5cbd990d4740f8a22' - '2852ce1a9db8d646516f8828436a44d34785a0b3' - 'e8c0bc17c63eeed97ad62b86845d75c849bcf4f8' - '614c3e7fa7d6da7c60ea2aa79e36f4cbd17c3824' - '691d0751bf0bc98cf9f9889dee39baccabefdc4d' - '82c9fe9172779a0ee92a187d544e74e8f512b013' - '4f77b01454fd2ffa69bfad985bfbdc579ee26010' - 'dccc6d6a5aed0098031bbd7cc4275ab9b10a2177' - 'b325fac556abf169264ed5ae364b9136016e43f3') - -prepare() { - cd "${srcdir}/${pkgname}${_pkgver}" - sed -i "/MANDIR =/s#)/#)/share/#" unix/Makefile - patch -p1 -i ../overflow-fsize.patch #FS#44171 - patch -p1 -i ../cve20149636.patch #FS#44171 - patch -i ../test_compr_eb.patch # FS#43391 - patch -i ../getZip64Data.patch # FS#43300 - patch -i ../crc32.patch # FS#43300 - patch -p1 -i ../empty-input.patch # FS#46955 - patch -p1 -i ../csiz-underflow.patch # FS#46955 - patch -p1 -i ../nextbyte-overflow.patch # FS#46955 -} - -build() { - cd "${srcdir}/${pkgname}${_pkgver}" - - # DEFINES, make, and install args from Debian - DEFINES='-DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR -DLARGE_FILE_SUPPORT \ - -DUNICODE_SUPPORT -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \ - -DDATE_FORMAT=DF_YMD -DUSE_BZIP2 -DNOMEMCPY -DNO_WORKING_ISPRINT' - - make -f unix/Makefile prefix=/usr \ - D_USE_BZ2=-DUSE_BZIP2 L_BZ2=-lbz2 \ - LF2="$LDFLAGS" CF="$CFLAGS $CPPFLAGS -I. $DEFINES" \ - unzips -} - -package() { - cd "${srcdir}/${pkgname}${_pkgver}" - make -f unix/Makefile prefix="${pkgdir}"/usr install - install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" -} Copied: unzip/repos/extra-x86_64/PKGBUILD (from rev 381490, unzip/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2020-04-24 13:12:53 UTC (rev 381491) @@ -0,0 +1,65 @@ +# Maintainer: Lukas Fleischer <lfleisc...@archlinux.org> +# Contributor: Gaetan Bisson <bis...@archlinux.org> +# Contributor: Douglas Soares de Andrade <doug...@archlinux.org> +# Contributor: Robson Peixoto + +pkgname=unzip +pkgver=6.0 +_pkgver=${pkgver/./} +pkgrel=14 +pkgdesc='For extracting and viewing files in .zip archives' +url='https://www.info-zip.org/UnZip.html' +arch=('x86_64') +license=('custom') +depends=('bzip2' 'bash') +source=("https://downloads.sourceforge.net/infozip/${pkgname}${_pkgver}.tar.gz" + 'overflow-fsize.patch' + 'cve20149636.patch' + 'test_compr_eb.patch' + 'getZip64Data.patch' + 'crc32.patch' + 'empty-input.patch' + 'csiz-underflow.patch' + 'nextbyte-overflow.patch') +sha1sums=('abf7de8a4018a983590ed6f5cbd990d4740f8a22' + '2852ce1a9db8d646516f8828436a44d34785a0b3' + 'e8c0bc17c63eeed97ad62b86845d75c849bcf4f8' + '614c3e7fa7d6da7c60ea2aa79e36f4cbd17c3824' + '691d0751bf0bc98cf9f9889dee39baccabefdc4d' + '82c9fe9172779a0ee92a187d544e74e8f512b013' + '4f77b01454fd2ffa69bfad985bfbdc579ee26010' + 'dccc6d6a5aed0098031bbd7cc4275ab9b10a2177' + 'b325fac556abf169264ed5ae364b9136016e43f3') + +prepare() { + cd "${srcdir}/${pkgname}${_pkgver}" + sed -i "/MANDIR =/s#)/#)/share/#" unix/Makefile + patch -p1 -i ../overflow-fsize.patch #FS#44171 + patch -p1 -i ../cve20149636.patch #FS#44171 + patch -i ../test_compr_eb.patch # FS#43391 + patch -i ../getZip64Data.patch # FS#43300 + patch -i ../crc32.patch # FS#43300 + patch -p1 -i ../empty-input.patch # FS#46955 + patch -p1 -i ../csiz-underflow.patch # FS#46955 + patch -p1 -i ../nextbyte-overflow.patch # FS#46955 +} + +build() { + cd "${srcdir}/${pkgname}${_pkgver}" + + # DEFINES, make, and install args from Debian + DEFINES='-DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR -DLARGE_FILE_SUPPORT \ + -DUNICODE_SUPPORT -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \ + -DDATE_FORMAT=DF_YMD -DUSE_BZIP2 -DNOMEMCPY -DNO_WORKING_ISPRINT' + + make -f unix/Makefile prefix=/usr \ + D_USE_BZ2=-DUSE_BZIP2 L_BZ2=-lbz2 \ + LF2="$LDFLAGS" CF="$CFLAGS $CPPFLAGS -I. $DEFINES" \ + unzips +} + +package() { + cd "${srcdir}/${pkgname}${_pkgver}" + make -f unix/Makefile prefix="${pkgdir}"/usr install + install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" +} Deleted: crc32.patch =================================================================== --- crc32.patch 2020-04-24 13:12:35 UTC (rev 381490) +++ crc32.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -1,45 +0,0 @@ ---- unzip60/extract.c 2010-04-03 14:41:55 -0500 -+++ unzip60/extract.c 2014-12-03 15:33:35 -0600 -@@ -1,5 +1,5 @@ - /* -- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. -+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. - - See the accompanying file LICENSE, version 2009-Jan-02 or later - (the contents of which are also included in unzip.h) for terms of use. -@@ -298,6 +298,8 @@ - #ifndef SFX - static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ - EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; -+ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \ -+ EF block length (%u bytes) invalid (< %d)\n"; - static ZCONST char Far InvalidComprDataEAs[] = - " invalid compressed data for EAs\n"; - # if (defined(WIN32) && defined(NTSD_EAS)) -@@ -2023,7 +2025,8 @@ - ebID = makeword(ef); - ebLen = (unsigned)makeword(ef+EB_LEN); - -- if (ebLen > (ef_len - EB_HEADSIZE)) { -+ if (ebLen > (ef_len - EB_HEADSIZE)) -+ { - /* Discovered some extra field inconsistency! */ - if (uO.qflag) - Info(slide, 1, ((char *)slide, "%-22s ", -@@ -2032,6 +2035,16 @@ - ebLen, (ef_len - EB_HEADSIZE))); - return PK_ERR; - } -+ else if (ebLen < EB_HEADSIZE) -+ { -+ /* Extra block length smaller than header length. */ -+ if (uO.qflag) -+ Info(slide, 1, ((char *)slide, "%-22s ", -+ FnFilter1(G.filename))); -+ Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength), -+ ebLen, EB_HEADSIZE)); -+ return PK_ERR; -+ } - - switch (ebID) { - case EF_OS2: Copied: unzip/repos/extra-x86_64/crc32.patch (from rev 381490, unzip/trunk/crc32.patch) =================================================================== --- crc32.patch (rev 0) +++ crc32.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -0,0 +1,45 @@ +--- unzip60/extract.c 2010-04-03 14:41:55 -0500 ++++ unzip60/extract.c 2014-12-03 15:33:35 -0600 +@@ -1,5 +1,5 @@ + /* +- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. ++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. + + See the accompanying file LICENSE, version 2009-Jan-02 or later + (the contents of which are also included in unzip.h) for terms of use. +@@ -298,6 +298,8 @@ + #ifndef SFX + static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ + EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; ++ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \ ++ EF block length (%u bytes) invalid (< %d)\n"; + static ZCONST char Far InvalidComprDataEAs[] = + " invalid compressed data for EAs\n"; + # if (defined(WIN32) && defined(NTSD_EAS)) +@@ -2023,7 +2025,8 @@ + ebID = makeword(ef); + ebLen = (unsigned)makeword(ef+EB_LEN); + +- if (ebLen > (ef_len - EB_HEADSIZE)) { ++ if (ebLen > (ef_len - EB_HEADSIZE)) ++ { + /* Discovered some extra field inconsistency! */ + if (uO.qflag) + Info(slide, 1, ((char *)slide, "%-22s ", +@@ -2032,6 +2035,16 @@ + ebLen, (ef_len - EB_HEADSIZE))); + return PK_ERR; + } ++ else if (ebLen < EB_HEADSIZE) ++ { ++ /* Extra block length smaller than header length. */ ++ if (uO.qflag) ++ Info(slide, 1, ((char *)slide, "%-22s ", ++ FnFilter1(G.filename))); ++ Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength), ++ ebLen, EB_HEADSIZE)); ++ return PK_ERR; ++ } + + switch (ebID) { + case EF_OS2: Deleted: csiz-underflow.patch =================================================================== --- csiz-underflow.patch 2020-04-24 13:12:35 UTC (rev 381490) +++ csiz-underflow.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -1,32 +0,0 @@ -From: Kamil Dudka <kdu...@redhat.com> -Date: Tue, 22 Sep 2015 18:52:23 +0200 -Subject: [PATCH] extract: prevent unsigned overflow on invalid input -Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1075942 -Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 - -Suggested-by: Stefan Cornelius ---- - extract.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - ---- a/extract.c -+++ b/extract.c -@@ -1257,8 +1257,17 @@ - if (G.lrec.compression_method == STORED) { - zusz_t csiz_decrypted = G.lrec.csize; - -- if (G.pInfo->encrypted) -+ if (G.pInfo->encrypted) { -+ if (csiz_decrypted < 12) { -+ /* handle the error now to prevent unsigned overflow */ -+ Info(slide, 0x401, ((char *)slide, -+ LoadFarStringSmall(ErrUnzipNoFile), -+ LoadFarString(InvalidComprData), -+ LoadFarStringSmall2(Inflate))); -+ return PK_ERR; -+ } - csiz_decrypted -= 12; -+ } - if (G.lrec.ucsize != csiz_decrypted) { - Info(slide, 0x401, ((char *)slide, - LoadFarStringSmall2(WrnStorUCSizCSizDiff), Copied: unzip/repos/extra-x86_64/csiz-underflow.patch (from rev 381490, unzip/trunk/csiz-underflow.patch) =================================================================== --- csiz-underflow.patch (rev 0) +++ csiz-underflow.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -0,0 +1,32 @@ +From: Kamil Dudka <kdu...@redhat.com> +Date: Tue, 22 Sep 2015 18:52:23 +0200 +Subject: [PATCH] extract: prevent unsigned overflow on invalid input +Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1075942 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 + +Suggested-by: Stefan Cornelius +--- + extract.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/extract.c ++++ b/extract.c +@@ -1257,8 +1257,17 @@ + if (G.lrec.compression_method == STORED) { + zusz_t csiz_decrypted = G.lrec.csize; + +- if (G.pInfo->encrypted) ++ if (G.pInfo->encrypted) { ++ if (csiz_decrypted < 12) { ++ /* handle the error now to prevent unsigned overflow */ ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarStringSmall(ErrUnzipNoFile), ++ LoadFarString(InvalidComprData), ++ LoadFarStringSmall2(Inflate))); ++ return PK_ERR; ++ } + csiz_decrypted -= 12; ++ } + if (G.lrec.ucsize != csiz_decrypted) { + Info(slide, 0x401, ((char *)slide, + LoadFarStringSmall2(WrnStorUCSizCSizDiff), Deleted: cve20149636.patch =================================================================== --- cve20149636.patch 2020-04-24 13:12:35 UTC (rev 381490) +++ cve20149636.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -1,25 +0,0 @@ -diff --git a/extract.c b/extract.c -index a0a4929..9ef80b3 100644 ---- a/extract.c -+++ b/extract.c -@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) - ulg eb_ucsize; - uch *eb_ucptr; - int r; -+ ush method; - - if (compr_offset < 4) /* field is not compressed: */ - return PK_OK; /* do nothing and signal OK */ -@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) - eb_size <= (compr_offset + EB_CMPRHEADLEN))) - return IZ_EF_TRUNC; /* no compressed data! */ - -+ method = makeword(eb + (EB_HEADSIZE + compr_offset)); -+ if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize)) -+ return PK_ERR; /* compressed & uncompressed -+ * should match in STORED -+ * method */ -+ - if ( - #ifdef INT_16BIT - (((ulg)(extent)eb_ucsize) != eb_ucsize) || Copied: unzip/repos/extra-x86_64/cve20149636.patch (from rev 381490, unzip/trunk/cve20149636.patch) =================================================================== --- cve20149636.patch (rev 0) +++ cve20149636.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -0,0 +1,25 @@ +diff --git a/extract.c b/extract.c +index a0a4929..9ef80b3 100644 +--- a/extract.c ++++ b/extract.c +@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) + ulg eb_ucsize; + uch *eb_ucptr; + int r; ++ ush method; + + if (compr_offset < 4) /* field is not compressed: */ + return PK_OK; /* do nothing and signal OK */ +@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) + eb_size <= (compr_offset + EB_CMPRHEADLEN))) + return IZ_EF_TRUNC; /* no compressed data! */ + ++ method = makeword(eb + (EB_HEADSIZE + compr_offset)); ++ if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize)) ++ return PK_ERR; /* compressed & uncompressed ++ * should match in STORED ++ * method */ ++ + if ( + #ifdef INT_16BIT + (((ulg)(extent)eb_ucsize) != eb_ucsize) || Deleted: empty-input.patch =================================================================== --- empty-input.patch 2020-04-24 13:12:35 UTC (rev 381490) +++ empty-input.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -1,26 +0,0 @@ -From: Kamil Dudka <kdu...@redhat.com> -Date: Mon, 14 Sep 2015 18:24:56 +0200 -Subject: fix infinite loop when extracting empty bzip2 data -Bug-Debian: https://bugs.debian.org/802160 -Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 -Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339 - ---- - extract.c | 6 ++++++ - 1 file changed, 6 insertions(+) - ---- a/extract.c -+++ b/extract.c -@@ -2728,6 +2728,12 @@ - int repeated_buf_err; - bz_stream bstrm; - -+ if (G.incnt <= 0 && G.csize <= 0L) { -+ /* avoid an infinite loop */ -+ Trace((stderr, "UZbunzip2() got empty input\n")); -+ return 2; -+ } -+ - #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) - if (G.redirect_slide) - wsize = G.redirect_size, redirSlide = G.redirect_buffer; Copied: unzip/repos/extra-x86_64/empty-input.patch (from rev 381490, unzip/trunk/empty-input.patch) =================================================================== --- empty-input.patch (rev 0) +++ empty-input.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -0,0 +1,26 @@ +From: Kamil Dudka <kdu...@redhat.com> +Date: Mon, 14 Sep 2015 18:24:56 +0200 +Subject: fix infinite loop when extracting empty bzip2 data +Bug-Debian: https://bugs.debian.org/802160 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 +Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339 + +--- + extract.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/extract.c ++++ b/extract.c +@@ -2728,6 +2728,12 @@ + int repeated_buf_err; + bz_stream bstrm; + ++ if (G.incnt <= 0 && G.csize <= 0L) { ++ /* avoid an infinite loop */ ++ Trace((stderr, "UZbunzip2() got empty input\n")); ++ return 2; ++ } ++ + #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) + if (G.redirect_slide) + wsize = G.redirect_size, redirSlide = G.redirect_buffer; Deleted: getZip64Data.patch =================================================================== --- getZip64Data.patch 2020-04-24 13:12:35 UTC (rev 381490) +++ getZip64Data.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -1,133 +0,0 @@ ---- process.c 2009-03-06 02:25:10.000000000 +0100 -+++ process.c 2014-12-05 22:42:39.000000000 +0100 -@@ -1,5 +1,5 @@ - /* -- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. -+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. - - See the accompanying file LICENSE, version 2009-Jan-02 or later - (the contents of which are also included in unzip.h) for terms of use. -@@ -1888,48 +1888,82 @@ int getZip64Data(__G__ ef_buf, ef_len) - and a 4-byte version of disk start number. - Sets both local header and central header fields. Not terribly clever, - but it means that this procedure is only called in one place. -+ -+ 2014-12-05 SMS. -+ Added checks to ensure that enough data are available before calling -+ makeint64() or makelong(). Replaced various sizeof() values with -+ simple ("4" or "8") constants. (The Zip64 structures do not depend -+ on our variable sizes.) Error handling is crude, but we should now -+ stay within the buffer. - ---------------------------------------------------------------------------*/ - -+#define Z64FLGS 0xffff -+#define Z64FLGL 0xffffffff -+ - if (ef_len == 0 || ef_buf == NULL) - return PK_COOL; - - Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n", - ef_len)); - -- while (ef_len >= EB_HEADSIZE) { -+ while (ef_len >= EB_HEADSIZE) -+ { - eb_id = makeword(EB_ID + ef_buf); - eb_len = makeword(EB_LEN + ef_buf); - -- if (eb_len > (ef_len - EB_HEADSIZE)) { -- /* discovered some extra field inconsistency! */ -+ if (eb_len > (ef_len - EB_HEADSIZE)) -+ { -+ /* Extra block length exceeds remaining extra field length. */ - Trace((stderr, - "getZip64Data: block length %u > rest ef_size %u\n", eb_len, - ef_len - EB_HEADSIZE)); - break; - } -- if (eb_id == EF_PKSZ64) { -- -+ if (eb_id == EF_PKSZ64) -+ { - int offset = EB_HEADSIZE; - -- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){ -- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf); -- offset += sizeof(G.crec.ucsize); -+ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL)) -+ { -+ if (offset+ 8 > ef_len) -+ return PK_ERR; -+ -+ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf); -+ offset += 8; - } -- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){ -- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf); -- offset += sizeof(G.crec.csize); -+ -+ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL)) -+ { -+ if (offset+ 8 > ef_len) -+ return PK_ERR; -+ -+ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf); -+ offset += 8; - } -- if (G.crec.relative_offset_local_header == 0xffffffff){ -+ -+ if (G.crec.relative_offset_local_header == Z64FLGL) -+ { -+ if (offset+ 8 > ef_len) -+ return PK_ERR; -+ - G.crec.relative_offset_local_header = makeint64(offset + ef_buf); -- offset += sizeof(G.crec.relative_offset_local_header); -+ offset += 8; - } -- if (G.crec.disk_number_start == 0xffff){ -+ -+ if (G.crec.disk_number_start == Z64FLGS) -+ { -+ if (offset+ 4 > ef_len) -+ return PK_ERR; -+ - G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf); -- offset += sizeof(G.crec.disk_number_start); -+ offset += 4; - } -+#if 0 -+ break; /* Expect only one EF_PKSZ64 block. */ -+#endif /* 0 */ - } - -- /* Skip this extra field block */ -+ /* Skip this extra field block. */ - ef_buf += (eb_len + EB_HEADSIZE); - ef_len -= (eb_len + EB_HEADSIZE); - } ---- fileio.c 2009-04-20 02:03:44.000000000 +0200 -+++ fileio.c 2014-12-05 22:44:16.000000000 +0100 -@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTr - #endif - static ZCONST char Far ExtraFieldTooLong[] = - "warning: extra field too long (%d). Ignoring...\n"; -+static ZCONST char Far ExtraFieldCorrupt[] = -+ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n"; - - #ifdef WINDLL - static ZCONST char Far DiskFullQuery[] = -@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option) /* - if (readbuf(__G__ (char *)G.extra_field, length) == 0) - return PK_EOF; - /* Looks like here is where extra fields are read */ -- getZip64Data(__G__ G.extra_field, length); -+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL) -+ { -+ Info(slide, 0x401, ((char *)slide, -+ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64)); -+ error = PK_WARN; -+ } - #ifdef UNICODE_SUPPORT - G.unipath_filename = NULL; - if (G.UzO.U_flag < 2) { Copied: unzip/repos/extra-x86_64/getZip64Data.patch (from rev 381490, unzip/trunk/getZip64Data.patch) =================================================================== --- getZip64Data.patch (rev 0) +++ getZip64Data.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -0,0 +1,133 @@ +--- process.c 2009-03-06 02:25:10.000000000 +0100 ++++ process.c 2014-12-05 22:42:39.000000000 +0100 +@@ -1,5 +1,5 @@ + /* +- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. ++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. + + See the accompanying file LICENSE, version 2009-Jan-02 or later + (the contents of which are also included in unzip.h) for terms of use. +@@ -1888,48 +1888,82 @@ int getZip64Data(__G__ ef_buf, ef_len) + and a 4-byte version of disk start number. + Sets both local header and central header fields. Not terribly clever, + but it means that this procedure is only called in one place. ++ ++ 2014-12-05 SMS. ++ Added checks to ensure that enough data are available before calling ++ makeint64() or makelong(). Replaced various sizeof() values with ++ simple ("4" or "8") constants. (The Zip64 structures do not depend ++ on our variable sizes.) Error handling is crude, but we should now ++ stay within the buffer. + ---------------------------------------------------------------------------*/ + ++#define Z64FLGS 0xffff ++#define Z64FLGL 0xffffffff ++ + if (ef_len == 0 || ef_buf == NULL) + return PK_COOL; + + Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n", + ef_len)); + +- while (ef_len >= EB_HEADSIZE) { ++ while (ef_len >= EB_HEADSIZE) ++ { + eb_id = makeword(EB_ID + ef_buf); + eb_len = makeword(EB_LEN + ef_buf); + +- if (eb_len > (ef_len - EB_HEADSIZE)) { +- /* discovered some extra field inconsistency! */ ++ if (eb_len > (ef_len - EB_HEADSIZE)) ++ { ++ /* Extra block length exceeds remaining extra field length. */ + Trace((stderr, + "getZip64Data: block length %u > rest ef_size %u\n", eb_len, + ef_len - EB_HEADSIZE)); + break; + } +- if (eb_id == EF_PKSZ64) { +- ++ if (eb_id == EF_PKSZ64) ++ { + int offset = EB_HEADSIZE; + +- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){ +- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf); +- offset += sizeof(G.crec.ucsize); ++ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL)) ++ { ++ if (offset+ 8 > ef_len) ++ return PK_ERR; ++ ++ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf); ++ offset += 8; + } +- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){ +- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf); +- offset += sizeof(G.crec.csize); ++ ++ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL)) ++ { ++ if (offset+ 8 > ef_len) ++ return PK_ERR; ++ ++ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf); ++ offset += 8; + } +- if (G.crec.relative_offset_local_header == 0xffffffff){ ++ ++ if (G.crec.relative_offset_local_header == Z64FLGL) ++ { ++ if (offset+ 8 > ef_len) ++ return PK_ERR; ++ + G.crec.relative_offset_local_header = makeint64(offset + ef_buf); +- offset += sizeof(G.crec.relative_offset_local_header); ++ offset += 8; + } +- if (G.crec.disk_number_start == 0xffff){ ++ ++ if (G.crec.disk_number_start == Z64FLGS) ++ { ++ if (offset+ 4 > ef_len) ++ return PK_ERR; ++ + G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf); +- offset += sizeof(G.crec.disk_number_start); ++ offset += 4; + } ++#if 0 ++ break; /* Expect only one EF_PKSZ64 block. */ ++#endif /* 0 */ + } + +- /* Skip this extra field block */ ++ /* Skip this extra field block. */ + ef_buf += (eb_len + EB_HEADSIZE); + ef_len -= (eb_len + EB_HEADSIZE); + } +--- fileio.c 2009-04-20 02:03:44.000000000 +0200 ++++ fileio.c 2014-12-05 22:44:16.000000000 +0100 +@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTr + #endif + static ZCONST char Far ExtraFieldTooLong[] = + "warning: extra field too long (%d). Ignoring...\n"; ++static ZCONST char Far ExtraFieldCorrupt[] = ++ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n"; + + #ifdef WINDLL + static ZCONST char Far DiskFullQuery[] = +@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option) /* + if (readbuf(__G__ (char *)G.extra_field, length) == 0) + return PK_EOF; + /* Looks like here is where extra fields are read */ +- getZip64Data(__G__ G.extra_field, length); ++ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL) ++ { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64)); ++ error = PK_WARN; ++ } + #ifdef UNICODE_SUPPORT + G.unipath_filename = NULL; + if (G.UzO.U_flag < 2) { Deleted: nextbyte-overflow.patch =================================================================== --- nextbyte-overflow.patch 2020-04-24 13:12:35 UTC (rev 381490) +++ nextbyte-overflow.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -1,33 +0,0 @@ -From: Petr Stodulka <pstod...@redhat.com> -Date: Mon, 14 Sep 2015 18:23:17 +0200 -Subject: Upstream fix for heap overflow -Bug-Debian: https://bugs.debian.org/802162 -Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 -Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002 -Forwarded: yes - ---- - crypt.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - ---- a/crypt.c -+++ b/crypt.c -@@ -465,7 +465,17 @@ - GLOBAL(pInfo->encrypted) = FALSE; - defer_leftover_input(__G); - for (n = 0; n < RAND_HEAD_LEN; n++) { -- b = NEXTBYTE; -+ /* 2012-11-23 SMS. (OUSPG report.) -+ * Quit early if compressed size < HEAD_LEN. The resulting -+ * error message ("unable to get password") could be improved, -+ * but it's better than trying to read nonexistent data, and -+ * then continuing with a negative G.csize. (See -+ * fileio.c:readbyte()). -+ */ -+ if ((b = NEXTBYTE) == (ush)EOF) -+ { -+ return PK_ERR; -+ } - h[n] = (uch)b; - Trace((stdout, " (%02x)", h[n])); - } Copied: unzip/repos/extra-x86_64/nextbyte-overflow.patch (from rev 381490, unzip/trunk/nextbyte-overflow.patch) =================================================================== --- nextbyte-overflow.patch (rev 0) +++ nextbyte-overflow.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -0,0 +1,33 @@ +From: Petr Stodulka <pstod...@redhat.com> +Date: Mon, 14 Sep 2015 18:23:17 +0200 +Subject: Upstream fix for heap overflow +Bug-Debian: https://bugs.debian.org/802162 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 +Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002 +Forwarded: yes + +--- + crypt.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +--- a/crypt.c ++++ b/crypt.c +@@ -465,7 +465,17 @@ + GLOBAL(pInfo->encrypted) = FALSE; + defer_leftover_input(__G); + for (n = 0; n < RAND_HEAD_LEN; n++) { +- b = NEXTBYTE; ++ /* 2012-11-23 SMS. (OUSPG report.) ++ * Quit early if compressed size < HEAD_LEN. The resulting ++ * error message ("unable to get password") could be improved, ++ * but it's better than trying to read nonexistent data, and ++ * then continuing with a negative G.csize. (See ++ * fileio.c:readbyte()). ++ */ ++ if ((b = NEXTBYTE) == (ush)EOF) ++ { ++ return PK_ERR; ++ } + h[n] = (uch)b; + Trace((stdout, " (%02x)", h[n])); + } Deleted: overflow-fsize.patch =================================================================== --- overflow-fsize.patch 2020-04-24 13:12:35 UTC (rev 381490) +++ overflow-fsize.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -1,34 +0,0 @@ -t a/list.c b/list.c -index f7359c3..4c3d703 100644 ---- a/list.c -+++ b/list.c -@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type error code */ - { - int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; - #ifndef WINDLL -- char sgn, cfactorstr[10]; -+ char sgn, cfactorstr[13]; - int longhdr=(uO.vflag>1); - #endif - int date_format; -@@ -339,7 +339,19 @@ int list_files(__G) /* return PK-type error code */ - G.crec.compression_method == ENHDEFLATED) { - methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; - } else if (methnum >= NUM_METHODS) { -- sprintf(&methbuf[4], "%03u", G.crec.compression_method); -+ /* 2013-02-26 SMS. -+ * http://sourceforge.net/tracker/?func=detail -+ * &aid=2861648&group_id=118012&atid=679786 -+ * Unexpectedly large compression methods overflow -+ * &methbuf[]. Use the old, three-digit decimal format -+ * for values which fit. Otherwise, sacrifice the -+ * colon, and use four-digit hexadecimal. -+ */ -+ if (G.crec.compression_method <= 999) { -+ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method); -+ } else { -+ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method); -+ } - } - - #if 0 /* GRR/Euro: add this? */ Copied: unzip/repos/extra-x86_64/overflow-fsize.patch (from rev 381490, unzip/trunk/overflow-fsize.patch) =================================================================== --- overflow-fsize.patch (rev 0) +++ overflow-fsize.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -0,0 +1,34 @@ +t a/list.c b/list.c +index f7359c3..4c3d703 100644 +--- a/list.c ++++ b/list.c +@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type error code */ + { + int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; + #ifndef WINDLL +- char sgn, cfactorstr[10]; ++ char sgn, cfactorstr[13]; + int longhdr=(uO.vflag>1); + #endif + int date_format; +@@ -339,7 +339,19 @@ int list_files(__G) /* return PK-type error code */ + G.crec.compression_method == ENHDEFLATED) { + methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; + } else if (methnum >= NUM_METHODS) { +- sprintf(&methbuf[4], "%03u", G.crec.compression_method); ++ /* 2013-02-26 SMS. ++ * http://sourceforge.net/tracker/?func=detail ++ * &aid=2861648&group_id=118012&atid=679786 ++ * Unexpectedly large compression methods overflow ++ * &methbuf[]. Use the old, three-digit decimal format ++ * for values which fit. Otherwise, sacrifice the ++ * colon, and use four-digit hexadecimal. ++ */ ++ if (G.crec.compression_method <= 999) { ++ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method); ++ } else { ++ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method); ++ } + } + + #if 0 /* GRR/Euro: add this? */ Deleted: test_compr_eb.patch =================================================================== --- test_compr_eb.patch 2020-04-24 13:12:35 UTC (rev 381490) +++ test_compr_eb.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -1,23 +0,0 @@ ---- extract.c 2009-03-14 02:32:52.000000000 +0100 -+++ extract.c 2014-12-05 22:43:13.000000000 +0100 -@@ -2221,10 +2234,17 @@ static int test_compr_eb(__G__ eb, eb_si - if (compr_offset < 4) /* field is not compressed: */ - return PK_OK; /* do nothing and signal OK */ - -+ /* Return no/bad-data error status if any problem is found: -+ * 1. eb_size is too small to hold the uncompressed size -+ * (eb_ucsize). (Else extract eb_ucsize.) -+ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS. -+ * 3. eb_ucsize is positive, but eb_size is too small to hold -+ * the compressed data header. -+ */ - if ((eb_size < (EB_UCSIZE_P + 4)) || -- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L && -- eb_size <= (compr_offset + EB_CMPRHEADLEN))) -- return IZ_EF_TRUNC; /* no compressed data! */ -+ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) || -+ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) -+ return IZ_EF_TRUNC; /* no/bad compressed data! */ - - if ( - #ifdef INT_16BIT Copied: unzip/repos/extra-x86_64/test_compr_eb.patch (from rev 381490, unzip/trunk/test_compr_eb.patch) =================================================================== --- test_compr_eb.patch (rev 0) +++ test_compr_eb.patch 2020-04-24 13:12:53 UTC (rev 381491) @@ -0,0 +1,23 @@ +--- extract.c 2009-03-14 02:32:52.000000000 +0100 ++++ extract.c 2014-12-05 22:43:13.000000000 +0100 +@@ -2221,10 +2234,17 @@ static int test_compr_eb(__G__ eb, eb_si + if (compr_offset < 4) /* field is not compressed: */ + return PK_OK; /* do nothing and signal OK */ + ++ /* Return no/bad-data error status if any problem is found: ++ * 1. eb_size is too small to hold the uncompressed size ++ * (eb_ucsize). (Else extract eb_ucsize.) ++ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS. ++ * 3. eb_ucsize is positive, but eb_size is too small to hold ++ * the compressed data header. ++ */ + if ((eb_size < (EB_UCSIZE_P + 4)) || +- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L && +- eb_size <= (compr_offset + EB_CMPRHEADLEN))) +- return IZ_EF_TRUNC; /* no compressed data! */ ++ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) || ++ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) ++ return IZ_EF_TRUNC; /* no/bad compressed data! */ + + if ( + #ifdef INT_16BIT