commit unzip for openSUSE:Factory

Thu, 22 Sep 2022 05:49:53 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2022-09-22 14:49:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and      /work/SRC/openSUSE:Factory/.unzip.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "unzip"

Thu Sep 22 14:49:34 2022 rev:47 rq:1005203 version:6.00

Changes:
--------
--- /work/SRC/openSUSE:Factory/unzip/unzip.changes      2021-09-26 
21:49:20.194823904 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new.2275/unzip.changes    2022-09-22 
14:49:37.930394254 +0200
@@ -1,0 +2,10 @@
+Wed Sep 21 09:27:59 UTC 2022 - Danilo Spinella <danilo.spine...@suse.com>
+
+- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
+  to a local string (CVE-2022-0530, bsc#1196177)
+  * CVE-2022-0530.patch
+- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
+  conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
+  * CVE-2022-0529.patch
+
+-------------------------------------------------------------------

New:
----
  CVE-2022-0529.patch
  CVE-2022-0530.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ unzip-rcc.spec ++++++
--- /var/tmp/diff_new_pack.O4KXbH/_old  2022-09-22 14:49:38.958396346 +0200
+++ /var/tmp/diff_new_pack.O4KXbH/_new  2022-09-22 14:49:38.962396354 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip-rcc
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed

++++++ unzip.spec ++++++
--- /var/tmp/diff_new_pack.O4KXbH/_old  2022-09-22 14:49:38.990396410 +0200
+++ /var/tmp/diff_new_pack.O4KXbH/_new  2022-09-22 14:49:38.994396419 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -61,6 +61,10 @@
 Patch21:        unzip60-total_disks_zero.patch
 Patch22:        unzip60-cfactorstr_overflow.patch
 Patch23:        unzip-initialize-the-symlink-flag.patch
+# PATCH-FIX-UPSTREAM danilo.spine...@suse.com CVE-2022-0530 bsc#1196177
+Patch24:        CVE-2022-0530.patch
+# PATCH-FIX-UPSTREAM danilo.spine...@suse.com CVE-2022-0529 bsc#1196180
+Patch25:        CVE-2022-0529.patch
 Requires(post): update-alternatives
 Requires(postun):update-alternatives
 Recommends:     %{_name}-doc
@@ -109,6 +113,8 @@
 %patch21 -p1
 %patch22 -p1
 %patch23 -p1
+%patch24 -p1
+%patch25 -p1
 
 %build
 export RPM_OPT_FLAGS="%{optflags} \

++++++ CVE-2022-0529.patch ++++++
From: Enrico Zini <enr...@debian.org>
Subject: Fix wide string conversion
Bug-Debian: https://bugs.debian.org/1010355
X-Debian-version: 6.0-27

--- a/process.c
+++ b/process.c
@@ -2507,13 +2507,15 @@
   char buf[9];
   char *buffer = NULL;
   char *local_string = NULL;
+  size_t buffer_size;
 
   for (wsize = 0; wide_string[wsize]; wsize++) ;
 
   if (max_bytes < MAX_ESCAPE_BYTES)
     max_bytes = MAX_ESCAPE_BYTES;
 
-  if ((buffer = (char *)malloc(wsize * max_bytes + 1)) == NULL) {
+  buffer_size = wsize * max_bytes + 1;
+  if ((buffer = (char *)malloc(buffer_size)) == NULL) {
     return NULL;
   }
 
@@ -2552,7 +2554,11 @@
       /* no MB for this wide */
         /* use escape for wide character */
         char *escape_string = wide_to_escape_string(wide_string[i]);
-        strcat(buffer, escape_string);
+        size_t buffer_len = strlen(buffer);
+        size_t escape_string_len = strlen(escape_string);
+        if (buffer_len + escape_string_len + 1 > buffer_size)
+          escape_string_len = buffer_size - buffer_len - 1;
+        strncat(buffer, escape_string, escape_string_len);
         free(escape_string);
     }
   }

++++++ CVE-2022-0530.patch ++++++
From: Enrico Zini <enr...@debian.org>
Subject: Fix null pointer dereference on invalid UTF-8 input
Bug-Debian: https://bugs.debian.org/1010355
X-Debian-version: 6.0-27

--- a/fileio.c
+++ b/fileio.c
@@ -2361,6 +2361,9 @@
                   /* convert UTF-8 to local character set */
                   fn = utf8_to_local_string(G.unipath_filename,
                                             G.unicode_escape_all);
+                  if (fn == NULL)
+                    return PK_ERR;
+
                   /* make sure filename is short enough */
                   if (strlen(fn) >= FILNAMSIZ) {
                     fn[FILNAMSIZ - 1] = '\0';
--- a/process.c
+++ b/process.c
@@ -2611,6 +2611,8 @@
   int escape_all;
 {
   zwchar *wide = utf8_to_wide_string(utf8_string);
+  if (wide == NULL)
+    return NULL;
   char *loc = wide_to_local_string(wide, escape_all);
   free(wide);
   return loc;

Reply via email to