summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/unzip
diff options
context:
space:
mode:
authorTudor Florea <tudor.florea@enea.com>2015-10-09 22:59:03 +0200
committerTudor Florea <tudor.florea@enea.com>2015-10-09 22:59:03 +0200
commit972dcfcdbfe75dcfeb777150c136576cf1a71e99 (patch)
tree97a61cd7e293d7ae9d56ef7ed0f81253365bb026 /meta/recipes-extended/unzip
downloadpoky-972dcfcdbfe75dcfeb777150c136576cf1a71e99.tar.gz
initial commit for Enea Linux 5.0 arm
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Diffstat (limited to 'meta/recipes-extended/unzip')
-rw-r--r--meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch402
-rw-r--r--meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch52
-rw-r--r--meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch33
-rw-r--r--meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch144
-rw-r--r--meta/recipes-extended/unzip/unzip/avoid-strip.patch50
-rw-r--r--meta/recipes-extended/unzip/unzip/define-ldflags.patch18
-rw-r--r--meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff45
-rw-r--r--meta/recipes-extended/unzip/unzip_6.0.bb44
8 files changed, 788 insertions, 0 deletions
diff --git a/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch
new file mode 100644
index 0000000000..9ba3c1dc62
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch
@@ -0,0 +1,402 @@
1From: Giovanni Scafora <giovanni.archlinux.org>
2Subject: unzip files encoded with non-latin, non-unicode file names
3Last-Update: 2015-02-11
4
5Upstream-Status: Backport
6
7Updated 2015-02-11 by Marc Deslauriers <marc.deslauriers@canonical.com>
8to fix buffer overflow in charset_to_intern()
9
10Signed-off-by: Marc Deslauriers <marc.deslauriers@canonical.com>
11
12Index: unzip-6.0/unix/unix.c
13===================================================================
14--- unzip-6.0.orig/unix/unix.c 2015-02-11 08:46:43.675324290 -0500
15+++ unzip-6.0/unix/unix.c 2015-02-11 09:18:04.902081319 -0500
16@@ -30,6 +30,9 @@
17 #define UNZIP_INTERNAL
18 #include "unzip.h"
19
20+#include <iconv.h>
21+#include <langinfo.h>
22+
23 #ifdef SCO_XENIX
24 # define SYSNDIR
25 #else /* SCO Unix, AIX, DNIX, TI SysV, Coherent 4.x, ... */
26@@ -1874,3 +1877,102 @@
27 }
28 }
29 #endif /* QLZIP */
30+
31+
32+typedef struct {
33+ char *local_charset;
34+ char *archive_charset;
35+} CHARSET_MAP;
36+
37+/* A mapping of local <-> archive charsets used by default to convert filenames
38+ * of DOS/Windows Zip archives. Currently very basic. */
39+static CHARSET_MAP dos_charset_map[] = {
40+ { "ANSI_X3.4-1968", "CP850" },
41+ { "ISO-8859-1", "CP850" },
42+ { "CP1252", "CP850" },
43+ { "UTF-8", "CP866" },
44+ { "KOI8-R", "CP866" },
45+ { "KOI8-U", "CP866" },
46+ { "ISO-8859-5", "CP866" }
47+};
48+
49+char OEM_CP[MAX_CP_NAME] = "";
50+char ISO_CP[MAX_CP_NAME] = "";
51+
52+/* Try to guess the default value of OEM_CP based on the current locale.
53+ * ISO_CP is left alone for now. */
54+void init_conversion_charsets()
55+{
56+ const char *local_charset;
57+ int i;
58+
59+ /* Make a guess only if OEM_CP not already set. */
60+ if(*OEM_CP == '\0') {
61+ local_charset = nl_langinfo(CODESET);
62+ for(i = 0; i < sizeof(dos_charset_map)/sizeof(CHARSET_MAP); i++)
63+ if(!strcasecmp(local_charset, dos_charset_map[i].local_charset)) {
64+ strncpy(OEM_CP, dos_charset_map[i].archive_charset,
65+ sizeof(OEM_CP));
66+ break;
67+ }
68+ }
69+}
70+
71+/* Convert a string from one encoding to the current locale using iconv().
72+ * Be as non-intrusive as possible. If error is encountered during covertion
73+ * just leave the string intact. */
74+static void charset_to_intern(char *string, char *from_charset)
75+{
76+ iconv_t cd;
77+ char *s,*d, *buf;
78+ size_t slen, dlen, buflen;
79+ const char *local_charset;
80+
81+ if(*from_charset == '\0')
82+ return;
83+
84+ buf = NULL;
85+ local_charset = nl_langinfo(CODESET);
86+
87+ if((cd = iconv_open(local_charset, from_charset)) == (iconv_t)-1)
88+ return;
89+
90+ slen = strlen(string);
91+ s = string;
92+
93+ /* Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ
94+ * as this function also gets called with G.outbuf in fileio.c
95+ */
96+ buflen = FILNAMSIZ;
97+ if (OUTBUFSIZ + 1 < FILNAMSIZ)
98+ {
99+ buflen = OUTBUFSIZ + 1;
100+ }
101+
102+ d = buf = malloc(buflen);
103+ if(!d)
104+ goto cleanup;
105+
106+ bzero(buf,buflen);
107+ dlen = buflen - 1;
108+
109+ if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1)
110+ goto cleanup;
111+ strncpy(string, buf, buflen);
112+
113+ cleanup:
114+ free(buf);
115+ iconv_close(cd);
116+}
117+
118+/* Convert a string from OEM_CP to the current locale charset. */
119+inline void oem_intern(char *string)
120+{
121+ charset_to_intern(string, OEM_CP);
122+}
123+
124+/* Convert a string from ISO_CP to the current locale charset. */
125+inline void iso_intern(char *string)
126+{
127+ charset_to_intern(string, ISO_CP);
128+}
129Index: unzip-6.0/unix/unxcfg.h
130===================================================================
131--- unzip-6.0.orig/unix/unxcfg.h 2015-02-11 08:46:43.675324290 -0500
132+++ unzip-6.0/unix/unxcfg.h 2015-02-11 08:46:43.671324260 -0500
133@@ -228,4 +228,30 @@
134 /* wild_dir, dirname, wildname, matchname[], dirnamelen, have_dirname, */
135 /* and notfirstcall are used by do_wild(). */
136
137+
138+#define MAX_CP_NAME 25
139+
140+#ifdef SETLOCALE
141+# undef SETLOCALE
142+#endif
143+#define SETLOCALE(category, locale) setlocale(category, locale)
144+#include <locale.h>
145+
146+#ifdef _ISO_INTERN
147+# undef _ISO_INTERN
148+#endif
149+#define _ISO_INTERN(str1) iso_intern(str1)
150+
151+#ifdef _OEM_INTERN
152+# undef _OEM_INTERN
153+#endif
154+#ifndef IZ_OEM2ISO_ARRAY
155+# define IZ_OEM2ISO_ARRAY
156+#endif
157+#define _OEM_INTERN(str1) oem_intern(str1)
158+
159+void iso_intern(char *);
160+void oem_intern(char *);
161+void init_conversion_charsets(void);
162+
163 #endif /* !__unxcfg_h */
164Index: unzip-6.0/unzip.c
165===================================================================
166--- unzip-6.0.orig/unzip.c 2015-02-11 08:46:43.675324290 -0500
167+++ unzip-6.0/unzip.c 2015-02-11 08:46:43.675324290 -0500
168@@ -327,11 +327,21 @@
169 -2 just filenames but allow -h/-t/-z -l long Unix \"ls -l\" format\n\
170 -v verbose, multi-page format\n";
171
172+#ifndef UNIX
173 static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\
174 -h print header line -t print totals for listed files or for all\n\
175 -z print zipfile comment -T print file times in sortable decimal format\
176 \n -C be case-insensitive %s\
177 -x exclude filenames that follow from listing\n";
178+#else /* UNIX */
179+static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\
180+ -h print header line -t print totals for listed files or for all\n\
181+ -z print zipfile comment %c-T%c print file times in sortable decimal format\
182+\n %c-C%c be case-insensitive %s\
183+ -x exclude filenames that follow from listing\n\
184+ -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\
185+ -I CHARSET specify a character encoding for UNIX and other archives\n";
186+#endif /* !UNIX */
187 #ifdef MORE
188 static ZCONST char Far ZipInfoUsageLine4[] =
189 " -M page output through built-in \"more\"\n";
190@@ -664,6 +674,17 @@
191 -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\
192 -C match filenames case-insensitively -L make (some) names \
193 lowercase\n %-42s -V retain VMS version numbers\n%s";
194+#elif (defined UNIX)
195+static ZCONST char Far UnzipUsageLine4[] = "\
196+modifiers:\n\
197+ -n never overwrite existing files -q quiet mode (-qq => quieter)\n\
198+ -o overwrite files WITHOUT prompting -a auto-convert any text files\n\
199+ -j junk paths (do not make directories) -aa treat ALL files as text\n\
200+ -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\
201+ -C match filenames case-insensitively -L make (some) names \
202+lowercase\n %-42s -V retain VMS version numbers\n%s\
203+ -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\
204+ -I CHARSET specify a character encoding for UNIX and other archives\n\n";
205 #else /* !VMS */
206 static ZCONST char Far UnzipUsageLine4[] = "\
207 modifiers:\n\
208@@ -802,6 +823,10 @@
209 #endif /* UNICODE_SUPPORT */
210
211
212+#ifdef UNIX
213+ init_conversion_charsets();
214+#endif
215+
216 #if (defined(__IBMC__) && defined(__DEBUG_ALLOC__))
217 extern void DebugMalloc(void);
218
219@@ -1335,6 +1360,11 @@
220 argc = *pargc;
221 argv = *pargv;
222
223+#ifdef UNIX
224+ extern char OEM_CP[MAX_CP_NAME];
225+ extern char ISO_CP[MAX_CP_NAME];
226+#endif
227+
228 while (++argv, (--argc > 0 && *argv != NULL && **argv == '-')) {
229 s = *argv + 1;
230 while ((c = *s++) != 0) { /* "!= 0": prevent Turbo C warning */
231@@ -1516,6 +1546,35 @@
232 }
233 break;
234 #endif /* MACOS */
235+#ifdef UNIX
236+ case ('I'):
237+ if (negative) {
238+ Info(slide, 0x401, ((char *)slide,
239+ "error: encodings can't be negated"));
240+ return(PK_PARAM);
241+ } else {
242+ if(*s) { /* Handle the -Icharset case */
243+ /* Assume that charsets can't start with a dash to spot arguments misuse */
244+ if(*s == '-') {
245+ Info(slide, 0x401, ((char *)slide,
246+ "error: a valid character encoding should follow the -I argument"));
247+ return(PK_PARAM);
248+ }
249+ strncpy(ISO_CP, s, sizeof(ISO_CP));
250+ } else { /* -I charset */
251+ ++argv;
252+ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
253+ Info(slide, 0x401, ((char *)slide,
254+ "error: a valid character encoding should follow the -I argument"));
255+ return(PK_PARAM);
256+ }
257+ s = *argv;
258+ strncpy(ISO_CP, s, sizeof(ISO_CP));
259+ }
260+ while(*(++s)); /* No params straight after charset name */
261+ }
262+ break;
263+#endif /* ?UNIX */
264 case ('j'): /* junk pathnames/directory structure */
265 if (negative)
266 uO.jflag = FALSE, negative = 0;
267@@ -1591,6 +1650,35 @@
268 } else
269 ++uO.overwrite_all;
270 break;
271+#ifdef UNIX
272+ case ('O'):
273+ if (negative) {
274+ Info(slide, 0x401, ((char *)slide,
275+ "error: encodings can't be negated"));
276+ return(PK_PARAM);
277+ } else {
278+ if(*s) { /* Handle the -Ocharset case */
279+ /* Assume that charsets can't start with a dash to spot arguments misuse */
280+ if(*s == '-') {
281+ Info(slide, 0x401, ((char *)slide,
282+ "error: a valid character encoding should follow the -I argument"));
283+ return(PK_PARAM);
284+ }
285+ strncpy(OEM_CP, s, sizeof(OEM_CP));
286+ } else { /* -O charset */
287+ ++argv;
288+ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
289+ Info(slide, 0x401, ((char *)slide,
290+ "error: a valid character encoding should follow the -O argument"));
291+ return(PK_PARAM);
292+ }
293+ s = *argv;
294+ strncpy(OEM_CP, s, sizeof(OEM_CP));
295+ }
296+ while(*(++s)); /* No params straight after charset name */
297+ }
298+ break;
299+#endif /* ?UNIX */
300 case ('p'): /* pipes: extract to stdout, no messages */
301 if (negative) {
302 uO.cflag = FALSE;
303Index: unzip-6.0/unzpriv.h
304===================================================================
305--- unzip-6.0.orig/unzpriv.h 2015-02-11 08:46:43.675324290 -0500
306+++ unzip-6.0/unzpriv.h 2015-02-11 08:46:43.675324290 -0500
307@@ -3008,7 +3008,7 @@
308 !(((islochdr) || (isuxatt)) && \
309 ((hostver) == 25 || (hostver) == 26 || (hostver) == 40))) || \
310 (hostnum) == FS_HPFS_ || \
311- ((hostnum) == FS_NTFS_ && (hostver) == 50)) { \
312+ ((hostnum) == FS_NTFS_ /* && (hostver) == 50 */ )) { \
313 _OEM_INTERN((string)); \
314 } else { \
315 _ISO_INTERN((string)); \
316Index: unzip-6.0/zipinfo.c
317===================================================================
318--- unzip-6.0.orig/zipinfo.c 2015-02-11 08:46:43.675324290 -0500
319+++ unzip-6.0/zipinfo.c 2015-02-11 08:46:43.675324290 -0500
320@@ -457,6 +457,10 @@
321 int tflag_slm=TRUE, tflag_2v=FALSE;
322 int explicit_h=FALSE, explicit_t=FALSE;
323
324+#ifdef UNIX
325+ extern char OEM_CP[MAX_CP_NAME];
326+ extern char ISO_CP[MAX_CP_NAME];
327+#endif
328
329 #ifdef MACOS
330 uO.lflag = LFLAG; /* reset default on each call */
331@@ -501,6 +505,35 @@
332 uO.lflag = 0;
333 }
334 break;
335+#ifdef UNIX
336+ case ('I'):
337+ if (negative) {
338+ Info(slide, 0x401, ((char *)slide,
339+ "error: encodings can't be negated"));
340+ return(PK_PARAM);
341+ } else {
342+ if(*s) { /* Handle the -Icharset case */
343+ /* Assume that charsets can't start with a dash to spot arguments misuse */
344+ if(*s == '-') {
345+ Info(slide, 0x401, ((char *)slide,
346+ "error: a valid character encoding should follow the -I argument"));
347+ return(PK_PARAM);
348+ }
349+ strncpy(ISO_CP, s, sizeof(ISO_CP));
350+ } else { /* -I charset */
351+ ++argv;
352+ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
353+ Info(slide, 0x401, ((char *)slide,
354+ "error: a valid character encoding should follow the -I argument"));
355+ return(PK_PARAM);
356+ }
357+ s = *argv;
358+ strncpy(ISO_CP, s, sizeof(ISO_CP));
359+ }
360+ while(*(++s)); /* No params straight after charset name */
361+ }
362+ break;
363+#endif /* ?UNIX */
364 case 'l': /* longer form of "ls -l" type listing */
365 if (negative)
366 uO.lflag = -2, negative = 0;
367@@ -521,6 +554,35 @@
368 G.M_flag = TRUE;
369 break;
370 #endif
371+#ifdef UNIX
372+ case ('O'):
373+ if (negative) {
374+ Info(slide, 0x401, ((char *)slide,
375+ "error: encodings can't be negated"));
376+ return(PK_PARAM);
377+ } else {
378+ if(*s) { /* Handle the -Ocharset case */
379+ /* Assume that charsets can't start with a dash to spot arguments misuse */
380+ if(*s == '-') {
381+ Info(slide, 0x401, ((char *)slide,
382+ "error: a valid character encoding should follow the -I argument"));
383+ return(PK_PARAM);
384+ }
385+ strncpy(OEM_CP, s, sizeof(OEM_CP));
386+ } else { /* -O charset */
387+ ++argv;
388+ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
389+ Info(slide, 0x401, ((char *)slide,
390+ "error: a valid character encoding should follow the -O argument"));
391+ return(PK_PARAM);
392+ }
393+ s = *argv;
394+ strncpy(OEM_CP, s, sizeof(OEM_CP));
395+ }
396+ while(*(++s)); /* No params straight after charset name */
397+ }
398+ break;
399+#endif /* ?UNIX */
400 case 's': /* default: shorter "ls -l" type listing */
401 if (negative)
402 uO.lflag = -2, negative = 0;
diff --git a/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
new file mode 100644
index 0000000000..e137f0dc76
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
@@ -0,0 +1,52 @@
1From: sms
2Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow
3Bug-Debian: http://bugs.debian.org/773722
4
5The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
6
7Upstream-Status: Backport
8
9Signed-off-by: Roy Li <rongqing.li@windriver.com>
10
11--- a/extract.c
12+++ b/extract.c
13@@ -298,6 +298,8 @@
14 #ifndef SFX
15 static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
16 EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
17+ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \
18+ EF block length (%u bytes) invalid (< %d)\n";
19 static ZCONST char Far InvalidComprDataEAs[] =
20 " invalid compressed data for EAs\n";
21 # if (defined(WIN32) && defined(NTSD_EAS))
22@@ -2023,7 +2025,8 @@
23 ebID = makeword(ef);
24 ebLen = (unsigned)makeword(ef+EB_LEN);
25
26- if (ebLen > (ef_len - EB_HEADSIZE)) {
27+ if (ebLen > (ef_len - EB_HEADSIZE))
28+ {
29 /* Discovered some extra field inconsistency! */
30 if (uO.qflag)
31 Info(slide, 1, ((char *)slide, "%-22s ",
32@@ -2158,11 +2161,19 @@
33 }
34 break;
35 case EF_PKVMS:
36- if (makelong(ef+EB_HEADSIZE) !=
37+ if (ebLen < 4)
38+ {
39+ Info(slide, 1,
40+ ((char *)slide, LoadFarString(TooSmallEBlength),
41+ ebLen, 4));
42+ }
43+ else if (makelong(ef+EB_HEADSIZE) !=
44 crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4),
45 (extent)(ebLen-4)))
46+ {
47 Info(slide, 1, ((char *)slide,
48 LoadFarString(BadCRC_EAs)));
49+ }
50 break;
51 case EF_PKW32:
52 case EF_PKUNIX:
diff --git a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
new file mode 100644
index 0000000000..edc7d515b0
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
@@ -0,0 +1,33 @@
1From: sms
2Subject: Fix CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
3Bug-Debian: http://bugs.debian.org/773722
4
5The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
6
7Upstream-Status: Backport
8
9Signed-off-by: Roy Li <rongqing.li@windriver.com>
10
11--- a/extract.c
12+++ b/extract.c
13@@ -2232,10 +2232,17 @@
14 if (compr_offset < 4) /* field is not compressed: */
15 return PK_OK; /* do nothing and signal OK */
16
17+ /* Return no/bad-data error status if any problem is found:
18+ * 1. eb_size is too small to hold the uncompressed size
19+ * (eb_ucsize). (Else extract eb_ucsize.)
20+ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS.
21+ * 3. eb_ucsize is positive, but eb_size is too small to hold
22+ * the compressed data header.
23+ */
24 if ((eb_size < (EB_UCSIZE_P + 4)) ||
25- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L &&
26- eb_size <= (compr_offset + EB_CMPRHEADLEN)))
27- return IZ_EF_TRUNC; /* no compressed data! */
28+ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
29+ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
30+ return IZ_EF_TRUNC; /* no/bad compressed data! */
31
32 if (
33 #ifdef INT_16BIT
diff --git a/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch b/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch
new file mode 100644
index 0000000000..d0c1db3925
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch
@@ -0,0 +1,144 @@
1From: sms
2Subject: Fix CVE-2014-8141: out-of-bounds read issues in getZip64Data()
3Bug-Debian: http://bugs.debian.org/773722
4
5The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
6
7Upstream-Status: Backport
8
9Signed-off-by: Roy Li <rongqing.li@windriver.com>
10
11
12--- a/fileio.c
13+++ b/fileio.c
14@@ -176,6 +176,8 @@
15 #endif
16 static ZCONST char Far ExtraFieldTooLong[] =
17 "warning: extra field too long (%d). Ignoring...\n";
18+static ZCONST char Far ExtraFieldCorrupt[] =
19+ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n";
20
21 #ifdef WINDLL
22 static ZCONST char Far DiskFullQuery[] =
23@@ -2295,7 +2297,12 @@
24 if (readbuf(__G__ (char *)G.extra_field, length) == 0)
25 return PK_EOF;
26 /* Looks like here is where extra fields are read */
27- getZip64Data(__G__ G.extra_field, length);
28+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
29+ {
30+ Info(slide, 0x401, ((char *)slide,
31+ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
32+ error = PK_WARN;
33+ }
34 #ifdef UNICODE_SUPPORT
35 G.unipath_filename = NULL;
36 if (G.UzO.U_flag < 2) {
37--- a/process.c
38+++ b/process.c
39@@ -1,5 +1,5 @@
40 /*
41- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
42+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
43
44 See the accompanying file LICENSE, version 2009-Jan-02 or later
45 (the contents of which are also included in unzip.h) for terms of use.
46@@ -1901,48 +1901,82 @@
47 and a 4-byte version of disk start number.
48 Sets both local header and central header fields. Not terribly clever,
49 but it means that this procedure is only called in one place.
50+
51+ 2014-12-05 SMS.
52+ Added checks to ensure that enough data are available before calling
53+ makeint64() or makelong(). Replaced various sizeof() values with
54+ simple ("4" or "8") constants. (The Zip64 structures do not depend
55+ on our variable sizes.) Error handling is crude, but we should now
56+ stay within the buffer.
57 ---------------------------------------------------------------------------*/
58
59+#define Z64FLGS 0xffff
60+#define Z64FLGL 0xffffffff
61+
62 if (ef_len == 0 || ef_buf == NULL)
63 return PK_COOL;
64
65 Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n",
66 ef_len));
67
68- while (ef_len >= EB_HEADSIZE) {
69+ while (ef_len >= EB_HEADSIZE)
70+ {
71 eb_id = makeword(EB_ID + ef_buf);
72 eb_len = makeword(EB_LEN + ef_buf);
73
74- if (eb_len > (ef_len - EB_HEADSIZE)) {
75- /* discovered some extra field inconsistency! */
76+ if (eb_len > (ef_len - EB_HEADSIZE))
77+ {
78+ /* Extra block length exceeds remaining extra field length. */
79 Trace((stderr,
80 "getZip64Data: block length %u > rest ef_size %u\n", eb_len,
81 ef_len - EB_HEADSIZE));
82 break;
83 }
84- if (eb_id == EF_PKSZ64) {
85-
86+ if (eb_id == EF_PKSZ64)
87+ {
88 int offset = EB_HEADSIZE;
89
90- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
91- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
92- offset += sizeof(G.crec.ucsize);
93+ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
94+ {
95+ if (offset+ 8 > ef_len)
96+ return PK_ERR;
97+
98+ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);
99+ offset += 8;
100 }
101- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){
102- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf);
103- offset += sizeof(G.crec.csize);
104+
105+ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL))
106+ {
107+ if (offset+ 8 > ef_len)
108+ return PK_ERR;
109+
110+ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf);
111+ offset += 8;
112 }
113- if (G.crec.relative_offset_local_header == 0xffffffff){
114+
115+ if (G.crec.relative_offset_local_header == Z64FLGL)
116+ {
117+ if (offset+ 8 > ef_len)
118+ return PK_ERR;
119+
120 G.crec.relative_offset_local_header = makeint64(offset + ef_buf);
121- offset += sizeof(G.crec.relative_offset_local_header);
122+ offset += 8;
123 }
124- if (G.crec.disk_number_start == 0xffff){
125+
126+ if (G.crec.disk_number_start == Z64FLGS)
127+ {
128+ if (offset+ 4 > ef_len)
129+ return PK_ERR;
130+
131 G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
132- offset += sizeof(G.crec.disk_number_start);
133+ offset += 4;
134 }
135+#if 0
136+ break; /* Expect only one EF_PKSZ64 block. */
137+#endif /* 0 */
138 }
139
140- /* Skip this extra field block */
141+ /* Skip this extra field block. */
142 ef_buf += (eb_len + EB_HEADSIZE);
143 ef_len -= (eb_len + EB_HEADSIZE);
144 }
diff --git a/meta/recipes-extended/unzip/unzip/avoid-strip.patch b/meta/recipes-extended/unzip/unzip/avoid-strip.patch
new file mode 100644
index 0000000000..8f30e42674
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/avoid-strip.patch
@@ -0,0 +1,50 @@
1Upstream-Status: Pending
2
3unix/Makefile: remove hard coded strip commands
4
5Remove the hard coded strip commands, both LF2 (used in linking) and
6STRIP used alone.
7
8Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
9
10diff -ur unzip60.orig/unix/configure unzip60/unix/configure
11--- unzip60.orig/unix/configure 2009-04-16 14:25:12.000000000 -0500
12+++ unzip60/unix/configure 2011-06-21 11:23:36.822849960 -0500
13@@ -17,7 +17,7 @@
14 IZ_BZIP2=${3}
15 CFLAGS="${CFLAGS} -I. -DUNIX"
16 LFLAGS1=""
17-LFLAGS2="-s"
18+LFLAGS2=""
19 LN="ln -s"
20
21 CFLAGS_OPT=''
22diff -ur unzip60.orig/unix/Makefile unzip60/unix/Makefile
23--- unzip60.orig/unix/Makefile 2009-01-18 16:41:18.000000000 -0600
24+++ unzip60/unix/Makefile 2011-06-21 11:12:22.900003388 -0500
25@@ -52,7 +52,7 @@
26 CF = $(CFLAGS) $(CF_NOOPT)
27 LFLAGS1 =
28 LF = -o unzip$E $(LFLAGS1)
29-LF2 = -s
30+LF2 =
31
32 # UnZipSFX flags
33 SL = -o unzipsfx$E $(LFLAGS1)
34@@ -70,7 +70,7 @@
35 CHMOD = chmod
36 BINPERMS = 755
37 MANPERMS = 644
38-STRIP = strip
39+STRIP =
40 E =
41 O = .o
42 M = unix
43@@ -776,7 +776,6 @@
44 #
45 gcc: unix_make
46 $(MAKE) unzips CC=gcc LD=gcc CFLAGS="-O3" LF2=""
47- $(STRIP) $(UNZIPS)
48
49 # Heurikon HK68 (68010), UniPlus+ System V 5.0, Green Hills C-68000
50 hk68: unix_make
diff --git a/meta/recipes-extended/unzip/unzip/define-ldflags.patch b/meta/recipes-extended/unzip/unzip/define-ldflags.patch
new file mode 100644
index 0000000000..659c6e3315
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/define-ldflags.patch
@@ -0,0 +1,18 @@
1Pass LDFLAGS to the linker
2
3Upstream-Status: Pending
4
5Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com>
6
7diff -Naur old/unix/configure new/unix/configure
8--- old/unix/configure 2014-01-13 21:59:27.000000000 +1100
9+++ new/unix/configure 2014-01-14 16:36:02.000000000 +1100
10@@ -16,7 +16,7 @@
11 CFLAGSR=${CFLAGS}
12 IZ_BZIP2=${3}
13 CFLAGS="${CFLAGS} -I. -DUNIX"
14-LFLAGS1=""
15+LFLAGS1=${LDFLAGS}
16 LFLAGS2=""
17 LN="ln -s"
18
diff --git a/meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff b/meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff
new file mode 100644
index 0000000000..0a0bfbbb17
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff
@@ -0,0 +1,45 @@
1From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001
2From: mancha <mancha1 AT zoho DOT com>
3Date: Wed, 11 Feb 2015
4Subject: Info-ZIP UnZip buffer overflow
5
6Upstream-Status: Backport
7
8By carefully crafting a corrupt ZIP archive with "extra fields" that
9purport to have compressed blocks larger than the corresponding
10uncompressed blocks in STORED no-compression mode, an attacker can
11trigger a heap overflow that can result in application crash or
12possibly have other unspecified impact.
13
14This patch ensures that when extra fields use STORED mode, the
15"compressed" and uncompressed block sizes match.
16
17Signed-off-by: mancha <mancha1 AT zoho DOT com>
18---
19 extract.c | 8 ++++++++
20 1 file changed, 8 insertions(+)
21
22--- a/extract.c
23+++ b/extract.c
24@@ -2217,6 +2217,7 @@ static int test_compr_eb(__G__ eb, eb_si
25 ulg eb_ucsize;
26 uch *eb_ucptr;
27 int r;
28+ ush method;
29
30 if (compr_offset < 4) /* field is not compressed: */
31 return PK_OK; /* do nothing and signal OK */
32@@ -2226,6 +2227,13 @@ static int test_compr_eb(__G__ eb, eb_si
33 eb_size <= (compr_offset + EB_CMPRHEADLEN)))
34 return IZ_EF_TRUNC; /* no compressed data! */
35
36+ method = makeword(eb + (EB_HEADSIZE + compr_offset));
37+ if ((method == STORED) &&
38+ (eb_size - compr_offset - EB_CMPRHEADLEN != eb_ucsize))
39+ return PK_ERR; /* compressed & uncompressed
40+ * should match in STORED
41+ * method */
42+
43 if (
44 #ifdef INT_16BIT
45 (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
new file mode 100644
index 0000000000..e590f8186d
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -0,0 +1,44 @@
1SUMMARY = "Utilities for extracting and viewing files in .zip archives"
2HOMEPAGE = "http://www.info-zip.org"
3SECTION = "console/utils"
4LICENSE = "BSD-3-Clause"
5LIC_FILES_CHKSUM = "file://LICENSE;md5=94caec5a51ef55ef711ee4e8b1c69e29"
6PE = "1"
7PR = "r5"
8
9SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/unzip60.tgz \
10 file://avoid-strip.patch \
11 file://define-ldflags.patch \
12 file://06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch \
13 file://unzip-6.0_overflow3.diff \
14 file://09-cve-2014-8139-crc-overflow.patch \
15 file://10-cve-2014-8140-test-compr-eb.patch \
16 file://11-cve-2014-8141-getzip64data.patch \
17"
18
19SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
20SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37"
21S = "${WORKDIR}/unzip60"
22
23# Makefile uses CF_NOOPT instead of CFLAGS. We lifted the values from
24# Makefile and add CFLAGS. Optimization will be overriden by unzip
25# configure to be -O3.
26#
27EXTRA_OEMAKE += "STRIP=true LF2='' \
28 'CF_NOOPT=-I. -Ibzip2 -DUNIX ${CFLAGS}'"
29
30export LD = "${CC}"
31LD_class-native = "${CC}"
32
33do_compile() {
34 oe_runmake -f unix/Makefile generic
35}
36
37do_install() {
38 oe_runmake -f unix/Makefile install prefix=${D}${prefix}
39 install -d ${D}${mandir}
40 mv ${D}${prefix}/man/* ${D}${mandir}
41 rmdir ${D}${prefix}/man/
42}
43
44BBCLASSEXTEND = "native"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-04-28 12:38:32 +0000