summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/unzip
diff options
context:
space:
mode:
authorRoy Li <rongqing.li@windriver.com>2015-06-29 16:06:57 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-07-01 15:39:59 +0100
commit71ceb8c60aee649690d4be33d948d3168c3790b2 (patch)
tree2030e587669a523c91d84c8d11ffe0d33bed89e7 /meta/recipes-extended/unzip
parenta3866484f8e19d508029136a646859db45090046 (diff)
downloadpoky-71ceb8c60aee649690d4be33d948d3168c3790b2.tar.gz
unzip: drop 12-cve-2014-9636-test-compr-eb.patch
12-cve-2014-9636-test-compr-eb.patch is same as unzip-6.0_overflow3.diff, is to fix CVE-2014-9636 (From OE-Core rev: 43cc77f6dd1615ec6797a159647a1ad677c1df23) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/unzip')
-rw-r--r--meta/recipes-extended/unzip/unzip/12-cve-2014-9636-test-compr-eb.patch45
-rw-r--r--meta/recipes-extended/unzip/unzip_6.0.bb1
2 files changed, 0 insertions, 46 deletions
diff --git a/meta/recipes-extended/unzip/unzip/12-cve-2014-9636-test-compr-eb.patch b/meta/recipes-extended/unzip/unzip/12-cve-2014-9636-test-compr-eb.patch
deleted file mode 100644
index b64dd99244..0000000000
--- a/meta/recipes-extended/unzip/unzip/12-cve-2014-9636-test-compr-eb.patch
+++ /dev/null
@@ -1,45 +0,0 @@
1From: mancha <mancha1 AT zoho DOT com>
2Date: Mon, 3 Nov 2014
3Subject: Info-ZIP UnZip buffer overflow
4Bug-Debian: http://bugs.debian.org/776589
5
6By carefully crafting a corrupt ZIP archive with "extra fields" that
7purport to have compressed blocks larger than the corresponding
8uncompressed blocks in STORED no-compression mode, an attacker can
9trigger a heap overflow that can result in application crash or
10possibly have other unspecified impact.
11
12This patch ensures that when extra fields use STORED mode, the
13"compressed" and uncompressed block sizes match.
14
15The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
16
17Upstream-Status: Backport
18
19Signed-off-by: Roy Li <rongqing.li@windriver.com>
20
21--- a/extract.c
22+++ b/extract.c
23@@ -2229,6 +2229,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
24 uch *eb_ucptr;
25 int r;
26 ush method;
27+ ush eb_compr_method;
28
29 if (compr_offset < 4) /* field is not compressed: */
30 return PK_OK; /* do nothing and signal OK */
31@@ -2244,6 +2245,14 @@
32 ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
33 return IZ_EF_TRUNC; /* no/bad compressed data! */
34
35+ /* 2014-11-03 Michal Zalewski, SMS.
36+ * For STORE method, compressed and uncompressed sizes must agree.
37+ * http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
38+ */
39+ eb_compr_method = makeword( eb + (EB_HEADSIZE + compr_offset));
40+ if ((eb_compr_method == STORED) && (eb_size - compr_offset != eb_ucsize))
41+ return PK_ERR;
42+
43 if (
44 #ifdef INT_16BIT
45 (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index b022f21844..4a0a713a61 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -14,7 +14,6 @@ SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/unzip60.tgz \
14 file://09-cve-2014-8139-crc-overflow.patch \ 14 file://09-cve-2014-8139-crc-overflow.patch \
15 file://10-cve-2014-8140-test-compr-eb.patch \ 15 file://10-cve-2014-8140-test-compr-eb.patch \
16 file://11-cve-2014-8141-getzip64data.patch \ 16 file://11-cve-2014-8141-getzip64data.patch \
17 file://12-cve-2014-9636-test-compr-eb.patch \
18" 17"
19 18
20SRC_URI[md5sum] = "62b490407489521db863b523a7f86375" 19SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"