summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorRoy Li <rongqing.li@windriver.com>2015-06-29 16:06:57 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-07-20 20:54:34 +0100
commit1e6d9873749d75ada0ff7a60411b91170fd09179 (patch)
tree3e4f54075d09b6e008a634a9975338d602259c13 /meta
parent38a334ad842a8e13f85cf690ade9dd5ecbd0eb71 (diff)
downloadpoky-1e6d9873749d75ada0ff7a60411b91170fd09179.tar.gz
unzip: drop 12-cve-2014-9636-test-compr-eb.patch
12-cve-2014-9636-test-compr-eb.patch is same as unzip-6.0_overflow3.diff, is to fix CVE-2014-9636 (From OE-Core rev: 9cf42db4e545cd260faf45931d3b3c63ab3b3aab) (From OE-Core rev: 7567dbc552819906a876b729e2a599ec412139a3) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-extended/unzip/unzip/12-cve-2014-9636-test-compr-eb.patch45
-rw-r--r--meta/recipes-extended/unzip/unzip_6.0.bb1
2 files changed, 0 insertions, 46 deletions
diff --git a/meta/recipes-extended/unzip/unzip/12-cve-2014-9636-test-compr-eb.patch b/meta/recipes-extended/unzip/unzip/12-cve-2014-9636-test-compr-eb.patch
deleted file mode 100644
index b64dd99244..0000000000
--- a/meta/recipes-extended/unzip/unzip/12-cve-2014-9636-test-compr-eb.patch
+++ /dev/null
@@ -1,45 +0,0 @@
1From: mancha <mancha1 AT zoho DOT com>
2Date: Mon, 3 Nov 2014
3Subject: Info-ZIP UnZip buffer overflow
4Bug-Debian: http://bugs.debian.org/776589
5
6By carefully crafting a corrupt ZIP archive with "extra fields" that
7purport to have compressed blocks larger than the corresponding
8uncompressed blocks in STORED no-compression mode, an attacker can
9trigger a heap overflow that can result in application crash or
10possibly have other unspecified impact.
11
12This patch ensures that when extra fields use STORED mode, the
13"compressed" and uncompressed block sizes match.
14
15The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
16
17Upstream-Status: Backport
18
19Signed-off-by: Roy Li <rongqing.li@windriver.com>
20
21--- a/extract.c
22+++ b/extract.c
23@@ -2229,6 +2229,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
24 uch *eb_ucptr;
25 int r;
26 ush method;
27+ ush eb_compr_method;
28
29 if (compr_offset < 4) /* field is not compressed: */
30 return PK_OK; /* do nothing and signal OK */
31@@ -2244,6 +2245,14 @@
32 ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
33 return IZ_EF_TRUNC; /* no/bad compressed data! */
34
35+ /* 2014-11-03 Michal Zalewski, SMS.
36+ * For STORE method, compressed and uncompressed sizes must agree.
37+ * http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
38+ */
39+ eb_compr_method = makeword( eb + (EB_HEADSIZE + compr_offset));
40+ if ((eb_compr_method == STORED) && (eb_size - compr_offset != eb_ucsize))
41+ return PK_ERR;
42+
43 if (
44 #ifdef INT_16BIT
45 (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index 00b68ad785..e590f8186d 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -14,7 +14,6 @@ SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/unzip60.tgz \
14 file://09-cve-2014-8139-crc-overflow.patch \ 14 file://09-cve-2014-8139-crc-overflow.patch \
15 file://10-cve-2014-8140-test-compr-eb.patch \ 15 file://10-cve-2014-8140-test-compr-eb.patch \
16 file://11-cve-2014-8141-getzip64data.patch \ 16 file://11-cve-2014-8141-getzip64data.patch \
17 file://12-cve-2014-9636-test-compr-eb.patch \
18" 17"
19 18
20SRC_URI[md5sum] = "62b490407489521db863b523a7f86375" 19SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-02 19:18:51 +0000