summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorRoy Li <rongqing.li@windriver.com>2015-06-29 16:06:57 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-07-08 13:07:17 +0100
commitee88b51cf2853ab075c9bd2ef7cf4d65d1c96674 (patch)
tree232b8233490cd8d73b7a5ccbf162ba8ed4560b13 /meta
parent3773a7d16c03195123ba442d1c0b2524731b3cc7 (diff)
downloadpoky-ee88b51cf2853ab075c9bd2ef7cf4d65d1c96674.tar.gz
unzip: drop 12-cve-2014-9636-test-compr-eb.patch
12-cve-2014-9636-test-compr-eb.patch is same as unzip-6.0_overflow3.diff, is to fix CVE-2014-9636 (From OE-Core rev: 43cc77f6dd1615ec6797a159647a1ad677c1df23) (From OE-Core rev: 0a849983d066cd1beee64cef94b2c8421275b45c) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-extended/unzip/unzip/12-cve-2014-9636-test-compr-eb.patch45
-rw-r--r--meta/recipes-extended/unzip/unzip_6.0.bb1
2 files changed, 0 insertions, 46 deletions
diff --git a/meta/recipes-extended/unzip/unzip/12-cve-2014-9636-test-compr-eb.patch b/meta/recipes-extended/unzip/unzip/12-cve-2014-9636-test-compr-eb.patch
deleted file mode 100644
index b64dd99244..0000000000
--- a/meta/recipes-extended/unzip/unzip/12-cve-2014-9636-test-compr-eb.patch
+++ /dev/null
@@ -1,45 +0,0 @@
1From: mancha <mancha1 AT zoho DOT com>
2Date: Mon, 3 Nov 2014
3Subject: Info-ZIP UnZip buffer overflow
4Bug-Debian: http://bugs.debian.org/776589
5
6By carefully crafting a corrupt ZIP archive with "extra fields" that
7purport to have compressed blocks larger than the corresponding
8uncompressed blocks in STORED no-compression mode, an attacker can
9trigger a heap overflow that can result in application crash or
10possibly have other unspecified impact.
11
12This patch ensures that when extra fields use STORED mode, the
13"compressed" and uncompressed block sizes match.
14
15The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
16
17Upstream-Status: Backport
18
19Signed-off-by: Roy Li <rongqing.li@windriver.com>
20
21--- a/extract.c
22+++ b/extract.c
23@@ -2229,6 +2229,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
24 uch *eb_ucptr;
25 int r;
26 ush method;
27+ ush eb_compr_method;
28
29 if (compr_offset < 4) /* field is not compressed: */
30 return PK_OK; /* do nothing and signal OK */
31@@ -2244,6 +2245,14 @@
32 ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
33 return IZ_EF_TRUNC; /* no/bad compressed data! */
34
35+ /* 2014-11-03 Michal Zalewski, SMS.
36+ * For STORE method, compressed and uncompressed sizes must agree.
37+ * http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
38+ */
39+ eb_compr_method = makeword( eb + (EB_HEADSIZE + compr_offset));
40+ if ((eb_compr_method == STORED) && (eb_size - compr_offset != eb_ucsize))
41+ return PK_ERR;
42+
43 if (
44 #ifdef INT_16BIT
45 (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index b022f21844..4a0a713a61 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -14,7 +14,6 @@ SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/unzip60.tgz \
14 file://09-cve-2014-8139-crc-overflow.patch \ 14 file://09-cve-2014-8139-crc-overflow.patch \
15 file://10-cve-2014-8140-test-compr-eb.patch \ 15 file://10-cve-2014-8140-test-compr-eb.patch \
16 file://11-cve-2014-8141-getzip64data.patch \ 16 file://11-cve-2014-8141-getzip64data.patch \
17 file://12-cve-2014-9636-test-compr-eb.patch \
18" 17"
19 18
20SRC_URI[md5sum] = "62b490407489521db863b523a7f86375" 19SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-11 06:15:20 +0000