1 files changed, 48 insertions, 0 deletions
diff --git a/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch b/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch
new file mode 100644
index 0000000000..37289d1a53
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch
@@ -0,0 +1,48 @@
+From 349f566e6e757458843fa164a0f0584280e1501e Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Wed, 15 Aug 2018 16:20:53 +0800
+Subject: [PATCH] unzip: fix CVE-2018-1000035
+Upstream-Status: Backport
+CVE: CVE-2018-1000035
+backport from unzip6.10c23
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ fileio.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+diff --git a/fileio.c b/fileio.c
+index 36bfea3..7605a29 100644
+--- a/fileio.c
+++ b/fileio.c
+@@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
+     int r = IZ_PW_ENTERED;
+     char *m;
+     char *prompt;
+    char *ep;
+    char *zp;
+ 
+ #ifndef REENTRANT
+     /* tell picky compilers to shut up about "unused variable" warnings */
+@@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
+ 
+     if (*rcnt == 0) {           /* First call for current entry */
+         *rcnt = 2;
+-        if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+-            sprintf(prompt, LoadFarString(PasswPrompt),
+-                    FnFilter1(zfn), FnFilter2(efn));
+        zp = FnFilter1( zfn);
+        ep = FnFilter2( efn);
+        prompt = (char *)malloc(    /* Slightly too long (2* "%s"). */
+         sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
+        if (prompt != (char *)NULL) {
+            sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
+             m = prompt;
+         } else
+             m = (char *)LoadFarString(PasswPrompt2);
+-- 
+2.7.4

diff --git a/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch b/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch new file mode 100644 index 0000000000..37289d1a53 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch
@@ -0,0 +1,48 @@
	1	From 349f566e6e757458843fa164a0f0584280e1501e Mon Sep 17 00:00:00 2001
	2	From: Changqing Li <changqing.li@windriver.com>
	3	Date: Wed, 15 Aug 2018 16:20:53 +0800
	4	Subject: [PATCH] unzip: fix CVE-2018-1000035
	5
	6	Upstream-Status: Backport
	7
	8	CVE: CVE-2018-1000035
	9
	10	backport from unzip6.10c23
	11
	12	Signed-off-by: Changqing Li <changqing.li@windriver.com>
	13	---
	14	fileio.c \| 11 ++++++++---
	15	1 file changed, 8 insertions(+), 3 deletions(-)
	16
	17	diff --git a/fileio.c b/fileio.c
	18	index 36bfea3..7605a29 100644
	19	--- a/fileio.c
	20	+++ b/fileio.c
	21	@@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
	22	int r = IZ_PW_ENTERED;
	23	char *m;
	24	char *prompt;
	25	+ char *ep;
	26	+ char *zp;
	27
	28	#ifndef REENTRANT
	29	/* tell picky compilers to shut up about "unused variable" warnings */
	30	@@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
	31
	32	if (rcnt == 0) { / First call for current entry */
	33	*rcnt = 2;
	34	- if ((prompt = (char )malloc(2FILNAMSIZ + 15)) != (char *)NULL) {
	35	- sprintf(prompt, LoadFarString(PasswPrompt),
	36	- FnFilter1(zfn), FnFilter2(efn));
	37	+ zp = FnFilter1( zfn);
	38	+ ep = FnFilter2( efn);
	39	+ prompt = (char )malloc( / Slightly too long (2* "%s"). */
	40	+ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
	41	+ if (prompt != (char *)NULL) {
	42	+ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
	43	m = prompt;
	44	} else
	45	m = (char *)LoadFarString(PasswPrompt2);
	46	--
	47	2.7.4
	48