1 files changed, 52 insertions, 0 deletions
diff --git a/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
new file mode 100644
index 0000000000..e137f0dc76
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
@@ -0,0 +1,52 @@
+From: sms
+Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow
+Bug-Debian: http://bugs.debian.org/773722
+The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
+Upstream-Status: Backport
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+--- a/extract.c
+++ b/extract.c
+@@ -298,6 +298,8 @@
+ #ifndef SFX
+    static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
+      EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
+   static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \
+     EF block length (%u bytes) invalid (< %d)\n";
+    static ZCONST char Far InvalidComprDataEAs[] =
+      " invalid compressed data for EAs\n";
+ #  if (defined(WIN32) && defined(NTSD_EAS))
+@@ -2023,7 +2025,8 @@
+         ebID = makeword(ef);
+         ebLen = (unsigned)makeword(ef+EB_LEN);
+ 
+-        if (ebLen > (ef_len - EB_HEADSIZE)) {
+        if (ebLen > (ef_len - EB_HEADSIZE))
+        {
+            /* Discovered some extra field inconsistency! */
+             if (uO.qflag)
+                 Info(slide, 1, ((char *)slide, "%-22s ",
+@@ -2158,11 +2161,19 @@
+                 }
+                 break;
+             case EF_PKVMS:
+-                if (makelong(ef+EB_HEADSIZE) !=
+                if (ebLen < 4)
+                {
+                    Info(slide, 1,
+                     ((char *)slide, LoadFarString(TooSmallEBlength),
+                     ebLen, 4));
+                }
+                else if (makelong(ef+EB_HEADSIZE) !=
+                     crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4),
+                           (extent)(ebLen-4)))
+                {
+                     Info(slide, 1, ((char *)slide,
+                       LoadFarString(BadCRC_EAs)));
+                }
+                 break;
+             case EF_PKW32:
+             case EF_PKUNIX:

diff --git a/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch new file mode 100644 index 0000000000..e137f0dc76 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
@@ -0,0 +1,52 @@
	1	From: sms
	2	Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow
	3	Bug-Debian: http://bugs.debian.org/773722
	4
	5	The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
	6
	7	Upstream-Status: Backport
	8
	9	Signed-off-by: Roy Li <rongqing.li@windriver.com>
	10
	11	--- a/extract.c
	12	+++ b/extract.c
	13	@@ -298,6 +298,8 @@
	14	#ifndef SFX
	15	static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
	16	EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
	17	+ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \
	18	+ EF block length (%u bytes) invalid (< %d)\n";
	19	static ZCONST char Far InvalidComprDataEAs[] =
	20	" invalid compressed data for EAs\n";
	21	# if (defined(WIN32) && defined(NTSD_EAS))
	22	@@ -2023,7 +2025,8 @@
	23	ebID = makeword(ef);
	24	ebLen = (unsigned)makeword(ef+EB_LEN);
	25
	26	- if (ebLen > (ef_len - EB_HEADSIZE)) {
	27	+ if (ebLen > (ef_len - EB_HEADSIZE))
	28	+ {
	29	/* Discovered some extra field inconsistency! */
	30	if (uO.qflag)
	31	Info(slide, 1, ((char *)slide, "%-22s ",
	32	@@ -2158,11 +2161,19 @@
	33	}
	34	break;
	35	case EF_PKVMS:
	36	- if (makelong(ef+EB_HEADSIZE) !=
	37	+ if (ebLen < 4)
	38	+ {
	39	+ Info(slide, 1,
	40	+ ((char *)slide, LoadFarString(TooSmallEBlength),
	41	+ ebLen, 4));
	42	+ }
	43	+ else if (makelong(ef+EB_HEADSIZE) !=
	44	crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4),
	45	(extent)(ebLen-4)))
	46	+ {
	47	Info(slide, 1, ((char *)slide,
	48	LoadFarString(BadCRC_EAs)));
	49	+ }
	50	break;
	51	case EF_PKW32:
	52	case EF_PKUNIX: