summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/unzip
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/unzip')
-rw-r--r--meta/recipes-extended/unzip/unzip/symlink.patch26
-rw-r--r--meta/recipes-extended/unzip/unzip_6.0.bb1
2 files changed, 27 insertions, 0 deletions
diff --git a/meta/recipes-extended/unzip/unzip/symlink.patch b/meta/recipes-extended/unzip/unzip/symlink.patch
new file mode 100644
index 0000000000..a38f6f1612
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/symlink.patch
@@ -0,0 +1,26 @@
1Unzip doesn't handle large zip files well and crashes:
2
3"This only happens if you have more then 16k entries and when one of
4the 16k entry infos is reused it happend to be previously used for
5a symlink entry."
6
7This patch is taken from Fedora (https://bugzilla.redhat.com/show_bug.cgi?id=972427)
8
9Upstream-Status: Pending (upstream is dead)
10Signed-off-by: Ross Burton <ross.burton@intel.com>
11
12--- unzip60/process.c.sav 2013-06-09 12:08:57.070392264 +0200
13+++ unzip60/process.c 2013-06-09 12:10:08.641696988 +0200
14@@ -1751,6 +1751,12 @@
15 = (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11);
16 #endif
17
18+#ifdef SYMLINKS
19+ /* Initialize the symlink flag, may be set by the platform-specific
20+ mapattr function. */
21+ G.pInfo->symlink = 0;
22+#endif
23+
24 return PK_COOL;
25
26 } /* end function process_cdir_file_hdr() */
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index 105d048f55..dbf4112a4c 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -19,6 +19,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
19 file://fix-security-format.patch \ 19 file://fix-security-format.patch \
20 file://18-cve-2014-9913-unzip-buffer-overflow.patch \ 20 file://18-cve-2014-9913-unzip-buffer-overflow.patch \
21 file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \ 21 file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \
22 file://symlink.patch \
22" 23"
23UPSTREAM_VERSION_UNKNOWN = "1" 24UPSTREAM_VERSION_UNKNOWN = "1"
24 25