From a6ca00f2afe8859f44a3af613a1da9b6336c161e Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Wed, 15 Nov 2017 16:45:42 +0000 Subject: unzip: refresh patches The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: b45ce6dbbd459ecc96eae76b5695927dbda1dbb4) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- .../unzip/unzip/10-cve-2014-8140-test-compr-eb.patch | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'meta/recipes-extended/unzip') diff --git a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch index c989df1896..ca4aaadffe 100644 --- a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch +++ b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch @@ -9,9 +9,11 @@ CVE: CVE-2014-8140 Signed-off-by: Roy Li ---- a/extract.c -+++ b/extract.c -@@ -2232,10 +2232,17 @@ +Index: unzip60/extract.c +=================================================================== +--- unzip60.orig/extract.c ++++ unzip60/extract.c +@@ -2233,10 +2233,17 @@ static int test_compr_eb(__G__ eb, eb_si if (compr_offset < 4) /* field is not compressed: */ return PK_OK; /* do nothing and signal OK */ @@ -30,5 +32,5 @@ Signed-off-by: Roy Li + ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) + return IZ_EF_TRUNC; /* no/bad compressed data! */ - if ( - #ifdef INT_16BIT + method = makeword(eb + (EB_HEADSIZE + compr_offset)); + if ((method == STORED) && -- cgit v1.2.3-54-g00ecf