diff options
-rw-r--r-- | libre/unzip/PKGBUILD | 10 | ||||
-rw-r--r-- | libre/unzip/cve20149636.patch | 25 | ||||
-rw-r--r-- | libre/unzip/overflow-fsize.patch | 34 |
3 files changed, 67 insertions, 2 deletions
diff --git a/libre/unzip/PKGBUILD b/libre/unzip/PKGBUILD index 24915ae62..79c081b2e 100644 --- a/libre/unzip/PKGBUILD +++ b/libre/unzip/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 228890 2015-01-10 19:27:10Z bisson $ +# $Id: PKGBUILD 233850 2015-03-15 04:53:48Z bisson $ # Maintainer (Arch): Gaetan Bisson <bisson@archlinux.org> # Contributor (Arch): Douglas Soares de Andrade <douglas@archlinux.org> # Contributor (Arch): Robson Peixoto @@ -7,7 +7,7 @@ _pkgname=unzip-libre pkgname=unzip pkgver=6.0 _pkgver=${pkgver/./} -pkgrel=9.parabola1 +pkgrel=10.parabola1 pkgdesc='For extracting and viewing files in .zip archives' url='http://www.info-zip.org/UnZip.html' arch=('i686' 'x86_64' 'mips64el') @@ -18,12 +18,16 @@ replaces=("${_pkgname}") mksource=("http://downloads.sourceforge.net/infozip/${pkgname}${_pkgver}.tar.gz" 'match.patch') source=("https://repo.parabola.nu/other/${_pkgname}/${pkgname}${_pkgver}-libre.tar.gz" + 'overflow-fsize.patch' + 'cve20149636.patch' 'test_compr_eb.patch' 'getZip64Data.patch' 'crc32.patch') mksha1sums=('abf7de8a4018a983590ed6f5cbd990d4740f8a22' '63bb2bb8483088d5975ce17443dd31b0362c08c9') sha1sums=('80808a3b520f8b73ee3a4dc4b5c29411cba43aa2' + '2852ce1a9db8d646516f8828436a44d34785a0b3' + 'e8c0bc17c63eeed97ad62b86845d75c849bcf4f8' '614c3e7fa7d6da7c60ea2aa79e36f4cbd17c3824' '691d0751bf0bc98cf9f9889dee39baccabefdc4d' '82c9fe9172779a0ee92a187d544e74e8f512b013') @@ -38,6 +42,8 @@ mksource() { prepare() { cd "${srcdir}/${pkgname}${_pkgver}" sed -i "/MANDIR =/s#)/#)/share/#" unix/Makefile + patch -p1 -i ../overflow-fsize.patch # FS#44171 + patch -p1 -i ../cve20149636.patch # FS#44171 patch -i ../test_compr_eb.patch # FS#43391 patch -i ../getZip64Data.patch # FS#43300 patch -i ../crc32.patch # FS#43300 diff --git a/libre/unzip/cve20149636.patch b/libre/unzip/cve20149636.patch new file mode 100644 index 000000000..228c28377 --- /dev/null +++ b/libre/unzip/cve20149636.patch @@ -0,0 +1,25 @@ +diff --git a/extract.c b/extract.c +index a0a4929..9ef80b3 100644 +--- a/extract.c ++++ b/extract.c +@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) + ulg eb_ucsize; + uch *eb_ucptr; + int r; ++ ush method; + + if (compr_offset < 4) /* field is not compressed: */ + return PK_OK; /* do nothing and signal OK */ +@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) + eb_size <= (compr_offset + EB_CMPRHEADLEN))) + return IZ_EF_TRUNC; /* no compressed data! */ + ++ method = makeword(eb + (EB_HEADSIZE + compr_offset)); ++ if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize)) ++ return PK_ERR; /* compressed & uncompressed ++ * should match in STORED ++ * method */ ++ + if ( + #ifdef INT_16BIT + (((ulg)(extent)eb_ucsize) != eb_ucsize) || diff --git a/libre/unzip/overflow-fsize.patch b/libre/unzip/overflow-fsize.patch new file mode 100644 index 000000000..910b22d56 --- /dev/null +++ b/libre/unzip/overflow-fsize.patch @@ -0,0 +1,34 @@ +t a/list.c b/list.c +index f7359c3..4c3d703 100644 +--- a/list.c ++++ b/list.c +@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type error code */ + { + int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; + #ifndef WINDLL +- char sgn, cfactorstr[10]; ++ char sgn, cfactorstr[13]; + int longhdr=(uO.vflag>1); + #endif + int date_format; +@@ -339,7 +339,19 @@ int list_files(__G) /* return PK-type error code */ + G.crec.compression_method == ENHDEFLATED) { + methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; + } else if (methnum >= NUM_METHODS) { +- sprintf(&methbuf[4], "%03u", G.crec.compression_method); ++ /* 2013-02-26 SMS. ++ * http://sourceforge.net/tracker/?func=detail ++ * &aid=2861648&group_id=118012&atid=679786 ++ * Unexpectedly large compression methods overflow ++ * &methbuf[]. Use the old, three-digit decimal format ++ * for values which fit. Otherwise, sacrifice the ++ * colon, and use four-digit hexadecimal. ++ */ ++ if (G.crec.compression_method <= 999) { ++ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method); ++ } else { ++ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method); ++ } + } + + #if 0 /* GRR/Euro: add this? */ |