Change-Id: I1d2634643d4d308df924a61ab5a60b2034c15367
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5210
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Ashok Venkiteswaran
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,30 @@ |
0 |
+diff --git a/fileio.c b/fileio.c |
|
1 |
+index a001dd4..4eb7e29 100644 |
|
2 |
+--- a/fileio.c |
|
3 |
+@@ -1580,7 +1580,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn) |
|
4 |
+ int r = IZ_PW_ENTERED; |
|
5 |
+ char *m; |
|
6 |
+ char *prompt; |
|
7 |
+- |
|
8 |
++ char *ep; |
|
9 |
++ char *zp; |
|
10 |
+ #ifndef REENTRANT |
|
11 |
+ /* tell picky compilers to shut up about "unused variable" warnings */ |
|
12 |
+ pG = pG; |
|
13 |
+@@ -1588,9 +1589,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn) |
|
14 |
+ |
|
15 |
+ if (*rcnt == 0) { /* First call for current entry */ |
|
16 |
+ *rcnt = 2; |
|
17 |
+- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { |
|
18 |
+- sprintf(prompt, LoadFarString(PasswPrompt), |
|
19 |
+- FnFilter1(zfn), FnFilter2(efn)); |
|
20 |
++ zp = FnFilter1( zfn); |
|
21 |
++ ep = FnFilter2( efn); |
|
22 |
++ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */ |
|
23 |
++ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep)); |
|
24 |
++ if (prompt != (char *)NULL) { |
|
25 |
++ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep); |
|
26 |
+ m = prompt; |
|
27 |
+ } else |
|
28 |
+ m = (char *)LoadFarString(PasswPrompt2); |
... | ... |
@@ -4,7 +4,7 @@ |
4 | 4 |
Summary: Unzip-6.0 |
5 | 5 |
Name: unzip |
6 | 6 |
Version: 6.0 |
7 |
-Release: 8%{?dist} |
|
7 |
+Release: 9%{?dist} |
|
8 | 8 |
License: BSD |
9 | 9 |
URL: http://www.gnu.org/software/%{name} |
10 | 10 |
Source0: http://downloads.sourceforge.net/infozip/unzip60.tar.gz |
... | ... |
@@ -18,6 +18,7 @@ Patch1: cve-2015-1315.patch |
18 | 18 |
Patch2: CVE-2015-7696-CVE-2015-7697.patch |
19 | 19 |
Patch3: unzip-CVE-2014-9844.patch |
20 | 20 |
Patch4: unzip-CVE-2014-9913.patch |
21 |
+Patch5: unzip-CVE-2018-1000035.patch |
|
21 | 22 |
|
22 | 23 |
%description |
23 | 24 |
The UnZip package contains ZIP extraction utilities. These are useful |
... | ... |
@@ -31,6 +32,7 @@ with PKZIP or Info-ZIP utilities, primarily in a DOS environment. |
31 | 31 |
%patch2 -p1 |
32 | 32 |
%patch3 -p1 |
33 | 33 |
%patch4 -p1 |
34 |
+%patch5 -p1 |
|
34 | 35 |
|
35 | 36 |
%build |
36 | 37 |
case `uname -m` in |
... | ... |
@@ -61,6 +63,8 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck} |
61 | 61 |
%{_bindir}/* |
62 | 62 |
|
63 | 63 |
%changelog |
64 |
+* Tue May 29 2018 Xiaolin Li <xiaolinl@vmware.com> 6.0-9 |
|
65 |
+- Fix CVE-2018-1000035 |
|
64 | 66 |
* Fri Oct 20 2017 Xiaolin Li <xiaolinl@vmware.com> 6.0-8 |
65 | 67 |
- Fix CVE-2014-9844, CVE-2014-9913 |
66 | 68 |
* Wed Nov 30 2016 Dheeraj Shetty <dheerajs@vmware.com> 6.0-7 |