Change-Id: I165f0d5eba205379302ca29e3193f3bbcef1813c
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5211
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,30 @@ |
0 |
+diff --git a/fileio.c b/fileio.c |
|
1 |
+index a001dd4..4eb7e29 100644 |
|
2 |
+--- a/fileio.c |
|
3 |
+@@ -1580,7 +1580,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn) |
|
4 |
+ int r = IZ_PW_ENTERED; |
|
5 |
+ char *m; |
|
6 |
+ char *prompt; |
|
7 |
+- |
|
8 |
++ char *ep; |
|
9 |
++ char *zp; |
|
10 |
+ #ifndef REENTRANT |
|
11 |
+ /* tell picky compilers to shut up about "unused variable" warnings */ |
|
12 |
+ pG = pG; |
|
13 |
+@@ -1588,9 +1589,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn) |
|
14 |
+ |
|
15 |
+ if (*rcnt == 0) { /* First call for current entry */ |
|
16 |
+ *rcnt = 2; |
|
17 |
+- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { |
|
18 |
+- sprintf(prompt, LoadFarString(PasswPrompt), |
|
19 |
+- FnFilter1(zfn), FnFilter2(efn)); |
|
20 |
++ zp = FnFilter1( zfn); |
|
21 |
++ ep = FnFilter2( efn); |
|
22 |
++ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */ |
|
23 |
++ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep)); |
|
24 |
++ if (prompt != (char *)NULL) { |
|
25 |
++ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep); |
|
26 |
+ m = prompt; |
|
27 |
+ } else |
|
28 |
+ m = (char *)LoadFarString(PasswPrompt2); |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: Unzip-6.0 |
2 | 2 |
Name: unzip |
3 | 3 |
Version: 6.0 |
4 |
-Release: 10%{?dist} |
|
4 |
+Release: 11%{?dist} |
|
5 | 5 |
License: BSD |
6 | 6 |
URL: http://www.gnu.org/software/%{name} |
7 | 7 |
Source0: http://downloads.sourceforge.net/infozip/unzip60.tar.gz |
... | ... |
@@ -15,6 +15,7 @@ Patch1: cve-2015-1315.patch |
15 | 15 |
Patch2: CVE-2015-7696-CVE-2015-7697.patch |
16 | 16 |
Patch3: unzip-CVE-2014-9844.patch |
17 | 17 |
Patch4: unzip-CVE-2014-9913.patch |
18 |
+Patch5: unzip-CVE-2018-1000035.patch |
|
18 | 19 |
|
19 | 20 |
%description |
20 | 21 |
The UnZip package contains ZIP extraction utilities. These are useful |
... | ... |
@@ -28,6 +29,7 @@ with PKZIP or Info-ZIP utilities, primarily in a DOS environment. |
28 | 28 |
%patch2 -p1 |
29 | 29 |
%patch3 -p1 |
30 | 30 |
%patch4 -p1 |
31 |
+%patch5 -p1 |
|
31 | 32 |
|
32 | 33 |
%build |
33 | 34 |
case `uname -m` in |
... | ... |
@@ -61,6 +63,8 @@ make %{?_smp_mflags} check |
61 | 61 |
%{_bindir}/* |
62 | 62 |
|
63 | 63 |
%changelog |
64 |
+* Tue May 29 2018 Xiaolin Li <xiaolinl@vmware.com> 6.0-11 |
|
65 |
+- Fix CVE-2018-1000035 |
|
64 | 66 |
* Thu Nov 02 2017 Xiaolin Li <xiaolinl@vmware.com> 6.0-10 |
65 | 67 |
- Fix CVE-2014-9844, CVE-2014-9913 |
66 | 68 |
* Tue Apr 25 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 6.0-9 |