Browse code
unzip : Fix CVE-2014-9844, CVE-2014-9913
Change-Id: I194ace0b7ea1d81839af36fccd68cd45697e71c1
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4194
Reviewed-by: Sharath George
Tested-by: Sharath George
(cherry picked from commit 3b4226331eea0c47f2afbc7849382cfed7eea999)
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4910
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
xiaolin-vmware authored on 2017/11/03 05:51:49Showing 3 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,32 @@ |
| 0 |
+Fix from http://antinode.info/ftp/info-zip/unzip60/zipinfo.c |
|
| 1 |
+diff --git a/zipinfo.c b/zipinfo.c |
|
| 2 |
+index a92bca9..8f8e729 100644 |
|
| 3 |
+--- a/zipinfo.c |
|
| 4 |
+@@ -1,5 +1,5 @@ |
|
| 5 |
+ /* |
|
| 6 |
+- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. |
|
| 7 |
++ Copyright (c) 1990-2016 Info-ZIP. All rights reserved. |
|
| 8 |
+ |
|
| 9 |
+ See the accompanying file LICENSE, version 2009-Jan-02 or later |
|
| 10 |
+ (the contents of which are also included in unzip.h) for terms of use. |
|
| 11 |
+@@ -1921,7 +1921,18 @@ static int zi_short(__G) /* return PK-type error code */ |
|
| 12 |
+ ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3); |
|
| 13 |
+ methbuf[3] = dtype[dnum]; |
|
| 14 |
+ } else if (methnum >= NUM_METHODS) { /* unknown */
|
|
| 15 |
+- sprintf(&methbuf[1], "%03u", G.crec.compression_method); |
|
| 16 |
++ /* 2016-12-05 SMS. |
|
| 17 |
++ * https://launchpad.net/bugs/1643750 CVE-2016-9844. |
|
| 18 |
++ * Unexpectedly large compression methods overflow |
|
| 19 |
++ * &methbuf[]. Use the old, three-digit decimal format |
|
| 20 |
++ * for values which fit. Otherwise, sacrifice the "u", |
|
| 21 |
++ * and use four-digit hexadecimal. |
|
| 22 |
++ */ |
|
| 23 |
++ if (G.crec.compression_method <= 999) {
|
|
| 24 |
++ sprintf( &methbuf[ 1], "%03u", G.crec.compression_method); |
|
| 25 |
++ } else {
|
|
| 26 |
++ sprintf( &methbuf[ 0], "%04X", G.crec.compression_method); |
|
| 27 |
++ } |
|
| 28 |
+ } |
|
| 29 |
+ |
|
| 30 |
+ for (k = 0; k < 15; ++k) |
| 0 | 31 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,32 @@ |
| 0 |
+Fix from http://antinode.info/ftp/info-zip/unzip60/list.c |
|
| 1 |
+diff --git a/list.c b/list.c |
|
| 2 |
+index 15e0011..2328788 100644 |
|
| 3 |
+--- a/list.c |
|
| 4 |
+@@ -1,5 +1,5 @@ |
|
| 5 |
+ /* |
|
| 6 |
+- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. |
|
| 7 |
++ Copyright (c) 1990-2016 Info-ZIP. All rights reserved. |
|
| 8 |
+ |
|
| 9 |
+ See the accompanying file LICENSE, version 2009-Jan-02 or later |
|
| 10 |
+ (the contents of which are also included in unzip.h) for terms of use. |
|
| 11 |
+@@ -339,7 +339,18 @@ int list_files(__G) /* return PK-type error code */ |
|
| 12 |
+ G.crec.compression_method == ENHDEFLATED) {
|
|
| 13 |
+ methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; |
|
| 14 |
+ } else if (methnum >= NUM_METHODS) {
|
|
| 15 |
+- sprintf(&methbuf[4], "%03u", G.crec.compression_method); |
|
| 16 |
++ /* 2013-02-26 SMS. |
|
| 17 |
++ * http://sourceforge.net/p/infozip/bugs/27/ CVE-2014-9913. |
|
| 18 |
++ * Unexpectedly large compression methods overflow |
|
| 19 |
++ * &methbuf[]. Use the old, three-digit decimal format |
|
| 20 |
++ * for values which fit. Otherwise, sacrifice the |
|
| 21 |
++ * colon, and use four-digit hexadecimal. |
|
| 22 |
++ */ |
|
| 23 |
++ if (G.crec.compression_method <= 999) {
|
|
| 24 |
++ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method); |
|
| 25 |
++ } else {
|
|
| 26 |
++ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method); |
|
| 27 |
++ } |
|
| 28 |
+ } |
|
| 29 |
+ |
|
| 30 |
+ #if 0 /* GRR/Euro: add this? */ |
| ... | ... |
@@ -1,18 +1,20 @@ |
| 1 |
-Summary: Unzip-6.0 |
|
| 2 |
-Name: unzip |
|
| 3 |
-Version: 6.0 |
|
| 4 |
-Release: 9%{?dist}
|
|
| 5 |
-License: BSD |
|
| 6 |
-URL: http://www.gnu.org/software/%{name}
|
|
| 7 |
-Source0: http://downloads.sourceforge.net/infozip/unzip60.tar.gz |
|
| 8 |
-%define sha1 unzip=abf7de8a4018a983590ed6f5cbd990d4740f8a22 |
|
| 9 |
-Group: System Environment/Utilities |
|
| 10 |
-Vendor: VMware, Inc. |
|
| 1 |
+Summary: Unzip-6.0 |
|
| 2 |
+Name: unzip |
|
| 3 |
+Version: 6.0 |
|
| 4 |
+Release: 10%{?dist}
|
|
| 5 |
+License: BSD |
|
| 6 |
+URL: http://www.gnu.org/software/%{name}
|
|
| 7 |
+Source0: http://downloads.sourceforge.net/infozip/unzip60.tar.gz |
|
| 8 |
+%define sha1 unzip=abf7de8a4018a983590ed6f5cbd990d4740f8a22 |
|
| 9 |
+Group: System Environment/Utilities |
|
| 10 |
+Vendor: VMware, Inc. |
|
| 11 | 11 |
Distribution: Photon |
| 12 | 12 |
|
| 13 | 13 |
Patch0: cve-2014-9636.patch |
| 14 | 14 |
Patch1: cve-2015-1315.patch |
| 15 | 15 |
Patch2: CVE-2015-7696-CVE-2015-7697.patch |
| 16 |
+Patch3: unzip-CVE-2014-9844.patch |
|
| 17 |
+Patch4: unzip-CVE-2014-9913.patch |
|
| 16 | 18 |
|
| 17 | 19 |
%description |
| 18 | 20 |
The UnZip package contains ZIP extraction utilities. These are useful |
| ... | ... |
@@ -24,7 +26,8 @@ with PKZIP or Info-ZIP utilities, primarily in a DOS environment. |
| 24 | 24 |
%patch0 -p1 |
| 25 | 25 |
%patch1 -p1 |
| 26 | 26 |
%patch2 -p1 |
| 27 |
- |
|
| 27 |
+%patch3 -p1 |
|
| 28 |
+%patch4 -p1 |
|
| 28 | 29 |
|
| 29 | 30 |
%build |
| 30 | 31 |
case `uname -m` in |
| ... | ... |
@@ -58,21 +61,23 @@ make %{?_smp_mflags} check
|
| 58 | 58 |
%{_bindir}/*
|
| 59 | 59 |
|
| 60 | 60 |
%changelog |
| 61 |
-* Tue Apr 25 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 6.0-9 |
|
| 62 |
-- Ensure non empty debuginfo |
|
| 63 |
-* Wed Nov 30 2016 Dheeraj Shetty <dheerajs@vmware.com> 6.0-8 |
|
| 64 |
-- Added patch for CVE-2015-7696 and CVE-2015-7697 |
|
| 65 |
-* Wed Oct 05 2016 ChangLee <changlee@vmware.com> 6.0-7 |
|
| 66 |
-- Modified %check |
|
| 67 |
-* Tue Sep 20 2016 Kumar Kaushik <kaushikk@vmware.com> 6.0-6 |
|
| 68 |
-- Added patch for CVE-2015-1315 |
|
| 69 |
-* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 6.0-5 |
|
| 70 |
-- GA - Bump release of all rpms |
|
| 71 |
-* Tue May 10 2016 Nick Shi <nshi@vmware.com> 6.0-4 |
|
| 72 |
-- Added unzipsfx, zipgrep and zipinfo to unzip rpm |
|
| 73 |
-* Sat Aug 15 2015 Sharath George <sharathg@vmware.com> 6.0-3 |
|
| 74 |
-- Added patch for CVE-2014-9636 |
|
| 75 |
-* Wed May 20 2015 Touseef Liaqat <tliaqat@vmware.com> 6.0-2 |
|
| 76 |
-- Updated group. |
|
| 77 |
-* Mon Nov 24 2014 Divya Thaluru <dthaluru@vmware.com> 6.0-1 |
|
| 78 |
-- Initial build. First version |
|
| 61 |
+* Thu Nov 02 2017 Xiaolin Li <xiaolinl@vmware.com> 6.0-10 |
|
| 62 |
+- Fix CVE-2014-9844, CVE-2014-9913 |
|
| 63 |
+* Tue Apr 25 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 6.0-9 |
|
| 64 |
+- Ensure non empty debuginfo |
|
| 65 |
+* Wed Nov 30 2016 Dheeraj Shetty <dheerajs@vmware.com> 6.0-8 |
|
| 66 |
+- Added patch for CVE-2015-7696 and CVE-2015-7697 |
|
| 67 |
+* Wed Oct 05 2016 ChangLee <changlee@vmware.com> 6.0-7 |
|
| 68 |
+- Modified %check |
|
| 69 |
+* Tue Sep 20 2016 Kumar Kaushik <kaushikk@vmware.com> 6.0-6 |
|
| 70 |
+- Added patch for CVE-2015-1315 |
|
| 71 |
+* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 6.0-5 |
|
| 72 |
+- GA - Bump release of all rpms |
|
| 73 |
+* Tue May 10 2016 Nick Shi <nshi@vmware.com> 6.0-4 |
|
| 74 |
+- Added unzipsfx, zipgrep and zipinfo to unzip rpm |
|
| 75 |
+* Sat Aug 15 2015 Sharath George <sharathg@vmware.com> 6.0-3 |
|
| 76 |
+- Added patch for CVE-2014-9636 |
|
| 77 |
+* Wed May 20 2015 Touseef Liaqat <tliaqat@vmware.com> 6.0-2 |
|
| 78 |
+- Updated group. |
|
| 79 |
+* Mon Nov 24 2014 Divya Thaluru <dthaluru@vmware.com> 6.0-1 |
|
| 80 |
+- Initial build. First version |