import unzip-6.0-56.el9

2022-03-01 08:04:12 -05:00 · 2022-03-01 08:04:12 -05:00 · 296bb53c86
parent ce968f7d92
commit 296bb53c86
3 changed files with 220 additions and 2 deletions
--- a/SOURCES/unzip-zipbomb-manpage.patch
+++ b/SOURCES/unzip-zipbomb-manpage.patch
@ -16,7 +16,7 @@ index 21816d1..4d66073 100644
 .IP 11
 no matching files were found.
 +.IP 12
-+invalid zip file with overlapped components (possible zip bomb).
+invalid zip file with overlapped components (possible zip-bomb). The zip-bomb checks can be disabled by using the UNZIP_DISABLE_ZIPBOMB_DETECTION=TRUE environment variable.
 .IP 50
 the disk is (or was) full during extraction.
 .IP 51
--- a/SOURCES/unzip-zipbomb-switch.patch
+++ b/SOURCES/unzip-zipbomb-switch.patch
@ -0,0 +1,200 @@
+From 5b44c818b96193b3e240f38f61985fa2bc780eb7 Mon Sep 17 00:00:00 2001
+From: Jakub Martisko <jamartis@redhat.com>
+Date: Tue, 30 Nov 2021 15:42:17 +0100
+Subject: [PATCH] Add an option to disable the zipbomb detection
+
+This can be done by settting a newly introduced environment variable
+UNZIP_DISABLE_ZIPBOMB_DETECTION to {TRUE,True,true}. If the variable is unset, or
+set to any other value the zipbomb detection is left enabled.
+
+Example:
+	UNZIP_DISABLE_ZIPBOMB_DETECTION=True unzip ./zbsm.zip -d ./test
+---
+ extract.c | 85 ++++++++++++++++++++++++++++++-------------------------
+ unzip.c   | 15 ++++++++--
+ unzip.h   |  1 +
+ 3 files changed, 60 insertions(+), 41 deletions(-)
+
+diff --git a/extract.c b/extract.c
+index 878817d..3e58071 100644
+--- a/extract.c
+++ b/extract.c
+@@ -322,7 +322,8 @@ static ZCONST char Far BadExtraFieldCRC[] =
+ static ZCONST char Far NotEnoughMemCover[] =
+   "error: not enough memory for bomb detection\n";
+ static ZCONST char Far OverlappedComponents[] =
+-  "error: invalid zip file with overlapped components (possible zip bomb)\n";
+  "error: invalid zip file with overlapped components (possible zip bomb)\n \
+To unzip the file anyway, rerun the command with UNZIP_DISABLE_ZIPBOMB_DETECTION=TRUE environmnent variable\n";
+ 
+ 
+ 
+@@ -502,35 +503,37 @@ int extract_or_test_files(__G)    /* return PK-type error code */
+        the end of central directory record (including the Zip64 end of central
+        directory locator, if present), and the Zip64 end of central directory
+        record, if present. */
+-    if (G.cover == NULL) {
+    if (uO.zipbomb == TRUE) {
+      if (G.cover == NULL) {
+         G.cover = malloc(sizeof(cover_t));
+         if (G.cover == NULL) {
+-            Info(slide, 0x401, ((char *)slide,
+-              LoadFarString(NotEnoughMemCover)));
+-            return PK_MEM;
+            Info(slide, 0x401, ((char *)slide,
+              LoadFarString(NotEnoughMemCover)));
+            return PK_MEM;
+         }
+         ((cover_t *)G.cover)->span = NULL;
+         ((cover_t *)G.cover)->max = 0;
+-    }
+-    ((cover_t *)G.cover)->num = 0;
+-    if (cover_add((cover_t *)G.cover,
+-                  G.extra_bytes + G.ecrec.offset_start_central_directory,
+-                  G.extra_bytes + G.ecrec.offset_start_central_directory +
+-                  G.ecrec.size_central_directory) != 0) {
+    }
+    ((cover_t *)G.cover)->num = 0;
+    if (cover_add((cover_t *)G.cover,
+                  G.extra_bytes + G.ecrec.offset_start_central_directory,
+                  G.extra_bytes + G.ecrec.offset_start_central_directory +
+                  G.ecrec.size_central_directory) != 0) {
+         Info(slide, 0x401, ((char *)slide,
+-          LoadFarString(NotEnoughMemCover)));
+          LoadFarString(NotEnoughMemCover)));
+         return PK_MEM;
+-    }
+-    if ((G.extra_bytes != 0 &&
+-         cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
+-        (G.ecrec.have_ecr64 &&
+-         cover_add((cover_t *)G.cover, G.ecrec.ec64_start,
+-                   G.ecrec.ec64_end) != 0) ||
+-        cover_add((cover_t *)G.cover, G.ecrec.ec_start,
+-                  G.ecrec.ec_end) != 0) {
+    }
+    if ((G.extra_bytes != 0 &&
+         cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
+        (G.ecrec.have_ecr64 &&
+         cover_add((cover_t *)G.cover, G.ecrec.ec64_start,
+                   G.ecrec.ec64_end) != 0) ||
+        cover_add((cover_t *)G.cover, G.ecrec.ec_start,
+                  G.ecrec.ec_end) != 0) {
+         Info(slide, 0x401, ((char *)slide,
+-          LoadFarString(OverlappedComponents)));
+          LoadFarString(OverlappedComponents)));
+         return PK_BOMB;
+      }
+     }
+ 
+ /*---------------------------------------------------------------------------
+@@ -1222,10 +1225,12 @@ static int extract_or_test_entrylist(__G__ numchunk,
+ 
+         /* seek_zipf(__G__ pInfo->offset);  */
+         request = G.pInfo->offset + G.extra_bytes;
+-        if (cover_within((cover_t *)G.cover, request)) {
+        if (uO.zipbomb == TRUE) {
+          if (cover_within((cover_t *)G.cover, request)) {
+             Info(slide, 0x401, ((char *)slide,
+-              LoadFarString(OverlappedComponents)));
+              LoadFarString(OverlappedComponents)));
+             return PK_BOMB;
+          }
+         }
+         inbuf_offset = request % INBUFSIZ;
+         bufstart = request - inbuf_offset;
+@@ -1758,17 +1763,19 @@ reprompt:
+             return IZ_CTRLC;        /* cancel operation by user request */
+         }
+ #endif
+-        error = cover_add((cover_t *)G.cover, request,
+-                          G.cur_zipfile_bufstart + (G.inptr - G.inbuf));
+-        if (error < 0) {
+        if (uO.zipbomb == TRUE) {
+          error = cover_add((cover_t *)G.cover, request,
+                            G.cur_zipfile_bufstart + (G.inptr - G.inbuf));
+          if (error < 0) {
+             Info(slide, 0x401, ((char *)slide,
+-              LoadFarString(NotEnoughMemCover)));
+                                LoadFarString(NotEnoughMemCover)));
+             return PK_MEM;
+-        }
+-        if (error != 0) {
+          }
+          if (error != 0) {
+             Info(slide, 0x401, ((char *)slide,
+-              LoadFarString(OverlappedComponents)));
+                                LoadFarString(OverlappedComponents)));
+             return PK_BOMB;
+          }
+         }
+ #ifdef MACOS  /* MacOS is no preemptive OS, thus call event-handling by hand */
+         UserStop();
+@@ -2171,8 +2178,8 @@ static int extract_or_test_member(__G)    /* return PK-type error code */
+     }
+ 
+     undefer_input(__G);
+-
+-    if ((G.lrec.general_purpose_bit_flag & 8) != 0) {
+    if (uO.zipbomb == TRUE) {
+      if ((G.lrec.general_purpose_bit_flag & 8) != 0) {
+         /* skip over data descriptor (harder than it sounds, due to signature
+          * ambiguity)
+          */
+@@ -2189,6 +2196,7 @@ static int extract_or_test_member(__G)    /* return PK-type error code */
+             shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */
+         if (shy)
+             error = PK_ERR;
+      }
+     }
+ 
+     return error;
+diff --git a/unzip.c b/unzip.c
+index 8dbfc95..abb3644 100644
+--- a/unzip.c
+++ b/unzip.c
+@@ -1329,10 +1329,9 @@ int uz_opts(__G__ pargc, pargv)
+     int *pargc;
+     char ***pargv;
+ {
+-    char **argv, *s;
+    char **argv, *s, *zipbomb_envar;
+     int argc, c, error=FALSE, negative=0, showhelp=0;
+ 
+-
+     argc = *pargc;
+     argv = *pargv;
+ 
+@@ -1923,6 +1922,18 @@ opts_done:  /* yes, very ugly...but only used by UnZipSFX with -x xlist */
+     else
+         G.extract_flag = TRUE;
+ 
+    /* Disable the zipbomb detection, this is the only option set only via the shell variables but it should at least not clash with something in the future. */
+    zipbomb_envar = getenv("UNZIP_DISABLE_ZIPBOMB_DETECTION");
+    uO.zipbomb = TRUE;
+    if (zipbomb_envar != NULL) {
+      /* strcasecmp might be a better approach here but it is POSIX-only */
+      if ((strcmp ("TRUE", zipbomb_envar) == 0)
+       || (strcmp ("True", zipbomb_envar) == 0)
+       || (strcmp ("true",zipbomb_envar) == 0)) {
+        uO.zipbomb = FALSE;
+      }
+    }
+
+     *pargc = argc;
+     *pargv = argv;
+     return PK_OK;
+diff --git a/unzip.h b/unzip.h
+index ed24a5b..e7665e8 100644
+--- a/unzip.h
+++ b/unzip.h
+@@ -559,6 +559,7 @@ typedef struct _UzpOpts {
+ #ifdef UNIX
+     int cflxflag;       /* -^: allow control chars in extracted filenames */
+ #endif
+  int zipbomb;
+ #endif /* !FUNZIP */
+ } UzpOpts;
+ 
+-- 
+2.33.0
+
--- a/SPECS/unzip.spec
+++ b/SPECS/unzip.spec
@ -7,7 +7,7 @@
 Summary: A utility for unpacking zip files
 Name: unzip
 Version: 6.0
-Release: 53%{?dist}
+Release: 56%{?dist}
 License: BSD
 Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz

@ -71,6 +71,7 @@ Patch29: unzip-zipbomb-manpage.patch
 Patch30: unzip-zipbomb-part4.patch
 Patch31: unzip-zipbomb-part5.patch
 Patch32: unzip-zipbomb-part6.patch
+Patch33: unzip-zipbomb-switch.patch

 URL: http://www.info-zip.org/UnZip.html
 BuildRequires: make
@ -122,8 +123,13 @@ a zip archive.
 %patch30 -p1
 %patch31 -p1
 %patch32 -p1
+%patch33 -p1

 %build
+# Use the C implementation of CRC instead of assembly (only on i386, other architectures use C by default)
+sed -i -e 's:-DASM_CRC::g' unix/configure
+sed -i -e 's:CRC32OA="crc_gcc.o":CRC32OA="":g' unix/configure
+
 # IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
 # NOMEMCPY solve problem with memory overlapping - decomression is slowly,
 # but successfull.
@ -141,6 +147,18 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
 %{_mandir}/*/*

 %changelog
+* Wed Jan 26 2022 Jakub Martisko <jamartis@redhat.com> - 6.0-56
+- Use the C crc implementation instead of the asm (i686 only, other arches already use C)
+Related: rhbz#2045075
+
+* Wed Jan 05 2022 Jakub Martisko <jamartis@redhat.com> - 6.0-55
+- Rebuild with the gating tests enabled
+Related: rhbz#2036946
+
+* Mon Dec 20 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-54
+- Add an environment variable that disables the zipbomb detection
+  Resolves: rhbz#2031730
+
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 6.0-53
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688