- fix bug 180078 - unzip -l causing error
- fix CVE-2005-4667 - unzip long file name buffer overflow
This commit is contained in:
parent
6d0bb8c6f7
commit
4f42fbefba
68
unzip-5.52-long-filename.patch
Normal file
68
unzip-5.52-long-filename.patch
Normal file
@ -0,0 +1,68 @@
|
||||
--- unzip-5.52/process.c.pom3 2006-02-06 10:29:02.630237064 +0100
|
||||
+++ unzip-5.52/process.c 2006-02-06 10:29:02.650234024 +0100
|
||||
@@ -576,16 +576,16 @@
|
||||
if (lastchance && (uO.qflag < 3)) {
|
||||
#if defined(UNIX) || defined(QDOS)
|
||||
if (G.no_ecrec)
|
||||
- Info(slide, 1, ((char *)slide,
|
||||
+ Info2(slide, 1, ((char *)slide, WSIZE,
|
||||
LoadFarString(CannotFindZipfileDirMsg), uO.zipinfo_mode?
|
||||
LoadFarStringSmall(Zipnfo) : LoadFarStringSmall(Unzip),
|
||||
G.wildzipfn, uO.zipinfo_mode? " " : "", G.wildzipfn,
|
||||
- G.zipfn));
|
||||
+ G.zipfn),WSIZE);
|
||||
else
|
||||
- Info(slide, 1, ((char *)slide,
|
||||
+ Info2(slide, 1, ((char *)slide, WSIZE,
|
||||
LoadFarString(CannotFindEitherZipfile), uO.zipinfo_mode?
|
||||
LoadFarStringSmall(Zipnfo) : LoadFarStringSmall(Unzip),
|
||||
- G.wildzipfn, G.wildzipfn, G.zipfn));
|
||||
+ G.wildzipfn, G.wildzipfn, G.zipfn), WSIZE);
|
||||
#else /* !(UNIX || QDOS) */
|
||||
if (G.no_ecrec)
|
||||
Info(slide, 0x401, ((char *)slide,
|
||||
--- unzip-5.52/fileio.c.pom3 2006-02-06 10:29:02.000000000 +0100
|
||||
+++ unzip-5.52/fileio.c 2006-02-06 10:30:59.755431328 +0100
|
||||
@@ -1188,8 +1188,14 @@
|
||||
|
||||
#endif /* !VMS */
|
||||
|
||||
+/****************/
|
||||
+/* Function min */
|
||||
+/****************/
|
||||
|
||||
-
|
||||
+int min (int val_i, int val_j)
|
||||
+{
|
||||
+ return (val_i>val_j?val_j:val_i);
|
||||
+}
|
||||
|
||||
|
||||
/*****************************/
|
||||
--- unzip-5.52/unzpriv.h.pom3 2006-02-06 10:29:02.625237824 +0100
|
||||
+++ unzip-5.52/unzpriv.h 2006-02-06 10:31:45.538471248 +0100
|
||||
@@ -2286,6 +2286,24 @@
|
||||
# endif
|
||||
#endif /* !Info */
|
||||
|
||||
+#ifndef Info2 /* may already have been defined for redirection */
|
||||
+# ifdef FUNZIP
|
||||
+# define Info2(buf,flag,sprf_arg,size) \
|
||||
+ fprintf((flag)&1? stderr : stdout, (char *)(sprintf sprf_arg, (buf)))
|
||||
+# else
|
||||
+# ifdef INT_SPRINTF /* optimized version for "int sprintf()" flavour */
|
||||
+# define Info2(buf,flag,sprf_arg,size) \
|
||||
+ (*G.message)((zvoid *)&G, (uch *)(buf), (ulg) min(snprintf sprf_arg, (int) size), (flag))
|
||||
+# else /* generic version, does not use sprintf() return value */
|
||||
+# define Info2(buf,flag,sprf_arg,size) \
|
||||
+ (*G.message)((zvoid *)&G, (uch *)(buf), \
|
||||
+ (ulg)(sprintf sprf_arg, strlen((char *)(buf))), (flag))
|
||||
+# endif
|
||||
+# endif
|
||||
+#endif /* !Info */
|
||||
+
|
||||
+
|
||||
+
|
||||
/* The following macro wrappers around the fnfilter function are used many
|
||||
* times to prepare archive entry names or name components for displaying
|
||||
* listings and (warning/error) messages. They use sections in the upper half
|
11
unzip-5.52-near-4GB2.patch
Normal file
11
unzip-5.52-near-4GB2.patch
Normal file
@ -0,0 +1,11 @@
|
||||
--- unzip-5.52/list.c.pom 2006-02-06 09:39:47.622466528 +0100
|
||||
+++ unzip-5.52/list.c 2006-02-06 09:57:00.813397632 +0100
|
||||
@@ -76,7 +76,7 @@
|
||||
static ZCONST char Far ShortHdrStats[] =
|
||||
"%9lu %02u%c%02u%c%02u %02u:%02u %c";
|
||||
static ZCONST char Far ShortFileTrailer[] = " -------- \
|
||||
- -------\n%9lu %lu file%s\n";
|
||||
+ -------\n%9ju %lu file%s\n";
|
||||
#endif /* ?OS2_EAS */
|
||||
#endif /* !WINDLL */
|
||||
|
12
unzip.spec
12
unzip.spec
@ -1,7 +1,7 @@
|
||||
Summary: A utility for unpacking zip files.
|
||||
Name: unzip
|
||||
Version: 5.52
|
||||
Release: 1
|
||||
Release: 2
|
||||
License: BSD
|
||||
Group: Applications/Archiving
|
||||
Source: ftp://ftp.info-zip.org/pub/infozip/src/unzip552.tar.gz
|
||||
@ -10,6 +10,8 @@ Patch2: unzip-5.51-link-segv.patch
|
||||
Patch3: unzip-5.51-link-segv2.patch
|
||||
Patch6: unzip-5.52-toctou.patch
|
||||
Patch7: unzip-5.52-near-4GB.patch
|
||||
Patch8: unzip-5.52-near-4GB2.patch
|
||||
Patch9: unzip-5.52-long-filename.patch
|
||||
URL: http://www.info-zip.org/pub/infozip/UnZip.html
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||
|
||||
@ -31,6 +33,8 @@ a zip archive.
|
||||
%patch3 -p1 -b .morn
|
||||
%patch6 -p1 -b .toctou
|
||||
%patch7 -p1 -b .4GB
|
||||
%patch8 -p1 -b .4GB2
|
||||
%patch9 -p1 -b .lfn
|
||||
ln -s unix/Makefile Makefile
|
||||
|
||||
%build
|
||||
@ -51,7 +55,11 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mandir}/*/*
|
||||
|
||||
%changelog
|
||||
* Thu Dec 22 2005 Ivana Varekova <vraekova@redhat.com> 5.52-1
|
||||
* Mon Feb 6 2006 Ivana Varekova <varekova@redhat.com> 5.52-2
|
||||
- fix bug 180078 - unzip -l causing error
|
||||
- fix CVE-2005-4667 - unzip long file name buffer overflow
|
||||
|
||||
* Thu Dec 22 2005 Ivana Varekova <varekova@redhat.com> 5.52-1
|
||||
- update to 5.52
|
||||
|
||||
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
||||
|
Loading…
Reference in New Issue
Block a user