rpms/unzip
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import unzip-6.0-44.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-12-08 10:13:51 +00:00 committed by Andrew Lukoshko
parent 56cceadae1
commit 4fdc6d7afe
3 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
SOURCES/unzip-zipbomb-part4.patch Normal file
View File

@ -0,0 +1,25 @@
From 5e2efcd633a4a1fb95a129a75508e7d769e767be Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Sun, 9 Feb 2020 20:36:28 -0800
Subject: [PATCH] Fix bug in UZbunzip2() that incorrectly updated G.incnt.
The update assumed a full buffer, which is not always full. This
could result in a false overlapped element detection when a small
bzip2-compressed file was unzipped. This commit remedies that.
---
extract.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/extract.c b/extract.c
index d9866f9..0cb7bfc 100644
--- a/extract.c
+++ b/extract.c
@@ -3010,7 +3010,7 @@ __GDEF
#endif
G.inptr = (uch *)bstrm.next_in;
- G.incnt = (G.inbuf + INBUFSIZ) - G.inptr; /* reset for other routines */
+ G.incnt -= G.inptr - G.inbuf; /* reset for other routines */
uzbunzip_cleanup_exit:
err = BZ2_bzDecompressEnd(&bstrm);

26
SOURCES/unzip-zipbomb-part5.patch Normal file
View File

@ -0,0 +1,26 @@
From 5c572555cf5d80309a07c30cf7a54b2501493720 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Sun, 9 Feb 2020 21:39:09 -0800
Subject: [PATCH] Fix bug in UZinflate() that incorrectly updated G.incnt.
The update assumed a full buffer, which is not always full. This
could result in a false overlapped element detection when a small
deflate-compressed file was unzipped using an old zlib. This
commit remedies that.
---
inflate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/inflate.c b/inflate.c
index 2f5a015..70e3cc0 100644
--- a/inflate.c
+++ b/inflate.c
@@ -700,7 +700,7 @@ int UZinflate(__G__ is_defl64)
G.dstrm.total_out));
G.inptr = (uch *)G.dstrm.next_in;
- G.incnt = (G.inbuf + INBUFSIZ) - G.inptr; /* reset for other routines */
+ G.incnt -= G.inptr - G.inbuf; /* reset for other routines */
uzinflate_cleanup_exit:
err = inflateReset(&G.dstrm);

11
SPECS/unzip.spec
View File

@ -7,7 +7,7 @@
Summary: A utility for unpacking zip files
Name: unzip
Version: 6.0
Release: 43%{?dist}
Release: 44%{?dist}
License: BSD
Group: Applications/Archiving
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@ -71,6 +71,8 @@ Patch28: unzip-zipbomb-part2.patch
Patch29: unzip-zipbomb-part3.patch
Patch30: unzip-zipbomb-manpage.patch
Patch31: unzip-zipbomb-part4.patch
Patch32: unzip-zipbomb-part5.patch
URL: http://www.info-zip.org/UnZip.html
BuildRequires: bzip2-devel
@ -120,6 +122,9 @@ a zip archive.
%patch29 -p1 -b .zipbomb3
%patch30 -p1
%patch31 -p1
%patch32 -p1
%build
# IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
# NOMEMCPY solve problem with memory overlapping - decomression is slowly,
@ -139,6 +144,10 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
%{_mandir}/*/*
%changelog
* Tue Nov 24 2020 Jakub Martisko <jamartis@redhat.com> - 6.0-44
* Fix out of memory errors while checking for zip-bombs
Resolves: #1900915
* Mon Nov 18 2019 Jakub Martisko <jamartis@redhat.com> - 6.0-43
- Update the man page with the new exit code introduced in 6.0-42
- Related: CVE-2019-13232