Update the manpage with the new exit code
Mention the new exit code (12) introduced in the previous commit.
This commit is contained in:
parent
0cde67cbab
commit
c98fc67064
25
unzip-zipbomb-manpage.patch
Normal file
25
unzip-zipbomb-manpage.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From 6fe72291a5563cdbcd2bdd87e36528537b7cdcfb Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Martisko <jamartis@redhat.com>
|
||||
Date: Mon, 18 Nov 2019 14:17:46 +0100
|
||||
Subject: [PATCH] update the man page
|
||||
|
||||
---
|
||||
man/unzip.1 | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/man/unzip.1 b/man/unzip.1
|
||||
index 21816d1..4d66073 100644
|
||||
--- a/man/unzip.1
|
||||
+++ b/man/unzip.1
|
||||
@@ -850,6 +850,8 @@ the specified zipfiles were not found.
|
||||
invalid options were specified on the command line.
|
||||
.IP 11
|
||||
no matching files were found.
|
||||
+.IP 12
|
||||
+invalid zip file with overlapped components (possible zip bomb).
|
||||
.IP 50
|
||||
the disk is (or was) full during extraction.
|
||||
.IP 51
|
||||
--
|
||||
2.23.0
|
||||
|
58
unzip.spec
58
unzip.spec
@ -7,7 +7,7 @@
|
||||
Summary: A utility for unpacking zip files
|
||||
Name: unzip
|
||||
Version: 6.0
|
||||
Release: 45%{?dist}
|
||||
Release: 46%{?dist}
|
||||
License: BSD
|
||||
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
|
||||
|
||||
@ -67,6 +67,7 @@ Patch25: unzip-6.0-COVSCAN-fix-unterminated-string.patch
|
||||
Patch26: unzip-zipbomb-part1.patch
|
||||
Patch27: unzip-zipbomb-part2.patch
|
||||
Patch28: unzip-zipbomb-part3.patch
|
||||
Patch29: unzip-zipbomb-manpage.patch
|
||||
|
||||
URL: http://www.info-zip.org/UnZip.html
|
||||
BuildRequires: bzip2-devel, gcc
|
||||
@ -84,35 +85,36 @@ a zip archive.
|
||||
|
||||
%prep
|
||||
%setup -q -n unzip60
|
||||
%patch1 -p1 -b .bzip2-configure
|
||||
%patch2 -p1 -b .exec-shield
|
||||
%patch3 -p1 -b .close
|
||||
%patch4 -p1 -b .attribs-overflow
|
||||
%patch5 -p1 -b .configure
|
||||
%patch6 -p1 -b .manpage-fix
|
||||
%patch7 -p1 -b .recmatch
|
||||
%patch8 -p1 -b .symlink
|
||||
%patch9 -p1 -b .caseinsensitive
|
||||
%patch10 -p1 -b .format-secure
|
||||
%patch11 -p1 -b .valgrind
|
||||
%patch12 -p1 -b .x-option
|
||||
%patch13 -p1 -b .overflow
|
||||
%patch14 -p1 -b .cve-2014-8139
|
||||
%patch15 -p1 -b .cve-2014-8140
|
||||
%patch16 -p1 -b .cve-2014-8141
|
||||
%patch17 -p1 -b .overflow-long-fsize
|
||||
%patch18 -p1 -b .heap-overflow-infloop
|
||||
%patch19 -p1 -b .utf
|
||||
%patch20 -p1 -b .utf-print
|
||||
%patch21 -p1 -b .cve-2016-9844
|
||||
%patch22 -p1 -b .timestamp
|
||||
%patch23 -p1 -b .cve-2018-1000035
|
||||
%patch24 -p1 -b .cve-2018-18384
|
||||
%patch25 -p1 -b .covscan-1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
%patch20 -p1
|
||||
%patch21 -p1
|
||||
%patch22 -p1
|
||||
%patch23 -p1
|
||||
%patch24 -p1
|
||||
%patch25 -p1
|
||||
|
||||
%patch26 -p1
|
||||
%patch27 -p1
|
||||
%patch28 -p1
|
||||
%patch29 -p1
|
||||
|
||||
%build
|
||||
# IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
|
||||
@ -132,6 +134,10 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
|
||||
%{_mandir}/*/*
|
||||
|
||||
%changelog
|
||||
* Mon Nov 18 2019 Jakub Martisko <jamartis@redhat.com> - 6.0-46
|
||||
- Mention the zipbomb exit code in the manpage
|
||||
Related: CVE-2019-13232
|
||||
|
||||
* Wed Oct 23 2019 Jakub Martisko <jamartis@redhat.com> - 6.0-45
|
||||
- Fix possible zipbomb in unzip
|
||||
Resolves: CVE-2019-13232
|
||||
|
Loading…
Reference in New Issue
Block a user