Update the manpage with the new exit code

Mention the new exit code (12) introduced in the previous commit.
This commit is contained in:
Jakub Martisko 2019-11-18 14:42:41 +01:00
parent 0cde67cbab
commit c98fc67064
2 changed files with 57 additions and 26 deletions

View File

@ -0,0 +1,25 @@
From 6fe72291a5563cdbcd2bdd87e36528537b7cdcfb Mon Sep 17 00:00:00 2001
From: Jakub Martisko <jamartis@redhat.com>
Date: Mon, 18 Nov 2019 14:17:46 +0100
Subject: [PATCH] update the man page
---
man/unzip.1 | 2 ++
1 file changed, 2 insertions(+)
diff --git a/man/unzip.1 b/man/unzip.1
index 21816d1..4d66073 100644
--- a/man/unzip.1
+++ b/man/unzip.1
@@ -850,6 +850,8 @@ the specified zipfiles were not found.
invalid options were specified on the command line.
.IP 11
no matching files were found.
+.IP 12
+invalid zip file with overlapped components (possible zip bomb).
.IP 50
the disk is (or was) full during extraction.
.IP 51
--
2.23.0

View File

@ -7,7 +7,7 @@
Summary: A utility for unpacking zip files
Name: unzip
Version: 6.0
Release: 45%{?dist}
Release: 46%{?dist}
License: BSD
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@ -67,6 +67,7 @@ Patch25: unzip-6.0-COVSCAN-fix-unterminated-string.patch
Patch26: unzip-zipbomb-part1.patch
Patch27: unzip-zipbomb-part2.patch
Patch28: unzip-zipbomb-part3.patch
Patch29: unzip-zipbomb-manpage.patch
URL: http://www.info-zip.org/UnZip.html
BuildRequires: bzip2-devel, gcc
@ -84,35 +85,36 @@ a zip archive.
%prep
%setup -q -n unzip60
%patch1 -p1 -b .bzip2-configure
%patch2 -p1 -b .exec-shield
%patch3 -p1 -b .close
%patch4 -p1 -b .attribs-overflow
%patch5 -p1 -b .configure
%patch6 -p1 -b .manpage-fix
%patch7 -p1 -b .recmatch
%patch8 -p1 -b .symlink
%patch9 -p1 -b .caseinsensitive
%patch10 -p1 -b .format-secure
%patch11 -p1 -b .valgrind
%patch12 -p1 -b .x-option
%patch13 -p1 -b .overflow
%patch14 -p1 -b .cve-2014-8139
%patch15 -p1 -b .cve-2014-8140
%patch16 -p1 -b .cve-2014-8141
%patch17 -p1 -b .overflow-long-fsize
%patch18 -p1 -b .heap-overflow-infloop
%patch19 -p1 -b .utf
%patch20 -p1 -b .utf-print
%patch21 -p1 -b .cve-2016-9844
%patch22 -p1 -b .timestamp
%patch23 -p1 -b .cve-2018-1000035
%patch24 -p1 -b .cve-2018-18384
%patch25 -p1 -b .covscan-1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%build
# IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
@ -132,6 +134,10 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
%{_mandir}/*/*
%changelog
* Mon Nov 18 2019 Jakub Martisko <jamartis@redhat.com> - 6.0-46
- Mention the zipbomb exit code in the manpage
Related: CVE-2019-13232
* Wed Oct 23 2019 Jakub Martisko <jamartis@redhat.com> - 6.0-45
- Fix possible zipbomb in unzip
Resolves: CVE-2019-13232