rpms/unzip
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update the manpage with the new exit code

Browse Source 
Mention the new exit code (12) introduced in the previous commit.
This commit is contained in:
Jakub Martisko 2019-11-18 14:42:41 +01:00
parent 0cde67cbab
commit c98fc67064
2 changed files with 57 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
unzip-zipbomb-manpage.patch Normal file
View File

@ -0,0 +1,25 @@
From 6fe72291a5563cdbcd2bdd87e36528537b7cdcfb Mon Sep 17 00:00:00 2001
From: Jakub Martisko <jamartis@redhat.com>
Date: Mon, 18 Nov 2019 14:17:46 +0100
Subject: [PATCH] update the man page
---
man/unzip.1 | 2 ++
1 file changed, 2 insertions(+)
diff --git a/man/unzip.1 b/man/unzip.1
index 21816d1..4d66073 100644
--- a/man/unzip.1
+++ b/man/unzip.1
@@ -850,6 +850,8 @@ the specified zipfiles were not found.
invalid options were specified on the command line.
.IP 11
no matching files were found.
+.IP 12
+invalid zip file with overlapped components (possible zip bomb).
.IP 50
the disk is (or was) full during extraction.
.IP 51
--
2.23.0

58
unzip.spec
View File

@ -7,7 +7,7 @@
Summary: A utility for unpacking zip files Summary: A utility for unpacking zip files
Name: unzip Name: unzip
Version: 6.0 Version: 6.0
Release: 45%{?dist} Release: 46%{?dist}
License: BSD License: BSD
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@ -67,6 +67,7 @@ Patch25: unzip-6.0-COVSCAN-fix-unterminated-string.patch
Patch26: unzip-zipbomb-part1.patch Patch26: unzip-zipbomb-part1.patch
Patch27: unzip-zipbomb-part2.patch Patch27: unzip-zipbomb-part2.patch
Patch28: unzip-zipbomb-part3.patch Patch28: unzip-zipbomb-part3.patch
Patch29: unzip-zipbomb-manpage.patch
URL: http://www.info-zip.org/UnZip.html URL: http://www.info-zip.org/UnZip.html
BuildRequires: bzip2-devel, gcc BuildRequires: bzip2-devel, gcc
@ -84,35 +85,36 @@ a zip archive.
%prep %prep
%setup -q -n unzip60 %setup -q -n unzip60
%patch1 -p1 -b .bzip2-configure %patch1 -p1
%patch2 -p1 -b .exec-shield %patch2 -p1
%patch3 -p1 -b .close %patch3 -p1
%patch4 -p1 -b .attribs-overflow %patch4 -p1
%patch5 -p1 -b .configure %patch5 -p1
%patch6 -p1 -b .manpage-fix %patch6 -p1
%patch7 -p1 -b .recmatch %patch7 -p1
%patch8 -p1 -b .symlink %patch8 -p1
%patch9 -p1 -b .caseinsensitive %patch9 -p1
%patch10 -p1 -b .format-secure %patch10 -p1
%patch11 -p1 -b .valgrind %patch11 -p1
%patch12 -p1 -b .x-option %patch12 -p1
%patch13 -p1 -b .overflow %patch13 -p1
%patch14 -p1 -b .cve-2014-8139 %patch14 -p1
%patch15 -p1 -b .cve-2014-8140 %patch15 -p1
%patch16 -p1 -b .cve-2014-8141 %patch16 -p1
%patch17 -p1 -b .overflow-long-fsize %patch17 -p1
%patch18 -p1 -b .heap-overflow-infloop %patch18 -p1
%patch19 -p1 -b .utf %patch19 -p1
%patch20 -p1 -b .utf-print %patch20 -p1
%patch21 -p1 -b .cve-2016-9844 %patch21 -p1
%patch22 -p1 -b .timestamp %patch22 -p1
%patch23 -p1 -b .cve-2018-1000035 %patch23 -p1
%patch24 -p1 -b .cve-2018-18384 %patch24 -p1
%patch25 -p1 -b .covscan-1 %patch25 -p1
%patch26 -p1 %patch26 -p1
%patch27 -p1 %patch27 -p1
%patch28 -p1 %patch28 -p1
%patch29 -p1
%build %build
# IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X # IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
@ -132,6 +134,10 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Mon Nov 18 2019 Jakub Martisko <jamartis@redhat.com> - 6.0-46
- Mention the zipbomb exit code in the manpage
Related: CVE-2019-13232
* Wed Oct 23 2019 Jakub Martisko <jamartis@redhat.com> - 6.0-45 * Wed Oct 23 2019 Jakub Martisko <jamartis@redhat.com> - 6.0-45
- Fix possible zipbomb in unzip - Fix possible zipbomb in unzip
Resolves: CVE-2019-13232 Resolves: CVE-2019-13232