From e6cccc653b866fa7ec59880f3f0a7bf51f3b623c Mon Sep 17 00:00:00 2001 From: Petr Stodulka Date: Mon, 26 Jan 2015 09:39:49 +0100 Subject: [PATCH] security fix CVE-2014-9636 (#1184986) --- unzip-6.0-overflow.patch | 25 +++++++++++++++++++++++++ unzip.spec | 7 ++++++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 unzip-6.0-overflow.patch diff --git a/unzip-6.0-overflow.patch b/unzip-6.0-overflow.patch new file mode 100644 index 0000000..dd7ca60 --- /dev/null +++ b/unzip-6.0-overflow.patch @@ -0,0 +1,25 @@ +diff --git a/extract.c b/extract.c +index a0a4929..9ef80b3 100644 +--- a/extract.c ++++ b/extract.c +@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) + ulg eb_ucsize; + uch *eb_ucptr; + int r; ++ ush method; + + if (compr_offset < 4) /* field is not compressed: */ + return PK_OK; /* do nothing and signal OK */ +@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) + eb_size <= (compr_offset + EB_CMPRHEADLEN))) + return IZ_EF_TRUNC; /* no compressed data! */ + ++ method = makeword(eb + (EB_HEADSIZE + compr_offset)); ++ if ((method == STORED) && (eb_size - compr_offset != eb_ucsize)) ++ return PK_ERR; /* compressed & uncompressed ++ * should match in STORED ++ * method */ ++ + if ( + #ifdef INT_16BIT + (((ulg)(extent)eb_ucsize) != eb_ucsize) || diff --git a/unzip.spec b/unzip.spec index ce77655..d416a25 100644 --- a/unzip.spec +++ b/unzip.spec @@ -1,7 +1,7 @@ Summary: A utility for unpacking zip files Name: unzip Version: 6.0 -Release: 17%{?dist} +Release: 18%{?dist} License: BSD Group: Applications/Archiving Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz @@ -31,6 +31,7 @@ Patch9: unzip-6.0-caseinsensitive.patch Patch10: unzip-6.0-format-secure.patch Patch11: unzip-6.0-valgrind.patch Patch12: unzip-6.0-x-option.patch +Patch13: unzip-6.0-overflow.patch URL: http://www.info-zip.org/UnZip.html BuildRequires: bzip2-devel @@ -59,6 +60,7 @@ a zip archive. %patch10 -p1 -b .format-secure %patch11 -p1 -b .valgrind %patch12 -p1 -b .x-option +%patch13 -p1 -b .overflow %build # IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X @@ -77,6 +79,9 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{ %{_mandir}/*/* %changelog +* Mon Jan 26 2015 Petr Stodulka - 6.0-18 +- Fix security bug - CVE-2014-9636 + * Thu Nov 27 2014 Petr Stodulka - 6.0-17 - Fix unitialized reads (#558738) - Fix fix broken -X option - never worked before. Added -DIZ_HAVE_UXUIDGID