rpms
/
unzip
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c10s
rpms:c9s
rpms:c8s
rpms:c9
rpms:c8-beta
rpms:c9-beta
rpms:imports/c9/unzip-6.0-56.el9
rpms:imports/c8/unzip-6.0-46.el8
rpms:imports/c8-beta/unzip-6.0-46.el8
rpms:imports/c9-beta/unzip-6.0-56.el9
rpms:imports/c8s/unzip-6.0-46.el8
rpms:imports/c9-beta/unzip-6.0-53.el9
rpms:imports/c8-beta/unzip-6.0-45.el8
rpms:imports/c8-beta/unzip-6.0-44.el8
rpms:imports/c8-beta/unzip-6.0-43.el8
rpms:imports/c8-beta/unzip-6.0-41.el8
rpms:imports/c8s/unzip-6.0-45.el8
rpms:imports/c8s/unzip-6.0-44.el8
rpms:imports/c8s/unzip-6.0-43.el8
rpms:imports/c8/unzip-6.0-45.el8
rpms:imports/c8/unzip-6.0-45.el8_4
rpms:imports/c8/unzip-6.0-44.el8
rpms:imports/c8/unzip-6.0-43.el8
rpms:imports/c8/unzip-6.0-41.el8
...
pull from: rpms:c9-beta
Branches Tags
rpms:c10s
rpms:c9s
rpms:c8s
rpms:c9
rpms:c8
rpms:c8-beta
rpms:c9-beta
rpms:imports/c9/unzip-6.0-56.el9
rpms:imports/c8/unzip-6.0-46.el8
rpms:imports/c8-beta/unzip-6.0-46.el8
rpms:imports/c9-beta/unzip-6.0-56.el9
rpms:imports/c8s/unzip-6.0-46.el8
rpms:imports/c9-beta/unzip-6.0-53.el9
rpms:imports/c8-beta/unzip-6.0-45.el8
rpms:imports/c8-beta/unzip-6.0-44.el8
rpms:imports/c8-beta/unzip-6.0-43.el8
rpms:imports/c8-beta/unzip-6.0-41.el8
rpms:imports/c8s/unzip-6.0-45.el8
rpms:imports/c8s/unzip-6.0-44.el8
rpms:imports/c8s/unzip-6.0-43.el8
rpms:imports/c8/unzip-6.0-45.el8
rpms:imports/c8/unzip-6.0-45.el8_4
rpms:imports/c8/unzip-6.0-44.el8
rpms:imports/c8/unzip-6.0-43.el8
rpms:imports/c8/unzip-6.0-41.el8

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

3 changed files with 105 additions and 126 deletions
Show Stats Expand all files Collapse all files

34
SOURCES/unzip-6.0-COVSCAN-strcpy-with-overlapping-strings.patch
View File

@ -1,34 +0,0 @@
From 8f6be666289211661906922cdfe6ea5a08c5b458 Mon Sep 17 00:00:00 2001
From: Jakub Martisko <jamartis@redhat.com>
Date: Tue, 13 Nov 2018 09:57:43 +0100
Subject: [PATCH] envargs.c: strcpy with overlapping strings
---
envargs.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/envargs.c b/envargs.c
index f0a230d..daa3e47 100644
--- a/envargs.c
+++ b/envargs.c
@@ -31,6 +31,7 @@
#define __ENVARGS_C /* identifies this source module */
#define UNZIP_INTERNAL
#include "unzip.h"
+#include <string.h>
#ifdef __EMX__ /* emx isspace() returns TRUE on extended ASCII !! */
# define ISspace(c) ((c) & 0x80 ? 0 : isspace((unsigned)c))
@@ -118,7 +119,8 @@ int envargs(Pargc, Pargv, envstr, envstr2)
/* remove escape characters */
while ((argstart = MBSCHR(argstart, '\\')) != (char *)NULL) {
- strcpy(argstart, argstart + 1);
+ //strcpy(argstart, argstart + 1);
+ memmove(argstart, argstart + 1,strlen(argstart + 1) + 1);
if (*argstart)
++argstart;
}
--
2.14.5

23
SOURCES/unzip-zipbomb-switch.patch
View File

@ -140,29 +140,14 @@ index 878817d..3e58071 100644
/* skip over data descriptor (harder than it sounds, due to signature /* skip over data descriptor (harder than it sounds, due to signature
* ambiguity) * ambiguity)
*/ */
@@ -2189,16 +2196,16 @@ static int extract_or_test_member(__G) /* return PK-type error code */ @@ -2189,6 +2196,7 @@ static int extract_or_test_member(__G) /* return PK-type error code */
((G.lrec.csize & LOW) != SIG || /* if not SIG, have signature */ shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */
(ulen == SIG && /* if not SIG, no signature */
(G.pInfo->zip64 ? G.lrec.csize >> 32 : G.lrec.ucsize) != SIG
- /* if not SIG, have signature */
+ /* if not SIG, have signature */
)))))
- /* skip four more bytes to account for signature */
- shy += 4 - readbuf((char *)buf, 4);
+ /* skip four more bytes to account for signature */
+ shy += 4 - readbuf((char *)buf, 4);
if (G.pInfo->zip64)
- shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */
+ shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */
if (shy) if (shy)
- error = PK_ERR; error = PK_ERR;
+ error = PK_ERR;
+ } + }
} }
-
return error;
} /* end function extract_or_test_member() */ return error;
diff --git a/unzip.c b/unzip.c diff --git a/unzip.c b/unzip.c
index 8dbfc95..abb3644 100644 index 8dbfc95..abb3644 100644
--- a/unzip.c --- a/unzip.c

174
SPECS/unzip.spec
View File

@ -7,9 +7,8 @@
Summary: A utility for unpacking zip files Summary: A utility for unpacking zip files
Name: unzip Name: unzip
Version: 6.0 Version: 6.0
Release: 46%{?dist} Release: 56%{?dist}
License: BSD License: BSD
Group: Applications/Archiving
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
# Not sent to upstream. # Not sent to upstream.
@ -59,25 +58,24 @@ Patch22: unzip-6.0-timestamp.patch
# fix possible heap based stack overflow in passwd protected files # fix possible heap based stack overflow in passwd protected files
Patch23: unzip-6.0-cve-2018-1000035-heap-based-overflow.patch Patch23: unzip-6.0-cve-2018-1000035-heap-based-overflow.patch
Patch24: unzip-6.0-cve-2018-18384.patch Patch24: unzip-6.0-cve-2018-18384.patch
# covscan issues
Patch25: unzip-6.0-COVSCAN-fix-unterminated-string.patch Patch25: unzip-6.0-COVSCAN-fix-unterminated-string.patch
Patch26: unzip-zipbomb-part1.patch
Patch27: unzip-zipbomb-part2.patch
Patch28: unzip-zipbomb-part3.patch
Patch29: unzip-zipbomb-manpage.patch
Patch30: unzip-zipbomb-part4.patch
Patch31: unzip-zipbomb-part5.patch
Patch32: unzip-zipbomb-part6.patch
Patch33: unzip-zipbomb-switch.patch
Patch26: unzip-6.0-COVSCAN-strcpy-with-overlapping-strings.patch
#zipbomb related patches (CVE-2019-13232)
Patch27: unzip-zipbomb-part1.patch
Patch28: unzip-zipbomb-part2.patch
Patch29: unzip-zipbomb-part3.patch
Patch30: unzip-zipbomb-manpage.patch
Patch31: unzip-zipbomb-part4.patch
Patch32: unzip-zipbomb-part5.patch
Patch33: unzip-zipbomb-part6.patch
Patch34: unzip-zipbomb-switch.patch
URL: http://www.info-zip.org/UnZip.html URL: http://www.info-zip.org/UnZip.html
BuildRequires: bzip2-devel BuildRequires: make
BuildRequires: bzip2-devel, gcc
%description %description
The unzip utility is used to list, test, or extract files from a zip The unzip utility is used to list, test, or extract files from a zip
@ -92,98 +90,128 @@ a zip archive.
%prep %prep
%setup -q -n unzip60 %setup -q -n unzip60
%patch1 -p1 -b .bzip2-configure %patch1 -p1
%patch2 -p1 -b .exec-shield %patch2 -p1
%patch3 -p1 -b .close %patch3 -p1
%patch4 -p1 -b .attribs-overflow %patch4 -p1
%patch5 -p1 -b .configure %patch5 -p1
%patch6 -p1 -b .manpage-fix %patch6 -p1
%patch7 -p1 -b .recmatch %patch7 -p1
%patch8 -p1 -b .symlink %patch8 -p1
%patch9 -p1 -b .caseinsensitive %patch9 -p1
%patch10 -p1 -b .format-secure %patch10 -p1
%patch11 -p1 -b .valgrind %patch11 -p1
%patch12 -p1 -b .x-option %patch12 -p1
%patch13 -p1 -b .overflow %patch13 -p1
%patch14 -p1 -b .cve-2014-8139 %patch14 -p1
%patch15 -p1 -b .cve-2014-8140 %patch15 -p1
%patch16 -p1 -b .cve-2014-8141 %patch16 -p1
%patch17 -p1 -b .overflow-long-fsize %patch17 -p1
%patch18 -p1 -b .heap-overflow-infloop %patch18 -p1
%patch19 -p1 -b .utf %patch19 -p1
%patch20 -p1 -b .utf-print %patch20 -p1
%patch21 -p1 -b .cve-2016-9844 %patch21 -p1
%patch22 -p1 -b .timestamp %patch22 -p1
%patch23 -p1 -b .cve-2018-1000035 %patch23 -p1
%patch24 -p1 -b .cve-2018-18384 %patch24 -p1
%patch25 -p1
%patch25 -p1 -b .covscan1 %patch26 -p1
%patch26 -p1 -b .covscan2 %patch27 -p1
%patch28 -p1
%patch27 -p1 -b .zipbomb1 %patch29 -p1
%patch28 -p1 -b .zipbomb2
%patch29 -p1 -b .zipbomb3
%patch30 -p1 %patch30 -p1
%patch31 -p1 %patch31 -p1
%patch32 -p1 %patch32 -p1
%patch33 -p1 %patch33 -p1
%patch34 -p1
%build %build
# Use the C implementation of CRC instead of assembly (only on i386, other architectures use C by default)
sed -i -e 's:-DASM_CRC::g' unix/configure
sed -i -e 's:CRC32OA="crc_gcc.o":CRC32OA="":g' unix/configure
# IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X # IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
# NOMEMCPY solve problem with memory overlapping - decomression is slowly, # NOMEMCPY solve problem with memory overlapping - decomression is slowly,
# but successfull. # but successfull.
make -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY -DIZ_HAVE_UXUIDGID -DNO_LCHMOD" \ %make_build -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY -DIZ_HAVE_UXUIDGID -DNO_LCHMOD" \
LFLAGS2="%{?__global_ldflags}" generic_gcc %{?_smp_mflags} LFLAGS2="%{?__global_ldflags}" generic_gcc
%install %install
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{_mandir}/man1 INSTALL="cp -p" install make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{_mandir}/man1 INSTALL="cp -p" install
%files %files
%defattr(-,root,root)
%license LICENSE COPYING.OLD %license LICENSE COPYING.OLD
%doc README BUGS %doc README BUGS
%{_bindir}/* %{_bindir}/*
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Thu Dec 16 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-46 * Wed Jan 26 2022 Jakub Martisko <jamartis@redhat.com> - 6.0-56
- Add environment variable that disables the zipbomb detection - Use the C crc implementation instead of the asm (i686 only, other arches already use C)
- Resolves: rhbz#2020320 Related: rhbz#2045075
* Tue Nov 24 2020 Jakub Martisko <jamartis@redhat.com> - 6.0-45 * Wed Jan 05 2022 Jakub Martisko <jamartis@redhat.com> - 6.0-55
Fix a false positive zipbomb detection - Rebuild with the gating tests enabled
Related: 1954649 Related: rhbz#2036946
Related: 1953565
* Tue Nov 24 2020 Jakub Martisko <jamartis@redhat.com> - 6.0-44 * Mon Dec 20 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-54
* Fix out of memory errors while checking for zip-bombs - Add an environment variable that disables the zipbomb detection
Resolves: #1900915 Resolves: rhbz#2031730
* Mon Nov 18 2019 Jakub Martisko <jamartis@redhat.com> - 6.0-43 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 6.0-53
- Update the man page with the new exit code introduced in 6.0-42 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
- Related: CVE-2019-13232 Related: rhbz#1991688
* Thu Oct 17 2019 Jakub Martisko <jamartis@redhat.com> - 6.0-42 * Fri Apr 30 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-52
- Fix CVE-2019-13232 - Add several patches dealing with false positice zipbomb detection
- Resolves: CVE-2019-13232 Resolves: #1954651
* Wed Nov 14 2018 Jakub Martisko <jamartis@redhat.com> - 6.0-41 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 6.0-51
- Fix strcpy call with possibly overlapping src/dest strings. - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
- Related: #1602721
* Mon Nov 12 2018 Jakub Martisko <jamartis@redhat.com> - 6.0-40 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-50
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-49
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 6.0-48
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-47
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Nov 18 2019 Jakub Martisko <jamartis@redhat.com> - 6.0-46
- Mention the zipbomb exit code in the manpage
Related: CVE-2019-13232
* Wed Oct 23 2019 Jakub Martisko <jamartis@redhat.com> - 6.0-45
- Fix possible zipbomb in unzip
Resolves: CVE-2019-13232
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-44
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-43
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Nov 08 2018 Jakub Martisko <jamartis@redhat.com> - 6.0-42
- fix several possibly unterminated strings - fix several possibly unterminated strings
When copying to OEM_CP and ISO_CP strings, the string could end unterminated When copying to OEM_CP and ISO_CP strings, the string could end unterminated
(stncpy does not append '\0'). (stncpy does not append '\0').
- Related: #1602721
* Mon Nov 05 2018 Jakub Martisko <jamartis@redhat.com> - 6.0-39 * Thu Nov 08 2018 Jakub Martisko <jamartis@redhat.com> - 6.0-41
- Fix CVE-2018-18384 - Fix CVE-2018-18384
Resolves: CVE-2018-18384 Resolves: CVE-2018-18384
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-40
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Mar 01 2018 Jakub Martisko <jamartis@redhat.com> - 6.0-39
- Add gcc to buildrequires
* Tue Feb 13 2018 Jakub Martisko <jamartis@redhat.com> - 6.0-38 * Tue Feb 13 2018 Jakub Martisko <jamartis@redhat.com> - 6.0-38
- Fix CVE-2018-1000035 - heap based buffer overflow when opening - Fix CVE-2018-1000035 - heap based buffer overflow when opening
password protected files. password protected files.