pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2024Q2] pkgsrc/archivers/unzip
Module Name: pkgsrc
Committed By: bsiegert
Date: Wed Aug 7 18:47:45 UTC 2024
Modified Files:
pkgsrc/archivers/unzip [pkgsrc-2024Q2]: Makefile distinfo
pkgsrc/archivers/unzip/patches [pkgsrc-2024Q2]: patch-fileio.c
patch-process.c
Log Message:
Pullup ticket #6886 - requested by nia
archivers/unzip: security fix
Revisions pulled up:
- archivers/unzip/Makefile 1.98
- archivers/unzip/distinfo 1.35
- archivers/unzip/patches/patch-fileio.c 1.2
- archivers/unzip/patches/patch-process.c 1.2
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Aug 6 14:40:13 UTC 2024
Modified Files:
pkgsrc/archivers/unzip: Makefile distinfo
pkgsrc/archivers/unzip/patches: patch-fileio.c patch-process.c
Log Message:
unzip: Add patches for CVE-2022-0529 and CVE-2022-0530
To generate a diff of this commit:
cvs rdiff -u -r1.97 -r1.97.8.1 pkgsrc/archivers/unzip/Makefile
cvs rdiff -u -r1.33 -r1.33.22.1 pkgsrc/archivers/unzip/distinfo
cvs rdiff -u -r1.1 -r1.1.78.1 pkgsrc/archivers/unzip/patches/patch-fileio.c \
pkgsrc/archivers/unzip/patches/patch-process.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/archivers/unzip/Makefile
diff -u pkgsrc/archivers/unzip/Makefile:1.97 pkgsrc/archivers/unzip/Makefile:1.97.8.1
--- pkgsrc/archivers/unzip/Makefile:1.97 Mon Aug 28 13:55:59 2023
+++ pkgsrc/archivers/unzip/Makefile Wed Aug 7 18:47:44 2024
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.97 2023/08/28 13:55:59 wiz Exp $
+# $NetBSD: Makefile,v 1.97.8.1 2024/08/07 18:47:44 bsiegert Exp $
DISTNAME= unzip60
PKGNAME= unzip-6.0
-PKGREVISION= 9
+PKGREVISION= 10
CATEGORIES= archivers
MASTER_SITES= ftp://ftp.info-zip.org/pub/infozip/src/
EXTRACT_SUFX= .tgz
Index: pkgsrc/archivers/unzip/distinfo
diff -u pkgsrc/archivers/unzip/distinfo:1.33 pkgsrc/archivers/unzip/distinfo:1.33.22.1
--- pkgsrc/archivers/unzip/distinfo:1.33 Tue Oct 26 09:57:19 2021
+++ pkgsrc/archivers/unzip/distinfo Wed Aug 7 18:47:45 2024
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.33 2021/10/26 09:57:19 nia Exp $
+$NetBSD: distinfo,v 1.33.22.1 2024/08/07 18:47:45 bsiegert Exp $
BLAKE2s (unzip60.tgz) = d083b60907af71a6870edc1e87be4566dee486d5089e1fc3b57cc6ebac00818f
SHA512 (unzip60.tgz) = 0694e403ebc57b37218e00ec1a406cae5cc9c5b52b6798e0d4590840b6cdbf9ddc0d9471f67af783e960f8fa2e620394d51384257dca23d06bcd90224a80ce5d
@@ -7,8 +7,9 @@ SHA1 (patch-ab) = 672635c469e0a53ac9808f
SHA1 (patch-ac) = 27b91401d4d5ecc3842c91dc49c08f42c8646154
SHA1 (patch-crypt.c) = e44e14ba2c8e5651659c6756a5adbe88b4385ca4
SHA1 (patch-extract.c) = 042fe7d233d0b3cb1e978902c901e8239f7a3732
-SHA1 (patch-fileio.c) = 910ddb3b847cae92326697a399234b2948555534
+SHA1 (patch-fileio.c) = ef87b5e8a60b9268e4b0439766d089130b322d86
+SHA1 (patch-globals.h) = d537ad18fa4406cd4b78ccee694c3cccb832f5a3
SHA1 (patch-list.c) = 29e6dc3f5d40bb087a8bff58f75eb02568f3ad87
-SHA1 (patch-process.c) = d6e6ed05ef7c2977353e848d9e9cba2877577812
+SHA1 (patch-process.c) = a9c95ada1a0d3ac706d97a0bbd7dd99220f1fe69
SHA1 (patch-unix_unxcfg.h) = b2831f38b2245dacedd4eb2eef12ee1e3cf20613
SHA1 (patch-zipinfo.c) = 0d93fd9b145e7e707762119ee30ddf8eac9c2f31
Index: pkgsrc/archivers/unzip/patches/patch-fileio.c
diff -u pkgsrc/archivers/unzip/patches/patch-fileio.c:1.1 pkgsrc/archivers/unzip/patches/patch-fileio.c:1.1.78.1
--- pkgsrc/archivers/unzip/patches/patch-fileio.c:1.1 Thu Dec 25 16:48:33 2014
+++ pkgsrc/archivers/unzip/patches/patch-fileio.c Wed Aug 7 18:47:45 2024
@@ -1,10 +1,19 @@
-$NetBSD: patch-fileio.c,v 1.1 2014/12/25 16:48:33 wiz Exp $
+$NetBSD: patch-fileio.c,v 1.1.78.1 2024/08/07 18:47:45 bsiegert Exp $
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8141
+https://sources.debian.org/patches/unzip/6.0-28/28-cve-2022-0529-and-cve-2022-0530.patch/
--- fileio.c.orig 2009-04-20 00:03:44.000000000 +0000
+++ fileio.c
-@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTr
+@@ -171,11 +171,15 @@ static ZCONST char Far ReadError[] = "er
+ static ZCONST char Far FilenameTooLongTrunc[] =
+ "warning: filename too long--truncating.\n";
+ #ifdef UNICODE_SUPPORT
++ static ZCONST char Far UFilenameCorrupt[] =
++ "error: Unicode filename corrupt.\n";
+ static ZCONST char Far UFilenameTooLongTrunc[] =
+- "warning: Converted unicode filename too long--truncating.\n";
++ "warning: Converted Unicode filename too long--truncating.\n";
#endif
static ZCONST char Far ExtraFieldTooLong[] =
"warning: extra field too long (%d). Ignoring...\n";
@@ -13,7 +22,7 @@ https://bugzilla.redhat.com/show_bug.cgi
#ifdef WINDLL
static ZCONST char Far DiskFullQuery[] =
-@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option) /*
+@@ -2295,7 +2299,12 @@ int do_string(__G__ length, option) /*
if (readbuf(__G__ (char *)G.extra_field, length) == 0)
return PK_EOF;
/* Looks like here is where extra fields are read */
@@ -27,3 +36,42 @@ https://bugzilla.redhat.com/show_bug.cgi
#ifdef UNICODE_SUPPORT
G.unipath_filename = NULL;
if (G.UzO.U_flag < 2) {
+@@ -2340,16 +2349,30 @@ int do_string(__G__ length, option) /*
+ /* convert UTF-8 to local character set */
+ fn = utf8_to_local_string(G.unipath_filename,
+ G.unicode_escape_all);
+- /* make sure filename is short enough */
+- if (strlen(fn) >= FILNAMSIZ) {
+- fn[FILNAMSIZ - 1] = '\0';
++
++ /* 2022-07-22 SMS, et al. CVE-2022-0530
++ * Detect conversion failure, emit message.
++ * Continue with unconverted name.
++ */
++ if (fn == NULL)
++ {
+ Info(slide, 0x401, ((char *)slide,
+- LoadFarString(UFilenameTooLongTrunc)));
+- error = PK_WARN;
++ LoadFarString(UFilenameCorrupt)));
++ error = PK_ERR;
++ }
++ else
++ {
++ /* make sure filename is short enough */
++ if (strlen(fn) >= FILNAMSIZ) {
++ fn[FILNAMSIZ - 1] = '\0';
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarString(UFilenameTooLongTrunc)));
++ error = PK_WARN;
++ }
++ /* replace filename with converted UTF-8 */
++ strcpy(G.filename, fn);
++ free(fn);
+ }
+- /* replace filename with converted UTF-8 */
+- strcpy(G.filename, fn);
+- free(fn);
+ }
+ # endif /* UNICODE_WCHAR */
+ if (G.unipath_filename != G.filename_full)
Index: pkgsrc/archivers/unzip/patches/patch-process.c
diff -u pkgsrc/archivers/unzip/patches/patch-process.c:1.1 pkgsrc/archivers/unzip/patches/patch-process.c:1.1.78.1
--- pkgsrc/archivers/unzip/patches/patch-process.c:1.1 Thu Dec 25 16:48:33 2014
+++ pkgsrc/archivers/unzip/patches/patch-process.c Wed Aug 7 18:47:45 2024
@@ -1,6 +1,7 @@
-$NetBSD: patch-process.c,v 1.1 2014/12/25 16:48:33 wiz Exp $
+$NetBSD: patch-process.c,v 1.1.78.1 2024/08/07 18:47:45 bsiegert Exp $
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8141
+https://sources.debian.org/patches/unzip/6.0-28/28-cve-2022-0529-and-cve-2022-0530.patch/
--- process.c.orig 2009-03-06 01:25:10.000000000 +0000
+++ process.c
@@ -11,12 +12,21 @@ https://bugzilla.redhat.com/show_bug.cgi
See the accompanying file LICENSE, version 2009-Jan-02 or later
(the contents of which are also included in unzip.h) for terms of use.
-@@ -1888,48 +1888,82 @@ int getZip64Data(__G__ ef_buf, ef_len)
+@@ -222,6 +222,8 @@ static ZCONST char Far ZipfileCommTrunc1
+ "\nwarning: Unicode Path version > 1\n";
+ static ZCONST char Far UnicodeMismatchError[] =
+ "\nwarning: Unicode Path checksum invalid\n";
++ static ZCONST char Far UFilenameTooLongTrunc[] =
++ "warning: filename too long (P1) -- truncating.\n";
+ #endif
+
+
+@@ -1888,48 +1890,83 @@ int getZip64Data(__G__ ef_buf, ef_len)
and a 4-byte version of disk start number.
Sets both local header and central header fields. Not terribly clever,
but it means that this procedure is only called in one place.
+
-+ 2014-12-05 SMS.
++ 2014-12-05 SMS. (oCERT.org report.) CVE-2014-8141.
+ Added checks to ensure that enough data are available before calling
+ makeint64() or makelong(). Replaced various sizeof() values with
+ simple ("4" or "8") constants. (The Zip64 structures do not depend
@@ -50,19 +60,20 @@ https://bugzilla.redhat.com/show_bug.cgi
break;
}
- if (eb_id == EF_PKSZ64) {
--
+
+- int offset = EB_HEADSIZE;
+ if (eb_id == EF_PKSZ64)
+ {
- int offset = EB_HEADSIZE;
-
-- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
-- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
-- offset += sizeof(G.crec.ucsize);
++ unsigned offset = EB_HEADSIZE;
++
+ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
+ {
+ if (offset+ 8 > ef_len)
+ return PK_ERR;
-+
+
+- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
+- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
+- offset += sizeof(G.crec.ucsize);
+ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);
+ offset += 8;
}
@@ -110,3 +121,86 @@ https://bugzilla.redhat.com/show_bug.cgi
ef_buf += (eb_len + EB_HEADSIZE);
ef_len -= (eb_len + EB_HEADSIZE);
}
+@@ -1984,7 +2021,7 @@ int getUnicodeData(__G__ ef_buf, ef_len)
+ }
+ if (eb_id == EF_UNIPATH) {
+
+- int offset = EB_HEADSIZE;
++ unsigned offset = EB_HEADSIZE;
+ ush ULen = eb_len - 5;
+ ulg chksum = CRCVAL_INITIAL;
+
+@@ -2440,16 +2477,17 @@ char *wide_to_local_string(wide_string,
+ int state_dependent;
+ int wsize = 0;
+ int max_bytes = MB_CUR_MAX;
+- char buf[9];
++ char buf[ MB_CUR_MAX+ 1]; /* ("+1" not really needed?) */
+ char *buffer = NULL;
+ char *local_string = NULL;
++ size_t buffer_size; /* CVE-2022-0529 */
+
+ for (wsize = 0; wide_string[wsize]; wsize++) ;
+
+ if (max_bytes < MAX_ESCAPE_BYTES)
+ max_bytes = MAX_ESCAPE_BYTES;
+-
+- if ((buffer = (char *)malloc(wsize * max_bytes + 1)) == NULL) {
++ buffer_size = wsize * max_bytes + 1; /* Reused below. */
++ if ((buffer = (char *)malloc( buffer_size)) == NULL) {
+ return NULL;
+ }
+
+@@ -2487,8 +2525,28 @@ char *wide_to_local_string(wide_string,
+ } else {
+ /* no MB for this wide */
+ /* use escape for wide character */
+- char *escape_string = wide_to_escape_string(wide_string[i]);
+- strcat(buffer, escape_string);
++ size_t buffer_len;
++ size_t escape_string_len;
++ char *escape_string;
++ int err_msg = 0;
++
++ escape_string = wide_to_escape_string(wide_string[i]);
++ buffer_len = strlen( buffer);
++ escape_string_len = strlen( escape_string);
++
++ /* Append escape string, as space allows. */
++ /* 2022-07-18 SMS, et al. CVE-2022-0529 */
++ if (escape_string_len > buffer_size- buffer_len- 1)
++ {
++ escape_string_len = buffer_size- buffer_len- 1;
++ if (err_msg == 0)
++ {
++ err_msg = 1;
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarString( UFilenameTooLongTrunc)));
++ }
++ }
++ strncat( buffer, escape_string, escape_string_len);
+ free(escape_string);
+ }
+ }
+@@ -2540,9 +2598,18 @@ char *utf8_to_local_string(utf8_string,
+ ZCONST char *utf8_string;
+ int escape_all;
+ {
+- zwchar *wide = utf8_to_wide_string(utf8_string);
+- char *loc = wide_to_local_string(wide, escape_all);
+- free(wide);
++ zwchar *wide;
++ char *loc = NULL;
++
++ wide = utf8_to_wide_string( utf8_string);
++
++ /* 2022-07-25 SMS, et al. CVE-2022-0530 */
++ if (wide != NULL)
++ {
++ loc = wide_to_local_string( wide, escape_all);
++ free( wide);
++ }
++
+ return loc;
+ }
+
Home |
Main Index |
Thread Index |
Old Index