diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-extended/unzip/unzip')
12 files changed, 0 insertions, 984 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch b/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch deleted file mode 100644 index afc4c734a..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch +++ /dev/null @@ -1,403 +0,0 @@ -From: Giovanni Scafora <giovanni.archlinux.org> -Subject: unzip files encoded with non-latin, non-unicode file names -Last-Update: 2015-02-11 - -Upstream-Status: Backport -CVE: CVE-2015-1315 - -Updated 2015-02-11 by Marc Deslauriers <marc.deslauriers@canonical.com> -to fix buffer overflow in charset_to_intern() - -Signed-off-by: Marc Deslauriers <marc.deslauriers@canonical.com> - -Index: unzip-6.0/unix/unix.c -=================================================================== ---- unzip-6.0.orig/unix/unix.c 2015-02-11 08:46:43.675324290 -0500 -+++ unzip-6.0/unix/unix.c 2015-02-11 09:18:04.902081319 -0500 -@@ -30,6 +30,9 @@ - #define UNZIP_INTERNAL - #include "unzip.h" - -+#include <iconv.h> -+#include <langinfo.h> -+ - #ifdef SCO_XENIX - # define SYSNDIR - #else /* SCO Unix, AIX, DNIX, TI SysV, Coherent 4.x, ... */ -@@ -1874,3 +1877,102 @@ - } - } - #endif /* QLZIP */ -+ -+ -+typedef struct { -+ char *local_charset; -+ char *archive_charset; -+} CHARSET_MAP; -+ -+/* A mapping of local <-> archive charsets used by default to convert filenames -+ * of DOS/Windows Zip archives. Currently very basic. */ -+static CHARSET_MAP dos_charset_map[] = { -+ { "ANSI_X3.4-1968", "CP850" }, -+ { "ISO-8859-1", "CP850" }, -+ { "CP1252", "CP850" }, -+ { "UTF-8", "CP866" }, -+ { "KOI8-R", "CP866" }, -+ { "KOI8-U", "CP866" }, -+ { "ISO-8859-5", "CP866" } -+}; -+ -+char OEM_CP[MAX_CP_NAME] = ""; -+char ISO_CP[MAX_CP_NAME] = ""; -+ -+/* Try to guess the default value of OEM_CP based on the current locale. -+ * ISO_CP is left alone for now. */ -+void init_conversion_charsets() -+{ -+ const char *local_charset; -+ int i; -+ -+ /* Make a guess only if OEM_CP not already set. */ -+ if(*OEM_CP == '\0') { -+ local_charset = nl_langinfo(CODESET); -+ for(i = 0; i < sizeof(dos_charset_map)/sizeof(CHARSET_MAP); i++) -+ if(!strcasecmp(local_charset, dos_charset_map[i].local_charset)) { -+ strncpy(OEM_CP, dos_charset_map[i].archive_charset, -+ sizeof(OEM_CP)); -+ break; -+ } -+ } -+} -+ -+/* Convert a string from one encoding to the current locale using iconv(). -+ * Be as non-intrusive as possible. If error is encountered during covertion -+ * just leave the string intact. */ -+static void charset_to_intern(char *string, char *from_charset) -+{ -+ iconv_t cd; -+ char *s,*d, *buf; -+ size_t slen, dlen, buflen; -+ const char *local_charset; -+ -+ if(*from_charset == '\0') -+ return; -+ -+ buf = NULL; -+ local_charset = nl_langinfo(CODESET); -+ -+ if((cd = iconv_open(local_charset, from_charset)) == (iconv_t)-1) -+ return; -+ -+ slen = strlen(string); -+ s = string; -+ -+ /* Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ -+ * as this function also gets called with G.outbuf in fileio.c -+ */ -+ buflen = FILNAMSIZ; -+ if (OUTBUFSIZ + 1 < FILNAMSIZ) -+ { -+ buflen = OUTBUFSIZ + 1; -+ } -+ -+ d = buf = malloc(buflen); -+ if(!d) -+ goto cleanup; -+ -+ bzero(buf,buflen); -+ dlen = buflen - 1; -+ -+ if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1) -+ goto cleanup; -+ strncpy(string, buf, buflen); -+ -+ cleanup: -+ free(buf); -+ iconv_close(cd); -+} -+ -+/* Convert a string from OEM_CP to the current locale charset. */ -+inline void oem_intern(char *string) -+{ -+ charset_to_intern(string, OEM_CP); -+} -+ -+/* Convert a string from ISO_CP to the current locale charset. */ -+inline void iso_intern(char *string) -+{ -+ charset_to_intern(string, ISO_CP); -+} -Index: unzip-6.0/unix/unxcfg.h -=================================================================== ---- unzip-6.0.orig/unix/unxcfg.h 2015-02-11 08:46:43.675324290 -0500 -+++ unzip-6.0/unix/unxcfg.h 2015-02-11 08:46:43.671324260 -0500 -@@ -228,4 +228,30 @@ - /* wild_dir, dirname, wildname, matchname[], dirnamelen, have_dirname, */ - /* and notfirstcall are used by do_wild(). */ - -+ -+#define MAX_CP_NAME 25 -+ -+#ifdef SETLOCALE -+# undef SETLOCALE -+#endif -+#define SETLOCALE(category, locale) setlocale(category, locale) -+#include <locale.h> -+ -+#ifdef _ISO_INTERN -+# undef _ISO_INTERN -+#endif -+#define _ISO_INTERN(str1) iso_intern(str1) -+ -+#ifdef _OEM_INTERN -+# undef _OEM_INTERN -+#endif -+#ifndef IZ_OEM2ISO_ARRAY -+# define IZ_OEM2ISO_ARRAY -+#endif -+#define _OEM_INTERN(str1) oem_intern(str1) -+ -+void iso_intern(char *); -+void oem_intern(char *); -+void init_conversion_charsets(void); -+ - #endif /* !__unxcfg_h */ -Index: unzip-6.0/unzip.c -=================================================================== ---- unzip-6.0.orig/unzip.c 2015-02-11 08:46:43.675324290 -0500 -+++ unzip-6.0/unzip.c 2015-02-11 08:46:43.675324290 -0500 -@@ -327,11 +327,21 @@ - -2 just filenames but allow -h/-t/-z -l long Unix \"ls -l\" format\n\ - -v verbose, multi-page format\n"; - -+#ifndef UNIX - static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\ - -h print header line -t print totals for listed files or for all\n\ - -z print zipfile comment -T print file times in sortable decimal format\ - \n -C be case-insensitive %s\ - -x exclude filenames that follow from listing\n"; -+#else /* UNIX */ -+static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\ -+ -h print header line -t print totals for listed files or for all\n\ -+ -z print zipfile comment %c-T%c print file times in sortable decimal format\ -+\n %c-C%c be case-insensitive %s\ -+ -x exclude filenames that follow from listing\n\ -+ -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\ -+ -I CHARSET specify a character encoding for UNIX and other archives\n"; -+#endif /* !UNIX */ - #ifdef MORE - static ZCONST char Far ZipInfoUsageLine4[] = - " -M page output through built-in \"more\"\n"; -@@ -664,6 +674,17 @@ - -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\ - -C match filenames case-insensitively -L make (some) names \ - lowercase\n %-42s -V retain VMS version numbers\n%s"; -+#elif (defined UNIX) -+static ZCONST char Far UnzipUsageLine4[] = "\ -+modifiers:\n\ -+ -n never overwrite existing files -q quiet mode (-qq => quieter)\n\ -+ -o overwrite files WITHOUT prompting -a auto-convert any text files\n\ -+ -j junk paths (do not make directories) -aa treat ALL files as text\n\ -+ -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\ -+ -C match filenames case-insensitively -L make (some) names \ -+lowercase\n %-42s -V retain VMS version numbers\n%s\ -+ -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\ -+ -I CHARSET specify a character encoding for UNIX and other archives\n\n"; - #else /* !VMS */ - static ZCONST char Far UnzipUsageLine4[] = "\ - modifiers:\n\ -@@ -802,6 +823,10 @@ - #endif /* UNICODE_SUPPORT */ - - -+#ifdef UNIX -+ init_conversion_charsets(); -+#endif -+ - #if (defined(__IBMC__) && defined(__DEBUG_ALLOC__)) - extern void DebugMalloc(void); - -@@ -1335,6 +1360,11 @@ - argc = *pargc; - argv = *pargv; - -+#ifdef UNIX -+ extern char OEM_CP[MAX_CP_NAME]; -+ extern char ISO_CP[MAX_CP_NAME]; -+#endif -+ - while (++argv, (--argc > 0 && *argv != NULL && **argv == '-')) { - s = *argv + 1; - while ((c = *s++) != 0) { /* "!= 0": prevent Turbo C warning */ -@@ -1516,6 +1546,35 @@ - } - break; - #endif /* MACOS */ -+#ifdef UNIX -+ case ('I'): -+ if (negative) { -+ Info(slide, 0x401, ((char *)slide, -+ "error: encodings can't be negated")); -+ return(PK_PARAM); -+ } else { -+ if(*s) { /* Handle the -Icharset case */ -+ /* Assume that charsets can't start with a dash to spot arguments misuse */ -+ if(*s == '-') { -+ Info(slide, 0x401, ((char *)slide, -+ "error: a valid character encoding should follow the -I argument")); -+ return(PK_PARAM); -+ } -+ strncpy(ISO_CP, s, sizeof(ISO_CP)); -+ } else { /* -I charset */ -+ ++argv; -+ if(!(--argc > 0 && *argv != NULL && **argv != '-')) { -+ Info(slide, 0x401, ((char *)slide, -+ "error: a valid character encoding should follow the -I argument")); -+ return(PK_PARAM); -+ } -+ s = *argv; -+ strncpy(ISO_CP, s, sizeof(ISO_CP)); -+ } -+ while(*(++s)); /* No params straight after charset name */ -+ } -+ break; -+#endif /* ?UNIX */ - case ('j'): /* junk pathnames/directory structure */ - if (negative) - uO.jflag = FALSE, negative = 0; -@@ -1591,6 +1650,35 @@ - } else - ++uO.overwrite_all; - break; -+#ifdef UNIX -+ case ('O'): -+ if (negative) { -+ Info(slide, 0x401, ((char *)slide, -+ "error: encodings can't be negated")); -+ return(PK_PARAM); -+ } else { -+ if(*s) { /* Handle the -Ocharset case */ -+ /* Assume that charsets can't start with a dash to spot arguments misuse */ -+ if(*s == '-') { -+ Info(slide, 0x401, ((char *)slide, -+ "error: a valid character encoding should follow the -I argument")); -+ return(PK_PARAM); -+ } -+ strncpy(OEM_CP, s, sizeof(OEM_CP)); -+ } else { /* -O charset */ -+ ++argv; -+ if(!(--argc > 0 && *argv != NULL && **argv != '-')) { -+ Info(slide, 0x401, ((char *)slide, -+ "error: a valid character encoding should follow the -O argument")); -+ return(PK_PARAM); -+ } -+ s = *argv; -+ strncpy(OEM_CP, s, sizeof(OEM_CP)); -+ } -+ while(*(++s)); /* No params straight after charset name */ -+ } -+ break; -+#endif /* ?UNIX */ - case ('p'): /* pipes: extract to stdout, no messages */ - if (negative) { - uO.cflag = FALSE; -Index: unzip-6.0/unzpriv.h -=================================================================== ---- unzip-6.0.orig/unzpriv.h 2015-02-11 08:46:43.675324290 -0500 -+++ unzip-6.0/unzpriv.h 2015-02-11 08:46:43.675324290 -0500 -@@ -3008,7 +3008,7 @@ - !(((islochdr) || (isuxatt)) && \ - ((hostver) == 25 || (hostver) == 26 || (hostver) == 40))) || \ - (hostnum) == FS_HPFS_ || \ -- ((hostnum) == FS_NTFS_ && (hostver) == 50)) { \ -+ ((hostnum) == FS_NTFS_ /* && (hostver) == 50 */ )) { \ - _OEM_INTERN((string)); \ - } else { \ - _ISO_INTERN((string)); \ -Index: unzip-6.0/zipinfo.c -=================================================================== ---- unzip-6.0.orig/zipinfo.c 2015-02-11 08:46:43.675324290 -0500 -+++ unzip-6.0/zipinfo.c 2015-02-11 08:46:43.675324290 -0500 -@@ -457,6 +457,10 @@ - int tflag_slm=TRUE, tflag_2v=FALSE; - int explicit_h=FALSE, explicit_t=FALSE; - -+#ifdef UNIX -+ extern char OEM_CP[MAX_CP_NAME]; -+ extern char ISO_CP[MAX_CP_NAME]; -+#endif - - #ifdef MACOS - uO.lflag = LFLAG; /* reset default on each call */ -@@ -501,6 +505,35 @@ - uO.lflag = 0; - } - break; -+#ifdef UNIX -+ case ('I'): -+ if (negative) { -+ Info(slide, 0x401, ((char *)slide, -+ "error: encodings can't be negated")); -+ return(PK_PARAM); -+ } else { -+ if(*s) { /* Handle the -Icharset case */ -+ /* Assume that charsets can't start with a dash to spot arguments misuse */ -+ if(*s == '-') { -+ Info(slide, 0x401, ((char *)slide, -+ "error: a valid character encoding should follow the -I argument")); -+ return(PK_PARAM); -+ } -+ strncpy(ISO_CP, s, sizeof(ISO_CP)); -+ } else { /* -I charset */ -+ ++argv; -+ if(!(--argc > 0 && *argv != NULL && **argv != '-')) { -+ Info(slide, 0x401, ((char *)slide, -+ "error: a valid character encoding should follow the -I argument")); -+ return(PK_PARAM); -+ } -+ s = *argv; -+ strncpy(ISO_CP, s, sizeof(ISO_CP)); -+ } -+ while(*(++s)); /* No params straight after charset name */ -+ } -+ break; -+#endif /* ?UNIX */ - case 'l': /* longer form of "ls -l" type listing */ - if (negative) - uO.lflag = -2, negative = 0; -@@ -521,6 +554,35 @@ - G.M_flag = TRUE; - break; - #endif -+#ifdef UNIX -+ case ('O'): -+ if (negative) { -+ Info(slide, 0x401, ((char *)slide, -+ "error: encodings can't be negated")); -+ return(PK_PARAM); -+ } else { -+ if(*s) { /* Handle the -Ocharset case */ -+ /* Assume that charsets can't start with a dash to spot arguments misuse */ -+ if(*s == '-') { -+ Info(slide, 0x401, ((char *)slide, -+ "error: a valid character encoding should follow the -I argument")); -+ return(PK_PARAM); -+ } -+ strncpy(OEM_CP, s, sizeof(OEM_CP)); -+ } else { /* -O charset */ -+ ++argv; -+ if(!(--argc > 0 && *argv != NULL && **argv != '-')) { -+ Info(slide, 0x401, ((char *)slide, -+ "error: a valid character encoding should follow the -O argument")); -+ return(PK_PARAM); -+ } -+ s = *argv; -+ strncpy(OEM_CP, s, sizeof(OEM_CP)); -+ } -+ while(*(++s)); /* No params straight after charset name */ -+ } -+ break; -+#endif /* ?UNIX */ - case 's': /* default: shorter "ls -l" type listing */ - if (negative) - uO.lflag = -2, negative = 0; diff --git a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch b/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch deleted file mode 100644 index 0e497cc65..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch +++ /dev/null @@ -1,53 +0,0 @@ -From: sms -Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow -Bug-Debian: http://bugs.debian.org/773722 - -The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz - -Upstream-Status: Backport -CVE: CVE-2014-8139 - -Signed-off-by: Roy Li <rongqing.li@windriver.com> - ---- a/extract.c -+++ b/extract.c -@@ -298,6 +298,8 @@ - #ifndef SFX - static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ - EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; -+ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \ -+ EF block length (%u bytes) invalid (< %d)\n"; - static ZCONST char Far InvalidComprDataEAs[] = - " invalid compressed data for EAs\n"; - # if (defined(WIN32) && defined(NTSD_EAS)) -@@ -2023,7 +2025,8 @@ - ebID = makeword(ef); - ebLen = (unsigned)makeword(ef+EB_LEN); - -- if (ebLen > (ef_len - EB_HEADSIZE)) { -+ if (ebLen > (ef_len - EB_HEADSIZE)) -+ { - /* Discovered some extra field inconsistency! */ - if (uO.qflag) - Info(slide, 1, ((char *)slide, "%-22s ", -@@ -2158,11 +2161,19 @@ - } - break; - case EF_PKVMS: -- if (makelong(ef+EB_HEADSIZE) != -+ if (ebLen < 4) -+ { -+ Info(slide, 1, -+ ((char *)slide, LoadFarString(TooSmallEBlength), -+ ebLen, 4)); -+ } -+ else if (makelong(ef+EB_HEADSIZE) != - crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4), - (extent)(ebLen-4))) -+ { - Info(slide, 1, ((char *)slide, - LoadFarString(BadCRC_EAs))); -+ } - break; - case EF_PKW32: - case EF_PKUNIX: diff --git a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch b/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch deleted file mode 100644 index ca4aaadff..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: sms -Subject: Fix CVE-2014-8140: out-of-bounds write issue in test_compr_eb() -Bug-Debian: http://bugs.debian.org/773722 - -The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz - -Upstream-Status: Backport -CVE: CVE-2014-8140 - -Signed-off-by: Roy Li <rongqing.li@windriver.com> - -Index: unzip60/extract.c -=================================================================== ---- unzip60.orig/extract.c -+++ unzip60/extract.c -@@ -2233,10 +2233,17 @@ static int test_compr_eb(__G__ eb, eb_si - if (compr_offset < 4) /* field is not compressed: */ - return PK_OK; /* do nothing and signal OK */ - -+ /* Return no/bad-data error status if any problem is found: -+ * 1. eb_size is too small to hold the uncompressed size -+ * (eb_ucsize). (Else extract eb_ucsize.) -+ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS. -+ * 3. eb_ucsize is positive, but eb_size is too small to hold -+ * the compressed data header. -+ */ - if ((eb_size < (EB_UCSIZE_P + 4)) || -- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L && -- eb_size <= (compr_offset + EB_CMPRHEADLEN))) -- return IZ_EF_TRUNC; /* no compressed data! */ -+ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) || -+ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) -+ return IZ_EF_TRUNC; /* no/bad compressed data! */ - - method = makeword(eb + (EB_HEADSIZE + compr_offset)); - if ((method == STORED) && diff --git a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch b/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch deleted file mode 100644 index c48c23f30..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch +++ /dev/null @@ -1,145 +0,0 @@ -From: sms -Subject: Fix CVE-2014-8141: out-of-bounds read issues in getZip64Data() -Bug-Debian: http://bugs.debian.org/773722 - -The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz - -Upstream-Status: Backport -CVE: CVE-2014-8141 - -Signed-off-by: Roy Li <rongqing.li@windriver.com> - - ---- a/fileio.c -+++ b/fileio.c -@@ -176,6 +176,8 @@ - #endif - static ZCONST char Far ExtraFieldTooLong[] = - "warning: extra field too long (%d). Ignoring...\n"; -+static ZCONST char Far ExtraFieldCorrupt[] = -+ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n"; - - #ifdef WINDLL - static ZCONST char Far DiskFullQuery[] = -@@ -2295,7 +2297,12 @@ - if (readbuf(__G__ (char *)G.extra_field, length) == 0) - return PK_EOF; - /* Looks like here is where extra fields are read */ -- getZip64Data(__G__ G.extra_field, length); -+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL) -+ { -+ Info(slide, 0x401, ((char *)slide, -+ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64)); -+ error = PK_WARN; -+ } - #ifdef UNICODE_SUPPORT - G.unipath_filename = NULL; - if (G.UzO.U_flag < 2) { ---- a/process.c -+++ b/process.c -@@ -1,5 +1,5 @@ - /* -- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. -+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. - - See the accompanying file LICENSE, version 2009-Jan-02 or later - (the contents of which are also included in unzip.h) for terms of use. -@@ -1901,48 +1901,82 @@ - and a 4-byte version of disk start number. - Sets both local header and central header fields. Not terribly clever, - but it means that this procedure is only called in one place. -+ -+ 2014-12-05 SMS. -+ Added checks to ensure that enough data are available before calling -+ makeint64() or makelong(). Replaced various sizeof() values with -+ simple ("4" or "8") constants. (The Zip64 structures do not depend -+ on our variable sizes.) Error handling is crude, but we should now -+ stay within the buffer. - ---------------------------------------------------------------------------*/ - -+#define Z64FLGS 0xffff -+#define Z64FLGL 0xffffffff -+ - if (ef_len == 0 || ef_buf == NULL) - return PK_COOL; - - Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n", - ef_len)); - -- while (ef_len >= EB_HEADSIZE) { -+ while (ef_len >= EB_HEADSIZE) -+ { - eb_id = makeword(EB_ID + ef_buf); - eb_len = makeword(EB_LEN + ef_buf); - -- if (eb_len > (ef_len - EB_HEADSIZE)) { -- /* discovered some extra field inconsistency! */ -+ if (eb_len > (ef_len - EB_HEADSIZE)) -+ { -+ /* Extra block length exceeds remaining extra field length. */ - Trace((stderr, - "getZip64Data: block length %u > rest ef_size %u\n", eb_len, - ef_len - EB_HEADSIZE)); - break; - } -- if (eb_id == EF_PKSZ64) { -- -+ if (eb_id == EF_PKSZ64) -+ { - int offset = EB_HEADSIZE; - -- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){ -- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf); -- offset += sizeof(G.crec.ucsize); -+ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL)) -+ { -+ if (offset+ 8 > ef_len) -+ return PK_ERR; -+ -+ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf); -+ offset += 8; - } -- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){ -- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf); -- offset += sizeof(G.crec.csize); -+ -+ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL)) -+ { -+ if (offset+ 8 > ef_len) -+ return PK_ERR; -+ -+ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf); -+ offset += 8; - } -- if (G.crec.relative_offset_local_header == 0xffffffff){ -+ -+ if (G.crec.relative_offset_local_header == Z64FLGL) -+ { -+ if (offset+ 8 > ef_len) -+ return PK_ERR; -+ - G.crec.relative_offset_local_header = makeint64(offset + ef_buf); -- offset += sizeof(G.crec.relative_offset_local_header); -+ offset += 8; - } -- if (G.crec.disk_number_start == 0xffff){ -+ -+ if (G.crec.disk_number_start == Z64FLGS) -+ { -+ if (offset+ 4 > ef_len) -+ return PK_ERR; -+ - G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf); -- offset += sizeof(G.crec.disk_number_start); -+ offset += 4; - } -+#if 0 -+ break; /* Expect only one EF_PKSZ64 block. */ -+#endif /* 0 */ - } - -- /* Skip this extra field block */ -+ /* Skip this extra field block. */ - ef_buf += (eb_len + EB_HEADSIZE); - ef_len -= (eb_len + EB_HEADSIZE); - } diff --git a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/18-cve-2014-9913-unzip-buffer-overflow.patch b/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/18-cve-2014-9913-unzip-buffer-overflow.patch deleted file mode 100644 index 3c02d596c..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/18-cve-2014-9913-unzip-buffer-overflow.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: "Steven M. Schweda" <sms@antinode.info> -Subject: Fix CVE-2014-9913, buffer overflow in unzip -Bug: https://sourceforge.net/p/infozip/bugs/27/ -Bug-Debian: https://bugs.debian.org/847485 -Bug-Ubuntu: https://launchpad.net/bugs/387350 -X-Debian-version: 6.0-21 - -Upstream-Status: Backport -CVE: CVE-2014-9913 -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> - ---- a/list.c -+++ b/list.c -@@ -339,7 +339,18 @@ - G.crec.compression_method == ENHDEFLATED) { - methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; - } else if (methnum >= NUM_METHODS) { -- sprintf(&methbuf[4], "%03u", G.crec.compression_method); -+ /* 2013-02-26 SMS. -+ * http://sourceforge.net/p/infozip/bugs/27/ CVE-2014-9913. -+ * Unexpectedly large compression methods overflow -+ * &methbuf[]. Use the old, three-digit decimal format -+ * for values which fit. Otherwise, sacrifice the -+ * colon, and use four-digit hexadecimal. -+ */ -+ if (G.crec.compression_method <= 999) { -+ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method); -+ } else { -+ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method); -+ } - } - - #if 0 /* GRR/Euro: add this? */ diff --git a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/19-cve-2016-9844-zipinfo-buffer-overflow.patch b/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/19-cve-2016-9844-zipinfo-buffer-overflow.patch deleted file mode 100644 index ffadbc2ef..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/19-cve-2016-9844-zipinfo-buffer-overflow.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: "Steven M. Schweda" <sms@antinode.info> -Subject: Fix CVE-2016-9844, buffer overflow in zipinfo -Bug-Debian: https://bugs.debian.org/847486 -Bug-Ubuntu: https://launchpad.net/bugs/1643750 -X-Debian-version: 6.0-21 - -Upstream-Status: Backport -CVE: CVE-2016-9844 -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> - ---- a/zipinfo.c -+++ b/zipinfo.c -@@ -1921,7 +1921,18 @@ - ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3); - methbuf[3] = dtype[dnum]; - } else if (methnum >= NUM_METHODS) { /* unknown */ -- sprintf(&methbuf[1], "%03u", G.crec.compression_method); -+ /* 2016-12-05 SMS. -+ * https://launchpad.net/bugs/1643750 -+ * Unexpectedly large compression methods overflow -+ * &methbuf[]. Use the old, three-digit decimal format -+ * for values which fit. Otherwise, sacrifice the "u", -+ * and use four-digit hexadecimal. -+ */ -+ if (G.crec.compression_method <= 999) { -+ sprintf( &methbuf[ 1], "%03u", G.crec.compression_method); -+ } else { -+ sprintf( &methbuf[ 0], "%04X", G.crec.compression_method); -+ } - } - - for (k = 0; k < 15; ++k) diff --git a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch b/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch deleted file mode 100644 index 87eed965d..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch +++ /dev/null @@ -1,39 +0,0 @@ -Upstream-Status: Backport -CVE: CVE-2015-7696 -Signed-off-by: Tudor Florea <tudor.flore@enea.com> - -From 68efed87fabddd450c08f3112f62a73f61d493c9 Mon Sep 17 00:00:00 2001 -From: Petr Stodulka <pstodulk@redhat.com> -Date: Mon, 14 Sep 2015 18:23:17 +0200 -Subject: [PATCH 1/2] upstream fix for heap overflow - -https://bugzilla.redhat.com/attachment.cgi?id=1073002 ---- - crypt.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/crypt.c b/crypt.c -index 784e411..a8975f2 100644 ---- a/crypt.c -+++ b/crypt.c -@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd) - GLOBAL(pInfo->encrypted) = FALSE; - defer_leftover_input(__G); - for (n = 0; n < RAND_HEAD_LEN; n++) { -- b = NEXTBYTE; -+ /* 2012-11-23 SMS. (OUSPG report.) -+ * Quit early if compressed size < HEAD_LEN. The resulting -+ * error message ("unable to get password") could be improved, -+ * but it's better than trying to read nonexistent data, and -+ * then continuing with a negative G.csize. (See -+ * fileio.c:readbyte()). -+ */ -+ if ((b = NEXTBYTE) == (ush)EOF) -+ { -+ return PK_ERR; -+ } - h[n] = (uch)b; - Trace((stdout, " (%02x)", h[n])); - } --- -2.4.6 diff --git a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch b/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch deleted file mode 100644 index a8f293674..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch +++ /dev/null @@ -1,32 +0,0 @@ -Upstream-Status: Backport -CVE: CVE-2015-7697 -Signed-off-by: Tudor Florea <tudor.flore@enea.com> - -From bd8a743ee0a77e65ad07ef4196c4cd366add3f26 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka <kdudka@redhat.com> -Date: Mon, 14 Sep 2015 18:24:56 +0200 -Subject: [PATCH 2/2] fix infinite loop when extracting empty bzip2 data - ---- - extract.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/extract.c b/extract.c -index 7134bfe..29db027 100644 ---- a/extract.c -+++ b/extract.c -@@ -2733,6 +2733,12 @@ __GDEF - int repeated_buf_err; - bz_stream bstrm; - -+ if (G.incnt <= 0 && G.csize <= 0L) { -+ /* avoid an infinite loop */ -+ Trace((stderr, "UZbunzip2() got empty input\n")); -+ return 2; -+ } -+ - #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) - if (G.redirect_slide) - wsize = G.redirect_size, redirSlide = G.redirect_buffer; --- -2.4.6 diff --git a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/avoid-strip.patch b/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/avoid-strip.patch deleted file mode 100644 index 8f30e4267..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/avoid-strip.patch +++ /dev/null @@ -1,50 +0,0 @@ -Upstream-Status: Pending - -unix/Makefile: remove hard coded strip commands - -Remove the hard coded strip commands, both LF2 (used in linking) and -STRIP used alone. - -Signed-off-by: Mark Hatle <mark.hatle@windriver.com> - -diff -ur unzip60.orig/unix/configure unzip60/unix/configure ---- unzip60.orig/unix/configure 2009-04-16 14:25:12.000000000 -0500 -+++ unzip60/unix/configure 2011-06-21 11:23:36.822849960 -0500 -@@ -17,7 +17,7 @@ - IZ_BZIP2=${3} - CFLAGS="${CFLAGS} -I. -DUNIX" - LFLAGS1="" --LFLAGS2="-s" -+LFLAGS2="" - LN="ln -s" - - CFLAGS_OPT='' -diff -ur unzip60.orig/unix/Makefile unzip60/unix/Makefile ---- unzip60.orig/unix/Makefile 2009-01-18 16:41:18.000000000 -0600 -+++ unzip60/unix/Makefile 2011-06-21 11:12:22.900003388 -0500 -@@ -52,7 +52,7 @@ - CF = $(CFLAGS) $(CF_NOOPT) - LFLAGS1 = - LF = -o unzip$E $(LFLAGS1) --LF2 = -s -+LF2 = - - # UnZipSFX flags - SL = -o unzipsfx$E $(LFLAGS1) -@@ -70,7 +70,7 @@ - CHMOD = chmod - BINPERMS = 755 - MANPERMS = 644 --STRIP = strip -+STRIP = - E = - O = .o - M = unix -@@ -776,7 +776,6 @@ - # - gcc: unix_make - $(MAKE) unzips CC=gcc LD=gcc CFLAGS="-O3" LF2="" -- $(STRIP) $(UNZIPS) - - # Heurikon HK68 (68010), UniPlus+ System V 5.0, Green Hills C-68000 - hk68: unix_make diff --git a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch b/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch deleted file mode 100644 index 5fcd318b2..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001 -From: mancha <mancha1 AT zoho DOT com> -Date: Wed, 11 Feb 2015 -Subject: Info-ZIP UnZip buffer overflow - -Upstream-Status: Backport -CVE: CVE-2014-9636 - -By carefully crafting a corrupt ZIP archive with "extra fields" that -purport to have compressed blocks larger than the corresponding -uncompressed blocks in STORED no-compression mode, an attacker can -trigger a heap overflow that can result in application crash or -possibly have other unspecified impact. - -This patch ensures that when extra fields use STORED mode, the -"compressed" and uncompressed block sizes match. - -Signed-off-by: mancha <mancha1 AT zoho DOT com> ---- - extract.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - ---- a/extract.c -+++ b/extract.c -@@ -2217,6 +2217,7 @@ static int test_compr_eb(__G__ eb, eb_si - ulg eb_ucsize; - uch *eb_ucptr; - int r; -+ ush method; - - if (compr_offset < 4) /* field is not compressed: */ - return PK_OK; /* do nothing and signal OK */ -@@ -2226,6 +2227,13 @@ static int test_compr_eb(__G__ eb, eb_si - eb_size <= (compr_offset + EB_CMPRHEADLEN))) - return IZ_EF_TRUNC; /* no compressed data! */ - -+ method = makeword(eb + (EB_HEADSIZE + compr_offset)); -+ if ((method == STORED) && -+ (eb_size - compr_offset - EB_CMPRHEADLEN != eb_ucsize)) -+ return PK_ERR; /* compressed & uncompressed -+ * should match in STORED -+ * method */ -+ - if ( - #ifdef INT_16BIT - (((ulg)(extent)eb_ucsize) != eb_ucsize) || diff --git a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/define-ldflags.patch b/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/define-ldflags.patch deleted file mode 100644 index 659c6e331..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/define-ldflags.patch +++ /dev/null @@ -1,18 +0,0 @@ -Pass LDFLAGS to the linker - -Upstream-Status: Pending - -Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com> - -diff -Naur old/unix/configure new/unix/configure ---- old/unix/configure 2014-01-13 21:59:27.000000000 +1100 -+++ new/unix/configure 2014-01-14 16:36:02.000000000 +1100 -@@ -16,7 +16,7 @@ - CFLAGSR=${CFLAGS} - IZ_BZIP2=${3} - CFLAGS="${CFLAGS} -I. -DUNIX" --LFLAGS1="" -+LFLAGS1=${LDFLAGS} - LFLAGS2="" - LN="ln -s" - diff --git a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch b/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch deleted file mode 100644 index 8e9b06c42..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch +++ /dev/null @@ -1,97 +0,0 @@ -unzip: Fixing security formatting issues - -Fix security formatting issues related to sprintf parameters expeted. - -[YOCTO #9551] -[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551] - -Upstream-Status: Pending - -Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> - -diff --git a/extract.c b/extract.c -index 7cd9123..25c5a62 100644 ---- a/extract.c -+++ b/extract.c -@@ -475,7 +475,7 @@ int extract_or_test_files(__G) /* return PK-type error code */ - Info(slide, 0x401, ((char *)slide, - LoadFarString(CentSigMsg), j + blknum*DIR_BLKSIZ + 1)); - Info(slide, 0x401, ((char *)slide, -- LoadFarString(ReportMsg))); -+ "%s",LoadFarString(ReportMsg))); - error_in_archive = PK_BADERR; - } - reached_end = TRUE; /* ...so no more left to do */ -@@ -754,8 +754,8 @@ int extract_or_test_files(__G) /* return PK-type error code */ - - #ifndef SFX - if (no_endsig_found) { /* just to make sure */ -- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); -- Info(slide, 0x401, ((char *)slide, LoadFarString(ReportMsg))); -+ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); -+ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(ReportMsg))); - if (!error_in_archive) /* don't overwrite stronger error */ - error_in_archive = PK_WARN; - } -diff --git a/list.c b/list.c -index 15e0011..0b484f6 100644 ---- a/list.c -+++ b/list.c -@@ -181,7 +181,7 @@ int list_files(__G) /* return PK-type error code */ - Info(slide, 0x401, - ((char *)slide, LoadFarString(CentSigMsg), j)); - Info(slide, 0x401, -- ((char *)slide, LoadFarString(ReportMsg))); -+ ((char *)slide, "%s", LoadFarString(ReportMsg))); - return PK_BADERR; /* sig not found */ - } - } -@@ -507,7 +507,7 @@ int list_files(__G) /* return PK-type error code */ - && (!G.ecrec.is_zip64_archive) - && (memcmp(G.sig, end_central_sig, 4) != 0) - ) { /* just to make sure again */ -- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); -+ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); - error_in_archive = PK_WARN; /* didn't find sig */ - } - -@@ -591,7 +591,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */ - Info(slide, 0x401, - ((char *)slide, LoadFarString(CentSigMsg), j)); - Info(slide, 0x401, -- ((char *)slide, LoadFarString(ReportMsg))); -+ ((char *)slide, "%s", LoadFarString(ReportMsg))); - return PK_BADERR; /* sig not found */ - } - } -@@ -674,7 +674,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */ - ---------------------------------------------------------------------------*/ - - if (memcmp(G.sig, end_central_sig, 4)) { /* just to make sure again */ -- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); -+ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); - error_in_archive = PK_WARN; - } - if (*nmember == 0L && error_in_archive <= PK_WARN) -diff --git a/zipinfo.c b/zipinfo.c -index 0ac75b3..1e7fa82 100644 ---- a/zipinfo.c -+++ b/zipinfo.c -@@ -833,7 +833,7 @@ int zipinfo(__G) /* return PK-type error code */ - Info(slide, 0x401, - ((char *)slide, LoadFarString(CentSigMsg), j)); - Info(slide, 0x401, -- ((char *)slide, LoadFarString(ReportMsg))); -+ ((char *)slide, "%s", LoadFarString(ReportMsg))); - error_in_archive = PK_BADERR; /* sig not found */ - break; - } -@@ -1022,7 +1022,7 @@ int zipinfo(__G) /* return PK-type error code */ - && (!G.ecrec.is_zip64_archive) - && (memcmp(G.sig, end_central_sig, 4) != 0) - ) { /* just to make sure again */ -- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); -+ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg))); - error_in_archive = PK_WARN; /* didn't find sig */ - } - |