From a001833b7c7a0a6eef88e053fe65e2a0c91ca7bc Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Wed, 25 Jul 2018 21:55:17 +0100 Subject: unzip: fix symlink problem Large zip files can cause unzip to crash, take a patch from Fedora to fix it. Signed-off-by: Ross Burton --- meta/recipes-extended/unzip/unzip/symlink.patch | 26 +++++++++++++++++++++++++ meta/recipes-extended/unzip/unzip_6.0.bb | 1 + 2 files changed, 27 insertions(+) create mode 100644 meta/recipes-extended/unzip/unzip/symlink.patch (limited to 'meta/recipes-extended') diff --git a/meta/recipes-extended/unzip/unzip/symlink.patch b/meta/recipes-extended/unzip/unzip/symlink.patch new file mode 100644 index 0000000000..a38f6f1612 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/symlink.patch @@ -0,0 +1,26 @@ +Unzip doesn't handle large zip files well and crashes: + +"This only happens if you have more then 16k entries and when one of +the 16k entry infos is reused it happend to be previously used for +a symlink entry." + +This patch is taken from Fedora (https://bugzilla.redhat.com/show_bug.cgi?id=972427) + +Upstream-Status: Pending (upstream is dead) +Signed-off-by: Ross Burton + +--- unzip60/process.c.sav 2013-06-09 12:08:57.070392264 +0200 ++++ unzip60/process.c 2013-06-09 12:10:08.641696988 +0200 +@@ -1751,6 +1751,12 @@ + = (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11); + #endif + ++#ifdef SYMLINKS ++ /* Initialize the symlink flag, may be set by the platform-specific ++ mapattr function. */ ++ G.pInfo->symlink = 0; ++#endif ++ + return PK_COOL; + + } /* end function process_cdir_file_hdr() */ diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb index 105d048f55..dbf4112a4c 100644 --- a/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/meta/recipes-extended/unzip/unzip_6.0.bb @@ -19,6 +19,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/ file://fix-security-format.patch \ file://18-cve-2014-9913-unzip-buffer-overflow.patch \ file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \ + file://symlink.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" -- cgit 1.2.3-korg