diff options
Diffstat (limited to 'meta/recipes-extended/unzip')
18 files changed, 1270 insertions, 12 deletions
diff --git a/meta/recipes-extended/unzip/unzip/0001-configure-Add-correct-system-headers-and-prototypes-.patch b/meta/recipes-extended/unzip/unzip/0001-configure-Add-correct-system-headers-and-prototypes-.patch new file mode 100644 index 0000000000..f7e0854cd9 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/0001-configure-Add-correct-system-headers-and-prototypes-.patch @@ -0,0 +1,112 @@ +From 5ac5885d35257888d0e4a9dda903405314f9fc84 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 10 Aug 2022 17:53:13 -0700 +Subject: [PATCH] configure: Add correct system headers and prototypes to tests + +Newer compilers e.g. clang-15+ have turned stricter towards these +warnings and turned them into errors which results in subtle failures +during build, therefore make the testcases use the needed headers and +modern C + +Upstream-Status: Inactive-Upstream + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + unix/configure | 51 +++++++++++++++++++++++++++++++++++++++----------- + 1 file changed, 40 insertions(+), 11 deletions(-) + +diff --git a/unix/configure b/unix/configure +index 49579f3..8fd82dd 100755 +--- a/unix/configure ++++ b/unix/configure +@@ -379,14 +379,37 @@ $CC $CFLAGS -c conftest.c >/dev/null 2>/dev/null + + # Check for missing functions + # add NO_'function_name' to flags if missing +-for func in fchmod fchown lchown nl_langinfo +-do +- echo Check for $func +- echo "int main(){ $func(); return 0; }" > conftest.c +- $CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null +- [ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_`echo $func | tr '[a-z]' '[A-Z]'`" +-done ++echo Check for fchmod ++cat > conftest.c << _EOF_ ++#include <sys/stat.h> ++int main(){ fchmod(0,0); return 0; } ++_EOF_ ++$CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null ++[ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_FCHMOD" + ++echo Check for fchown ++cat > conftest.c << _EOF_ ++#include <unistd.h> ++int main(){ fchown(0,0,0); return 0; } ++_EOF_ ++$CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null ++[ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_FCHOWN" ++ ++echo Check for lchown ++cat > conftest.c << _EOF_ ++#include <unistd.h> ++int main(){ lchown(NULL,0,0); return 0; } ++_EOF_ ++$CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null ++[ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_LCHOWN" ++ ++echo Check for nl_langinfo ++cat > conftest.c << _EOF_ ++#include <langinfo.h> ++int main(){ nl_langinfo(0); return 0; } ++_EOF_ ++$CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null ++[ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_NL_LANGINFO" + # Check (seriously) for a working lchmod. + echo 'Check for lchmod' + temp_file="/tmp/unzip_test_$$" +@@ -401,14 +424,17 @@ ln -s "${temp_link}" "${temp_file}" && \ + rm -f "${temp_file}" + + echo Check for memset +-echo "int main(){ char k; memset(&k,0,0); return 0; }" > conftest.c ++cat > conftest.c << _EOF_ ++#include <string.h> ++int main(){ char k; memset(&k,0,0); return 0; } ++_EOF_ + $CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null + [ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DZMEM" + + echo Check for errno declaration + cat > conftest.c << _EOF_ + #include <errno.h> +-main() ++int main() + { + errno = 0; + return 0; +@@ -419,6 +445,8 @@ $CC $CFLAGS -c conftest.c >/dev/null 2>/dev/null + + echo Check for directory libraries + cat > conftest.c << _EOF_ ++#include <sys/types.h> ++#include <dirent.h> + int main() { return closedir(opendir(".")); } + _EOF_ + +@@ -523,10 +551,11 @@ fi + # needed for AIX (and others ?) when mmap is used + echo Check for valloc + cat > conftest.c << _EOF_ +-main() ++#include <stdlib.h> ++int main() + { + #ifdef MMAP +- valloc(); ++ valloc(0); + #endif + } + _EOF_ +-- +2.37.1 + diff --git a/meta/recipes-extended/unzip/unzip/0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch b/meta/recipes-extended/unzip/unzip/0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch new file mode 100644 index 0000000000..5a6d1946f6 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch @@ -0,0 +1,137 @@ +From da29ba6a27d8e78562052c79061476848915eb2a Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 9 Mar 2022 12:13:28 -0800 +Subject: [PATCH] configure: Pass LDFLAGS to tests doing link step + +Ensures that right flags from recipes are honored, otherwise tests fail +which otherwise should not. + +Upstream-Status: Inactive-Upstream +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + unix/configure | 28 ++++++++++++++-------------- + 1 file changed, 14 insertions(+), 14 deletions(-) + +diff --git a/unix/configure b/unix/configure +index d4b0a8e..49579f3 100755 +--- a/unix/configure ++++ b/unix/configure +@@ -116,7 +116,7 @@ _EOF_ + # Special Mac OS X shared library "ld" option? + if test ` uname -s 2> /dev/null ` = 'Darwin'; then + lf='-Wl,-search_paths_first' +- $CC $CFLAGS $lf conftest.c > /dev/null 2>/dev/null ++ $CC $CFLAGS $LDFLAGS $lf conftest.c > /dev/null 2>/dev/null + if test $? -eq 0; then + BZLF=${lf} + fi +@@ -276,7 +276,7 @@ int main() + } + _EOF_ + # compile it +-$CC -o conftest conftest.c >/dev/null 2>/dev/null ++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then + echo -- no Large File Support + else +@@ -322,7 +322,7 @@ int main() + } + _EOF_ + # compile it +-$CC -o conftest conftest.c >/dev/null 2>/dev/null ++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then + echo "-- no Unicode (wchar_t) support" + else +@@ -383,7 +383,7 @@ for func in fchmod fchown lchown nl_langinfo + do + echo Check for $func + echo "int main(){ $func(); return 0; }" > conftest.c +- $CC $BFLAG -o conftest conftest.c >/dev/null 2>/dev/null ++ $CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null + [ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_`echo $func | tr '[a-z]' '[A-Z]'`" + done + +@@ -395,14 +395,14 @@ temp_link="link_$$" + echo "int main() { lchmod(\"${temp_file}\", 0666); }" \ + ) > conftest.c + ln -s "${temp_link}" "${temp_file}" && \ +- $CC $BFLAG -o conftest conftest.c >/dev/null 2>/dev/null && \ ++ $CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null && \ + ./conftest + [ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_LCHMOD" + rm -f "${temp_file}" + + echo Check for memset + echo "int main(){ char k; memset(&k,0,0); return 0; }" > conftest.c +-$CC -o conftest conftest.c >/dev/null 2>/dev/null ++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null + [ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DZMEM" + + echo Check for errno declaration +@@ -422,12 +422,12 @@ cat > conftest.c << _EOF_ + int main() { return closedir(opendir(".")); } + _EOF_ + +-$CC -o conftest conftest.c >/dev/null 2>/dev/null ++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then + OPT="" + for lib in ndir dir ucb bsd BSD PW x dirent + do +- $CC -o conftest conftest.c -l$lib >/dev/null 2>/dev/null ++ $CC $CLFAGS $LDFLAGS -o conftest conftest.c -l$lib >/dev/null 2>/dev/null + [ $? -eq 0 ] && OPT=-l$lib && break + done + if [ ${OPT} ]; then +@@ -440,9 +440,9 @@ fi + # Dynix/ptx 1.3 needed this + echo Check for readlink + echo "int main(){ return readlink(); }" > conftest.c +-$CC -o conftest conftest.c >/dev/null 2>/dev/null ++$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then +- $CC -o conftest conftest.c -lseq >/dev/null 2>/dev/null ++ $CC $CFLAGS $LDFLAGS -o conftest conftest.c -lseq >/dev/null 2>/dev/null + [ $? -eq 0 ] && LFLAGS2="${LFLAGS2} -lseq" + fi + +@@ -501,7 +501,7 @@ int main() + } + _EOF_ + # compile it +-$CC ${CFLAGS} ${CFLAGSR} -o conftest conftest.c >/dev/null 2>/dev/null ++$CC ${CFLAGS} ${CFLAGSR} $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then + echo "-- no MBCS support" + CFLAGSR="${CFLAGSR} -DNO_MBCS" +@@ -515,7 +515,7 @@ else + do + echo Check for MBCS $func + echo "int main() { $func(); return 0; }" > conftest.c +- $CC $BFLAG -o conftest conftest.c >/dev/null 2>/dev/null ++ $CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null + [ $? -eq 0 ] && CFLAGSR="${CFLAGSR} -D`echo $func | tr '[a-z]' '[A-Z]'`=$func" + done + fi +@@ -557,7 +557,7 @@ elif [ -f /xenix ]; then + elif uname -X >/dev/null 2>/dev/null; then + # SCO shared library check + echo "int main() { return 0;}" > conftest.c +- $CC -o conftest conftest.c -lc_s -nointl >/dev/null 2> /dev/null ++ $CC $CFLAGS $LDFLAGS -o conftest conftest.c -lc_s -nointl >/dev/null 2> /dev/null + [ $? -eq 0 ] && LFLAGS2="-lc_s -nointl" + else + SYSTEM=`uname -s 2>/dev/null` || SYSTEM="unknown" +@@ -565,7 +565,7 @@ else + case $SYSTEM in + OSF1|ULTRIX) + echo Check for -Olimit option +- $CC ${CFLAGS} -Olimit 1000 -o conftest conftest.c >/dev/null 2>/dev/null ++ $CC ${CFLAGS} ${LDFLAGS} -Olimit 1000 -o conftest conftest.c >/dev/null 2>/dev/null + [ $? -eq 0 ] && CFLAGSR="${CFLAGSR} -Olimit 1000" + ;; + ### HP-UX) +-- +2.35.1 + diff --git a/meta/recipes-extended/unzip/unzip/0001-unix-configure-fix-detection-for-cross-compilation.patch b/meta/recipes-extended/unzip/unzip/0001-unix-configure-fix-detection-for-cross-compilation.patch new file mode 100644 index 0000000000..2fa7f481b7 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/0001-unix-configure-fix-detection-for-cross-compilation.patch @@ -0,0 +1,103 @@ +From 5cbf901b5c3b6a7d1d0ed91b6df4194bb6d25a40 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Thu, 15 Jun 2023 07:14:17 -0700 +Subject: [PATCH] unix/configure: fix detection for cross compilation + +We're doing cross compilation, running a cross-compiled problem +on host to detemine feature is not correct. So we change runtime +check into compile-time check to detect the features. + +Upstream-Status: Inactive-Upstream + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + unix/configure | 44 +++++++++++++++----------------------------- + 1 file changed, 15 insertions(+), 29 deletions(-) + +diff --git a/unix/configure b/unix/configure +index 8fd82dd..68dee98 100755 +--- a/unix/configure ++++ b/unix/configure +@@ -259,6 +259,10 @@ cat > conftest.c << _EOF_ + #include <sys/stat.h> + #include <unistd.h> + #include <stdio.h> ++ ++_Static_assert(sizeof(off_t) < 8, "sizeof off_t < 8 failed"); ++_Static_assert(sizeof((struct stat){0}.st_size) < 8, "sizeof st_size < 8 failed"); ++ + int main() + { + off_t offset; +@@ -278,21 +282,10 @@ _EOF_ + # compile it + $CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null + if [ $? -ne 0 ]; then +- echo -- no Large File Support ++ echo -- yes we have Large File Support! ++ CFLAGSR="${CFLAGSR} -DLARGE_FILE_SUPPORT" + else +-# run it +- ./conftest +- r=$? +- if [ $r -eq 1 ]; then +- echo -- no Large File Support - no 64-bit off_t +- elif [ $r -eq 2 ]; then +- echo -- no Large File Support - no 64-bit stat +- elif [ $r -eq 3 ]; then +- echo -- yes we have Large File Support! +- CFLAGSR="${CFLAGSR} -DLARGE_FILE_SUPPORT" +- else +- echo -- no Large File Support - conftest returned $r +- fi ++ echo -- no Large File Support + fi + + # Added 11/24/2005 EG +@@ -302,6 +295,11 @@ cat > conftest.c << _EOF_ + #include <stdlib.h> + #include <stdio.h> + #include <wchar.h> ++ ++#ifndef __STDC_ISO_10646__ ++#error "__STDC_ISO_10646__ not defined ++#endif ++ + int main() + { + size_t wsize; +@@ -327,19 +325,8 @@ if [ $? -ne 0 ]; then + echo "-- no Unicode (wchar_t) support" + else + # have wide char support +-# run it +- ./conftest +- r=$? +- if [ $r -eq 0 ]; then +- echo -- no Unicode wchar_t support - wchar_t allocation error +- elif [ $r -eq 1 ]; then +- echo -- no Unicode support - wchar_t encoding unspecified +- elif [ $r -eq 2 ]; then +- echo -- have wchar_t with known UCS encoding - enabling Unicode support! +- CFLAGSR="${CFLAGSR} -DUNICODE_SUPPORT -DUNICODE_WCHAR" +- else +- echo "-- no Unicode (wchar_t) support - conftest returned $r" +- fi ++ echo -- have wchar_t with known UCS encoding - enabling Unicode support! ++ CFLAGSR="${CFLAGSR} -DUNICODE_SUPPORT -DUNICODE_WCHAR" + fi + + echo "Check for setlocale support (needed for UNICODE Native check)" +@@ -418,8 +405,7 @@ temp_link="link_$$" + echo "int main() { lchmod(\"${temp_file}\", 0666); }" \ + ) > conftest.c + ln -s "${temp_link}" "${temp_file}" && \ +- $CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null && \ +- ./conftest ++ $CC -Werror=implicit-function-declaration $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null + [ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_LCHMOD" + rm -f "${temp_file}" + +-- +2.34.1 + diff --git a/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch b/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch new file mode 100644 index 0000000000..37289d1a53 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch @@ -0,0 +1,48 @@ +From 349f566e6e757458843fa164a0f0584280e1501e Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Wed, 15 Aug 2018 16:20:53 +0800 +Subject: [PATCH] unzip: fix CVE-2018-1000035 + +Upstream-Status: Backport + +CVE: CVE-2018-1000035 + +backport from unzip6.10c23 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + fileio.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/fileio.c b/fileio.c +index 36bfea3..7605a29 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn) + int r = IZ_PW_ENTERED; + char *m; + char *prompt; ++ char *ep; ++ char *zp; + + #ifndef REENTRANT + /* tell picky compilers to shut up about "unused variable" warnings */ +@@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn) + + if (*rcnt == 0) { /* First call for current entry */ + *rcnt = 2; +- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { +- sprintf(prompt, LoadFarString(PasswPrompt), +- FnFilter1(zfn), FnFilter2(efn)); ++ zp = FnFilter1( zfn); ++ ep = FnFilter2( efn); ++ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */ ++ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep)); ++ if (prompt != (char *)NULL) { ++ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep); + m = prompt; + } else + m = (char *)LoadFarString(PasswPrompt2); +-- +2.7.4 + diff --git a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch index c989df1896..ca4aaadffe 100644 --- a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch +++ b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch @@ -9,9 +9,11 @@ CVE: CVE-2014-8140 Signed-off-by: Roy Li <rongqing.li@windriver.com> ---- a/extract.c -+++ b/extract.c -@@ -2232,10 +2232,17 @@ +Index: unzip60/extract.c +=================================================================== +--- unzip60.orig/extract.c ++++ unzip60/extract.c +@@ -2233,10 +2233,17 @@ static int test_compr_eb(__G__ eb, eb_si if (compr_offset < 4) /* field is not compressed: */ return PK_OK; /* do nothing and signal OK */ @@ -30,5 +32,5 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com> + ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) + return IZ_EF_TRUNC; /* no/bad compressed data! */ - if ( - #ifdef INT_16BIT + method = makeword(eb + (EB_HEADSIZE + compr_offset)); + if ((method == STORED) && diff --git a/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch b/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch new file mode 100644 index 0000000000..cc9e2c1ea1 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch @@ -0,0 +1,39 @@ +Upstream-Status: Backport [https://sourceforge.net/p/infozip/bugs/53/] +CVE: CVE-2018-18384 +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +--- unzip60/list.c ++++ unzip60/list.c +@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type + { + int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; + #ifndef WINDLL +- char sgn, cfactorstr[10]; ++ char sgn, cfactorstr[1+10+1+1]; /* <sgn><int>%NUL */ + int longhdr=(uO.vflag>1); + #endif + int date_format; +@@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type + } + #else /* !WINDLL */ + if (cfactor == 100) +- sprintf(cfactorstr, LoadFarString(CompFactor100)); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); + else +- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); + if (longhdr) + Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats), + FmZofft(G.crec.ucsize, "8", "u"), methbuf, +@@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type + + #else /* !WINDLL */ + if (cfactor == 100) +- sprintf(cfactorstr, LoadFarString(CompFactor100)); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); + else +- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); + if (longhdr) { + Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer), + FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"), diff --git a/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch new file mode 100644 index 0000000000..d485a1bd6e --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch @@ -0,0 +1,33 @@ +From 080d52c3c9416c731f637f9c6e003961ef43f079 Mon Sep 17 00:00:00 2001 +From: Mark Adler <madler@alumni.caltech.edu> +Date: Mon, 27 May 2019 08:20:32 -0700 +Subject: [PATCH 1/3] Fix bug in undefer_input() that misplaced the input + state. + +CVE: CVE-2019-13232 +Upstream-Status: Backport +[https://github.com/madler/unzip/commit/41beb477c5744bc396fa1162ee0c14218ec12213] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + fileio.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/fileio.c b/fileio.c +index 7605a29..14460f3 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -532,8 +532,10 @@ void undefer_input(__G) + * This condition was checked when G.incnt_leftover was set > 0 in + * defer_leftover_input(), and it is NOT allowed to touch G.csize + * before calling undefer_input() when (G.incnt_leftover > 0) +- * (single exception: see read_byte()'s "G.csize <= 0" handling) !! ++ * (single exception: see readbyte()'s "G.csize <= 0" handling) !! + */ ++ if (G.csize < 0L) ++ G.csize = 0L; + G.incnt = G.incnt_leftover + (int)G.csize; + G.inptr = G.inptr_leftover - (int)G.csize; + G.incnt_leftover = 0; +-- +2.22.0.vfs.1.1.57.gbaf16c8 diff --git a/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch new file mode 100644 index 0000000000..41037a8e24 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch @@ -0,0 +1,356 @@ +From 1aae47fa8935654a84403768f32c03ecbb1be470 Mon Sep 17 00:00:00 2001 +From: Mark Adler <madler@alumni.caltech.edu> +Date: Tue, 11 Jun 2019 22:01:18 -0700 +Subject: [PATCH 2/3] Detect and reject a zip bomb using overlapped entries. + +This detects an invalid zip file that has at least one entry that +overlaps with another entry or with the central directory to the +end of the file. A Fifield zip bomb uses overlapped local entries +to vastly increase the potential inflation ratio. Such an invalid +zip file is rejected. + +See https://www.bamsoftware.com/hacks/zipbomb/ for David Fifield's +analysis, construction, and examples of such zip bombs. + +The detection maintains a list of covered spans of the zip files +so far, where the central directory to the end of the file and any +bytes preceding the first entry at zip file offset zero are +considered covered initially. Then as each entry is decompressed +or tested, it is considered covered. When a new entry is about to +be processed, its initial offset is checked to see if it is +contained by a covered span. If so, the zip file is rejected as +invalid. + +This commit depends on a preceding commit: "Fix bug in +undefer_input() that misplaced the input state." + +CVE: CVE-2019-13232 +Upstream-Status: Backport +[https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + extract.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++++- + globals.c | 1 + + globals.h | 3 + + process.c | 10 +++ + unzip.h | 1 + + 5 files changed, 204 insertions(+), 1 deletion(-) + +diff --git a/extract.c b/extract.c +index 24db2a8..2bb72ba 100644 +--- a/extract.c ++++ b/extract.c +@@ -321,6 +321,125 @@ static ZCONST char Far UnsupportedExtraField[] = + "\nerror: unsupported extra-field compression type (%u)--skipping\n"; + static ZCONST char Far BadExtraFieldCRC[] = + "error [%s]: bad extra-field CRC %08lx (should be %08lx)\n"; ++static ZCONST char Far NotEnoughMemCover[] = ++ "error: not enough memory for bomb detection\n"; ++static ZCONST char Far OverlappedComponents[] = ++ "error: invalid zip file with overlapped components (possible zip bomb)\n"; ++ ++ ++ ++ ++ ++/* A growable list of spans. */ ++typedef zoff_t bound_t; ++typedef struct { ++ bound_t beg; /* start of the span */ ++ bound_t end; /* one past the end of the span */ ++} span_t; ++typedef struct { ++ span_t *span; /* allocated, distinct, and sorted list of spans */ ++ size_t num; /* number of spans in the list */ ++ size_t max; /* allocated number of spans (num <= max) */ ++} cover_t; ++ ++/* ++ * Return the index of the first span in cover whose beg is greater than val. ++ * If there is no such span, then cover->num is returned. ++ */ ++static size_t cover_find(cover, val) ++ cover_t *cover; ++ bound_t val; ++{ ++ size_t lo = 0, hi = cover->num; ++ while (lo < hi) { ++ size_t mid = (lo + hi) >> 1; ++ if (val < cover->span[mid].beg) ++ hi = mid; ++ else ++ lo = mid + 1; ++ } ++ return hi; ++} ++ ++/* Return true if val lies within any one of the spans in cover. */ ++static int cover_within(cover, val) ++ cover_t *cover; ++ bound_t val; ++{ ++ size_t pos = cover_find(cover, val); ++ return pos > 0 && val < cover->span[pos - 1].end; ++} ++ ++/* ++ * Add a new span to the list, but only if the new span does not overlap any ++ * spans already in the list. The new span covers the values beg..end-1. beg ++ * must be less than end. ++ * ++ * Keep the list sorted and merge adjacent spans. Grow the allocated space for ++ * the list as needed. On success, 0 is returned. If the new span overlaps any ++ * existing spans, then 1 is returned and the new span is not added to the ++ * list. If the new span is invalid because beg is greater than or equal to ++ * end, then -1 is returned. If the list needs to be grown but the memory ++ * allocation fails, then -2 is returned. ++ */ ++static int cover_add(cover, beg, end) ++ cover_t *cover; ++ bound_t beg; ++ bound_t end; ++{ ++ size_t pos; ++ int prec, foll; ++ ++ if (beg >= end) ++ /* The new span is invalid. */ ++ return -1; ++ ++ /* Find where the new span should go, and make sure that it does not ++ overlap with any existing spans. */ ++ pos = cover_find(cover, beg); ++ if ((pos > 0 && beg < cover->span[pos - 1].end) || ++ (pos < cover->num && end > cover->span[pos].beg)) ++ return 1; ++ ++ /* Check for adjacencies. */ ++ prec = pos > 0 && beg == cover->span[pos - 1].end; ++ foll = pos < cover->num && end == cover->span[pos].beg; ++ if (prec && foll) { ++ /* The new span connects the preceding and following spans. Merge the ++ following span into the preceding span, and delete the following ++ span. */ ++ cover->span[pos - 1].end = cover->span[pos].end; ++ cover->num--; ++ memmove(cover->span + pos, cover->span + pos + 1, ++ (cover->num - pos) * sizeof(span_t)); ++ } ++ else if (prec) ++ /* The new span is adjacent only to the preceding span. Extend the end ++ of the preceding span. */ ++ cover->span[pos - 1].end = end; ++ else if (foll) ++ /* The new span is adjacent only to the following span. Extend the ++ beginning of the following span. */ ++ cover->span[pos].beg = beg; ++ else { ++ /* The new span has gaps between both the preceding and the following ++ spans. Assure that there is room and insert the span. */ ++ if (cover->num == cover->max) { ++ size_t max = cover->max == 0 ? 16 : cover->max << 1; ++ span_t *span = realloc(cover->span, max * sizeof(span_t)); ++ if (span == NULL) ++ return -2; ++ cover->span = span; ++ cover->max = max; ++ } ++ memmove(cover->span + pos + 1, cover->span + pos, ++ (cover->num - pos) * sizeof(span_t)); ++ cover->num++; ++ cover->span[pos].beg = beg; ++ cover->span[pos].end = end; ++ } ++ return 0; ++} + + + +@@ -376,6 +495,29 @@ int extract_or_test_files(__G) /* return PK-type error code */ + } + #endif /* !SFX || SFX_EXDIR */ + ++ /* One more: initialize cover structure for bomb detection. Start with a ++ span that covers the central directory though the end of the file. */ ++ if (G.cover == NULL) { ++ G.cover = malloc(sizeof(cover_t)); ++ if (G.cover == NULL) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(NotEnoughMemCover))); ++ return PK_MEM; ++ } ++ ((cover_t *)G.cover)->span = NULL; ++ ((cover_t *)G.cover)->max = 0; ++ } ++ ((cover_t *)G.cover)->num = 0; ++ if ((G.extra_bytes != 0 && ++ cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) || ++ cover_add((cover_t *)G.cover, ++ G.extra_bytes + G.ecrec.offset_start_central_directory, ++ G.ziplen) != 0) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(NotEnoughMemCover))); ++ return PK_MEM; ++ } ++ + /*--------------------------------------------------------------------------- + The basic idea of this function is as follows. Since the central di- + rectory lies at the end of the zipfile and the member files lie at the +@@ -593,7 +735,8 @@ int extract_or_test_files(__G) /* return PK-type error code */ + if (error > error_in_archive) + error_in_archive = error; + /* ...and keep going (unless disk full or user break) */ +- if (G.disk_full > 1 || error_in_archive == IZ_CTRLC) { ++ if (G.disk_full > 1 || error_in_archive == IZ_CTRLC || ++ error == PK_BOMB) { + /* clear reached_end to signal premature stop ... */ + reached_end = FALSE; + /* ... and cancel scanning the central directory */ +@@ -1062,6 +1205,11 @@ static int extract_or_test_entrylist(__G__ numchunk, + + /* seek_zipf(__G__ pInfo->offset); */ + request = G.pInfo->offset + G.extra_bytes; ++ if (cover_within((cover_t *)G.cover, request)) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(OverlappedComponents))); ++ return PK_BOMB; ++ } + inbuf_offset = request % INBUFSIZ; + bufstart = request - inbuf_offset; + +@@ -1593,6 +1741,18 @@ reprompt: + return IZ_CTRLC; /* cancel operation by user request */ + } + #endif ++ error = cover_add((cover_t *)G.cover, request, ++ G.cur_zipfile_bufstart + (G.inptr - G.inbuf)); ++ if (error < 0) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(NotEnoughMemCover))); ++ return PK_MEM; ++ } ++ if (error != 0) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(OverlappedComponents))); ++ return PK_BOMB; ++ } + #ifdef MACOS /* MacOS is no preemptive OS, thus call event-handling by hand */ + UserStop(); + #endif +@@ -1994,6 +2154,34 @@ static int extract_or_test_member(__G) /* return PK-type error code */ + } + + undefer_input(__G); ++ ++ if ((G.lrec.general_purpose_bit_flag & 8) != 0) { ++ /* skip over data descriptor (harder than it sounds, due to signature ++ * ambiguity) ++ */ ++# define SIG 0x08074b50 ++# define LOW 0xffffffff ++ uch buf[12]; ++ unsigned shy = 12 - readbuf((char *)buf, 12); ++ ulg crc = shy ? 0 : makelong(buf); ++ ulg clen = shy ? 0 : makelong(buf + 4); ++ ulg ulen = shy ? 0 : makelong(buf + 8); /* or high clen if ZIP64 */ ++ if (crc == SIG && /* if not SIG, no signature */ ++ (G.lrec.crc32 != SIG || /* if not SIG, have signature */ ++ (clen == SIG && /* if not SIG, no signature */ ++ ((G.lrec.csize & LOW) != SIG || /* if not SIG, have signature */ ++ (ulen == SIG && /* if not SIG, no signature */ ++ (G.zip64 ? G.lrec.csize >> 32 : G.lrec.ucsize) != SIG ++ /* if not SIG, have signature */ ++ ))))) ++ /* skip four more bytes to account for signature */ ++ shy += 4 - readbuf((char *)buf, 4); ++ if (G.zip64) ++ shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */ ++ if (shy) ++ error = PK_ERR; ++ } ++ + return error; + + } /* end function extract_or_test_member() */ +diff --git a/globals.c b/globals.c +index fa8cca5..1e0f608 100644 +--- a/globals.c ++++ b/globals.c +@@ -181,6 +181,7 @@ Uz_Globs *globalsCtor() + # if (!defined(NO_TIMESTAMPS)) + uO.D_flag=1; /* default to '-D', no restoration of dir timestamps */ + # endif ++ G.cover = NULL; /* not allocated yet */ + #endif + + uO.lflag=(-1); +diff --git a/globals.h b/globals.h +index 11b7215..2bdcdeb 100644 +--- a/globals.h ++++ b/globals.h +@@ -260,12 +260,15 @@ typedef struct Globals { + ecdir_rec ecrec; /* used in unzip.c, extract.c */ + z_stat statbuf; /* used by main, mapname, check_for_newer */ + ++ int zip64; /* true if Zip64 info in extra field */ ++ + int mem_mode; + uch *outbufptr; /* extract.c static */ + ulg outsize; /* extract.c static */ + int reported_backslash; /* extract.c static */ + int disk_full; + int newfile; ++ void **cover; /* used in extract.c for bomb detection */ + + int didCRlast; /* fileio static */ + ulg numlines; /* fileio static: number of lines printed */ +diff --git a/process.c b/process.c +index a3c1a4d..208619c 100644 +--- a/process.c ++++ b/process.c +@@ -637,6 +637,13 @@ void free_G_buffers(__G) /* releases all memory allocated in global vars */ + } + #endif + ++ /* Free the cover span list and the cover structure. */ ++ if (G.cover != NULL) { ++ free(*(G.cover)); ++ free(G.cover); ++ G.cover = NULL; ++ } ++ + } /* end function free_G_buffers() */ + + +@@ -1905,6 +1912,7 @@ int getZip64Data(__G__ ef_buf, ef_len) + + #define Z64FLGS 0xffff + #define Z64FLGL 0xffffffff ++ G.zip64 = FALSE; + + if (ef_len == 0 || ef_buf == NULL) + return PK_COOL; +@@ -1964,6 +1972,8 @@ int getZip64Data(__G__ ef_buf, ef_len) + G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf); + offset += 4; + } ++ ++ G.zip64 = TRUE; + #if 0 + break; /* Expect only one EF_PKSZ64 block. */ + #endif /* 0 */ +diff --git a/unzip.h b/unzip.h +index 5b2a326..ed24a5b 100644 +--- a/unzip.h ++++ b/unzip.h +@@ -645,6 +645,7 @@ typedef struct _Uzp_cdir_Rec { + #define PK_NOZIP 9 /* zipfile not found */ + #define PK_PARAM 10 /* bad or illegal parameters specified */ + #define PK_FIND 11 /* no files found */ ++#define PK_BOMB 12 /* likely zip bomb */ + #define PK_DISK 50 /* disk full */ + #define PK_EOF 51 /* unexpected EOF */ + +-- +2.22.0.vfs.1.1.57.gbaf16c8 diff --git a/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch new file mode 100644 index 0000000000..fd26fdd833 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch @@ -0,0 +1,121 @@ +From be88aa4811af47ca06d8b7dcda294f899eba70ea Mon Sep 17 00:00:00 2001 +From: Mark Adler <madler@alumni.caltech.edu> +Date: Thu, 25 Jul 2019 20:43:17 -0700 +Subject: [PATCH 3/3] Do not raise a zip bomb alert for a misplaced central + directory. + +There is a zip-like file in the Firefox distribution, omni.ja, +which is a zip container with the central directory placed at the +start of the file instead of after the local entries as required +by the zip standard. This commit marks the actual location of the +central directory, as well as the end of central directory records, +as disallowed locations. This now permits such containers to not +raise a zip bomb alert, where in fact there are no overlaps. + +CVE: CVE-2019-13232 +Upstream-Status: Backport +[https://github.com/madler/unzip/commit/6d351831be705cc26d897db44f878a978f4138fc] + +Signed-off-by: Dan Tran <dantran@microsoft.com> +--- + extract.c | 25 +++++++++++++++++++------ + process.c | 6 ++++++ + unzpriv.h | 10 ++++++++++ + 3 files changed, 35 insertions(+), 6 deletions(-) + +diff --git a/extract.c b/extract.c +index 2bb72ba..a9dcca8 100644 +--- a/extract.c ++++ b/extract.c +@@ -495,8 +495,11 @@ int extract_or_test_files(__G) /* return PK-type error code */ + } + #endif /* !SFX || SFX_EXDIR */ + +- /* One more: initialize cover structure for bomb detection. Start with a +- span that covers the central directory though the end of the file. */ ++ /* One more: initialize cover structure for bomb detection. Start with ++ spans that cover any extra bytes at the start, the central directory, ++ the end of central directory record (including the Zip64 end of central ++ directory locator, if present), and the Zip64 end of central directory ++ record, if present. */ + if (G.cover == NULL) { + G.cover = malloc(sizeof(cover_t)); + if (G.cover == NULL) { +@@ -508,15 +511,25 @@ int extract_or_test_files(__G) /* return PK-type error code */ + ((cover_t *)G.cover)->max = 0; + } + ((cover_t *)G.cover)->num = 0; +- if ((G.extra_bytes != 0 && +- cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) || +- cover_add((cover_t *)G.cover, ++ if (cover_add((cover_t *)G.cover, + G.extra_bytes + G.ecrec.offset_start_central_directory, +- G.ziplen) != 0) { ++ G.extra_bytes + G.ecrec.offset_start_central_directory + ++ G.ecrec.size_central_directory) != 0) { + Info(slide, 0x401, ((char *)slide, + LoadFarString(NotEnoughMemCover))); + return PK_MEM; + } ++ if ((G.extra_bytes != 0 && ++ cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) || ++ (G.ecrec.have_ecr64 && ++ cover_add((cover_t *)G.cover, G.ecrec.ec64_start, ++ G.ecrec.ec64_end) != 0) || ++ cover_add((cover_t *)G.cover, G.ecrec.ec_start, ++ G.ecrec.ec_end) != 0) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(OverlappedComponents))); ++ return PK_BOMB; ++ } + + /*--------------------------------------------------------------------------- + The basic idea of this function is as follows. Since the central di- +diff --git a/process.c b/process.c +index 208619c..5f8f6c6 100644 +--- a/process.c ++++ b/process.c +@@ -1408,6 +1408,10 @@ static int find_ecrec64(__G__ searchlen) /* return PK-class error */ + + /* Now, we are (almost) sure that we have a Zip64 archive. */ + G.ecrec.have_ecr64 = 1; ++ G.ecrec.ec_start -= ECLOC64_SIZE+4; ++ G.ecrec.ec64_start = ecrec64_start_offset; ++ G.ecrec.ec64_end = ecrec64_start_offset + ++ 12 + makeint64(&byterec[ECREC64_LENGTH]); + + /* Update the "end-of-central-dir offset" for later checks. */ + G.real_ecrec_offset = ecrec64_start_offset; +@@ -1542,6 +1546,8 @@ static int find_ecrec(__G__ searchlen) /* return PK-class error */ + makelong(&byterec[OFFSET_START_CENTRAL_DIRECTORY]); + G.ecrec.zipfile_comment_length = + makeword(&byterec[ZIPFILE_COMMENT_LENGTH]); ++ G.ecrec.ec_start = G.real_ecrec_offset; ++ G.ecrec.ec_end = G.ecrec.ec_start + 22 + G.ecrec.zipfile_comment_length; + + /* Now, we have to read the archive comment, BEFORE the file pointer + is moved away backwards to seek for a Zip64 ECLOC64 structure. +diff --git a/unzpriv.h b/unzpriv.h +index c8d3eab..5e177c7 100644 +--- a/unzpriv.h ++++ b/unzpriv.h +@@ -2185,6 +2185,16 @@ typedef struct VMStimbuf { + int have_ecr64; /* valid Zip64 ecdir-record exists */ + int is_zip64_archive; /* Zip64 ecdir-record is mandatory */ + ush zipfile_comment_length; ++ zusz_t ec_start, ec_end; /* offsets of start and end of the ++ end of central directory record, ++ including if present the Zip64 ++ end of central directory locator, ++ which immediately precedes the ++ end of central directory record */ ++ zusz_t ec64_start, ec64_end; /* if have_ecr64 is true, then these ++ are the offsets of the start and ++ end of the Zip64 end of central ++ directory record */ + } ecdir_rec; + + +-- +2.22.0.vfs.1.1.57.gbaf16c8 + diff --git a/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch b/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch new file mode 100644 index 0000000000..c0103444fc --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch @@ -0,0 +1,67 @@ +From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001 +From: Nils Bars <nils.bars@t-online.de> +Date: Mon, 17 Jan 2022 16:53:16 +0000 +Subject: [PATCH] Fix null pointer dereference and use of uninitialized data + +This fixes a bug that causes use of uninitialized heap data if `readbuf` fails +to read as many bytes as indicated by the extra field length attribute. +Furthermore, this fixes a null pointer dereference if an archive contains an +`EF_UNIPATH` extra field but does not have a filename set. +--- + fileio.c | 5 ++++- + process.c | 6 +++++- + 2 files changed, 9 insertions(+), 2 deletions(-) +--- + +Patch from: +https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077 +https://launchpadlibrarian.net/580782282/0001-Fix-null-pointer-dereference-and-use-of-uninitialized-data.patch +Regenerated to apply without offsets. + +CVE: CVE-2021-4217 + +Upstream-Status: Inactive-Upstream [infozip upstream inactive] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> + + +diff --git a/fileio.c b/fileio.c +index 14460f3..1dc319e 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -2301,8 +2301,11 @@ int do_string(__G__ length, option) /* return PK-type error code */ + seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes + + (G.inptr-G.inbuf) + length); + } else { +- if (readbuf(__G__ (char *)G.extra_field, length) == 0) ++ unsigned bytes_read = readbuf(__G__ (char *)G.extra_field, length); ++ if (bytes_read == 0) + return PK_EOF; ++ if (bytes_read != length) ++ return PK_ERR; + /* Looks like here is where extra fields are read */ + if (getZip64Data(__G__ G.extra_field, length) != PK_COOL) + { +diff --git a/process.c b/process.c +index 5f8f6c6..de843a5 100644 +--- a/process.c ++++ b/process.c +@@ -2058,10 +2058,14 @@ int getUnicodeData(__G__ ef_buf, ef_len) + G.unipath_checksum = makelong(offset + ef_buf); + offset += 4; + ++ if (!G.filename_full) { ++ /* Check if we have a unicode extra section but no filename set */ ++ return PK_ERR; ++ } ++ + /* + * Compute 32-bit crc + */ +- + chksum = crc32(chksum, (uch *)(G.filename_full), + strlen(G.filename_full)); + +-- +2.32.0 + diff --git a/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch b/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch new file mode 100644 index 0000000000..1c1e120deb --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch @@ -0,0 +1,39 @@ +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355 + +CVE: CVE-2022-0529 +Upstream-Status: Inactive-Upstream [need a new release] + +diff --git a/process.c b/process.c +index d2a846e..99b9c7b 100644 +--- a/process.c ++++ b/process.c +@@ -2507,13 +2507,15 @@ char *wide_to_local_string(wide_string, escape_all) + char buf[9]; + char *buffer = NULL; + char *local_string = NULL; ++ size_t buffer_size; + + for (wsize = 0; wide_string[wsize]; wsize++) ; + + if (max_bytes < MAX_ESCAPE_BYTES) + max_bytes = MAX_ESCAPE_BYTES; + +- if ((buffer = (char *)malloc(wsize * max_bytes + 1)) == NULL) { ++ buffer_size = wsize * max_bytes + 1; ++ if ((buffer = (char *)malloc(buffer_size)) == NULL) { + return NULL; + } + +@@ -2552,7 +2554,11 @@ char *wide_to_local_string(wide_string, escape_all) + /* no MB for this wide */ + /* use escape for wide character */ + char *escape_string = wide_to_escape_string(wide_string[i]); +- strcat(buffer, escape_string); ++ size_t buffer_len = strlen(buffer); ++ size_t escape_string_len = strlen(escape_string); ++ if (buffer_len + escape_string_len + 1 > buffer_size) ++ escape_string_len = buffer_size - buffer_len - 1; ++ strncat(buffer, escape_string, escape_string_len); + free(escape_string); + } + } diff --git a/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch b/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch new file mode 100644 index 0000000000..363dafddc9 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch @@ -0,0 +1,33 @@ +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355 + +CVE: CVE-2022-0530 +Upstream-Status: Inactive-Upstream [need a new release] + +diff --git a/fileio.c b/fileio.c +index 6290824..77e4b5f 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -2361,6 +2361,9 @@ int do_string(__G__ length, option) /* return PK-type error code */ + /* convert UTF-8 to local character set */ + fn = utf8_to_local_string(G.unipath_filename, + G.unicode_escape_all); ++ if (fn == NULL) ++ return PK_ERR; ++ + /* make sure filename is short enough */ + if (strlen(fn) >= FILNAMSIZ) { + fn[FILNAMSIZ - 1] = '\0'; +diff --git a/process.c b/process.c +index d2a846e..715bc0f 100644 +--- a/process.c ++++ b/process.c +@@ -2605,6 +2605,8 @@ char *utf8_to_local_string(utf8_string, escape_all) + int escape_all; + { + zwchar *wide = utf8_to_wide_string(utf8_string); ++ if (wide == NULL) ++ return NULL; + char *loc = wide_to_local_string(wide, escape_all); + free(wide); + return loc; + diff --git a/meta/recipes-extended/unzip/unzip/avoid-strip.patch b/meta/recipes-extended/unzip/unzip/avoid-strip.patch index 8f30e42674..70bedc8381 100644 --- a/meta/recipes-extended/unzip/unzip/avoid-strip.patch +++ b/meta/recipes-extended/unzip/unzip/avoid-strip.patch @@ -1,4 +1,4 @@ -Upstream-Status: Pending +Upstream-Status: Inactive-Upstream [need a new release] unix/Makefile: remove hard coded strip commands diff --git a/meta/recipes-extended/unzip/unzip/define-ldflags.patch b/meta/recipes-extended/unzip/unzip/define-ldflags.patch index 659c6e3315..dd01c01400 100644 --- a/meta/recipes-extended/unzip/unzip/define-ldflags.patch +++ b/meta/recipes-extended/unzip/unzip/define-ldflags.patch @@ -1,6 +1,6 @@ Pass LDFLAGS to the linker -Upstream-Status: Pending +Upstream-Status: Inactive-Upstream [need a new release] Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com> diff --git a/meta/recipes-extended/unzip/unzip/fix-security-format.patch b/meta/recipes-extended/unzip/unzip/fix-security-format.patch index 8e9b06c423..2889c652d4 100644 --- a/meta/recipes-extended/unzip/unzip/fix-security-format.patch +++ b/meta/recipes-extended/unzip/unzip/fix-security-format.patch @@ -5,7 +5,7 @@ Fix security formatting issues related to sprintf parameters expeted. [YOCTO #9551] [https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551] -Upstream-Status: Pending +Upstream-Status: Inactive-Upstream [need a new release] Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> diff --git a/meta/recipes-extended/unzip/unzip/symlink.patch b/meta/recipes-extended/unzip/unzip/symlink.patch new file mode 100644 index 0000000000..26f1c8ba86 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/symlink.patch @@ -0,0 +1,26 @@ +Unzip doesn't handle large zip files well and crashes: + +"This only happens if you have more then 16k entries and when one of +the 16k entry infos is reused it happend to be previously used for +a symlink entry." + +This patch is taken from Fedora (https://bugzilla.redhat.com/show_bug.cgi?id=972427) + +Upstream-Status: Inactive-Upstream [need a new release] +Signed-off-by: Ross Burton <ross.burton@intel.com> + +--- unzip60/process.c.sav 2013-06-09 12:08:57.070392264 +0200 ++++ unzip60/process.c 2013-06-09 12:10:08.641696988 +0200 +@@ -1751,6 +1751,12 @@ + = (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11); + #endif + ++#ifdef SYMLINKS ++ /* Initialize the symlink flag, may be set by the platform-specific ++ mapattr function. */ ++ G.pInfo->symlink = 0; ++#endif ++ + return PK_COOL; + + } /* end function process_cdir_file_hdr() */ diff --git a/meta/recipes-extended/unzip/unzip/unzip_optimization.patch b/meta/recipes-extended/unzip/unzip/unzip_optimization.patch new file mode 100644 index 0000000000..4bab7b26af --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/unzip_optimization.patch @@ -0,0 +1,127 @@ +unzip: use optimization from bitbake + +Remove -O3 optimizations to use bitbake default optimization levels. + +Upstream-Status: Inappropriate [configuration] + +Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> + +diff -rup unix-orig/configure unix/configure +--- a/unix-orig/configure 2021-04-16 10:25:03.120858292 +0000 ++++ b/unix/configure 2021-04-16 10:46:43.292546138 +0000 +@@ -70,7 +70,7 @@ int main() + _EOF_ + $CC $CFLAGS -c conftest.c > /dev/null 2>/dev/null + if test $? -eq 0; then +- CFLAGS_OPT='-O3' ++ CFLAGS_OPT='' + echo " DEC C ($CFLAGS_OPT)" + else + # HP-UX HP C? +@@ -111,7 +111,7 @@ int main() + _EOF_ + $CC $CFLAGS -c conftest.c > /dev/null 2>/dev/null + if test $? -eq 0; then +- CFLAGS_OPT='-O3' ++ CFLAGS_OPT='' + echo " GNU C ($CFLAGS_OPT)" + # Special Mac OS X shared library "ld" option? + if test ` uname -s 2> /dev/null ` = 'Darwin'; then +diff -rup unix-orig/Makefile unix/Makefile +--- a/unix-orig/Makefile 2021-04-16 10:25:03.000863878 +0000 ++++ b/unix/Makefile 2021-04-16 10:47:31.658299278 +0000 +@@ -47,7 +47,7 @@ LD = $(CC)# must match, else "unresolved + AS = as + LOC = $(D_USE_BZ2) $(LOCAL_UNZIP) + AF = $(LOC) +-CFLAGS = -O ++CFLAGS = + CF_NOOPT = -I. -I$(IZ_BZIP2) -DUNIX $(LOC) + CF = $(CFLAGS) $(CF_NOOPT) + LFLAGS1 = +@@ -594,12 +594,12 @@ generic_shlib: unix_make + @echo\ + 'which is UnZip linked with the DLL). This target is an example only.' + @echo "" +- $(MAKE) objsdll CC=gcc CFLAGS="-O3 -Wall -fPIC -DDLL" ++ $(MAKE) objsdll CC=gcc CFLAGS="-Wall -fPIC -DDLL" + gcc -shared -Wl,-soname,libunzip.so.0 -o libunzip.so.0.4 $(OBJSDLL) + $(RM) libunzip.so.0 libunzip.so + $(LN) -s libunzip.so.0.4 libunzip.so.0 + $(LN) -s libunzip.so.0 libunzip.so +- gcc -c -O unzipstb.c ++ gcc -c unzipstb.c + gcc -o unzip_shlib unzipstb.o -L. -lunzip + + #---------------------------------------------------------------------------- +@@ -775,7 +775,7 @@ freebsd: unix_make + # with "echo" instead). + # + gcc: unix_make +- $(MAKE) unzips CC=gcc LD=gcc CFLAGS="-O3" LF2="" ++ $(MAKE) unzips CC=gcc LD=gcc CFLAGS="" LF2="" + + # Heurikon HK68 (68010), UniPlus+ System V 5.0, Green Hills C-68000 + hk68: unix_make +@@ -792,7 +792,7 @@ isc: unix_make + isc_gcc: unix_make + $(MAKE) unzips AS=gcc CC=gcc LD=gcc CRCA_O=crc_gcc$O \ + LF="-shlib $(LF)" SL="-shlib $(SL)" FL="-shlib $(FL)" LF2="" \ +- CFLAGS="-O3" LOC="-DSYSV -DASM_CRC -DNO_UID_GID -DNEED_PTEM -DNO_LCHOWN -DNO_LCHMOD $(LOC)" \ ++ CFLAGS="" LOC="-DSYSV -DASM_CRC -DNO_UID_GID -DNEED_PTEM -DNO_LCHOWN -DNO_LCHMOD $(LOC)" \ + AF="-DNO_UNDERLINE -Djecxz=jcxz -DALIGNMENT='.align 16' $(AF)" + $(STRIP) $(UNZIPS) + +@@ -808,7 +808,7 @@ isi: unix_make + linux: unix_make + @echo 'NOTE: use linux_noasm target for non-Intel Linux compiles.' + $(MAKE) unzips CC=gcc LD=gcc AS=gcc\ +- CFLAGS="-O3 -Wall -DASM_CRC"\ ++ CFLAGS="-Wall -DASM_CRC"\ + AF="-Di386 $(AF)" CRCA_O=crc_gcc$O + # GRR: this echo is pointless; if user gets this far, no difference to install + # @echo 'Be sure to use the install_asm target rather than the install target' +@@ -818,14 +818,14 @@ linux_asm: linux + # Linux (Posix, approximately SysV): virtually any version since before 0.96, + # for any platform. Change "-O" to "-O3" or whatever, as desired... + linux_noasm: unix_make +- $(MAKE) unzips CC=gcc LD=gcc CFLAGS="-O -Wall" ++ $(MAKE) unzips CC=gcc LD=gcc CFLAGS="-Wall" + + # Linux with lcc compiler: __inline__ (stat.h) not recognized, and must edit + # /usr/include/gnu/types.h to get rid of "long long" if __LCC__ defined. -O3 + # (or -O2 or -O) is ignored. [GRR 960828: test target only] + # + linux_lcc: unix_make +- $(MAKE) unzips CC=lcc LD=lcc CFLAGS="-O3 -Wall -D__inline__= " ++ $(MAKE) unzips CC=lcc LD=lcc CFLAGS="-Wall -D__inline__= " + + # Linux host with go32 (djgpp) cross-compiler (go32crs.tgz) for 32-bit DOS. + linux_dos: unix_make +@@ -844,7 +844,7 @@ linux_dos: unix_make + # library). + # + linux_shlib: unix_make +- $(MAKE) objsdll CC=gcc CFLAGS="-O3 -Wall -fPIC"\ ++ $(MAKE) objsdll CC=gcc CFLAGS="-Wall -fPIC"\ + LOC="-DDLL -DASM_CRC $(LOC)"\ + AS=gcc AF="-fPIC -Di386 $(AF)" CRCA_O=crc_gcc$O + gcc -shared -Wl,-soname,libunzip.so.0 -o libunzip.so.0.4 $(OBJSDLL)\ +@@ -858,7 +858,7 @@ linux_shlib: unix_make + # instead of the original UnZip version. (libz was libgz prior to 0.94) + linux_shlibz: unix_make + $(MAKE) objsdll CC=gcc AS=gcc AF="-fPIC -Di386 $(AF)" CRCA_O=crc_gcc$O\ +- CFLAGS="-O3 -Wall -fPIC" LOC="-DDLL -DUSE_ZLIB -DASM_CRC $(LOC)" ++ CFLAGS="-Wall -fPIC" LOC="-DDLL -DUSE_ZLIB -DASM_CRC $(LOC)" + gcc -shared -Wl,-soname,libunzip.so.0 -o libunzip.so.0.4 $(OBJSDLL)\ + crc_gcc.pic.o + ln -sf libunzip.so.0.4 libunzip.so.0 +@@ -871,7 +871,7 @@ lynx: unix_make + + # Macintosh MacOS X (Unix-compatible enviroment), using standard compiler + macosx: unix_make +- $(MAKE) unzips CFLAGS="-O3 -Wall -DBSD" LF2="" ++ $(MAKE) unzips CFLAGS="-Wall -DBSD" LF2="" + $(STRIP) $(UNZIPS) + + # Macintosh MacOS X (Unix-compatible enviroment), using gcc diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb index 105d048f55..27076d5d9b 100644 --- a/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/meta/recipes-extended/unzip/unzip_6.0.bb @@ -1,10 +1,10 @@ SUMMARY = "Utilities for extracting and viewing files in .zip archives" HOMEPAGE = "http://www.info-zip.org" +DESCRIPTION = "Info-ZIP's purpose is to provide free, portable, high-quality versions of the Zip and UnZip compressor-archiver utilities that are compatible with the DOS-based PKZIP by PKWARE, Inc." SECTION = "console/utils" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=94caec5a51ef55ef711ee4e8b1c69e29" PE = "1" -PR = "r5" SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/unzip60.tar.gz \ file://avoid-strip.patch \ @@ -19,12 +19,27 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/ file://fix-security-format.patch \ file://18-cve-2014-9913-unzip-buffer-overflow.patch \ file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \ + file://symlink.patch \ + file://0001-unzip-fix-CVE-2018-1000035.patch \ + file://CVE-2018-18384.patch \ + file://CVE-2019-13232_p1.patch \ + file://CVE-2019-13232_p2.patch \ + file://CVE-2019-13232_p3.patch \ + file://unzip_optimization.patch \ + file://0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch \ + file://CVE-2021-4217.patch \ + file://CVE-2022-0529.patch \ + file://CVE-2022-0530.patch \ + file://0001-configure-Add-correct-system-headers-and-prototypes-.patch \ + file://0001-unix-configure-fix-detection-for-cross-compilation.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" SRC_URI[md5sum] = "62b490407489521db863b523a7f86375" SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37" +CVE_STATUS[CVE-2008-0888] = "fixed-version: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source" + # exclude version 5.5.2 which triggers a false positive UPSTREAM_CHECK_REGEX = "unzip(?P<pver>(?!552).+)\.tgz" @@ -38,7 +53,7 @@ EXTRA_OEMAKE = "-e MAKEFLAGS= STRIP=true LF2='' \ 'CF_NOOPT=-I. -Ibzip2 -DUNIX ${CFLAGS}'" export LD = "${CC}" -LD_class-native = "${CC}" +LD:class-native = "${CC}" do_compile() { oe_runmake -f unix/Makefile generic @@ -55,7 +70,7 @@ inherit update-alternatives ALTERNATIVE_PRIORITY = "100" -ALTERNATIVE_${PN} = "unzip" +ALTERNATIVE:${PN} = "unzip" ALTERNATIVE_LINK_NAME[unzip] = "${bindir}/unzip" -BBCLASSEXTEND = "native" +BBCLASSEXTEND = "native nativesdk" |