From e3d2974348bd830ec2fcf84ea08cbf38abbc0327 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 4 Nov 2015 11:23:06 +0000
Subject: unzip: rename patch to reflect CVE fix

Signed-off-by: Ross Burton <ross.burton@intel.com>
---
 .../unzip/unzip/cve-2014-9636.patch                | 45 ++++++++++++++++++++++
 .../unzip/unzip/unzip-6.0_overflow3.diff           | 45 ----------------------
 meta/recipes-extended/unzip/unzip_6.0.bb           |  2 +-
 3 files changed, 46 insertions(+), 46 deletions(-)
 create mode 100644 meta/recipes-extended/unzip/unzip/cve-2014-9636.patch
 delete mode 100644 meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff

diff --git a/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch b/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch
new file mode 100644
index 0000000000..0a0bfbbb17
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch
@@ -0,0 +1,45 @@
+From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1 AT zoho DOT com>
+Date: Wed, 11 Feb 2015
+Subject: Info-ZIP UnZip buffer overflow
+
+Upstream-Status: Backport
+
+By carefully crafting a corrupt ZIP archive with "extra fields" that
+purport to have compressed blocks larger than the corresponding
+uncompressed blocks in STORED no-compression mode, an attacker can
+trigger a heap overflow that can result in application crash or
+possibly have other unspecified impact.
+
+This patch ensures that when extra fields use STORED mode, the
+"compressed" and uncompressed block sizes match.
+
+Signed-off-by: mancha <mancha1 AT zoho DOT com>
+---
+ extract.c |    8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/extract.c
++++ b/extract.c
+@@ -2217,6 +2217,7 @@ static int test_compr_eb(__G__ eb, eb_si
+     ulg eb_ucsize;
+     uch *eb_ucptr;
+     int r;
++    ush method;
+ 
+     if (compr_offset < 4)                /* field is not compressed: */
+         return PK_OK;                    /* do nothing and signal OK */
+@@ -2226,6 +2227,13 @@ static int test_compr_eb(__G__ eb, eb_si
+          eb_size <= (compr_offset + EB_CMPRHEADLEN)))
+         return IZ_EF_TRUNC;               /* no compressed data! */
+ 
++    method = makeword(eb + (EB_HEADSIZE + compr_offset));
++    if ((method == STORED) &&
++        (eb_size - compr_offset - EB_CMPRHEADLEN != eb_ucsize))
++	return PK_ERR;			  /* compressed & uncompressed
++					   * should match in STORED
++					   * method */
++
+     if (
+ #ifdef INT_16BIT
+         (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
diff --git a/meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff b/meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff
deleted file mode 100644
index 0a0bfbbb17..0000000000
--- a/meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff
+++ /dev/null
@@ -1,45 +0,0 @@
-From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001
-From: mancha <mancha1 AT zoho DOT com>
-Date: Wed, 11 Feb 2015
-Subject: Info-ZIP UnZip buffer overflow
-
-Upstream-Status: Backport
-
-By carefully crafting a corrupt ZIP archive with "extra fields" that
-purport to have compressed blocks larger than the corresponding
-uncompressed blocks in STORED no-compression mode, an attacker can
-trigger a heap overflow that can result in application crash or
-possibly have other unspecified impact.
-
-This patch ensures that when extra fields use STORED mode, the
-"compressed" and uncompressed block sizes match.
-
-Signed-off-by: mancha <mancha1 AT zoho DOT com>
----
- extract.c |    8 ++++++++
- 1 file changed, 8 insertions(+)
-
---- a/extract.c
-+++ b/extract.c
-@@ -2217,6 +2217,7 @@ static int test_compr_eb(__G__ eb, eb_si
-     ulg eb_ucsize;
-     uch *eb_ucptr;
-     int r;
-+    ush method;
- 
-     if (compr_offset < 4)                /* field is not compressed: */
-         return PK_OK;                    /* do nothing and signal OK */
-@@ -2226,6 +2227,13 @@ static int test_compr_eb(__G__ eb, eb_si
-          eb_size <= (compr_offset + EB_CMPRHEADLEN)))
-         return IZ_EF_TRUNC;               /* no compressed data! */
- 
-+    method = makeword(eb + (EB_HEADSIZE + compr_offset));
-+    if ((method == STORED) &&
-+        (eb_size - compr_offset - EB_CMPRHEADLEN != eb_ucsize))
-+	return PK_ERR;			  /* compressed & uncompressed
-+					   * should match in STORED
-+					   * method */
-+
-     if (
- #ifdef INT_16BIT
-         (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index 9e63d3ae76..b386323780 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -10,7 +10,7 @@ SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/unzip60.tgz \
 	file://avoid-strip.patch \
 	file://define-ldflags.patch \
 	file://06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch \
-	file://unzip-6.0_overflow3.diff \
+	file://cve-2014-9636.patch \
 	file://09-cve-2014-8139-crc-overflow.patch \
 	file://10-cve-2014-8140-test-compr-eb.patch \
 	file://11-cve-2014-8141-getzip64data.patch \
-- 
cgit 1.2.3-korg