diff options
Diffstat (limited to 'poky/meta/recipes-extended/unzip')
9 files changed, 80 insertions, 6 deletions
diff --git a/poky/meta/recipes-extended/unzip/unzip/0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch b/poky/meta/recipes-extended/unzip/unzip/0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch index 716766de29..5a6d1946f6 100644 --- a/poky/meta/recipes-extended/unzip/unzip/0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch +++ b/poky/meta/recipes-extended/unzip/unzip/0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch @@ -6,7 +6,7 @@ Subject: [PATCH] configure: Pass LDFLAGS to tests doing link step Ensures that right flags from recipes are honored, otherwise tests fail which otherwise should not. -Upstream-Status: Pending +Upstream-Status: Inactive-Upstream Signed-off-by: Khem Raj <raj.khem@gmail.com> --- unix/configure | 28 ++++++++++++++-------------- diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch index 6ba2b879a3..c0103444fc 100644 --- a/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch +++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch @@ -20,7 +20,7 @@ Regenerated to apply without offsets. CVE: CVE-2021-4217 -Upstream-Status: Pending [infozip upstream inactive] +Upstream-Status: Inactive-Upstream [infozip upstream inactive] Signed-off-by: Joe Slater <joe.slater@windriver.com> diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch new file mode 100644 index 0000000000..1c1e120deb --- /dev/null +++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch @@ -0,0 +1,39 @@ +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355 + +CVE: CVE-2022-0529 +Upstream-Status: Inactive-Upstream [need a new release] + +diff --git a/process.c b/process.c +index d2a846e..99b9c7b 100644 +--- a/process.c ++++ b/process.c +@@ -2507,13 +2507,15 @@ char *wide_to_local_string(wide_string, escape_all) + char buf[9]; + char *buffer = NULL; + char *local_string = NULL; ++ size_t buffer_size; + + for (wsize = 0; wide_string[wsize]; wsize++) ; + + if (max_bytes < MAX_ESCAPE_BYTES) + max_bytes = MAX_ESCAPE_BYTES; + +- if ((buffer = (char *)malloc(wsize * max_bytes + 1)) == NULL) { ++ buffer_size = wsize * max_bytes + 1; ++ if ((buffer = (char *)malloc(buffer_size)) == NULL) { + return NULL; + } + +@@ -2552,7 +2554,11 @@ char *wide_to_local_string(wide_string, escape_all) + /* no MB for this wide */ + /* use escape for wide character */ + char *escape_string = wide_to_escape_string(wide_string[i]); +- strcat(buffer, escape_string); ++ size_t buffer_len = strlen(buffer); ++ size_t escape_string_len = strlen(escape_string); ++ if (buffer_len + escape_string_len + 1 > buffer_size) ++ escape_string_len = buffer_size - buffer_len - 1; ++ strncat(buffer, escape_string, escape_string_len); + free(escape_string); + } + } diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch new file mode 100644 index 0000000000..363dafddc9 --- /dev/null +++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch @@ -0,0 +1,33 @@ +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355 + +CVE: CVE-2022-0530 +Upstream-Status: Inactive-Upstream [need a new release] + +diff --git a/fileio.c b/fileio.c +index 6290824..77e4b5f 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -2361,6 +2361,9 @@ int do_string(__G__ length, option) /* return PK-type error code */ + /* convert UTF-8 to local character set */ + fn = utf8_to_local_string(G.unipath_filename, + G.unicode_escape_all); ++ if (fn == NULL) ++ return PK_ERR; ++ + /* make sure filename is short enough */ + if (strlen(fn) >= FILNAMSIZ) { + fn[FILNAMSIZ - 1] = '\0'; +diff --git a/process.c b/process.c +index d2a846e..715bc0f 100644 +--- a/process.c ++++ b/process.c +@@ -2605,6 +2605,8 @@ char *utf8_to_local_string(utf8_string, escape_all) + int escape_all; + { + zwchar *wide = utf8_to_wide_string(utf8_string); ++ if (wide == NULL) ++ return NULL; + char *loc = wide_to_local_string(wide, escape_all); + free(wide); + return loc; + diff --git a/poky/meta/recipes-extended/unzip/unzip/avoid-strip.patch b/poky/meta/recipes-extended/unzip/unzip/avoid-strip.patch index e0c89d81b7..70bedc8381 100644 --- a/poky/meta/recipes-extended/unzip/unzip/avoid-strip.patch +++ b/poky/meta/recipes-extended/unzip/unzip/avoid-strip.patch @@ -1,4 +1,4 @@ -Upstream-Status: Inappropriate [need a new release] +Upstream-Status: Inactive-Upstream [need a new release] unix/Makefile: remove hard coded strip commands diff --git a/poky/meta/recipes-extended/unzip/unzip/define-ldflags.patch b/poky/meta/recipes-extended/unzip/unzip/define-ldflags.patch index dc554c32cb..dd01c01400 100644 --- a/poky/meta/recipes-extended/unzip/unzip/define-ldflags.patch +++ b/poky/meta/recipes-extended/unzip/unzip/define-ldflags.patch @@ -1,6 +1,6 @@ Pass LDFLAGS to the linker -Upstream-Status: Inappropriate [need a new release] +Upstream-Status: Inactive-Upstream [need a new release] Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com> diff --git a/poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch b/poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch index ba6ead3b5e..2889c652d4 100644 --- a/poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch +++ b/poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch @@ -5,7 +5,7 @@ Fix security formatting issues related to sprintf parameters expeted. [YOCTO #9551] [https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551] -Upstream-Status: Inappropriate [need a new release] +Upstream-Status: Inactive-Upstream [need a new release] Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> diff --git a/poky/meta/recipes-extended/unzip/unzip/symlink.patch b/poky/meta/recipes-extended/unzip/unzip/symlink.patch index c1d82ac187..26f1c8ba86 100644 --- a/poky/meta/recipes-extended/unzip/unzip/symlink.patch +++ b/poky/meta/recipes-extended/unzip/unzip/symlink.patch @@ -6,7 +6,7 @@ a symlink entry." This patch is taken from Fedora (https://bugzilla.redhat.com/show_bug.cgi?id=972427) -Upstream-Status: Inappropriate [need a new release] +Upstream-Status: Inactive-Upstream [need a new release] Signed-off-by: Ross Burton <ross.burton@intel.com> --- unzip60/process.c.sav 2013-06-09 12:08:57.070392264 +0200 diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb index c222a684b4..f35856cf61 100644 --- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb @@ -29,6 +29,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/ file://unzip_optimization.patch \ file://0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch \ file://CVE-2021-4217.patch \ + file://CVE-2022-0529.patch \ + file://CVE-2022-0530.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" |