summaryrefslogtreecommitdiff
path: root/poky/meta/recipes-extended/unzip
diff options
context:
space:
mode:
Diffstat (limited to 'poky/meta/recipes-extended/unzip')
-rw-r--r--poky/meta/recipes-extended/unzip/unzip/0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch2
-rw-r--r--poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch2
-rw-r--r--poky/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch39
-rw-r--r--poky/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch33
-rw-r--r--poky/meta/recipes-extended/unzip/unzip/avoid-strip.patch2
-rw-r--r--poky/meta/recipes-extended/unzip/unzip/define-ldflags.patch2
-rw-r--r--poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch2
-rw-r--r--poky/meta/recipes-extended/unzip/unzip/symlink.patch2
-rw-r--r--poky/meta/recipes-extended/unzip/unzip_6.0.bb2
9 files changed, 80 insertions, 6 deletions
diff --git a/poky/meta/recipes-extended/unzip/unzip/0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch b/poky/meta/recipes-extended/unzip/unzip/0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch
index 716766de29..5a6d1946f6 100644
--- a/poky/meta/recipes-extended/unzip/unzip/0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch
+++ b/poky/meta/recipes-extended/unzip/unzip/0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch
@@ -6,7 +6,7 @@ Subject: [PATCH] configure: Pass LDFLAGS to tests doing link step
Ensures that right flags from recipes are honored, otherwise tests fail
which otherwise should not.
-Upstream-Status: Pending
+Upstream-Status: Inactive-Upstream
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
unix/configure | 28 ++++++++++++++--------------
diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
index 6ba2b879a3..c0103444fc 100644
--- a/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
+++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch
@@ -20,7 +20,7 @@ Regenerated to apply without offsets.
CVE: CVE-2021-4217
-Upstream-Status: Pending [infozip upstream inactive]
+Upstream-Status: Inactive-Upstream [infozip upstream inactive]
Signed-off-by: Joe Slater <joe.slater@windriver.com>
diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch
new file mode 100644
index 0000000000..1c1e120deb
--- /dev/null
+++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch
@@ -0,0 +1,39 @@
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355
+
+CVE: CVE-2022-0529
+Upstream-Status: Inactive-Upstream [need a new release]
+
+diff --git a/process.c b/process.c
+index d2a846e..99b9c7b 100644
+--- a/process.c
++++ b/process.c
+@@ -2507,13 +2507,15 @@ char *wide_to_local_string(wide_string, escape_all)
+ char buf[9];
+ char *buffer = NULL;
+ char *local_string = NULL;
++ size_t buffer_size;
+
+ for (wsize = 0; wide_string[wsize]; wsize++) ;
+
+ if (max_bytes < MAX_ESCAPE_BYTES)
+ max_bytes = MAX_ESCAPE_BYTES;
+
+- if ((buffer = (char *)malloc(wsize * max_bytes + 1)) == NULL) {
++ buffer_size = wsize * max_bytes + 1;
++ if ((buffer = (char *)malloc(buffer_size)) == NULL) {
+ return NULL;
+ }
+
+@@ -2552,7 +2554,11 @@ char *wide_to_local_string(wide_string, escape_all)
+ /* no MB for this wide */
+ /* use escape for wide character */
+ char *escape_string = wide_to_escape_string(wide_string[i]);
+- strcat(buffer, escape_string);
++ size_t buffer_len = strlen(buffer);
++ size_t escape_string_len = strlen(escape_string);
++ if (buffer_len + escape_string_len + 1 > buffer_size)
++ escape_string_len = buffer_size - buffer_len - 1;
++ strncat(buffer, escape_string, escape_string_len);
+ free(escape_string);
+ }
+ }
diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch
new file mode 100644
index 0000000000..363dafddc9
--- /dev/null
+++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch
@@ -0,0 +1,33 @@
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355
+
+CVE: CVE-2022-0530
+Upstream-Status: Inactive-Upstream [need a new release]
+
+diff --git a/fileio.c b/fileio.c
+index 6290824..77e4b5f 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -2361,6 +2361,9 @@ int do_string(__G__ length, option) /* return PK-type error code */
+ /* convert UTF-8 to local character set */
+ fn = utf8_to_local_string(G.unipath_filename,
+ G.unicode_escape_all);
++ if (fn == NULL)
++ return PK_ERR;
++
+ /* make sure filename is short enough */
+ if (strlen(fn) >= FILNAMSIZ) {
+ fn[FILNAMSIZ - 1] = '\0';
+diff --git a/process.c b/process.c
+index d2a846e..715bc0f 100644
+--- a/process.c
++++ b/process.c
+@@ -2605,6 +2605,8 @@ char *utf8_to_local_string(utf8_string, escape_all)
+ int escape_all;
+ {
+ zwchar *wide = utf8_to_wide_string(utf8_string);
++ if (wide == NULL)
++ return NULL;
+ char *loc = wide_to_local_string(wide, escape_all);
+ free(wide);
+ return loc;
+
diff --git a/poky/meta/recipes-extended/unzip/unzip/avoid-strip.patch b/poky/meta/recipes-extended/unzip/unzip/avoid-strip.patch
index e0c89d81b7..70bedc8381 100644
--- a/poky/meta/recipes-extended/unzip/unzip/avoid-strip.patch
+++ b/poky/meta/recipes-extended/unzip/unzip/avoid-strip.patch
@@ -1,4 +1,4 @@
-Upstream-Status: Inappropriate [need a new release]
+Upstream-Status: Inactive-Upstream [need a new release]
unix/Makefile: remove hard coded strip commands
diff --git a/poky/meta/recipes-extended/unzip/unzip/define-ldflags.patch b/poky/meta/recipes-extended/unzip/unzip/define-ldflags.patch
index dc554c32cb..dd01c01400 100644
--- a/poky/meta/recipes-extended/unzip/unzip/define-ldflags.patch
+++ b/poky/meta/recipes-extended/unzip/unzip/define-ldflags.patch
@@ -1,6 +1,6 @@
Pass LDFLAGS to the linker
-Upstream-Status: Inappropriate [need a new release]
+Upstream-Status: Inactive-Upstream [need a new release]
Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com>
diff --git a/poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch b/poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch
index ba6ead3b5e..2889c652d4 100644
--- a/poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch
+++ b/poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch
@@ -5,7 +5,7 @@ Fix security formatting issues related to sprintf parameters expeted.
[YOCTO #9551]
[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551]
-Upstream-Status: Inappropriate [need a new release]
+Upstream-Status: Inactive-Upstream [need a new release]
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
diff --git a/poky/meta/recipes-extended/unzip/unzip/symlink.patch b/poky/meta/recipes-extended/unzip/unzip/symlink.patch
index c1d82ac187..26f1c8ba86 100644
--- a/poky/meta/recipes-extended/unzip/unzip/symlink.patch
+++ b/poky/meta/recipes-extended/unzip/unzip/symlink.patch
@@ -6,7 +6,7 @@ a symlink entry."
This patch is taken from Fedora (https://bugzilla.redhat.com/show_bug.cgi?id=972427)
-Upstream-Status: Inappropriate [need a new release]
+Upstream-Status: Inactive-Upstream [need a new release]
Signed-off-by: Ross Burton <ross.burton@intel.com>
--- unzip60/process.c.sav 2013-06-09 12:08:57.070392264 +0200
diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
index c222a684b4..f35856cf61 100644
--- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -29,6 +29,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
file://unzip_optimization.patch \
file://0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch \
file://CVE-2021-4217.patch \
+ file://CVE-2022-0529.patch \
+ file://CVE-2022-0530.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
generated by cgit v1.2.3 (git 2.39.0) at 2024-09-29 09:41:21 +0300