diff options
Diffstat (limited to 'poky/meta/recipes-extended/unzip')
-rw-r--r-- | poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch | 39 | ||||
-rw-r--r-- | poky/meta/recipes-extended/unzip/unzip_6.0.bb | 1 |
2 files changed, 40 insertions, 0 deletions
diff --git a/poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch b/poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch new file mode 100644 index 0000000000..cc9e2c1ea1 --- /dev/null +++ b/poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch @@ -0,0 +1,39 @@ +Upstream-Status: Backport [https://sourceforge.net/p/infozip/bugs/53/] +CVE: CVE-2018-18384 +Signed-off-by: Changqing Li <changqing.li@windriver.com> + +--- unzip60/list.c ++++ unzip60/list.c +@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type + { + int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; + #ifndef WINDLL +- char sgn, cfactorstr[10]; ++ char sgn, cfactorstr[1+10+1+1]; /* <sgn><int>%NUL */ + int longhdr=(uO.vflag>1); + #endif + int date_format; +@@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type + } + #else /* !WINDLL */ + if (cfactor == 100) +- sprintf(cfactorstr, LoadFarString(CompFactor100)); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); + else +- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); + if (longhdr) + Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats), + FmZofft(G.crec.ucsize, "8", "u"), methbuf, +@@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type + + #else /* !WINDLL */ + if (cfactor == 100) +- sprintf(cfactorstr, LoadFarString(CompFactor100)); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); + else +- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); ++ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); + if (longhdr) { + Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer), + FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"), diff --git a/poky/meta/recipes-extended/unzip/unzip_6.0.bb b/poky/meta/recipes-extended/unzip/unzip_6.0.bb index a47491ea4a..f6a4cb627d 100644 --- a/poky/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/poky/meta/recipes-extended/unzip/unzip_6.0.bb @@ -21,6 +21,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/ file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \ file://symlink.patch \ file://0001-unzip-fix-CVE-2018-1000035.patch \ + file://CVE-2018-18384.patch \ " UPSTREAM_VERSION_UNKNOWN = "1" |