diff options
| author |   Thomas Deutschmann <whissi@gentoo.org> | 2020-03-25 20:56:42 +0100 |
|---|---|---|
| committer | Thomas Deutschmann <whissi@gentoo.org> | 2020-03-25 20:58:30 +0100 |
| commit | 26dd0be6dc420c5e4c4067fa60bd465fa23d0571 (patch) | |
| tree | a788a31871eb64fdcdf2b4f4a416ed7a21a40f1f /app-arch/unzip | |
| parent | app-text/fbpdf: backport -Werror=format-security fix, bug #714736 (diff) | |
| download | gentoo-26dd0be6dc420c5e4c4067fa60bd465fa23d0571.tar.gz gentoo-26dd0be6dc420c5e4c4067fa60bd465fa23d0571.tar.bz2 gentoo-26dd0be6dc420c5e4c4067fa60bd465fa23d0571.zip | |
app-arch/unzip: fix false overlapped components detection on 32-bit systems
Closes: https://bugs.gentoo.org/698694
Package-Manager: Portage-2.3.94, Repoman-2.3.21
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'app-arch/unzip')
| -rw-r--r-- | app-arch/unzip/files/unzip-6.0-fix-false-overlap-detection-on-32bit-systems.patch | 50 | ||||
| -rw-r--r-- | app-arch/unzip/unzip-6.0_p25-r1.ebuild (renamed from app-arch/unzip/unzip-6.0_p25.ebuild) | 1 |
2 files changed, 51 insertions, 0 deletions
diff --git a/app-arch/unzip/files/unzip-6.0-fix-false-overlap-detection-on-32bit-systems.patch b/app-arch/unzip/files/unzip-6.0-fix-false-overlap-detection-on-32bit-systems.patch new file mode 100644 index 000000000000..ad6a157c568a --- /dev/null +++ b/app-arch/unzip/files/unzip-6.0-fix-false-overlap-detection-on-32bit-systems.patch @@ -0,0 +1,50 @@ +From 13f0260beae851f7d5dd96e9ef757d8d6d7daac1 Mon Sep 17 00:00:00 2001 +From: Mark Adler <madler@alumni.caltech.edu> +Date: Sun, 9 Feb 2020 07:20:13 -0800 +Subject: [PATCH] Fix false overlapped components detection on 32-bit systems. + +32-bit systems with ZIP64_SUPPORT enabled could have different +size types for zoff_t and zusz_t. That resulted in bad parameter +passing to the bound tracking functions, itself due to the lack of +use of C function prototypes in unzip. This commit assures that +parameters are cast properly for those calls. + +This problem occurred only for ill-chosen make options, which give +a 32-bit zoff_t. A proper build will result in a zoff_t of 64 bits, +even on 32-bit systems. +--- + extract.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/extract.c b/extract.c +index 1b73cb0..d9866f9 100644 +--- a/extract.c ++++ b/extract.c +@@ -329,7 +329,7 @@ static ZCONST char Far OverlappedComponents[] = + + + /* A growable list of spans. */ +-typedef zoff_t bound_t; ++typedef zusz_t bound_t; + typedef struct { + bound_t beg; /* start of the span */ + bound_t end; /* one past the end of the span */ +@@ -518,7 +518,8 @@ int extract_or_test_files(__G) /* return PK-type error code */ + return PK_MEM; + } + if ((G.extra_bytes != 0 && +- cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) || ++ cover_add((cover_t *)G.cover, ++ (bound_t)0, (bound_t)G.extra_bytes) != 0) || + (G.ecrec.have_ecr64 && + cover_add((cover_t *)G.cover, G.ecrec.ec64_start, + G.ecrec.ec64_end) != 0) || +@@ -1216,7 +1217,7 @@ static int extract_or_test_entrylist(__G__ numchunk, + + /* seek_zipf(__G__ pInfo->offset); */ + request = G.pInfo->offset + G.extra_bytes; +- if (cover_within((cover_t *)G.cover, request)) { ++ if (cover_within((cover_t *)G.cover, (bound_t)request)) { + Info(slide, 0x401, ((char *)slide, + LoadFarString(OverlappedComponents))); + return PK_BOMB; diff --git a/app-arch/unzip/unzip-6.0_p25.ebuild b/app-arch/unzip/unzip-6.0_p25-r1.ebuild index b0f5ed79c0d8..b393dd2445e6 100644 --- a/app-arch/unzip/unzip-6.0_p25.ebuild +++ b/app-arch/unzip/unzip-6.0_p25-r1.ebuild @@ -32,6 +32,7 @@ src_prepare() { eapply "${FILESDIR}"/${PN}-6.0-no-exec-stack.patch eapply "${FILESDIR}"/${PN}-6.0-format-security.patch + eapply "${FILESDIR}"/${PN}-6.0-fix-false-overlap-detection-on-32bit-systems.patch use natspec && eapply "${FILESDIR}/${PN}-6.0-natspec.patch" #275244 sed -i -r \ -e '/^CFLAGS/d' \ |