diff options
Diffstat (limited to 'data/unzip/debian/patches')
21 files changed, 944 insertions, 0 deletions
diff --git a/data/unzip/debian/patches/01-manpages-in-section-1-not-in-section-1l.patch b/data/unzip/debian/patches/01-manpages-in-section-1-not-in-section-1l.patch new file mode 100644 index 000000000..2499ed9f8 --- /dev/null +++ b/data/unzip/debian/patches/01-manpages-in-section-1-not-in-section-1l.patch @@ -0,0 +1,295 @@ +From: Santiago Vila <sanvila@debian.org> +Subject: In Debian, manpages are in section 1, not in section 1L +X-Debian-version: 5.52-3 + +--- a/man/funzip.1 ++++ b/man/funzip.1 +@@ -20,7 +20,7 @@ + .in -4n + .. + .\" ========================================================================= +-.TH FUNZIP 1L "20 April 2009 (v3.95)" "Info-ZIP" ++.TH FUNZIP 1 "20 April 2009 (v3.95)" "Info-ZIP" + .SH NAME + funzip \- filter for extracting from a ZIP archive in a pipe + .PD +@@ -78,7 +78,7 @@ + .EE + .PP + To use \fIzip\fP and \fIfunzip\fP in place of \fIcompress\fP(1) and +-\fIzcat\fP(1) (or \fIgzip\fP(1L) and \fIgzcat\fP(1L)) for tape backups: ++\fIzcat\fP(1) (or \fIgzip\fP(1) and \fIgzcat\fP(1)) for tape backups: + .PP + .EX + tar cf \- . | zip \-7 | dd of=/dev/nrst0 obs=8k +@@ -108,8 +108,8 @@ + .PD + .\" ========================================================================= + .SH "SEE ALSO" +-\fIgzip\fP(1L), \fIunzip\fP(1L), \fIunzipsfx\fP(1L), \fIzip\fP(1L), +-\fIzipcloak\fP(1L), \fIzipinfo\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) ++\fIgzip\fP(1), \fIunzip\fP(1), \fIunzipsfx\fP(1), \fIzip\fP(1), ++\fIzipcloak\fP(1), \fIzipinfo\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) + .PD + .\" ========================================================================= + .SH URL +--- a/man/unzip.1 ++++ b/man/unzip.1 +@@ -20,7 +20,7 @@ + .in -4n + .. + .\" ========================================================================= +-.TH UNZIP 1L "20 April 2009 (v6.0)" "Info-ZIP" ++.TH UNZIP 1 "20 April 2009 (v6.0)" "Info-ZIP" + .SH NAME + unzip \- list, test and extract compressed files in a ZIP archive + .PD +@@ -34,7 +34,7 @@ + \fIunzip\fP will list, test, or extract files from a ZIP archive, commonly + found on MS-DOS systems. The default behavior (with no options) is to extract + into the current directory (and subdirectories below it) all files from the +-specified ZIP archive. A companion program, \fIzip\fP(1L), creates ZIP ++specified ZIP archive. A companion program, \fIzip\fP(1), creates ZIP + archives; both programs are compatible with archives created by PKWARE's + \fIPKZIP\fP and \fIPKUNZIP\fP for MS-DOS, but in many cases the program + options or default behaviors differ. +@@ -105,8 +105,8 @@ + list of all possible flags. The exhaustive list follows: + .TP + .B \-Z +-\fIzipinfo\fP(1L) mode. If the first option on the command line is \fB\-Z\fP, +-the remaining options are taken to be \fIzipinfo\fP(1L) options. See the ++\fIzipinfo\fP(1) mode. If the first option on the command line is \fB\-Z\fP, ++the remaining options are taken to be \fIzipinfo\fP(1) options. See the + appropriate manual page for a description of these options. + .TP + .B \-A +@@ -178,7 +178,7 @@ + compressed size and compression ratio figures are independent of the entry's + encryption status and show the correct compression performance. (The complete + size of the encrypted compressed data stream for zipfile entries is reported +-by the more verbose \fIzipinfo\fP(1L) reports, see the separate manual.) ++by the more verbose \fIzipinfo\fP(1) reports, see the separate manual.) + When no zipfile is specified (that is, the complete command is simply + ``\fCunzip \-v\fR''), a diagnostic screen is printed. In addition to + the normal header with release date and version, \fIunzip\fP lists the +@@ -379,8 +379,8 @@ + .TP + .B \-N + [Amiga] extract file comments as Amiga filenotes. File comments are created +-with the \-c option of \fIzip\fP(1L), or with the \-N option of the Amiga port +-of \fIzip\fP(1L), which stores filenotes as comments. ++with the \-c option of \fIzip\fP(1), or with the \-N option of the Amiga port ++of \fIzip\fP(1), which stores filenotes as comments. + .TP + .B \-o + overwrite existing files without prompting. This is a dangerous option, so +@@ -598,7 +598,7 @@ + As suggested by the examples above, the default variable names are UNZIP_OPTS + for VMS (where the symbol used to install \fIunzip\fP as a foreign command + would otherwise be confused with the environment variable), and UNZIP +-for all other operating systems. For compatibility with \fIzip\fP(1L), ++for all other operating systems. For compatibility with \fIzip\fP(1), + UNZIPOPT is also accepted (don't ask). If both UNZIP and UNZIPOPT + are defined, however, UNZIP takes precedence. \fIunzip\fP's diagnostic + option (\fB\-v\fP with no zipfile name) can be used to check the values +@@ -648,8 +648,8 @@ + a password is not known, entering a null password (that is, just a carriage + return or ``Enter'') is taken as a signal to skip all further prompting. + Only unencrypted files in the archive(s) will thereafter be extracted. (In +-fact, that's not quite true; older versions of \fIzip\fP(1L) and +-\fIzipcloak\fP(1L) allowed null passwords, so \fIunzip\fP checks each encrypted ++fact, that's not quite true; older versions of \fIzip\fP(1) and ++\fIzipcloak\fP(1) allowed null passwords, so \fIunzip\fP checks each encrypted + file to see if the null password works. This may result in ``false positives'' + and extraction errors, as noted above.) + .PP +@@ -943,8 +943,8 @@ + .PD + .\" ========================================================================= + .SH "SEE ALSO" +-\fIfunzip\fP(1L), \fIzip\fP(1L), \fIzipcloak\fP(1L), \fIzipgrep\fP(1L), +-\fIzipinfo\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) ++\fIfunzip\fP(1), \fIzip\fP(1), \fIzipcloak\fP(1), \fIzipgrep\fP(1), ++\fIzipinfo\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) + .PD + .\" ========================================================================= + .SH URL +--- a/man/unzipsfx.1 ++++ b/man/unzipsfx.1 +@@ -20,7 +20,7 @@ + .in -4n + .. + .\" ========================================================================= +-.TH UNZIPSFX 1L "20 April 2009 (v6.0)" "Info-ZIP" ++.TH UNZIPSFX 1 "20 April 2009 (v6.0)" "Info-ZIP" + .SH NAME + unzipsfx \- self-extracting stub for prepending to ZIP archives + .PD +@@ -30,7 +30,7 @@ + .PD + .\" ========================================================================= + .SH DESCRIPTION +-\fIunzipsfx\fP is a modified version of \fIunzip\fP(1L) designed to be ++\fIunzipsfx\fP is a modified version of \fIunzip\fP(1) designed to be + prepended to existing ZIP archives in order to form self-extracting archives. + Instead of taking its first non-flag argument to be the zipfile(s) to be + extracted, \fIunzipsfx\fP seeks itself under the name by which it was invoked +@@ -109,7 +109,7 @@ + .PD + .\" ========================================================================= + .SH OPTIONS +-\fIunzipsfx\fP supports the following \fIunzip\fP(1L) options: \fB\-c\fP ++\fIunzipsfx\fP supports the following \fIunzip\fP(1) options: \fB\-c\fP + and \fB\-p\fP (extract to standard output/screen), \fB\-f\fP and \fB\-u\fP + (freshen and update existing files upon extraction), \fB\-t\fP (test + archive) and \fB\-z\fP (print archive comment). All normal listing options +@@ -118,11 +118,11 @@ + those creating self-extracting archives may wish to include a short listing + in the zipfile comment. + .PP +-See \fIunzip\fP(1L) for a more complete description of these options. ++See \fIunzip\fP(1) for a more complete description of these options. + .PD + .\" ========================================================================= + .SH MODIFIERS +-\fIunzipsfx\fP currently supports all \fIunzip\fP(1L) modifiers: \fB\-a\fP ++\fIunzipsfx\fP currently supports all \fIunzip\fP(1) modifiers: \fB\-a\fP + (convert text files), \fB\-n\fP (never overwrite), \fB\-o\fP (overwrite + without prompting), \fB\-q\fP (operate quietly), \fB\-C\fP (match names + case-insensitively), \fB\-L\fP (convert uppercase-OS names to lowercase), +@@ -137,18 +137,18 @@ + of course continue to be supported since the zipfile format implies ASCII + storage of text files.) + .PP +-See \fIunzip\fP(1L) for a more complete description of these modifiers. ++See \fIunzip\fP(1) for a more complete description of these modifiers. + .PD + .\" ========================================================================= + .SH "ENVIRONMENT OPTIONS" +-\fIunzipsfx\fP uses the same environment variables as \fIunzip\fP(1L) does, ++\fIunzipsfx\fP uses the same environment variables as \fIunzip\fP(1) does, + although this is likely to be an issue only for the person creating and +-testing the self-extracting archive. See \fIunzip\fP(1L) for details. ++testing the self-extracting archive. See \fIunzip\fP(1) for details. + .PD + .\" ========================================================================= + .SH DECRYPTION +-Decryption is supported exactly as in \fIunzip\fP(1L); that is, interactively +-with a non-echoing prompt for the password(s). See \fIunzip\fP(1L) for ++Decryption is supported exactly as in \fIunzip\fP(1); that is, interactively ++with a non-echoing prompt for the password(s). See \fIunzip\fP(1) for + details. Once again, note that if the archive has no encrypted files there + is no reason to use a version of \fIunzipsfx\fP with decryption support; + that only adds to the size of the archive. +@@ -286,7 +286,7 @@ + from anywhere in the user's path. The situation is not known for AmigaDOS, + Atari TOS, MacOS, etc. + .PP +-As noted above, a number of the normal \fIunzip\fP(1L) functions have ++As noted above, a number of the normal \fIunzip\fP(1) functions have + been removed in order to make \fIunzipsfx\fP smaller: usage and diagnostic + info, listing functions and extraction to other directories. Also, only + stored and deflated files are supported. The latter limitation is mainly +@@ -303,17 +303,17 @@ + defined as a ``debug hunk.'') There may be compatibility problems between + the ROM levels of older Amigas and newer ones. + .PP +-All current bugs in \fIunzip\fP(1L) exist in \fIunzipsfx\fP as well. ++All current bugs in \fIunzip\fP(1) exist in \fIunzipsfx\fP as well. + .PD + .\" ========================================================================= + .SH DIAGNOSTICS + \fIunzipsfx\fP's exit status (error level) is identical to that of +-\fIunzip\fP(1L); see the corresponding man page. ++\fIunzip\fP(1); see the corresponding man page. + .PD + .\" ========================================================================= + .SH "SEE ALSO" +-\fIfunzip\fP(1L), \fIunzip\fP(1L), \fIzip\fP(1L), \fIzipcloak\fP(1L), +-\fIzipgrep\fP(1L), \fIzipinfo\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) ++\fIfunzip\fP(1), \fIunzip\fP(1), \fIzip\fP(1), \fIzipcloak\fP(1), ++\fIzipgrep\fP(1), \fIzipinfo\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) + .PD + .PD + .\" ========================================================================= +@@ -330,7 +330,7 @@ + .\" ========================================================================= + .SH AUTHORS + Greg Roelofs was responsible for the basic modifications to UnZip necessary +-to create UnZipSFX. See \fIunzip\fP(1L) for the current list of Zip-Bugs ++to create UnZipSFX. See \fIunzip\fP(1) for the current list of Zip-Bugs + authors, or the file CONTRIBS in the UnZip source distribution for the + full list of Info-ZIP contributors. + .PD +--- a/man/zipgrep.1 ++++ b/man/zipgrep.1 +@@ -8,7 +8,7 @@ + .\" zipgrep.1 by Greg Roelofs. + .\" + .\" ========================================================================= +-.TH ZIPGREP 1L "20 April 2009" "Info-ZIP" ++.TH ZIPGREP 1 "20 April 2009" "Info-ZIP" + .SH NAME + zipgrep \- search files in a ZIP archive for lines matching a pattern + .PD +@@ -21,7 +21,7 @@ + .SH DESCRIPTION + \fIzipgrep\fP will search files within a ZIP archive for lines matching + the given string or pattern. \fIzipgrep\fP is a shell script and requires +-\fIegrep\fP(1) and \fIunzip\fP(1L) to function. Its output is identical to ++\fIegrep\fP(1) and \fIunzip\fP(1) to function. Its output is identical to + that of \fIegrep\fP(1). + .PD + .\" ========================================================================= +@@ -69,8 +69,8 @@ + .PD + .\" ========================================================================= + .SH "SEE ALSO" +-\fIegrep\fP(1), \fIunzip\fP(1L), \fIzip\fP(1L), \fIfunzip\fP(1L), +-\fIzipcloak\fP(1L), \fIzipinfo\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) ++\fIegrep\fP(1), \fIunzip\fP(1), \fIzip\fP(1), \fIfunzip\fP(1), ++\fIzipcloak\fP(1), \fIzipinfo\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) + .PD + .\" ========================================================================= + .SH URL +--- a/man/zipinfo.1 ++++ b/man/zipinfo.1 +@@ -34,7 +34,7 @@ + .in -4n + .. + .\" ========================================================================= +-.TH ZIPINFO 1L "20 April 2009 (v3.0)" "Info-ZIP" ++.TH ZIPINFO 1 "20 April 2009 (v3.0)" "Info-ZIP" + .SH NAME + zipinfo \- list detailed information about a ZIP archive + .PD +@@ -272,7 +272,7 @@ + Note that because of limitations in the MS-DOS format used to store file + times, the seconds field is always rounded to the nearest even second. + For Unix files this is expected to change in the next major releases of +-\fIzip\fP(1L) and \fIunzip\fP. ++\fIzip\fP(1) and \fIunzip\fP. + .PP + In addition to individual file information, a default zipfile listing + also includes header and trailer lines: +@@ -361,7 +361,7 @@ + As suggested above, the default variable names are ZIPINFO_OPTS for VMS + (where the symbol used to install \fIzipinfo\fP as a foreign command + would otherwise be confused with the environment variable), and ZIPINFO +-for all other operating systems. For compatibility with \fIzip\fP(1L), ++for all other operating systems. For compatibility with \fIzip\fP(1), + ZIPINFOOPT is also accepted (don't ask). If both ZIPINFO and ZIPINFOOPT + are defined, however, ZIPINFO takes precedence. \fIunzip\fP's diagnostic + option (\fB\-v\fP with no zipfile name) can be used to check the values +@@ -496,8 +496,8 @@ + .PP + .\" ========================================================================= + .SH "SEE ALSO" +-\fIls\fP(1), \fIfunzip\fP(1L), \fIunzip\fP(1L), \fIunzipsfx\fP(1L), +-\fIzip\fP(1L), \fIzipcloak\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) ++\fIls\fP(1), \fIfunzip\fP(1), \fIunzip\fP(1), \fIunzipsfx\fP(1), ++\fIzip\fP(1), \fIzipcloak\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) + .PD + .\" ========================================================================= + .SH URL diff --git a/data/unzip/debian/patches/02-this-is-debian-unzip.patch b/data/unzip/debian/patches/02-this-is-debian-unzip.patch new file mode 100644 index 000000000..7f0465120 --- /dev/null +++ b/data/unzip/debian/patches/02-this-is-debian-unzip.patch @@ -0,0 +1,16 @@ +From: Santiago Vila <sanvila@debian.org> +Subject: "Branding patch": UnZip by Debian. Original by Info-ZIP. +X-Debian-version: 5.52-5 + +--- a/unzip.c ++++ b/unzip.c +@@ -570,8 +570,7 @@ + #else /* !VMS */ + # ifdef COPYRIGHT_CLEAN + static ZCONST char Far UnzipUsageLine1[] = "\ +-UnZip %d.%d%d%s of %s, by Info-ZIP. Maintained by C. Spieler. Send\n\ +-bug reports using http://www.info-zip.org/zip-bug.html; see README for details.\ ++UnZip %d.%d%d%s of %s, by Debian. Original by Info-ZIP.\ + \n\n"; + # else + static ZCONST char Far UnzipUsageLine1[] = "\ diff --git a/data/unzip/debian/patches/03-include-unistd-for-kfreebsd.patch b/data/unzip/debian/patches/03-include-unistd-for-kfreebsd.patch new file mode 100644 index 000000000..6f06191ff --- /dev/null +++ b/data/unzip/debian/patches/03-include-unistd-for-kfreebsd.patch @@ -0,0 +1,15 @@ +From: Aurelien Jarno <aurel32@debian.org> +Subject: #include <unistd.h> for kFreeBSD +Bug-Debian: https://bugs.debian.org/340693 +X-Debian-version: 5.52-8 + +--- a/unix/unxcfg.h ++++ b/unix/unxcfg.h +@@ -52,6 +52,7 @@ + + #include <sys/types.h> /* off_t, time_t, dev_t, ... */ + #include <sys/stat.h> ++#include <unistd.h> + + #ifdef NO_OFF_T + typedef long zoff_t; diff --git a/data/unzip/debian/patches/04-handle-pkware-verification-bit.patch b/data/unzip/debian/patches/04-handle-pkware-verification-bit.patch new file mode 100644 index 000000000..6bda15a56 --- /dev/null +++ b/data/unzip/debian/patches/04-handle-pkware-verification-bit.patch @@ -0,0 +1,21 @@ +From: "Steven M. Schweda" <sms@antinode.info> +Subject: Handle the PKWare verification bit of internal attributes +Bug-Debian: https://bugs.debian.org/630078 +X-Debian-version: 6.0-5 + +--- a/process.c ++++ b/process.c +@@ -1729,6 +1729,13 @@ + else if (uO.L_flag > 1) /* let -LL force lower case for all names */ + G.pInfo->lcflag = 1; + ++ /* Handle the PKWare verification bit, bit 2 (0x0004) of internal ++ attributes. If this is set, then a verification checksum is in the ++ first 3 bytes of the external attributes. In this case all we can use ++ for setting file attributes is the last external attributes byte. */ ++ if (G.crec.internal_file_attributes & 0x0004) ++ G.crec.external_file_attributes &= (ulg)0xff; ++ + /* do Amigas (AMIGA_) also have volume labels? */ + if (IS_VOLID(G.crec.external_file_attributes) && + (G.pInfo->hostnum == FS_FAT_ || G.pInfo->hostnum == FS_HPFS_ || diff --git a/data/unzip/debian/patches/05-fix-uid-gid-handling.patch b/data/unzip/debian/patches/05-fix-uid-gid-handling.patch new file mode 100644 index 000000000..ee9b3ddc6 --- /dev/null +++ b/data/unzip/debian/patches/05-fix-uid-gid-handling.patch @@ -0,0 +1,29 @@ +From: "Steven M. Schweda" <sms@antinode.info> +Subject: Restore uid and gid information when requested +Bug-Debian: https://bugs.debian.org/689212 +X-Debian-version: 6.0-8 + +--- a/process.c ++++ b/process.c +@@ -2904,7 +2904,7 @@ + #ifdef IZ_HAVE_UXUIDGID + if (eb_len >= EB_UX3_MINLEN + && z_uidgid != NULL +- && (*((EB_HEADSIZE + 0) + ef_buf) == 1) ++ && (*((EB_HEADSIZE + 0) + ef_buf) == 1)) + /* only know about version 1 */ + { + uch uid_size; +@@ -2916,10 +2916,10 @@ + flags &= ~0x0ff; /* ignore any previous UNIX field */ + + if ( read_ux3_value((EB_HEADSIZE + 2) + ef_buf, +- uid_size, z_uidgid[0]) ++ uid_size, &z_uidgid[0]) + && + read_ux3_value((EB_HEADSIZE + uid_size + 3) + ef_buf, +- gid_size, z_uidgid[1]) ) ++ gid_size, &z_uidgid[1]) ) + { + flags |= EB_UX2_VALID; /* signal success */ + } diff --git a/data/unzip/debian/patches/06-initialize-the-symlink-flag.patch b/data/unzip/debian/patches/06-initialize-the-symlink-flag.patch new file mode 100644 index 000000000..11fa0d9f9 --- /dev/null +++ b/data/unzip/debian/patches/06-initialize-the-symlink-flag.patch @@ -0,0 +1,20 @@ +From: Andreas Schwab <schwab@linux-m68k.org> +Subject: Initialize the symlink flag +Bug-Debian: https://bugs.debian.org/717029 +X-Debian-version: 6.0-10 + +--- a/process.c ++++ b/process.c +@@ -1758,6 +1758,12 @@ + = (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11); + #endif + ++#ifdef SYMLINKS ++ /* Initialize the symlink flag, may be set by the platform-specific ++ mapattr function. */ ++ G.pInfo->symlink = 0; ++#endif ++ + return PK_COOL; + + } /* end function process_cdir_file_hdr() */ diff --git a/data/unzip/debian/patches/07-increase-size-of-cfactorstr.patch b/data/unzip/debian/patches/07-increase-size-of-cfactorstr.patch new file mode 100644 index 000000000..e2d8926f2 --- /dev/null +++ b/data/unzip/debian/patches/07-increase-size-of-cfactorstr.patch @@ -0,0 +1,16 @@ +From: "Steven M. Schweda" <sms@antinode.info> +Subject: Increase size of cfactorstr array to avoid buffer overflow +Bug-Debian: https://bugs.debian.org/741384 +X-Debian-version: 6.0-11 + +--- a/list.c ++++ b/list.c +@@ -97,7 +97,7 @@ + { + int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; + #ifndef WINDLL +- char sgn, cfactorstr[10]; ++ char sgn, cfactorstr[12]; + int longhdr=(uO.vflag>1); + #endif + int date_format; diff --git a/data/unzip/debian/patches/08-allow-greater-hostver-values.patch b/data/unzip/debian/patches/08-allow-greater-hostver-values.patch new file mode 100644 index 000000000..3460787b8 --- /dev/null +++ b/data/unzip/debian/patches/08-allow-greater-hostver-values.patch @@ -0,0 +1,14 @@ +From: Santiago Vila <sanvila@debian.org> +Subject: zipinfo.c: Do not crash when hostver byte is >= 100 + +--- a/zipinfo.c ++++ b/zipinfo.c +@@ -2114,7 +2114,7 @@ + else + attribs[9] = (xattr & UNX_ISVTX)? 'T' : '-'; /* T==undefined */ + +- sprintf(&attribs[12], "%u.%u", hostver/10, hostver%10); ++ sprintf(&attribs[11], "%2u.%u", hostver/10, hostver%10); + break; + + } /* end switch (hostnum: external attributes format) */ diff --git a/data/unzip/debian/patches/09-cve-2014-8139-crc-overflow.patch b/data/unzip/debian/patches/09-cve-2014-8139-crc-overflow.patch new file mode 100644 index 000000000..3b49472e1 --- /dev/null +++ b/data/unzip/debian/patches/09-cve-2014-8139-crc-overflow.patch @@ -0,0 +1,53 @@ +From: "Steven M. Schweda" <sms@antinode.info> +Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow +Bug-Debian: https://bugs.debian.org/773722 + +--- a/extract.c ++++ b/extract.c +@@ -1,5 +1,5 @@ + /* +- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. ++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. + + See the accompanying file LICENSE, version 2009-Jan-02 or later + (the contents of which are also included in unzip.h) for terms of use. +@@ -298,6 +298,8 @@ + #ifndef SFX + static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ + EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; ++ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \ ++ EF block length (%u bytes) invalid (< %d)\n"; + static ZCONST char Far InvalidComprDataEAs[] = + " invalid compressed data for EAs\n"; + # if (defined(WIN32) && defined(NTSD_EAS)) +@@ -2023,7 +2025,8 @@ + ebID = makeword(ef); + ebLen = (unsigned)makeword(ef+EB_LEN); + +- if (ebLen > (ef_len - EB_HEADSIZE)) { ++ if (ebLen > (ef_len - EB_HEADSIZE)) ++ { + /* Discovered some extra field inconsistency! */ + if (uO.qflag) + Info(slide, 1, ((char *)slide, "%-22s ", +@@ -2158,11 +2161,19 @@ + } + break; + case EF_PKVMS: +- if (makelong(ef+EB_HEADSIZE) != ++ if (ebLen < 4) ++ { ++ Info(slide, 1, ++ ((char *)slide, LoadFarString(TooSmallEBlength), ++ ebLen, 4)); ++ } ++ else if (makelong(ef+EB_HEADSIZE) != + crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4), + (extent)(ebLen-4))) ++ { + Info(slide, 1, ((char *)slide, + LoadFarString(BadCRC_EAs))); ++ } + break; + case EF_PKW32: + case EF_PKUNIX: diff --git a/data/unzip/debian/patches/10-cve-2014-8140-test-compr-eb.patch b/data/unzip/debian/patches/10-cve-2014-8140-test-compr-eb.patch new file mode 100644 index 000000000..ad74239eb --- /dev/null +++ b/data/unzip/debian/patches/10-cve-2014-8140-test-compr-eb.patch @@ -0,0 +1,27 @@ +From: "Steven M. Schweda" <sms@antinode.info> +Subject: Fix CVE-2014-8140: out-of-bounds write issue in test_compr_eb() +Bug-Debian: https://bugs.debian.org/773722 + +--- a/extract.c ++++ b/extract.c +@@ -2232,10 +2232,17 @@ + if (compr_offset < 4) /* field is not compressed: */ + return PK_OK; /* do nothing and signal OK */ + ++ /* Return no/bad-data error status if any problem is found: ++ * 1. eb_size is too small to hold the uncompressed size ++ * (eb_ucsize). (Else extract eb_ucsize.) ++ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS. ++ * 3. eb_ucsize is positive, but eb_size is too small to hold ++ * the compressed data header. ++ */ + if ((eb_size < (EB_UCSIZE_P + 4)) || +- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L && +- eb_size <= (compr_offset + EB_CMPRHEADLEN))) +- return IZ_EF_TRUNC; /* no compressed data! */ ++ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) || ++ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) ++ return IZ_EF_TRUNC; /* no/bad compressed data! */ + + if ( + #ifdef INT_16BIT diff --git a/data/unzip/debian/patches/11-cve-2014-8141-getzip64data.patch b/data/unzip/debian/patches/11-cve-2014-8141-getzip64data.patch new file mode 100644 index 000000000..6097966c2 --- /dev/null +++ b/data/unzip/debian/patches/11-cve-2014-8141-getzip64data.patch @@ -0,0 +1,137 @@ +From: "Steven M. Schweda" <sms@antinode.info> +Subject: Fix CVE-2014-8141: out-of-bounds read issues in getZip64Data() +Bug-Debian: https://bugs.debian.org/773722 + +--- a/fileio.c ++++ b/fileio.c +@@ -176,6 +176,8 @@ + #endif + static ZCONST char Far ExtraFieldTooLong[] = + "warning: extra field too long (%d). Ignoring...\n"; ++static ZCONST char Far ExtraFieldCorrupt[] = ++ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n"; + + #ifdef WINDLL + static ZCONST char Far DiskFullQuery[] = +@@ -2295,7 +2297,12 @@ + if (readbuf(__G__ (char *)G.extra_field, length) == 0) + return PK_EOF; + /* Looks like here is where extra fields are read */ +- getZip64Data(__G__ G.extra_field, length); ++ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL) ++ { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64)); ++ error = PK_WARN; ++ } + #ifdef UNICODE_SUPPORT + G.unipath_filename = NULL; + if (G.UzO.U_flag < 2) { +--- a/process.c ++++ b/process.c +@@ -1,5 +1,5 @@ + /* +- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. ++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. + + See the accompanying file LICENSE, version 2009-Jan-02 or later + (the contents of which are also included in unzip.h) for terms of use. +@@ -1901,48 +1901,82 @@ + and a 4-byte version of disk start number. + Sets both local header and central header fields. Not terribly clever, + but it means that this procedure is only called in one place. ++ ++ 2014-12-05 SMS. ++ Added checks to ensure that enough data are available before calling ++ makeint64() or makelong(). Replaced various sizeof() values with ++ simple ("4" or "8") constants. (The Zip64 structures do not depend ++ on our variable sizes.) Error handling is crude, but we should now ++ stay within the buffer. + ---------------------------------------------------------------------------*/ + ++#define Z64FLGS 0xffff ++#define Z64FLGL 0xffffffff ++ + if (ef_len == 0 || ef_buf == NULL) + return PK_COOL; + + Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n", + ef_len)); + +- while (ef_len >= EB_HEADSIZE) { ++ while (ef_len >= EB_HEADSIZE) ++ { + eb_id = makeword(EB_ID + ef_buf); + eb_len = makeword(EB_LEN + ef_buf); + +- if (eb_len > (ef_len - EB_HEADSIZE)) { +- /* discovered some extra field inconsistency! */ ++ if (eb_len > (ef_len - EB_HEADSIZE)) ++ { ++ /* Extra block length exceeds remaining extra field length. */ + Trace((stderr, + "getZip64Data: block length %u > rest ef_size %u\n", eb_len, + ef_len - EB_HEADSIZE)); + break; + } +- if (eb_id == EF_PKSZ64) { +- ++ if (eb_id == EF_PKSZ64) ++ { + int offset = EB_HEADSIZE; + +- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){ +- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf); +- offset += sizeof(G.crec.ucsize); ++ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL)) ++ { ++ if (offset+ 8 > ef_len) ++ return PK_ERR; ++ ++ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf); ++ offset += 8; + } +- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){ +- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf); +- offset += sizeof(G.crec.csize); ++ ++ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL)) ++ { ++ if (offset+ 8 > ef_len) ++ return PK_ERR; ++ ++ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf); ++ offset += 8; + } +- if (G.crec.relative_offset_local_header == 0xffffffff){ ++ ++ if (G.crec.relative_offset_local_header == Z64FLGL) ++ { ++ if (offset+ 8 > ef_len) ++ return PK_ERR; ++ + G.crec.relative_offset_local_header = makeint64(offset + ef_buf); +- offset += sizeof(G.crec.relative_offset_local_header); ++ offset += 8; + } +- if (G.crec.disk_number_start == 0xffff){ ++ ++ if (G.crec.disk_number_start == Z64FLGS) ++ { ++ if (offset+ 4 > ef_len) ++ return PK_ERR; ++ + G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf); +- offset += sizeof(G.crec.disk_number_start); ++ offset += 4; + } ++#if 0 ++ break; /* Expect only one EF_PKSZ64 block. */ ++#endif /* 0 */ + } + +- /* Skip this extra field block */ ++ /* Skip this extra field block. */ + ef_buf += (eb_len + EB_HEADSIZE); + ef_len -= (eb_len + EB_HEADSIZE); + } diff --git a/data/unzip/debian/patches/12-cve-2014-9636-test-compr-eb.patch b/data/unzip/debian/patches/12-cve-2014-9636-test-compr-eb.patch new file mode 100644 index 000000000..1f3838498 --- /dev/null +++ b/data/unzip/debian/patches/12-cve-2014-9636-test-compr-eb.patch @@ -0,0 +1,40 @@ +From: mancha <mancha1 AT zoho DOT com> +Date: Wed, 11 Feb 2015 +Subject: Info-ZIP UnZip buffer overflow +Bug-Debian: https://bugs.debian.org/776589 + +By carefully crafting a corrupt ZIP archive with "extra fields" that +purport to have compressed blocks larger than the corresponding +uncompressed blocks in STORED no-compression mode, an attacker can +trigger a heap overflow that can result in application crash or +possibly have other unspecified impact. + +This patch ensures that when extra fields use STORED mode, the +"compressed" and uncompressed block sizes match. + +--- a/extract.c ++++ b/extract.c +@@ -2228,6 +2228,7 @@ + ulg eb_ucsize; + uch *eb_ucptr; + int r; ++ ush eb_compr_method; + + if (compr_offset < 4) /* field is not compressed: */ + return PK_OK; /* do nothing and signal OK */ +@@ -2244,6 +2245,15 @@ + ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) + return IZ_EF_TRUNC; /* no/bad compressed data! */ + ++ /* 2015-02-10 Mancha(?), Michal Zalewski, Tomas Hoger, SMS. ++ * For STORE method, compressed and uncompressed sizes must agree. ++ * http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450 ++ */ ++ eb_compr_method = makeword( eb + (EB_HEADSIZE + compr_offset)); ++ if ((eb_compr_method == STORED) && ++ (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize)) ++ return PK_ERR; ++ + if ( + #ifdef INT_16BIT + (((ulg)(extent)eb_ucsize) != eb_ucsize) || diff --git a/data/unzip/debian/patches/13-remove-build-date.patch b/data/unzip/debian/patches/13-remove-build-date.patch new file mode 100644 index 000000000..bb60533cb --- /dev/null +++ b/data/unzip/debian/patches/13-remove-build-date.patch @@ -0,0 +1,17 @@ +From: Jérémy Bobbio <lunar@debian.org> +Subject: Remove build date +Bug-Debian: https://bugs.debian.org/782851 + In order to make unzip build reproducibly, we remove the + (already optional) build date from the binary. + +--- a/unix/unix.c ++++ b/unix/unix.c +@@ -1705,7 +1705,7 @@ + #endif /* Sun */ + #endif /* SGI */ + +-#ifdef __DATE__ ++#if 0 + " on ", __DATE__ + #else + "", "" diff --git a/data/unzip/debian/patches/14-cve-2015-7696.patch b/data/unzip/debian/patches/14-cve-2015-7696.patch new file mode 100644 index 000000000..91482dae0 --- /dev/null +++ b/data/unzip/debian/patches/14-cve-2015-7696.patch @@ -0,0 +1,33 @@ +From: Petr Stodulka <pstodulk@redhat.com> +Date: Mon, 14 Sep 2015 18:23:17 +0200 +Subject: Upstream fix for heap overflow +Bug-Debian: https://bugs.debian.org/802162 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 +Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002 +Forwarded: yes + +--- + crypt.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +--- a/crypt.c ++++ b/crypt.c +@@ -465,7 +465,17 @@ + GLOBAL(pInfo->encrypted) = FALSE; + defer_leftover_input(__G); + for (n = 0; n < RAND_HEAD_LEN; n++) { +- b = NEXTBYTE; ++ /* 2012-11-23 SMS. (OUSPG report.) ++ * Quit early if compressed size < HEAD_LEN. The resulting ++ * error message ("unable to get password") could be improved, ++ * but it's better than trying to read nonexistent data, and ++ * then continuing with a negative G.csize. (See ++ * fileio.c:readbyte()). ++ */ ++ if ((b = NEXTBYTE) == (ush)EOF) ++ { ++ return PK_ERR; ++ } + h[n] = (uch)b; + Trace((stdout, " (%02x)", h[n])); + } diff --git a/data/unzip/debian/patches/15-cve-2015-7697.patch b/data/unzip/debian/patches/15-cve-2015-7697.patch new file mode 100644 index 000000000..782431090 --- /dev/null +++ b/data/unzip/debian/patches/15-cve-2015-7697.patch @@ -0,0 +1,26 @@ +From: Kamil Dudka <kdudka@redhat.com> +Date: Mon, 14 Sep 2015 18:24:56 +0200 +Subject: fix infinite loop when extracting empty bzip2 data +Bug-Debian: https://bugs.debian.org/802160 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 +Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339 + +--- + extract.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/extract.c ++++ b/extract.c +@@ -2729,6 +2729,12 @@ + int repeated_buf_err; + bz_stream bstrm; + ++ if (G.incnt <= 0 && G.csize <= 0L) { ++ /* avoid an infinite loop */ ++ Trace((stderr, "UZbunzip2() got empty input\n")); ++ return 2; ++ } ++ + #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) + if (G.redirect_slide) + wsize = G.redirect_size, redirSlide = G.redirect_buffer; diff --git a/data/unzip/debian/patches/16-fix-integer-underflow-csiz-decrypted.patch b/data/unzip/debian/patches/16-fix-integer-underflow-csiz-decrypted.patch new file mode 100644 index 000000000..45afbdd68 --- /dev/null +++ b/data/unzip/debian/patches/16-fix-integer-underflow-csiz-decrypted.patch @@ -0,0 +1,32 @@ +From: Kamil Dudka <kdudka@redhat.com> +Date: Tue, 22 Sep 2015 18:52:23 +0200 +Subject: [PATCH] extract: prevent unsigned overflow on invalid input +Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1075942 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 + +Suggested-by: Stefan Cornelius +--- + extract.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/extract.c ++++ b/extract.c +@@ -1257,8 +1257,17 @@ + if (G.lrec.compression_method == STORED) { + zusz_t csiz_decrypted = G.lrec.csize; + +- if (G.pInfo->encrypted) ++ if (G.pInfo->encrypted) { ++ if (csiz_decrypted < 12) { ++ /* handle the error now to prevent unsigned overflow */ ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarStringSmall(ErrUnzipNoFile), ++ LoadFarString(InvalidComprData), ++ LoadFarStringSmall2(Inflate))); ++ return PK_ERR; ++ } + csiz_decrypted -= 12; ++ } + if (G.lrec.ucsize != csiz_decrypted) { + Info(slide, 0x401, ((char *)slide, + LoadFarStringSmall2(WrnStorUCSizCSizDiff), diff --git a/data/unzip/debian/patches/17-restore-unix-timestamps-accurately.patch b/data/unzip/debian/patches/17-restore-unix-timestamps-accurately.patch new file mode 100644 index 000000000..2aa9424eb --- /dev/null +++ b/data/unzip/debian/patches/17-restore-unix-timestamps-accurately.patch @@ -0,0 +1,41 @@ +From: "Steven M. Schweda" <sms@antinode.info> +Subject: Do not ignore extra fields containing Unix Timestamps +Bug-Debian: https://bugs.debian.org/842993 +X-Debian-version: 6.0-21 + +--- a/process.c ++++ b/process.c +@@ -2914,10 +2914,13 @@ + break; + + case EF_IZUNIX2: +- if (have_new_type_eb == 0) { +- flags &= ~0x0ff; /* ignore any previous IZUNIX field */ ++ if (have_new_type_eb == 0) { /* (< 1) */ + have_new_type_eb = 1; + } ++ if (have_new_type_eb <= 1) { ++ /* Ignore any prior (EF_IZUNIX/EF_PKUNIX) UID/GID. */ ++ flags &= 0x0ff; ++ } + #ifdef IZ_HAVE_UXUIDGID + if (have_new_type_eb > 1) + break; /* IZUNIX3 overrides IZUNIX2 e.f. block ! */ +@@ -2933,6 +2936,8 @@ + /* new 3rd generation Unix ef */ + have_new_type_eb = 2; + ++ /* Ignore any prior EF_IZUNIX/EF_PKUNIX/EF_IZUNIX2 UID/GID. */ ++ flags &= 0x0ff; + /* + Version 1 byte version of this extra field, currently 1 + UIDSize 1 byte Size of UID field +@@ -2953,8 +2958,6 @@ + uid_size = *((EB_HEADSIZE + 1) + ef_buf); + gid_size = *((EB_HEADSIZE + uid_size + 2) + ef_buf); + +- flags &= ~0x0ff; /* ignore any previous UNIX field */ +- + if ( read_ux3_value((EB_HEADSIZE + 2) + ef_buf, + uid_size, &z_uidgid[0]) + && diff --git a/data/unzip/debian/patches/18-cve-2014-9913-unzip-buffer-overflow.patch b/data/unzip/debian/patches/18-cve-2014-9913-unzip-buffer-overflow.patch new file mode 100644 index 000000000..a5675f4fb --- /dev/null +++ b/data/unzip/debian/patches/18-cve-2014-9913-unzip-buffer-overflow.patch @@ -0,0 +1,29 @@ +From: "Steven M. Schweda" <sms@antinode.info> +Subject: Fix CVE-2014-9913, buffer overflow in unzip +Bug: https://sourceforge.net/p/infozip/bugs/27/ +Bug-Debian: https://bugs.debian.org/847485 +Bug-Ubuntu: https://launchpad.net/bugs/387350 +X-Debian-version: 6.0-21 + +--- a/list.c ++++ b/list.c +@@ -339,7 +339,18 @@ + G.crec.compression_method == ENHDEFLATED) { + methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; + } else if (methnum >= NUM_METHODS) { +- sprintf(&methbuf[4], "%03u", G.crec.compression_method); ++ /* 2013-02-26 SMS. ++ * http://sourceforge.net/p/infozip/bugs/27/ CVE-2014-9913. ++ * Unexpectedly large compression methods overflow ++ * &methbuf[]. Use the old, three-digit decimal format ++ * for values which fit. Otherwise, sacrifice the ++ * colon, and use four-digit hexadecimal. ++ */ ++ if (G.crec.compression_method <= 999) { ++ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method); ++ } else { ++ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method); ++ } + } + + #if 0 /* GRR/Euro: add this? */ diff --git a/data/unzip/debian/patches/19-cve-2016-9844-zipinfo-buffer-overflow.patch b/data/unzip/debian/patches/19-cve-2016-9844-zipinfo-buffer-overflow.patch new file mode 100644 index 000000000..52d07987b --- /dev/null +++ b/data/unzip/debian/patches/19-cve-2016-9844-zipinfo-buffer-overflow.patch @@ -0,0 +1,28 @@ +From: "Steven M. Schweda" <sms@antinode.info> +Subject: Fix CVE-2016-9844, buffer overflow in zipinfo +Bug-Debian: https://bugs.debian.org/847486 +Bug-Ubuntu: https://launchpad.net/bugs/1643750 +X-Debian-version: 6.0-21 + +--- a/zipinfo.c ++++ b/zipinfo.c +@@ -1921,7 +1921,18 @@ + ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3); + methbuf[3] = dtype[dnum]; + } else if (methnum >= NUM_METHODS) { /* unknown */ +- sprintf(&methbuf[1], "%03u", G.crec.compression_method); ++ /* 2016-12-05 SMS. ++ * https://launchpad.net/bugs/1643750 ++ * Unexpectedly large compression methods overflow ++ * &methbuf[]. Use the old, three-digit decimal format ++ * for values which fit. Otherwise, sacrifice the "u", ++ * and use four-digit hexadecimal. ++ */ ++ if (G.crec.compression_method <= 999) { ++ sprintf( &methbuf[ 1], "%03u", G.crec.compression_method); ++ } else { ++ sprintf( &methbuf[ 0], "%04X", G.crec.compression_method); ++ } + } + + for (k = 0; k < 15; ++k) diff --git a/data/unzip/debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch b/data/unzip/debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch new file mode 100644 index 000000000..10ae0302f --- /dev/null +++ b/data/unzip/debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch @@ -0,0 +1,35 @@ +From: Karol Babioch <kbabioch@suse.com> +Subject: Fix buffer overflow in password protected zip archives +Bug-Debian: https://bugs.debian.org/889838 +Origin: https://bugzilla.novell.com/attachment.cgi?id=759406 + +--- a/fileio.c ++++ b/fileio.c +@@ -1582,6 +1582,10 @@ + int r = IZ_PW_ENTERED; + char *m; + char *prompt; ++ char *zfnf; ++ char *efnf; ++ size_t zfnfl; ++ int isOverflow; + + #ifndef REENTRANT + /* tell picky compilers to shut up about "unused variable" warnings */ +@@ -1590,7 +1594,15 @@ + + if (*rcnt == 0) { /* First call for current entry */ + *rcnt = 2; +- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { ++ zfnf = FnFilter1(zfn); ++ efnf = FnFilter2(efn); ++ zfnfl = strlen(zfnf); ++ isOverflow = TRUE; ++ if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf)) ++ { ++ isOverflow = FALSE; ++ } ++ if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) { + sprintf(prompt, LoadFarString(PasswPrompt), + FnFilter1(zfn), FnFilter2(efn)); + m = prompt; diff --git a/data/unzip/debian/patches/series b/data/unzip/debian/patches/series new file mode 100644 index 000000000..dfc7cc522 --- /dev/null +++ b/data/unzip/debian/patches/series @@ -0,0 +1,20 @@ +01-manpages-in-section-1-not-in-section-1l.patch +02-this-is-debian-unzip.patch +03-include-unistd-for-kfreebsd.patch +04-handle-pkware-verification-bit.patch +05-fix-uid-gid-handling.patch +06-initialize-the-symlink-flag.patch +07-increase-size-of-cfactorstr.patch +08-allow-greater-hostver-values.patch +09-cve-2014-8139-crc-overflow.patch +10-cve-2014-8140-test-compr-eb.patch +11-cve-2014-8141-getzip64data.patch +12-cve-2014-9636-test-compr-eb.patch +13-remove-build-date.patch +14-cve-2015-7696.patch +15-cve-2015-7697.patch +16-fix-integer-underflow-csiz-decrypted.patch +17-restore-unix-timestamps-accurately.patch +18-cve-2014-9913-unzip-buffer-overflow.patch +19-cve-2016-9844-zipinfo-buffer-overflow.patch +20-cve-2018-1000035-unzip-buffer-overflow.patch |