gnu: unzip: Add patches from Fedora [security fixes].

Non-exhaustively fixes CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384, and CVE-2019-13232. * gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch, gnu/packages/patches/unzip-CVE-2016-9844.patch, gnu/packages/patches/unzip-CVE-2018-1000035.patch, gnu/packages/patches/unzip-CVE-2018-18384.patch, gnu/packages/patches/unzip-case-insensitive.patch, gnu/packages/patches/unzip-alt-iconv-utf8-print.patch, gnu/packages/patches/unzip-alt-iconv-utf8.patch, gnu/packages/patches/unzip-close.patch, gnu/packages/patches/unzip-exec-shield.patch, gnu/packages/patches/unzip-fix-recmatch.patch, gnu/packages/patches/unzip-manpage-fix.patch, gnu/packages/patches/unzip-overflow.patch, gnu/packages/patches/unzip-symlink.patch, gnu/packages/patches/unzip-timestamp.patch, gnu/packages/patches/unzip-valgrind.patch, gnu/packages/patches/unzip-x-option.patch, gnu/packages/patches/unzip-zipbomb-manpage.patch, gnu/packages/patches/unzip-zipbomb-part1.patch, gnu/packages/patches/unzip-zipbomb-part2.patch, gnu/packages/patches/unzip-zipbomb-part3.patch: New patches. * gnu/local.mk (dist_patch_DATA): Register them. * gnu/packages/compression.scm (unzip/fixed): New variable. Apply patches. (unzip)[replacement]: Graft.
author: Léo Le Bouter <lle-bout@zaclys.net> 2021-03-10 08:29:53 +0100
committer: Léo Le Bouter <lle-bout@zaclys.net> 2021-03-14 06:11:20 +0100
commit: 31d289a4759909d24dd309ac24d42902a8c20da0 (patch)
tree: 1896b64e72e6c18e65455d7323468d8659125ca5 /gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch
parent: 92d0949a268fe8479af5851d5bb3733e207a5c81 (diff)
download: guix-patches-31d289a4759909d24dd309ac24d42902a8c20da0.tar
guix-patches-31d289a4759909d24dd309ac24d42902a8c20da0.tar.gz
1 files changed, 131 insertions, 0 deletions
diff --git a/gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch b/gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch
new file mode 100644
index 0000000000..717377119b
--- /dev/null
+++ b/gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch
@@ -0,0 +1,131 @@
+From 06d1b08aef94984256cad3c5a54cedb10295681f Mon Sep 17 00:00:00 2001
+From: Jakub Martisko <jamartis@redhat.com>
+Date: Thu, 8 Nov 2018 09:31:18 +0100
+Subject: [PATCH] Possible unterminated string fix
+
+---
+ unix/unix.c   |  4 +++-
+ unix/unxcfg.h |  2 +-
+ unzip.c       | 12 ++++++++----
+ zipinfo.c     | 12 ++++++++----
+ 4 files changed, 20 insertions(+), 10 deletions(-)
+
+diff --git a/unix/unix.c b/unix/unix.c
+index 59b622d..cd57f80 100644
+--- a/unix/unix.c
++++ b/unix/unix.c
+@@ -1945,7 +1945,9 @@ void init_conversion_charsets()
+     	for(i = 0; i < sizeof(dos_charset_map)/sizeof(CHARSET_MAP); i++)
+     		if(!strcasecmp(local_charset, dos_charset_map[i].local_charset)) {
+     			strncpy(OEM_CP, dos_charset_map[i].archive_charset,
+-    					sizeof(OEM_CP));
++    					MAX_CP_NAME - 1);
++
++			OEM_CP[MAX_CP_NAME - 1] = '\0';
+     			break;
+     		}
+     }
+diff --git a/unix/unxcfg.h b/unix/unxcfg.h
+index 8729de2..9ee8cfe 100644
+--- a/unix/unxcfg.h
++++ b/unix/unxcfg.h
+@@ -228,7 +228,7 @@ typedef struct stat z_stat;
+ /*    and notfirstcall are used by do_wild().                          */
+ 
+ 
+-#define MAX_CP_NAME 25 
++#define MAX_CP_NAME 25 + 1 
+    
+ #ifdef SETLOCALE
+ #  undef SETLOCALE
+diff --git a/unzip.c b/unzip.c
+index 2d94a38..a485f2b 100644
+--- a/unzip.c
++++ b/unzip.c
+@@ -1561,7 +1561,8 @@ int uz_opts(__G__ pargc, pargv)
+         		                  "error:  a valid character encoding should follow the -I argument"));
+     	                        return(PK_PARAM); 
+     						}
+-    						strncpy(ISO_CP, s, sizeof(ISO_CP));
++    						strncpy(ISO_CP, s, MAX_CP_NAME - 1);
++                ISO_CP[MAX_CP_NAME - 1] = '\0';
+     					} else { /* -I charset */
+     						++argv;
+     						if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
+@@ -1570,7 +1571,8 @@ int uz_opts(__G__ pargc, pargv)
+     	                        return(PK_PARAM); 
+     						}
+     						s = *argv;
+-    						strncpy(ISO_CP, s, sizeof(ISO_CP));
++    						strncpy(ISO_CP, s, MAX_CP_NAME - 1);
++                ISO_CP[MAX_CP_NAME - 1] = '\0';
+     					}
+     					while(*(++s)); /* No params straight after charset name */
+     				}
+@@ -1665,7 +1667,8 @@ int uz_opts(__G__ pargc, pargv)
+         		                  "error:  a valid character encoding should follow the -I argument"));
+     	                        return(PK_PARAM); 
+     						}
+-    						strncpy(OEM_CP, s, sizeof(OEM_CP));
++    						strncpy(OEM_CP, s, MAX_CP_NAME - 1);
++                OEM_CP[MAX_CP_NAME - 1] = '\0';
+     					} else { /* -O charset */
+     						++argv;
+     						if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
+@@ -1674,7 +1677,8 @@ int uz_opts(__G__ pargc, pargv)
+     	                        return(PK_PARAM); 
+     						}
+     						s = *argv;
+-    						strncpy(OEM_CP, s, sizeof(OEM_CP));
++    						strncpy(OEM_CP, s, MAX_CP_NAME - 1);
++                OEM_CP[MAX_CP_NAME - 1] = '\0';
+     					}
+     					while(*(++s)); /* No params straight after charset name */
+     				}
+diff --git a/zipinfo.c b/zipinfo.c
+index accca2a..cb7e08d 100644
+--- a/zipinfo.c
++++ b/zipinfo.c
+@@ -519,7 +519,8 @@ int zi_opts(__G__ pargc, pargv)
+         		                  "error:  a valid character encoding should follow the -I argument"));
+     	                        return(PK_PARAM); 
+     						}
+-    						strncpy(ISO_CP, s, sizeof(ISO_CP));
++    						strncpy(ISO_CP, s, MAX_CP_NAME - 1);
++                ISO_CP[MAX_CP_NAME - 1] = '\0';
+     					} else { /* -I charset */
+     						++argv;
+     						if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
+@@ -528,7 +529,8 @@ int zi_opts(__G__ pargc, pargv)
+     	                        return(PK_PARAM); 
+     						}
+     						s = *argv;
+-    						strncpy(ISO_CP, s, sizeof(ISO_CP));
++    						strncpy(ISO_CP, s, MAX_CP_NAME - 1);
++                ISO_CP[MAX_CP_NAME - 1] = '\0';
+     					}
+     					while(*(++s)); /* No params straight after charset name */
+     				}
+@@ -568,7 +570,8 @@ int zi_opts(__G__ pargc, pargv)
+         		                  "error:  a valid character encoding should follow the -I argument"));
+     	                        return(PK_PARAM); 
+     						}
+-    						strncpy(OEM_CP, s, sizeof(OEM_CP));
++    						strncpy(OEM_CP, s, MAX_CP_NAME - 1);
++                OEM_CP[MAX_CP_NAME - 1] = '\0';
+     					} else { /* -O charset */
+     						++argv;
+     						if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
+@@ -577,7 +580,8 @@ int zi_opts(__G__ pargc, pargv)
+     	                        return(PK_PARAM); 
+     						}
+     						s = *argv;
+-    						strncpy(OEM_CP, s, sizeof(OEM_CP));
++    						strncpy(OEM_CP, s, MAX_CP_NAME - 1);
++                OEM_CP[MAX_CP_NAME - 1] = '\0';
+     					}
+     					while(*(++s)); /* No params straight after charset name */
+     				}
+-- 
+2.14.5
+
author	Léo Le Bouter <lle-bout@zaclys.net>	2021-03-10 08:29:53 +0100
committer	Léo Le Bouter <lle-bout@zaclys.net>	2021-03-14 06:11:20 +0100
commit	31d289a4759909d24dd309ac24d42902a8c20da0 (patch)
tree	1896b64e72e6c18e65455d7323468d8659125ca5 /gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch
parent	92d0949a268fe8479af5851d5bb3733e207a5c81 (diff)
download	guix-patches-31d289a4759909d24dd309ac24d42902a8c20da0.tar guix-patches-31d289a4759909d24dd309ac24d42902a8c20da0.tar.gz