Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2016-10-14 09:27:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unzip" Changes: -------- --- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes 2016-06-29 15:01:38.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2016-10-14 09:27:21.000000000 +0200 @@ -1,0 +2,10 @@ +Wed Oct 12 07:24:12 UTC 2016 - [email protected] + +- When decrypting an encrypted file, + quit early if compressed size < HEAD_LEN. + When extracting avoid an infinite loop + if a file never finishes unzipping. + (bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697, + CVE-2015-7696.patch, CVE-2015-7697.patch) + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/unzip/unzip.changes 2016-06-29 15:01:38.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2016-10-14 09:27:21.000000000 +0200 @@ -1,0 +2,10 @@ +Wed Oct 12 07:23:03 UTC 2016 - [email protected] + +- When decrypting an encrypted file, + quit early if compressed size < HEAD_LEN. + When extracting avoid an infinite loop + if a file never finishes unzipping. + (bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697, + CVE-2015-7696.patch, CVE-2015-7697.patch) + +------------------------------------------------------------------- New: ---- CVE-2015-7696.patch CVE-2015-7697.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ unzip-rcc.spec ++++++ --- /var/tmp/diff_new_pack.8f1KBf/_old 2016-10-14 09:27:22.000000000 +0200 +++ /var/tmp/diff_new_pack.8f1KBf/_new 2016-10-14 09:27:22.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package unzip-rcc # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -51,6 +51,8 @@ Patch12: unzip-dont_call_isprint.patch Patch13: Fix-CVE-2014-8139-unzip.patch Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch +Patch15: CVE-2015-7696.patch +Patch16: CVE-2015-7697.patch Requires(post): update-alternatives Requires(preun): update-alternatives Recommends: %{_name}-doc @@ -89,6 +91,8 @@ %patch12 %patch13 -p1 %patch14 -p1 +%patch15 -p1 +%patch16 -p1 %build export RPM_OPT_FLAGS="%{optflags} \ ++++++ unzip.spec ++++++ --- /var/tmp/diff_new_pack.8f1KBf/_old 2016-10-14 09:27:22.000000000 +0200 +++ /var/tmp/diff_new_pack.8f1KBf/_new 2016-10-14 09:27:22.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package unzip # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -51,6 +51,8 @@ Patch12: unzip-dont_call_isprint.patch Patch13: Fix-CVE-2014-8139-unzip.patch Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch +Patch15: CVE-2015-7696.patch +Patch16: CVE-2015-7697.patch Requires(post): update-alternatives Requires(preun): update-alternatives Recommends: %{_name}-doc @@ -89,6 +91,8 @@ %patch12 %patch13 -p1 %patch14 -p1 +%patch15 -p1 +%patch16 -p1 %build export RPM_OPT_FLAGS="%{optflags} \ ++++++ CVE-2015-7696.patch ++++++ From: Petr Stodulka <[email protected]> Date: Mon, 14 Sep 2015 18:23:17 +0200 Subject: Upstream fix for heap overflow Bug-Debian: https://bugs.debian.org/802162 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002 Forwarded: yes --- crypt.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) Index: unzip60/crypt.c =================================================================== --- unzip60.orig/crypt.c +++ unzip60/crypt.c @@ -465,7 +465,17 @@ int decrypt(__G__ passwrd) GLOBAL(pInfo->encrypted) = FALSE; defer_leftover_input(__G); for (n = 0; n < RAND_HEAD_LEN; n++) { - b = NEXTBYTE; + /* 2012-11-23 SMS. (OUSPG report.) + * Quit early if compressed size < HEAD_LEN. The resulting + * error message ("unable to get password") could be improved, + * but it's better than trying to read nonexistent data, and + * then continuing with a negative G.csize. (See + * fileio.c:readbyte()). + */ + if ((b = NEXTBYTE) == (ush)EOF) + { + return PK_ERR; + } h[n] = (uch)b; Trace((stdout, " (%02x)", h[n])); } ++++++ CVE-2015-7697.patch ++++++ From: Kamil Dudka <[email protected]> Date: Mon, 14 Sep 2015 18:24:56 +0200 Subject: fix infinite loop when extracting empty bzip2 data Bug-Debian: https://bugs.debian.org/802160 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339 --- extract.c | 6 ++++++ 1 file changed, 6 insertions(+) Index: unzip60/extract.c =================================================================== --- unzip60.orig/extract.c +++ unzip60/extract.c @@ -2721,6 +2721,12 @@ __GDEF int repeated_buf_err; bz_stream bstrm; + if (G.incnt <= 0 && G.csize <= 0L) { + /* avoid an infinite loop */ + Trace((stderr, "UZbunzip2() got empty input\n")); + return 2; + } + #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) if (G.redirect_slide) wsize = G.redirect_size, redirSlide = G.redirect_buffer;
