Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2016-10-14 09:27:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and      /work/SRC/openSUSE:Factory/.unzip.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "unzip"

Changes:
--------
--- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes  2016-06-29 
15:01:38.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes     2016-10-14 
09:27:21.000000000 +0200
@@ -1,0 +2,10 @@
+Wed Oct 12 07:24:12 UTC 2016 - josef.moell...@suse.com
+
+- When decrypting an encrypted file,
+  quit early if compressed size < HEAD_LEN.
+  When extracting avoid an infinite loop
+  if a file never finishes unzipping.
+  (bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697,
+  CVE-2015-7696.patch, CVE-2015-7697.patch)
+
+-------------------------------------------------------------------
--- /work/SRC/openSUSE:Factory/unzip/unzip.changes      2016-06-29 
15:01:38.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2016-10-14 
09:27:21.000000000 +0200
@@ -1,0 +2,10 @@
+Wed Oct 12 07:23:03 UTC 2016 - josef.moell...@suse.com
+
+- When decrypting an encrypted file,
+  quit early if compressed size < HEAD_LEN.
+  When extracting avoid an infinite loop
+  if a file never finishes unzipping.
+  (bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697,
+  CVE-2015-7696.patch, CVE-2015-7697.patch)
+
+-------------------------------------------------------------------

New:
----
  CVE-2015-7696.patch
  CVE-2015-7697.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ unzip-rcc.spec ++++++
--- /var/tmp/diff_new_pack.8f1KBf/_old  2016-10-14 09:27:22.000000000 +0200
+++ /var/tmp/diff_new_pack.8f1KBf/_new  2016-10-14 09:27:22.000000000 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip-rcc
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -51,6 +51,8 @@
 Patch12:        unzip-dont_call_isprint.patch
 Patch13:        Fix-CVE-2014-8139-unzip.patch
 Patch14:        Fix-CVE-2014-8140-and-CVE-2014-8141.patch
+Patch15:        CVE-2015-7696.patch
+Patch16:        CVE-2015-7697.patch
 Requires(post): update-alternatives
 Requires(preun): update-alternatives
 Recommends:     %{_name}-doc
@@ -89,6 +91,8 @@
 %patch12
 %patch13 -p1
 %patch14 -p1
+%patch15 -p1
+%patch16 -p1
 
 %build
 export RPM_OPT_FLAGS="%{optflags} \

++++++ unzip.spec ++++++
--- /var/tmp/diff_new_pack.8f1KBf/_old  2016-10-14 09:27:22.000000000 +0200
+++ /var/tmp/diff_new_pack.8f1KBf/_new  2016-10-14 09:27:22.000000000 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -51,6 +51,8 @@
 Patch12:        unzip-dont_call_isprint.patch
 Patch13:        Fix-CVE-2014-8139-unzip.patch
 Patch14:        Fix-CVE-2014-8140-and-CVE-2014-8141.patch
+Patch15:        CVE-2015-7696.patch
+Patch16:        CVE-2015-7697.patch
 Requires(post): update-alternatives
 Requires(preun): update-alternatives
 Recommends:     %{_name}-doc
@@ -89,6 +91,8 @@
 %patch12
 %patch13 -p1
 %patch14 -p1
+%patch15 -p1
+%patch16 -p1
 
 %build
 export RPM_OPT_FLAGS="%{optflags} \

++++++ CVE-2015-7696.patch ++++++
From: Petr Stodulka <pstod...@redhat.com>
Date: Mon, 14 Sep 2015 18:23:17 +0200
Subject: Upstream fix for heap overflow
Bug-Debian: https://bugs.debian.org/802162
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002
Forwarded: yes

---
 crypt.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

Index: unzip60/crypt.c
===================================================================
--- unzip60.orig/crypt.c
+++ unzip60/crypt.c
@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd)
     GLOBAL(pInfo->encrypted) = FALSE;
     defer_leftover_input(__G);
     for (n = 0; n < RAND_HEAD_LEN; n++) {
-        b = NEXTBYTE;
+        /* 2012-11-23 SMS.  (OUSPG report.)
+         * Quit early if compressed size < HEAD_LEN.  The resulting
+         * error message ("unable to get password") could be improved,
+         * but it's better than trying to read nonexistent data, and
+         * then continuing with a negative G.csize.  (See
+         * fileio.c:readbyte()).
+         */
+        if ((b = NEXTBYTE) == (ush)EOF)
+        {
+            return PK_ERR;
+        }
         h[n] = (uch)b;
         Trace((stdout, " (%02x)", h[n]));
     }
++++++ CVE-2015-7697.patch ++++++
From: Kamil Dudka <kdu...@redhat.com>
Date: Mon, 14 Sep 2015 18:24:56 +0200
Subject: fix infinite loop when extracting empty bzip2 data
Bug-Debian: https://bugs.debian.org/802160
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339

---
 extract.c | 6 ++++++
 1 file changed, 6 insertions(+)

Index: unzip60/extract.c
===================================================================
--- unzip60.orig/extract.c
+++ unzip60/extract.c
@@ -2721,6 +2721,12 @@ __GDEF
     int repeated_buf_err;
     bz_stream bstrm;
 
+    if (G.incnt <= 0 && G.csize <= 0L) {
+        /* avoid an infinite loop */
+        Trace((stderr, "UZbunzip2() got empty input\n"));
+        return 2;
+    }
+
 #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
     if (G.redirect_slide)
         wsize = G.redirect_size, redirSlide = G.redirect_buffer;

Reply via email to