Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2018-02-10 17:53:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unzip" Sat Feb 10 17:53:01 2018 rev:41 rq:574312 version:6.00 Changes: -------- --- /work/SRC/openSUSE:Factory/unzip/unzip.changes 2017-07-11 08:23:39.549948410 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2018-02-10 17:53:15.294801669 +0100 @@ -1,0 +2,6 @@ +Thu Feb 8 14:11:25 UTC 2018 - kbabi...@suse.com + +- Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in + password protected ZIP archives (CVE-2018-1000035 bsc#1080074) + +------------------------------------------------------------------- New: ---- CVE-2018-1000035.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ unzip-rcc.spec ++++++ --- /var/tmp/diff_new_pack.y13mXj/_old 2018-02-10 17:53:16.110772131 +0100 +++ /var/tmp/diff_new_pack.y13mXj/_new 2018-02-10 17:53:16.110772131 +0100 @@ -1,7 +1,7 @@ # # spec file for package unzip-rcc # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ unzip.spec ++++++ --- /var/tmp/diff_new_pack.y13mXj/_old 2018-02-10 17:53:16.130771407 +0100 +++ /var/tmp/diff_new_pack.y13mXj/_new 2018-02-10 17:53:16.134771262 +0100 @@ -1,7 +1,7 @@ # # spec file for package unzip # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -56,6 +56,7 @@ Patch16: CVE-2015-7697.patch Patch17: CVE-2016-9844.patch Patch18: CVE-2014-9913.patch +Patch19: CVE-2018-1000035.patch Requires(post): update-alternatives Requires(preun): update-alternatives Recommends: %{_name}-doc @@ -98,6 +99,7 @@ %patch16 -p1 %patch17 -p1 %patch18 -p1 +%patch19 -p0 %build export RPM_OPT_FLAGS="%{optflags} \ ++++++ CVE-2018-1000035.patch ++++++ From: <kbabi...@suse.com> Date: Thu Feb 8 15:10:03 CET 2018 Upstream: merged References: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=548 Index: fileio.c =================================================================== --- fileio.c.orig +++ fileio.c @@ -1613,7 +1613,11 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, int r = IZ_PW_ENTERED; char *m; char *prompt; - + char *zfnf; + char *efnf; + size_t zfnfl; + int isOverflow; + #ifndef REENTRANT /* tell picky compilers to shut up about "unused variable" warnings */ pG = pG; @@ -1621,7 +1625,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, if (*rcnt == 0) { /* First call for current entry */ *rcnt = 2; - if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { + zfnf = FnFilter1(zfn); + efnf = FnFilter2(efn); + zfnfl = strlen(zfnf); + isOverflow = TRUE; + if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf)) + { + isOverflow = FALSE; + } + if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) { sprintf(prompt, LoadFarString(PasswPrompt), FnFilter1(zfn), FnFilter2(efn)); m = prompt;