Hello community,
here is the log from the commit of package unzip for openSUSE:Factory checked
in at 2018-02-10 17:53:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/unzip (Old)
and /work/SRC/openSUSE:Factory/.unzip.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unzip"
Sat Feb 10 17:53:01 2018 rev:41 rq:574312 version:6.00
Changes:
--------
--- /work/SRC/openSUSE:Factory/unzip/unzip.changes 2017-07-11
08:23:39.549948410 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2018-02-10
17:53:15.294801669 +0100
@@ -1,0 +2,6 @@
+Thu Feb 8 14:11:25 UTC 2018 - kbabi...@suse.com
+
+- Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in
+ password protected ZIP archives (CVE-2018-1000035 bsc#1080074)
+
+-------------------------------------------------------------------
New:
----
CVE-2018-1000035.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ unzip-rcc.spec ++++++
--- /var/tmp/diff_new_pack.y13mXj/_old 2018-02-10 17:53:16.110772131 +0100
+++ /var/tmp/diff_new_pack.y13mXj/_new 2018-02-10 17:53:16.110772131 +0100
@@ -1,7 +1,7 @@
#
# spec file for package unzip-rcc
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
++++++ unzip.spec ++++++
--- /var/tmp/diff_new_pack.y13mXj/_old 2018-02-10 17:53:16.130771407 +0100
+++ /var/tmp/diff_new_pack.y13mXj/_new 2018-02-10 17:53:16.134771262 +0100
@@ -1,7 +1,7 @@
#
# spec file for package unzip
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -56,6 +56,7 @@
Patch16: CVE-2015-7697.patch
Patch17: CVE-2016-9844.patch
Patch18: CVE-2014-9913.patch
+Patch19: CVE-2018-1000035.patch
Requires(post): update-alternatives
Requires(preun): update-alternatives
Recommends: %{_name}-doc
@@ -98,6 +99,7 @@
%patch16 -p1
%patch17 -p1
%patch18 -p1
+%patch19 -p0
%build
export RPM_OPT_FLAGS="%{optflags} \
++++++ CVE-2018-1000035.patch ++++++
From: <kbabi...@suse.com>
Date: Thu Feb 8 15:10:03 CET 2018
Upstream: merged
References: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=548
Index: fileio.c
===================================================================
--- fileio.c.orig
+++ fileio.c
@@ -1613,7 +1613,11 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
int r = IZ_PW_ENTERED;
char *m;
char *prompt;
-
+ char *zfnf;
+ char *efnf;
+ size_t zfnfl;
+ int isOverflow;
+
#ifndef REENTRANT
/* tell picky compilers to shut up about "unused variable" warnings */
pG = pG;
@@ -1621,7 +1625,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
if (*rcnt == 0) { /* First call for current entry */
*rcnt = 2;
- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+ zfnf = FnFilter1(zfn);
+ efnf = FnFilter2(efn);
+ zfnfl = strlen(zfnf);
+ isOverflow = TRUE;
+ if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf))
+ {
+ isOverflow = FALSE;
+ }
+ if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ +
15)) != (char *)NULL)) {
sprintf(prompt, LoadFarString(PasswPrompt),
FnFilter1(zfn), FnFilter2(efn));
m = prompt;
