+From 170eddb01887e61a581ed1ac78aff05a476bbe59 Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:37:54 +0100
+Subject: [PATCH] fix: heap-based buffer overflow in the CRC32
+ verification
+
+https://nvd.nist.gov/vuln/detail/CVE-2014-8139
+
+CVE: CVE-2014-8139
+---
+ extract.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/extract.c b/extract.c
+index 1acd769..df0fa1c 100644
--- a/extract.c
+++ b/extract.c
@@ -1,5 +1,5 @@
static ZCONST char Far InvalidComprDataEAs[] =
" invalid compressed data for EAs\n";
# if (defined(WIN32) && defined(NTSD_EAS))
-@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_l
+@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_len)
ebID = makeword(ef);
ebLen = (unsigned)makeword(ef+EB_LEN);
/* Discovered some extra field inconsistency! */
if (uO.qflag)
Info(slide, 1, ((char *)slide, "%-22s ",
-@@ -2158,11 +2161,19 @@ static int TestExtraField(__G__ ef, ef_l
+@@ -2158,11 +2161,19 @@ static int TestExtraField(__G__ ef, ef_len)
}
break;
case EF_PKVMS:
break;
case EF_PKW32:
case EF_PKUNIX:
+--
+
+From 03e6da41ba5d588fe072465589a64def3dc4d82b Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:44:08 +0100
+Subject: [PATCH] fix: heap-based buffer overflow in the test_compr_eb
+ function
+
+https://nvd.nist.gov/vuln/detail/CVE-2014-8140
+
+CVE: CVE-2014-8140
+---
+ extract.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/extract.c b/extract.c
+index df0fa1c..ec31e60 100644
--- a/extract.c
+++ b/extract.c
-@@ -2232,10 +2232,17 @@ static int test_compr_eb(__G__ eb, eb_si
+@@ -2232,10 +2232,17 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
if (compr_offset < 4) /* field is not compressed: */
return PK_OK; /* do nothing and signal OK */
if (
#ifdef INT_16BIT
+--
+
+From 80614f70ca3a8ea0d1163a52ad670b631ac938cd Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:45:21 +0100
+Subject: [PATCH] fix: heap-based buffer overflow in the getZip64Data
+ function
+
+https://nvd.nist.gov/vuln/detail/CVE-2014-8141
+
+CVE: CVE-2014-8141
+---
+ fileio.c | 9 +++++++-
+ process.c | 68 +++++++++++++++++++++++++++++++++++++++++--------------
+ 2 files changed, 59 insertions(+), 18 deletions(-)
+
+diff --git a/fileio.c b/fileio.c
+index ba0a1d0..36bfea3 100644
--- a/fileio.c
+++ b/fileio.c
-@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTr
+@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTrunc[] =
#endif
static ZCONST char Far ExtraFieldTooLong[] =
"warning: extra field too long (%d). Ignoring...\n";
#ifdef WINDLL
static ZCONST char Far DiskFullQuery[] =
-@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option) /*
+@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option) /* return PK-type error code */
if (readbuf(__G__ (char *)G.extra_field, length) == 0)
return PK_EOF;
/* Looks like here is where extra fields are read */
#ifdef UNICODE_SUPPORT
G.unipath_filename = NULL;
if (G.UzO.U_flag < 2) {
+diff --git a/process.c b/process.c
+index 1e9a1e1..e3a3f8c 100644
--- a/process.c
+++ b/process.c
@@ -1,5 +1,5 @@
ef_buf += (eb_len + EB_HEADSIZE);
ef_len -= (eb_len + EB_HEADSIZE);
}
+--
+
+From eca24c7ddd296fe8dd112fd89fb288411e407379 Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:46:57 +0100
+Subject: [PATCH] fix: out-of-bounds read or write and crash
+
+https://nvd.nist.gov/vuln/detail/CVE-2014-9636
+
+CVE: CVE-2014-9636
+---
+ extract.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/extract.c b/extract.c
+index ec31e60..d816603 100644
--- a/extract.c
+++ b/extract.c
-@@ -2228,6 +2228,7 @@ static int test_compr_eb(__G__ eb, eb_si
+@@ -2228,6 +2228,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
ulg eb_ucsize;
uch *eb_ucptr;
int r;
if (compr_offset < 4) /* field is not compressed: */
return PK_OK; /* do nothing and signal OK */
-@@ -2244,6 +2245,14 @@ static int test_compr_eb(__G__ eb, eb_si
+@@ -2244,6 +2245,14 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
return IZ_EF_TRUNC; /* no/bad compressed data! */
if (
#ifdef INT_16BIT
(((ulg)(extent)eb_ucsize) != eb_ucsize) ||
+--
+
+From adc07e8e4ef9ff263c89d6e8f32ab5222e1a45a0 Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:48:38 +0100
+Subject: [PATCH] fix: heap-based buffer over-read and application crash
+
+https://nvd.nist.gov/vuln/detail/CVE-2015-7696
+
+CVE: CVE-2015-7696
+---
+ crypt.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/crypt.c b/crypt.c
+index 784e411..a8975f2 100644
--- a/crypt.c
+++ b/crypt.c
@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd)
h[n] = (uch)b;
Trace((stdout, " (%02x)", h[n]));
}
+--
+
--- /dev/null
+From d354ffc9e0d1920dfc54cf13f1fc5d89405ee3f1 Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:49:12 +0100
+Subject: [PATCH] fix: infinite loop because of an empty bzip2 data
+
+https://nvd.nist.gov/vuln/detail/CVE-2015-7697
+
+CVE: CVE-2015-7697
+---
+ extract.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/extract.c b/extract.c
+index d816603..ad8b3f7 100644
+--- a/extract.c
++++ b/extract.c
+@@ -2728,6 +2728,12 @@ __GDEF
+ int repeated_buf_err;
+ bz_stream bstrm;
+
++ if (G.incnt <= 0 && G.csize <= 0L) {
++ /* avoid an infinite loop */
++ Trace((stderr, "UZbunzip2() got empty input\n"));
++ return 2;
++ }
++
+ #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
+ if (G.redirect_slide)
+ wsize = G.redirect_size, redirSlide = G.redirect_buffer;
+--
+
+From 673c5b95e5ead5b83cb81b208fe13a5352ccdafc Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:51:36 +0100
+Subject: [PATCH] fix: error to prevent unsigned overflow
+
+---
+ extract.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/extract.c b/extract.c
+index ad8b3f7..17b201f 100644
--- a/extract.c
+++ b/extract.c
-@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G
+@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk,
if (G.lrec.compression_method == STORED) {
zusz_t csiz_decrypted = G.lrec.csize;
if (G.lrec.ucsize != csiz_decrypted) {
Info(slide, 0x401, ((char *)slide,
LoadFarStringSmall2(WrnStorUCSizCSizDiff),
+--
+
-From: "Steven M. Schweda" <sms@antinode.info>
-Subject: Fix CVE-2014-9913, buffer overflow in unzip
-Bug: https://sourceforge.net/p/infozip/bugs/27/
-Bug-Debian: https://bugs.debian.org/847485
-Bug-Ubuntu: https://launchpad.net/bugs/387350
-X-Debian-version: 6.0-21
+From 2e856c62e68c9f53c232a9d74a210385ab6a3702 Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:52:11 +0100
+Subject: [PATCH] fix: buffer overflow in the list_files function
+https://nvd.nist.gov/vuln/detail/CVE-2014-9913
+
+CVE: CVE-2014-9913
+---
+ list.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/list.c b/list.c
+index 15e0011..3a3d1cd 100644
--- a/list.c
+++ b/list.c
-@@ -339,7 +339,18 @@ int list_files(__G) /* return PK-type
+@@ -339,7 +339,18 @@ int list_files(__G) /* return PK-type error code */
G.crec.compression_method == ENHDEFLATED) {
methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
} else if (methnum >= NUM_METHODS) {
}
#if 0 /* GRR/Euro: add this? */
+--
+
-From: "Steven M. Schweda" <sms@antinode.info>
-Subject: Fix CVE-2016-9844, buffer overflow in zipinfo
-Bug-Debian: https://bugs.debian.org/847486
-Bug-Ubuntu: https://launchpad.net/bugs/1643750
-X-Debian-version: 6.0-21
+From 39aef60cc5c9fd870dd4fc26cec4ff5a49e8c559 Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:53:08 +0100
+Subject: [PATCH] fix: buffer overflow in the zi_short function
+https://nvd.nist.gov/vuln/detail/CVE-2016-9844
+
+CVE: CVE-2016-9844
+---
+ zipinfo.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/zipinfo.c b/zipinfo.c
+index a92bca9..0148255 100644
--- a/zipinfo.c
+++ b/zipinfo.c
-@@ -1921,7 +1921,18 @@ static int zi_short(__G) /* return PK-
+@@ -1921,7 +1921,18 @@ static int zi_short(__G) /* return PK-type error code */
ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3);
methbuf[3] = dtype[dnum];
} else if (methnum >= NUM_METHODS) { /* unknown */
}
for (k = 0; k < 15; ++k)
+--
+
--- /dev/null
+From 634103b6311206b8206ef15b076b21fd32fd495f Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:54:43 +0100
+Subject: [PATCH] unix.c: Remove build date
+
+In order to make unzip build reproducibly, we remove the (already optional)
+build date from the binary.
+
+Bug-Debian: https://bugs.debian.org/782851
+---
+ unix/unix.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/unix/unix.c b/unix/unix.c
+index efa97fc..816e3da 100644
+--- a/unix/unix.c
++++ b/unix/unix.c
+@@ -1705,7 +1705,7 @@ void version(__G)
+ #endif /* Sun */
+ #endif /* SGI */
+
+-#ifdef __DATE__
++#if 0
+ " on ", __DATE__
+ #else
+ "", ""
+--
+
+From 3c252bd75cab0e4b6a0983f3353cc4df2c6d2d5c Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:55:12 +0100
+Subject: [PATCH] fix: heap-based buffer overflow in the
+ password-protected processing
+
+https://nvd.nist.gov/vuln/detail/CVE-2018-1000035
+
+CVE: CVE-2018-1000035
+---
+ fileio.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/fileio.c b/fileio.c
+index 36bfea3..cb05903 100644
--- a/fileio.c
+++ b/fileio.c
@@ -1,5 +1,5 @@
See the accompanying file LICENSE, version 2009-Jan-02 or later
(the contents of which are also included in unzip.h) for terms of use.
-@@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
+@@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
int r = IZ_PW_ENTERED;
char *m;
char *prompt;
#ifndef REENTRANT
/* tell picky compilers to shut up about "unused variable" warnings */
-@@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
+@@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
if (*rcnt == 0) { /* First call for current entry */
*rcnt = 2;
m = prompt;
} else
m = (char *)LoadFarString(PasswPrompt2);
+--
+
+++ /dev/null
---- a/extract.c
-+++ b/extract.c
-@@ -2728,6 +2728,12 @@ __GDEF
- int repeated_buf_err;
- bz_stream bstrm;
-
-+ if (G.incnt <= 0 && G.csize <= 0L) {
-+ /* avoid an infinite loop */
-+ Trace((stderr, "UZbunzip2() got empty input\n"));
-+ return 2;
-+ }
-+
- #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
- if (G.redirect_slide)
- wsize = G.redirect_size, redirSlide = G.redirect_buffer;
+++ /dev/null
-From: Jérémy Bobbio <lunar@debian.org>
-Subject: Remove build date
-Bug-Debian: https://bugs.debian.org/782851
- In order to make unzip build reproducibly, we remove the
- (already optional) build date from the binary.
-
---- a/unix/unix.c
-+++ b/unix/unix.c
-@@ -1705,7 +1705,7 @@ void version(__G)
- #endif /* Sun */
- #endif /* SGI */
-
--#ifdef __DATE__
-+#if 0
- " on ", __DATE__
- #else
- "", ""
git.99rst.org / openwrt-packages.git / commitdiff