ayae/extra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial import

Browse Source
This commit is contained in:
Astound
2025-06-22 20:39:04 -05:00
commit f8a70886f0
3428 changed files with 302546 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
unzip/PKGBUILD Normal file
View File

@@ -0,0 +1,98 @@
# Maintainer: Jesus E. <heckyel@riseup.net>
_pkgname=unzip-libre
pkgname=unzip
pkgver=6.0
_pkgver=${pkgver/./}
_debver=6.0
_debrel=26
pkgrel=14
pkgdesc='For extracting and viewing files in .zip archives'
url='https://www.info-zip.org/UnZip.html'
arch=('i686' 'x86_64')
license=('custom:UnZip')
depends=('bzip2' 'bash')
makedepends=('quilt')
conflicts=("${_pkgname}")
replaces=("${_pkgname}")
mksource=("https://downloads.sourceforge.net/infozip/${pkgname}${_pkgver}.tar.gz"
'match.patch')
source=("https://repo.hyperbola.info:50000/sources/${_pkgname}/${pkgname}${_pkgver}-libre.tar.gz"{,.sig}
"https://deb.debian.org/debian/pool/main/u/unzip/unzip_${_debver}-${_debrel}+deb11u1.debian.tar.xz"
'overflow-fsize.patch'
'cve20149636.patch'
'test_compr_eb.patch'
'getZip64Data.patch'
'crc32.patch'
'empty-input.patch'
'csiz-underflow.patch'
'nextbyte-overflow.patch')
mksha512sums=('0694e403ebc57b37218e00ec1a406cae5cc9c5b52b6798e0d4590840b6cdbf9ddc0d9471f67af783e960f8fa2e620394d51384257dca23d06bcd90224a80ce5d'
'69df98c4b5279ae5d632a6878f471f8deb420a16e9fc879bb25f15c4400cce15617e40a662d4be1a3888e28bb7cef0f3b70e160cf02fd9dc9c703416e36261d8')
sha512sums=('620c1532d6d046064b5024856fd9281644b98514ccb335a4f78c46e7f36fac84156fe74fb02a5b11539b07a5534ec8146077f99ac2f0202a84047cfdecb0dce2'
'SKIP'
'f6a5f7c25ba6481dcb6e63619053fd0cdfbac2c9581bbb0ebd85cec40d9ed97222e589d2af02d23d5afe72149a0fa66058e155000f6814bb66b55d2c5403bc25'
'c6e06fdd95c74a53bc5f774ae84427701d09374173342678ee75ff6dce5c1fab8f61f6a2f0fe2ede4859fc854869386869293f99573a11308536a45ce5f969c3'
'7e5274db1d0e9b1db87ce543ddb4edea67cea193ee5394a5a46f3813169c33508cbea96cc0ce88eb4ffc64b21df02c18724d0fe8f7d2814954233f646c386b3a'
'4283d5da3a0403a178295602a5dab7f6d8e2a885c528b85254903e90474cb72a0ed766aad0fce735353adb57c37ba8992e394d5ef6a24a52ed11677d03952ce9'
'c70609994ac0f056b9cb2797884036f3aa29a542c36b7c259ce99e046a0362b2d81ab4fd08c10d5de25d6799e7aa40a4813dd3070e11fe840f142d6b14db606d'
'e74c792aa7d45a37a43d90d732257fe3a5efae6cfd9a0d4d853bb7c5decd10c8dd7b5cdb919b51404e136844899304efc07e93e09ae4cbbce52352b39e1ed82c'
'a9be2b9a7bdb42b3f4c1d92cba9c55e2731fdf5bac46b50caadec060a12e474ac0e3fcb0ff8dfaac086a5c8651c6f5602d191af13a1947b7ffae6269141ea5fe'
'21ec0286aaa3154c61025a33d66c10f901ee57216d20524f594052a13271ee32236686375b9050f2b0228f3718135b9159190ff6869a294363cd65b066117c40'
'77f228b4135848b5259ef1eb926a242d8deb8ce54ff02533d27541f5f1e737e72a52f50b5a291d7a266eaee677e1aec52e97fda962926462697551286d14c49d')
validpgpkeys=('C92BAA713B8D53D3CAE63FC9E6974752F9704456') # André Silva
mksource() {
cd "${srcdir}/${pkgname}${_pkgver}"
# from http://bzr.trisquel.info/package-helpers/trunk/annotate/head%3A/helpers/natty/DATA/unzip/match.patch
patch -Np0 -i ${srcdir}/match.patch
}
prepare() {
cd "${srcdir}/${pkgname}${_pkgver}"
if [[ $pkgver = $_debver ]]; then
# Debian patches
export QUILT_PATCHES=debian/patches
export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index'
export QUILT_DIFF_ARGS='--no-timestamps'
mv "$srcdir"/debian .
quilt push -av
else
sed -i "/MANDIR =/s#)/#)/share/#" unix/Makefile
patch -p1 -i ../overflow-fsize.patch #FS#44171
patch -p1 -i ../cve20149636.patch #FS#44171
patch -i ../test_compr_eb.patch # FS#43391
patch -i ../getZip64Data.patch # FS#43300
patch -i ../crc32.patch # FS#43300
patch -p1 -i ../empty-input.patch # FS#46955
patch -p1 -i ../csiz-underflow.patch # FS#46955
patch -p1 -i ../nextbyte-overflow.patch # FS#46955
fi
}
build() {
cd "${srcdir}/${pkgname}${_pkgver}"
# DEFINES, make, and install args from Debian
DEFINES='-DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR -DLARGE_FILE_SUPPORT \
-DUNICODE_SUPPORT -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \
-DDATE_FORMAT=DF_YMD -DUSE_BZIP2 -DNOMEMCPY -DNO_WORKING_ISPRINT'
make -f unix/Makefile prefix=/usr \
D_USE_BZ2=-DUSE_BZIP2 L_BZ2=-lbz2 \
LF2="$LDFLAGS" CF="$CFLAGS $CPPFLAGS -I. $DEFINES" \
unzips
}
package() {
cd "${srcdir}/${pkgname}${_pkgver}"
make -f unix/Makefile prefix="${pkgdir}"/usr install
install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
# correct package-structure
mv "${pkgdir}/usr/man" "${pkgdir}/usr/share"
}

45
unzip/crc32.patch Normal file
View File

@@ -0,0 +1,45 @@
--- unzip60/extract.c 2010-04-03 14:41:55 -0500
+++ unzip60/extract.c 2014-12-03 15:33:35 -0600
@@ -1,5 +1,5 @@
/*
- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
See the accompanying file LICENSE, version 2009-Jan-02 or later
(the contents of which are also included in unzip.h) for terms of use.
@@ -298,6 +298,8 @@
#ifndef SFX
static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
+ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
+ EF block length (%u bytes) invalid (< %d)\n";
static ZCONST char Far InvalidComprDataEAs[] =
" invalid compressed data for EAs\n";
# if (defined(WIN32) && defined(NTSD_EAS))
@@ -2023,7 +2025,8 @@
ebID = makeword(ef);
ebLen = (unsigned)makeword(ef+EB_LEN);
- if (ebLen > (ef_len - EB_HEADSIZE)) {
+ if (ebLen > (ef_len - EB_HEADSIZE))
+ {
/* Discovered some extra field inconsistency! */
if (uO.qflag)
Info(slide, 1, ((char *)slide, "%-22s ",
@@ -2032,6 +2035,16 @@
ebLen, (ef_len - EB_HEADSIZE)));
return PK_ERR;
}
+ else if (ebLen < EB_HEADSIZE)
+ {
+ /* Extra block length smaller than header length. */
+ if (uO.qflag)
+ Info(slide, 1, ((char *)slide, "%-22s ",
+ FnFilter1(G.filename)));
+ Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
+ ebLen, EB_HEADSIZE));
+ return PK_ERR;
+ }
switch (ebID) {
case EF_OS2:

32
unzip/csiz-underflow.patch Normal file
View File

@@ -0,0 +1,32 @@
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 22 Sep 2015 18:52:23 +0200
Subject: [PATCH] extract: prevent unsigned overflow on invalid input
Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1075942
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
Suggested-by: Stefan Cornelius
---
extract.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/extract.c
+++ b/extract.c
@@ -1257,8 +1257,17 @@
if (G.lrec.compression_method == STORED) {
zusz_t csiz_decrypted = G.lrec.csize;
- if (G.pInfo->encrypted)
+ if (G.pInfo->encrypted) {
+ if (csiz_decrypted < 12) {
+ /* handle the error now to prevent unsigned overflow */
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarStringSmall(ErrUnzipNoFile),
+ LoadFarString(InvalidComprData),
+ LoadFarStringSmall2(Inflate)));
+ return PK_ERR;
+ }
csiz_decrypted -= 12;
+ }
if (G.lrec.ucsize != csiz_decrypted) {
Info(slide, 0x401, ((char *)slide,
LoadFarStringSmall2(WrnStorUCSizCSizDiff),

25
unzip/cve20149636.patch Normal file
View File

@@ -0,0 +1,25 @@
diff --git a/extract.c b/extract.c
index a0a4929..9ef80b3 100644
--- a/extract.c
+++ b/extract.c
@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
ulg eb_ucsize;
uch *eb_ucptr;
int r;
+ ush method;
if (compr_offset < 4) /* field is not compressed: */
return PK_OK; /* do nothing and signal OK */
@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
eb_size <= (compr_offset + EB_CMPRHEADLEN)))
return IZ_EF_TRUNC; /* no compressed data! */
+ method = makeword(eb + (EB_HEADSIZE + compr_offset));
+ if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
+ return PK_ERR; /* compressed & uncompressed
+ * should match in STORED
+ * method */
+
if (
#ifdef INT_16BIT
(((ulg)(extent)eb_ucsize) != eb_ucsize) ||

26
unzip/empty-input.patch Normal file
View File

@@ -0,0 +1,26 @@
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 14 Sep 2015 18:24:56 +0200
Subject: fix infinite loop when extracting empty bzip2 data
Bug-Debian: https://bugs.debian.org/802160
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339
---
extract.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/extract.c
+++ b/extract.c
@@ -2728,6 +2728,12 @@
int repeated_buf_err;
bz_stream bstrm;
+ if (G.incnt <= 0 && G.csize <= 0L) {
+ /* avoid an infinite loop */
+ Trace((stderr, "UZbunzip2() got empty input\n"));
+ return 2;
+ }
+
#if (defined(DLL) && !defined(NO_SLIDE_REDIR))
if (G.redirect_slide)
wsize = G.redirect_size, redirSlide = G.redirect_buffer;

133
unzip/getZip64Data.patch Normal file
View File

@@ -0,0 +1,133 @@
--- process.c 2009-03-06 02:25:10.000000000 +0100
+++ process.c 2014-12-05 22:42:39.000000000 +0100
@@ -1,5 +1,5 @@
/*
- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
See the accompanying file LICENSE, version 2009-Jan-02 or later
(the contents of which are also included in unzip.h) for terms of use.
@@ -1888,48 +1888,82 @@ int getZip64Data(__G__ ef_buf, ef_len)
and a 4-byte version of disk start number.
Sets both local header and central header fields. Not terribly clever,
but it means that this procedure is only called in one place.
+
+ 2014-12-05 SMS.
+ Added checks to ensure that enough data are available before calling
+ makeint64() or makelong(). Replaced various sizeof() values with
+ simple ("4" or "8") constants. (The Zip64 structures do not depend
+ on our variable sizes.) Error handling is crude, but we should now
+ stay within the buffer.
---------------------------------------------------------------------------*/
+#define Z64FLGS 0xffff
+#define Z64FLGL 0xffffffff
+
if (ef_len == 0 || ef_buf == NULL)
return PK_COOL;
Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n",
ef_len));
- while (ef_len >= EB_HEADSIZE) {
+ while (ef_len >= EB_HEADSIZE)
+ {
eb_id = makeword(EB_ID + ef_buf);
eb_len = makeword(EB_LEN + ef_buf);
- if (eb_len > (ef_len - EB_HEADSIZE)) {
- /* discovered some extra field inconsistency! */
+ if (eb_len > (ef_len - EB_HEADSIZE))
+ {
+ /* Extra block length exceeds remaining extra field length. */
Trace((stderr,
"getZip64Data: block length %u > rest ef_size %u\n", eb_len,
ef_len - EB_HEADSIZE));
break;
}
- if (eb_id == EF_PKSZ64) {
-
+ if (eb_id == EF_PKSZ64)
+ {
int offset = EB_HEADSIZE;
- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
- offset += sizeof(G.crec.ucsize);
+ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
+ {
+ if (offset+ 8 > ef_len)
+ return PK_ERR;
+
+ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);
+ offset += 8;
}
- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){
- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf);
- offset += sizeof(G.crec.csize);
+
+ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL))
+ {
+ if (offset+ 8 > ef_len)
+ return PK_ERR;
+
+ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf);
+ offset += 8;
}
- if (G.crec.relative_offset_local_header == 0xffffffff){
+
+ if (G.crec.relative_offset_local_header == Z64FLGL)
+ {
+ if (offset+ 8 > ef_len)
+ return PK_ERR;
+
G.crec.relative_offset_local_header = makeint64(offset + ef_buf);
- offset += sizeof(G.crec.relative_offset_local_header);
+ offset += 8;
}
- if (G.crec.disk_number_start == 0xffff){
+
+ if (G.crec.disk_number_start == Z64FLGS)
+ {
+ if (offset+ 4 > ef_len)
+ return PK_ERR;
+
G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
- offset += sizeof(G.crec.disk_number_start);
+ offset += 4;
}
+#if 0
+ break; /* Expect only one EF_PKSZ64 block. */
+#endif /* 0 */
}
- /* Skip this extra field block */
+ /* Skip this extra field block. */
ef_buf += (eb_len + EB_HEADSIZE);
ef_len -= (eb_len + EB_HEADSIZE);
}
--- fileio.c 2009-04-20 02:03:44.000000000 +0200
+++ fileio.c 2014-12-05 22:44:16.000000000 +0100
@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTr
#endif
static ZCONST char Far ExtraFieldTooLong[] =
"warning: extra field too long (%d). Ignoring...\n";
+static ZCONST char Far ExtraFieldCorrupt[] =
+ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n";
#ifdef WINDLL
static ZCONST char Far DiskFullQuery[] =
@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option) /*
if (readbuf(__G__ (char *)G.extra_field, length) == 0)
return PK_EOF;
/* Looks like here is where extra fields are read */
- getZip64Data(__G__ G.extra_field, length);
+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
+ {
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
+ error = PK_WARN;
+ }
#ifdef UNICODE_SUPPORT
G.unipath_filename = NULL;
if (G.UzO.U_flag < 2) {

33
unzip/nextbyte-overflow.patch Normal file
View File

@@ -0,0 +1,33 @@
From: Petr Stodulka <pstodulk@redhat.com>
Date: Mon, 14 Sep 2015 18:23:17 +0200
Subject: Upstream fix for heap overflow
Bug-Debian: https://bugs.debian.org/802162
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002
Forwarded: yes
---
crypt.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/crypt.c
+++ b/crypt.c
@@ -465,7 +465,17 @@
GLOBAL(pInfo->encrypted) = FALSE;
defer_leftover_input(__G);
for (n = 0; n < RAND_HEAD_LEN; n++) {
- b = NEXTBYTE;
+ /* 2012-11-23 SMS. (OUSPG report.)
+ * Quit early if compressed size < HEAD_LEN. The resulting
+ * error message ("unable to get password") could be improved,
+ * but it's better than trying to read nonexistent data, and
+ * then continuing with a negative G.csize. (See
+ * fileio.c:readbyte()).
+ */
+ if ((b = NEXTBYTE) == (ush)EOF)
+ {
+ return PK_ERR;
+ }
h[n] = (uch)b;
Trace((stdout, " (%02x)", h[n]));
}

34
unzip/overflow-fsize.patch Normal file
View File

@@ -0,0 +1,34 @@
t a/list.c b/list.c
index f7359c3..4c3d703 100644
--- a/list.c
+++ b/list.c
@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type error code */
{
int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
#ifndef WINDLL
- char sgn, cfactorstr[10];
+ char sgn, cfactorstr[13];
int longhdr=(uO.vflag>1);
#endif
int date_format;
@@ -339,7 +339,19 @@ int list_files(__G) /* return PK-type error code */
G.crec.compression_method == ENHDEFLATED) {
methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
} else if (methnum >= NUM_METHODS) {
- sprintf(&methbuf[4], "%03u", G.crec.compression_method);
+ /* 2013-02-26 SMS.
+ * http://sourceforge.net/tracker/?func=detail
+ * &aid=2861648&group_id=118012&atid=679786
+ * Unexpectedly large compression methods overflow
+ * &methbuf[]. Use the old, three-digit decimal format
+ * for values which fit. Otherwise, sacrifice the
+ * colon, and use four-digit hexadecimal.
+ */
+ if (G.crec.compression_method <= 999) {
+ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method);
+ } else {
+ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method);
+ }
}
#if 0 /* GRR/Euro: add this? */

23
unzip/test_compr_eb.patch Normal file
View File

@@ -0,0 +1,23 @@
--- extract.c 2009-03-14 02:32:52.000000000 +0100
+++ extract.c 2014-12-05 22:43:13.000000000 +0100
@@ -2221,10 +2234,17 @@ static int test_compr_eb(__G__ eb, eb_si
if (compr_offset < 4) /* field is not compressed: */
return PK_OK; /* do nothing and signal OK */
+ /* Return no/bad-data error status if any problem is found:
+ * 1. eb_size is too small to hold the uncompressed size
+ * (eb_ucsize). (Else extract eb_ucsize.)
+ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS.
+ * 3. eb_ucsize is positive, but eb_size is too small to hold
+ * the compressed data header.
+ */
if ((eb_size < (EB_UCSIZE_P + 4)) ||
- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L &&
- eb_size <= (compr_offset + EB_CMPRHEADLEN)))
- return IZ_EF_TRUNC; /* no compressed data! */
+ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
+ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
+ return IZ_EF_TRUNC; /* no/bad compressed data! */
if (
#ifdef INT_16BIT