From 31d289a4759909d24dd309ac24d42902a8c20da0 Mon Sep 17 00:00:00 2001
From: Léo Le Bouter <lle-bout@zaclys.net>
Date: Wed, 10 Mar 2021 08:29:53 +0100
Subject: gnu: unzip: Add patches from Fedora [security fixes].

Non-exhaustively fixes CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384, and
CVE-2019-13232.

* gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch,
gnu/packages/patches/unzip-CVE-2016-9844.patch,
gnu/packages/patches/unzip-CVE-2018-1000035.patch,
gnu/packages/patches/unzip-CVE-2018-18384.patch,
gnu/packages/patches/unzip-case-insensitive.patch,
gnu/packages/patches/unzip-alt-iconv-utf8-print.patch,
gnu/packages/patches/unzip-alt-iconv-utf8.patch,
gnu/packages/patches/unzip-close.patch,
gnu/packages/patches/unzip-exec-shield.patch,
gnu/packages/patches/unzip-fix-recmatch.patch,
gnu/packages/patches/unzip-manpage-fix.patch,
gnu/packages/patches/unzip-overflow.patch,
gnu/packages/patches/unzip-symlink.patch,
gnu/packages/patches/unzip-timestamp.patch,
gnu/packages/patches/unzip-valgrind.patch,
gnu/packages/patches/unzip-x-option.patch,
gnu/packages/patches/unzip-zipbomb-manpage.patch,
gnu/packages/patches/unzip-zipbomb-part1.patch,
gnu/packages/patches/unzip-zipbomb-part2.patch,
gnu/packages/patches/unzip-zipbomb-part3.patch: New patches.
* gnu/local.mk (dist_patch_DATA): Register them.
* gnu/packages/compression.scm (unzip/fixed): New variable. Apply patches.
(unzip)[replacement]: Graft.
---
 gnu/packages/patches/unzip-x-option.patch | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 gnu/packages/patches/unzip-x-option.patch

(limited to 'gnu/packages/patches/unzip-x-option.patch')

diff --git a/gnu/packages/patches/unzip-x-option.patch b/gnu/packages/patches/unzip-x-option.patch
new file mode 100644
index 0000000000..72c77aeb78
--- /dev/null
+++ b/gnu/packages/patches/unzip-x-option.patch
@@ -0,0 +1,28 @@
+--- ./process.c.orig    2009-03-06 02:25:10.000000000 +0100
++++ ./process.c 2013-09-12 10:51:16.000000000 +0200
+@@ -2901,9 +2901,9 @@
+         */
+ 
+ #ifdef IZ_HAVE_UXUIDGID
+-            if (eb_len >= EB_UX3_MINLEN
+-                && z_uidgid != NULL
+-                && (*((EB_HEADSIZE + 0) + ef_buf) == 1)
++            if ((eb_len >= EB_UX3_MINLEN)
++                && (z_uidgid != NULL)
++                && ((*((EB_HEADSIZE + 0) + ef_buf) == 1)))
+                     /* only know about version 1 */
+             {
+                 uch uid_size;
+@@ -2915,10 +2915,10 @@
+                 flags &= ~0x0ff;      /* ignore any previous UNIX field */
+ 
+                 if ( read_ux3_value((EB_HEADSIZE + 2) + ef_buf,
+-                                    uid_size, z_uidgid[0])
++                                    uid_size, &z_uidgid[0])
+                     &&
+                      read_ux3_value((EB_HEADSIZE + uid_size + 3) + ef_buf,
+-                                    gid_size, z_uidgid[1]) )
++                                    gid_size, &z_uidgid[1]) )
+                 {
+                     flags |= EB_UX2_VALID;   /* signal success */
+                 }
-- 
cgit v1.2.3