From: sms
Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow
Bug-Debian: http://bugs.debian.org/773722

--- a/extract.c
+++ b/extract.c
@@ -1,5 +1,5 @@
 /*
-  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
+  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.
 
   See the accompanying file LICENSE, version 2009-Jan-02 or later
   (the contents of which are also included in unzip.h) for terms of use.
@@ -298,6 +298,8 @@
 #ifndef SFX
    static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
      EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
+   static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
+     EF block length (%u bytes) invalid (< %d)\n";
    static ZCONST char Far InvalidComprDataEAs[] =
      " invalid compressed data for EAs\n";
 #  if (defined(WIN32) && defined(NTSD_EAS))
@@ -2023,7 +2025,8 @@
         ebID = makeword(ef);
         ebLen = (unsigned)makeword(ef+EB_LEN);
 
-        if (ebLen > (ef_len - EB_HEADSIZE)) {
+        if (ebLen > (ef_len - EB_HEADSIZE))
+        {
            /* Discovered some extra field inconsistency! */
             if (uO.qflag)
                 Info(slide, 1, ((char *)slide, "%-22s ",
@@ -2032,6 +2035,16 @@
               ebLen, (ef_len - EB_HEADSIZE)));
             return PK_ERR;
         }
+        else if (ebLen < EB_HEADSIZE)
+        {
+            /* Extra block length smaller than header length. */
+            if (uO.qflag)
+                Info(slide, 1, ((char *)slide, "%-22s ",
+                  FnFilter1(G.filename)));
+            Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
+              ebLen, EB_HEADSIZE));
+            return PK_ERR;
+        }
 
         switch (ebID) {
             case EF_OS2:
ue='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=d9c9b97e93f21b2ece3f16a050e7c2935b60a03f'>root</a>/<a href='/guix/log/gnu?id=d9c9b97e93f21b2ece3f16a050e7c2935b60a03f'>gnu</a>/<a href='/guix/log/gnu/services?id=d9c9b97e93f21b2ece3f16a050e7c2935b60a03f'>services</a>/<a href='/guix/log/gnu/services/pam-mount.scm?id=d9c9b97e93f21b2ece3f16a050e7c2935b60a03f'>pam-mount.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/services/pam-mount.scm?id=d9c9b97e93f21b2ece3f16a050e7c2935b60a03f&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2023-08-15 23:30:44 +0200'>2023-08-15</span></td><td><a href='/guix/commit/gnu/services/pam-mount.scm?id=48d06aee7b39c8e72644d665bd1995cb1ae1b094'>services: Use more 'file-append'.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/authentication.scm (pam-ldap-pam-service): Use
'file-append' instead of #~(string-append ...).
* gnu/services/base.scm (greetd-pam-service): Likewise.
* gnu/services/kerberos.scm (pam-krb5-pam-service): Likewise.
* gnu/services/pam-mount.scm (pam-mount-pam-service): Likewise.

Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Felix Lechner</td></tr>
<tr><td><span title='2023-08-10 09:26:08 +0200'>2023-08-10</span></td><td><a href='/guix/commit/gnu/services/pam-mount.scm?id=8a88b8b0b5924f8ed00a49e79714cb005cffc7cb'>services: Add pam-mount-volume-service-type.</a><span class='msg-avail'>...<span class='msg-tooltip'>The `pam-mount-volumes-service-type' adds additional volumes to the
pam-mount-service-type in addition to any that are already specified in
`pam-mount-rules'.

* doc/guix.texi (PAM Mount Volume Service): add documentation for
`pam-mount-service-type'.
* gnu/services/pam-mount.scm: new file.
* Makefile.am: add pam-mount tests
* tests/services/pam-mount.scm: new tests

Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Brian Cully</td></tr>
<tr><td><span title='2023-05-11 13:21:45 +0200'>2023-05-11</span></td><td><a href='/guix/commit/gnu/services/pam-mount.scm?id=2df5d4fd18a2fbcb8066a50e2da8ec64635f5162'>system: pam: Let PAM extensions add shepherd requirements.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/system/pam.scm (&lt;pam-extension&gt;): New record type.
(pam-shepherd-service): Add Shepherd synchronization point.

* gnu/services/mail.scm (dovecot-shepherd-service)
* gnu/services/lightdm.scm (lightdm-shepherd-service)
* gnu/services/mail.scm (opensmtpd-shepherd-service)
* gnu/services/sddm.scm (sddm-shepherd-service)
* gnu/services/ssh.scm (lsh-shepherd-service, openssh-shepherd-service)
* gnu/services/xorg.scm (slim-shepherd-service, gdm-shepherd-service)
* gnu/services/base.scm (greetd-shepherd-services): Add PAM requirement.

* gnu/system/pam.scm (/etc-entry, extend-configuration,
pam-root-service-type, pam-root-service)
* gnu/services/authentication.scm (pam-ldap-pam-service)
* gnu/services/base.scm (pam-limits-service-type)
(greetd-pam-service)
* gnu/services/desktop.scm (pam-gnome-keyring)
* gnu/services/kerberos.scm (pam-krb5-pam-service)
* gnu/services/pam-mount.scm (pam-mount-pam-service): Adapt to use
pam-extension.

Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Josselin Poiret</td></tr>
<tr><td><span title='2022-06-17 10:30:41 +0200'>2022-06-17</span></td><td><a href='/guix/commit/gnu/services/pam-mount.scm?id=530e0f02606a0e04818bdd792bb5239f7ee9e637'>gnu: base: Add greetd-service-type.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/base.scm (greetd-service-type): New variable
* gnu/services/base.scm (greetd-configuration): New data type
* gnu/services/base.scm (greetd-terminal-configuration): New data type
* gnu/services/base.scm (greetd-agreety-session): New data type
* gnu/services/base.scm (pam-limits-service-type): Should be aware of
greetd PAM service
* gnu/services/pam-mount.scm (pam-mount-pam-service): Should be aware
of greetd PAM service

Signed-off-by: Lars-Dominik Braun &lt;ldb@leibniz-psychology.org&gt;
</span></span></td><td>muradm</td></tr>
<tr><td><span title='2022-01-17 00:13:46 +0100'>2022-01-17</span></td><td><a href='/guix/commit/gnu/services/pam-mount.scm?id=757be0e8af0805ea354a7003a1e2b71475caf9ae'>services: pam-mount: Add support for sddm login manager.</a><span class='msg-avail'>...<span class='msg-tooltip'>I noticed that pam_mount mounts work fine when loging into a textual
session, but not when using sddm. This patch fixes this problem by
ensuring that pam_mount.so is included in /etc/pam.d/sddm config file.

* gnu/services/pam-mount.scm (pam-mount-pam-service): Add sddm to the list of
  pam services.

Signed-off-by: Guillaume Le Vaillant &lt;glv@posteo.net&gt;
</span></span></td><td>Nick Zalutskiy</td></tr>

Age	Commit message (Expand)	Author
2023-08-15	services: Use more 'file-append'....* gnu/services/authentication.scm (pam-ldap-pam-service): Use 'file-append' instead of #~(string-append ...). * gnu/services/base.scm (greetd-pam-service): Likewise. * gnu/services/kerberos.scm (pam-krb5-pam-service): Likewise. * gnu/services/pam-mount.scm (pam-mount-pam-service): Likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org>	Felix Lechner
2023-08-10	services: Add pam-mount-volume-service-type....The `pam-mount-volumes-service-type' adds additional volumes to the pam-mount-service-type in addition to any that are already specified in `pam-mount-rules'. * doc/guix.texi (PAM Mount Volume Service): add documentation for `pam-mount-service-type'. * gnu/services/pam-mount.scm: new file. * Makefile.am: add pam-mount tests * tests/services/pam-mount.scm: new tests Signed-off-by: Ludovic Courtès <ludo@gnu.org>	Brian Cully
2023-05-11	system: pam: Let PAM extensions add shepherd requirements....* gnu/system/pam.scm (<pam-extension>): New record type. (pam-shepherd-service): Add Shepherd synchronization point. * gnu/services/mail.scm (dovecot-shepherd-service) * gnu/services/lightdm.scm (lightdm-shepherd-service) * gnu/services/mail.scm (opensmtpd-shepherd-service) * gnu/services/sddm.scm (sddm-shepherd-service) * gnu/services/ssh.scm (lsh-shepherd-service, openssh-shepherd-service) * gnu/services/xorg.scm (slim-shepherd-service, gdm-shepherd-service) * gnu/services/base.scm (greetd-shepherd-services): Add PAM requirement. * gnu/system/pam.scm (/etc-entry, extend-configuration, pam-root-service-type, pam-root-service) * gnu/services/authentication.scm (pam-ldap-pam-service) * gnu/services/base.scm (pam-limits-service-type) (greetd-pam-service) * gnu/services/desktop.scm (pam-gnome-keyring) * gnu/services/kerberos.scm (pam-krb5-pam-service) * gnu/services/pam-mount.scm (pam-mount-pam-service): Adapt to use pam-extension. Signed-off-by: Ludovic Courtès <ludo@gnu.org>	Josselin Poiret
2022-06-17	gnu: base: Add greetd-service-type....* gnu/services/base.scm (greetd-service-type): New variable * gnu/services/base.scm (greetd-configuration): New data type * gnu/services/base.scm (greetd-terminal-configuration): New data type * gnu/services/base.scm (greetd-agreety-session): New data type * gnu/services/base.scm (pam-limits-service-type): Should be aware of greetd PAM service * gnu/services/pam-mount.scm (pam-mount-pam-service): Should be aware of greetd PAM service Signed-off-by: Lars-Dominik Braun <ldb@leibniz-psychology.org>	muradm
2022-01-17	services: pam-mount: Add support for sddm login manager....I noticed that pam_mount mounts work fine when loging into a textual session, but not when using sddm. This patch fixes this problem by ensuring that pam_mount.so is included in /etc/pam.d/sddm config file. * gnu/services/pam-mount.scm (pam-mount-pam-service): Add sddm to the list of pam services. Signed-off-by: Guillaume Le Vaillant <glv@posteo.net>	Nick Zalutskiy