From: sms
Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow
Bug-Debian: http://bugs.debian.org/773722

--- a/extract.c
+++ b/extract.c
@@ -1,5 +1,5 @@
 /*
-  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
+  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.
 
   See the accompanying file LICENSE, version 2009-Jan-02 or later
   (the contents of which are also included in unzip.h) for terms of use.
@@ -298,6 +298,8 @@
 #ifndef SFX
    static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
      EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
+   static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
+     EF block length (%u bytes) invalid (< %d)\n";
    static ZCONST char Far InvalidComprDataEAs[] =
      " invalid compressed data for EAs\n";
 #  if (defined(WIN32) && defined(NTSD_EAS))
@@ -2023,7 +2025,8 @@
         ebID = makeword(ef);
         ebLen = (unsigned)makeword(ef+EB_LEN);
 
-        if (ebLen > (ef_len - EB_HEADSIZE)) {
+        if (ebLen > (ef_len - EB_HEADSIZE))
+        {
            /* Discovered some extra field inconsistency! */
             if (uO.qflag)
                 Info(slide, 1, ((char *)slide, "%-22s ",
@@ -2032,6 +2035,16 @@
               ebLen, (ef_len - EB_HEADSIZE)));
             return PK_ERR;
         }
+        else if (ebLen < EB_HEADSIZE)
+        {
+            /* Extra block length smaller than header length. */
+            if (uO.qflag)
+                Info(slide, 1, ((char *)slide, "%-22s ",
+                  FnFilter1(G.filename)));
+            Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
+              ebLen, EB_HEADSIZE));
+            return PK_ERR;
+        }
 
         switch (ebID) {
             case EF_OS2:
hor'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=9b998a8d63c0855ebec7d01010d2f1f66607b033'>root</a>/<a href='/guix/log/gnu?id=9b998a8d63c0855ebec7d01010d2f1f66607b033'>gnu</a>/<a href='/guix/log/gnu/tests?id=9b998a8d63c0855ebec7d01010d2f1f66607b033'>tests</a>/<a href='/guix/log/gnu/tests/singularity.scm?id=9b998a8d63c0855ebec7d01010d2f1f66607b033'>singularity.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/tests/singularity.scm?id=9b998a8d63c0855ebec7d01010d2f1f66607b033&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2021-09-26 23:20:56 +0200'>2021-09-26</span></td><td><a href='/guix/commit/gnu/tests/singularity.scm?id=89b05442933d92f4b21c3294455a498e8333727d'>tests: Reduce boilerplate for users of 'system-test-runner'.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/tests/audio.scm, gnu/tests/base.scm, gnu/tests/ci.scm,
gnu/tests/cups.scm, gnu/tests/databases.scm, gnu/tests/desktop.scm,
gnu/tests/dict.scm, gnu/tests/docker.scm, gnu/tests/file-sharing.scm,
gnu/tests/ganeti.scm, gnu/tests/guix.scm, gnu/tests/ldap.scm,
gnu/tests/linux-modules.scm,
gnu/tests/mail.scm, gnu/tests/messaging.scm, gnu/tests/monitoring.scm,
gnu/tests/networking.scm, gnu/tests/nfs.scm,
gnu/tests/package-management.scm, gnu/tests/reconfigure.scm,
gnu/tests/rsync.scm, gnu/tests/security-token.scm,
gnu/tests/singularity.scm, gnu/tests/ssh.scm, gnu/tests/telephony.scm,
gnu/tests/version-control.scm, gnu/tests/virtualization.scm,
gnu/tests/web.scm: Remove (mkdir #$output) (chdir #$output) and
pass #$output as argument to 'system-test-runner'.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-09-25 18:52:05 +0200'>2021-09-25</span></td><td><a href='/guix/commit/gnu/tests/singularity.scm?id=1fb75128a5202b406622da6272bc809c46d1f439'>tests: Adjust to SRFI-64 as found in Guile 3.0.7.</a><span class='msg-avail'>...<span class='msg-tooltip'>In Guile 3.0.7, 'test-runner-current' is set to #f upon 'test-end'.
Consequently, the previous strategy, where we'd call
'test-runner-current' after 'test-end', no longer works.  Instead, set
the test runner in each test right before 'test-begin'.

* gnu/build/marionette.scm (system-test-runner): New procedure.
* gnu/tests/audio.scm (run-mpd-test): Replace (exit (= ...)) idiom
by (test-runner-current (system-test-runner)).
* gnu/tests/base.scm (run-basic-test)
(run-cleanup-test, run-mcron-test, run-nss-mdns-test): Likewise.
* gnu/tests/ci.scm (run-laminar-test): Likewise.
* gnu/tests/cups.scm (run-cups-test): Likewise.
* gnu/tests/databases.scm (run-memcached-test)
(run-postgresql-test, run-mysql-test): Likewise.
* gnu/tests/desktop.scm (run-elogind-test): Likewise.
* gnu/tests/dict.scm (run-dicod-test): Likewise.
* gnu/tests/docker.scm (run-docker-test): Likewise.
(run-docker-system-test): Likewise.
* gnu/tests/file-sharing.scm (run-transmission-daemon-test): Likewise.
* gnu/tests/ganeti.scm (run-ganeti-test): Likewise.
* gnu/tests/guix.scm (run-guix-build-coordinator-test): Likewise.
(run-guix-data-service-test): Likewise.
* gnu/tests/ldap.scm (run-ldap-test): Likewise.
* gnu/tests/linux-modules.scm (run-loadable-kernel-modules-test-base): Likewise.
* gnu/tests/mail.scm (run-opensmtpd-test)
(run-exim-test, run-dovecot-test, run-getmail-test): Likewise.
* gnu/tests/messaging.scm (run-xmpp-test)
(run-bitlbee-test, run-quassel-test): Likewise.
* gnu/tests/monitoring.scm (run-prometheus-node-exporter-server-test)
(run-zabbix-server-test): Likewise.
* gnu/tests/networking.scm (run-inetd-test, run-openvswitch-test)
(run-dhcpd-test, run-tor-test, run-iptables-test, run-ipfs-test): Likewise.
* gnu/tests/nfs.scm (run-nfs-test)
(run-nfs-server-test, run-nfs-root-fs-test): Likewise.
* gnu/tests/package-management.scm (run-nix-test): Likewise.
* gnu/tests/reconfigure.scm (run-switch-to-system-test)
(run-upgrade-services-test, run-install-bootloader-test): Likewise.
* gnu/tests/rsync.scm (run-rsync-test): Likewise.
* gnu/tests/security-token.scm (run-pcscd-test): Likewise.
* gnu/tests/singularity.scm (run-singularity-test): Likewise.
* gnu/tests/ssh.scm (run-ssh-test): Likewise.
* gnu/tests/telephony.scm (run-jami-test): Likewise.
* gnu/tests/version-control.scm (run-cgit-test): Likewise.
(run-git-http-test, run-gitolite-test, run-gitile-test): Likewise.
* gnu/tests/virtualization.scm (run-libvirt-test, run-childhurd-test): Likewise.
* gnu/tests/web.scm (run-webserver-test, run-php-fpm-test)
(run-hpcguix-web-server-test, run-tailon-test, run-patchwork-test): Likewise.
</span></span></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2021-09-26	tests: Reduce boilerplate for users of 'system-test-runner'....* gnu/tests/audio.scm, gnu/tests/base.scm, gnu/tests/ci.scm, gnu/tests/cups.scm, gnu/tests/databases.scm, gnu/tests/desktop.scm, gnu/tests/dict.scm, gnu/tests/docker.scm, gnu/tests/file-sharing.scm, gnu/tests/ganeti.scm, gnu/tests/guix.scm, gnu/tests/ldap.scm, gnu/tests/linux-modules.scm, gnu/tests/mail.scm, gnu/tests/messaging.scm, gnu/tests/monitoring.scm, gnu/tests/networking.scm, gnu/tests/nfs.scm, gnu/tests/package-management.scm, gnu/tests/reconfigure.scm, gnu/tests/rsync.scm, gnu/tests/security-token.scm, gnu/tests/singularity.scm, gnu/tests/ssh.scm, gnu/tests/telephony.scm, gnu/tests/version-control.scm, gnu/tests/virtualization.scm, gnu/tests/web.scm: Remove (mkdir #$output) (chdir #$output) and pass #$output as argument to 'system-test-runner'.	Ludovic Courtès
2021-09-25	tests: Adjust to SRFI-64 as found in Guile 3.0.7....In Guile 3.0.7, 'test-runner-current' is set to #f upon 'test-end'. Consequently, the previous strategy, where we'd call 'test-runner-current' after 'test-end', no longer works. Instead, set the test runner in each test right before 'test-begin'. * gnu/build/marionette.scm (system-test-runner): New procedure. * gnu/tests/audio.scm (run-mpd-test): Replace (exit (= ...)) idiom by (test-runner-current (system-test-runner)). * gnu/tests/base.scm (run-basic-test) (run-cleanup-test, run-mcron-test, run-nss-mdns-test): Likewise. * gnu/tests/ci.scm (run-laminar-test): Likewise. * gnu/tests/cups.scm (run-cups-test): Likewise. * gnu/tests/databases.scm (run-memcached-test) (run-postgresql-test, run-mysql-test): Likewise. * gnu/tests/desktop.scm (run-elogind-test): Likewise. * gnu/tests/dict.scm (run-dicod-test): Likewise. * gnu/tests/docker.scm (run-docker-test): Likewise. (run-docker-system-test): Likewise. * gnu/tests/file-sharing.scm (run-transmission-daemon-test): Likewise. * gnu/tests/ganeti.scm (run-ganeti-test): Likewise. * gnu/tests/guix.scm (run-guix-build-coordinator-test): Likewise. (run-guix-data-service-test): Likewise. * gnu/tests/ldap.scm (run-ldap-test): Likewise. * gnu/tests/linux-modules.scm (run-loadable-kernel-modules-test-base): Likewise. * gnu/tests/mail.scm (run-opensmtpd-test) (run-exim-test, run-dovecot-test, run-getmail-test): Likewise. * gnu/tests/messaging.scm (run-xmpp-test) (run-bitlbee-test, run-quassel-test): Likewise. * gnu/tests/monitoring.scm (run-prometheus-node-exporter-server-test) (run-zabbix-server-test): Likewise. * gnu/tests/networking.scm (run-inetd-test, run-openvswitch-test) (run-dhcpd-test, run-tor-test, run-iptables-test, run-ipfs-test): Likewise. * gnu/tests/nfs.scm (run-nfs-test) (run-nfs-server-test, run-nfs-root-fs-test): Likewise. * gnu/tests/package-management.scm (run-nix-test): Likewise. * gnu/tests/reconfigure.scm (run-switch-to-system-test) (run-upgrade-services-test, run-install-bootloader-test): Likewise. * gnu/tests/rsync.scm (run-rsync-test): Likewise. * gnu/tests/security-token.scm (run-pcscd-test): Likewise. * gnu/tests/singularity.scm (run-singularity-test): Likewise. * gnu/tests/ssh.scm (run-ssh-test): Likewise. * gnu/tests/telephony.scm (run-jami-test): Likewise. * gnu/tests/version-control.scm (run-cgit-test): Likewise. (run-git-http-test, run-gitolite-test, run-gitile-test): Likewise. * gnu/tests/virtualization.scm (run-libvirt-test, run-childhurd-test): Likewise. * gnu/tests/web.scm (run-webserver-test, run-php-fpm-test) (run-hpcguix-web-server-test, run-tailon-test, run-patchwork-test): Likewise.	Ludovic Courtès