From: sms
Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow
Bug-Debian: http://bugs.debian.org/773722

--- a/extract.c
+++ b/extract.c
@@ -1,5 +1,5 @@
 /*
-  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
+  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.
 
   See the accompanying file LICENSE, version 2009-Jan-02 or later
   (the contents of which are also included in unzip.h) for terms of use.
@@ -298,6 +298,8 @@
 #ifndef SFX
    static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
      EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
+   static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
+     EF block length (%u bytes) invalid (< %d)\n";
    static ZCONST char Far InvalidComprDataEAs[] =
      " invalid compressed data for EAs\n";
 #  if (defined(WIN32) && defined(NTSD_EAS))
@@ -2023,7 +2025,8 @@
         ebID = makeword(ef);
         ebLen = (unsigned)makeword(ef+EB_LEN);
 
-        if (ebLen > (ef_len - EB_HEADSIZE)) {
+        if (ebLen > (ef_len - EB_HEADSIZE))
+        {
            /* Discovered some extra field inconsistency! */
             if (uO.qflag)
                 Info(slide, 1, ((char *)slide, "%-22s ",
@@ -2032,6 +2035,16 @@
               ebLen, (ef_len - EB_HEADSIZE)));
             return PK_ERR;
         }
+        else if (ebLen < EB_HEADSIZE)
+        {
+            /* Extra block length smaller than header length. */
+            if (uO.qflag)
+                Info(slide, 1, ((char *)slide, "%-22s ",
+                  FnFilter1(G.filename)));
+            Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
+              ebLen, EB_HEADSIZE));
+            return PK_ERR;
+        }
 
         switch (ebID) {
             case EF_OS2:
hor'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=aeb54cb350dcae9b41f293b626f533388d7336d6'>root</a>/<a href='/guix/log/gnu?id=aeb54cb350dcae9b41f293b626f533388d7336d6'>gnu</a>/<a href='/guix/log/gnu/bootloader?id=aeb54cb350dcae9b41f293b626f533388d7336d6'>bootloader</a>/<a href='/guix/log/gnu/bootloader/u-boot.scm?id=aeb54cb350dcae9b41f293b626f533388d7336d6'>u-boot.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/bootloader/u-boot.scm?id=aeb54cb350dcae9b41f293b626f533388d7336d6&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-05-22 11:15:30 +0800'>2024-05-22</span></td><td><a href='/guix/commit/gnu/bootloader/u-boot.scm?id=c7aec90a916a99067fd9915337caf098ee8e5083'>bootloader: Add u-boot-starfive-visionfive2-bootloader.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/bootloader/u-boot.scm (u-boot-starfive-visionfive2-bootloader): New variable.

Change-Id: I4b73906fe18d481644102c271f5e0883167b3a50
</span></span></td><td>Zheng Junjie</td></tr>
<tr><td><span title='2024-03-31 22:26:21 +0200'>2024-03-31</span></td><td><a href='/guix/commit/gnu/bootloader/u-boot.scm?id=64187b65d3acb13b91dd83fc8e7209c8ef538078'>bootloader: Add u-boot-qemu-riscv64-bootloader.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/bootloader/u-boot.scm (u-boot-qemu-riscv64-bootloader): New variable.

Change-Id: If6622838d2250c90a26380849b92387aa7122fbb
Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Zheng Junjie</td></tr>
<tr><td><span title='2023-12-22 16:06:03 -0800'>2023-12-22</span></td><td><a href='/guix/commit/gnu/bootloader/u-boot.scm?id=88fb95903c1d94b3be7e8a811d943af988041e4e'>gnu: bootloader: Add orangepi-r1-plus-lts-rk3328 bootloader.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/bootloader/u-boot.scm (install-orangepi-r1-plus-lts-rk3328-u-boot,
  u-boot-orangepi-r1-plus-lts-rk3328-bootloader): New variables.
* gnu/packages/bootloaders.scm (u-boot-orangepi-r1-plus-lts-rk3328): New
  variable.

Signed-off-by: Vagrant Cascadian &lt;vagrant@debian.org&gt;
</span></span></td><td>Herman Rimm</td></tr>
<tr><td><span title='2023-06-14 14:52:21 +0300'>2023-06-14</span></td><td><a href='/guix/commit/gnu/bootloader/u-boot.scm?id=39250fc6229d60b7ae397749caf1e4c99e49b419'>gnu: bootloader: Add u-boot-sifive-unmatched-bootloader.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/bootloader/u-boot.scm (install-sifive-unmatched-u-boot,
u-boot-sifive-unmatched-bootloader): New variables.
</span></span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2023-01-18 21:25:25 -0500'>2023-01-18</span></td><td><a href='/guix/commit/gnu/bootloader/u-boot.scm?id=9530ee9f9c89cbbf35589727e9fdb373ed7f47fa'>gnu: Add u-boot-ts7970-q-2g-1000mhz-c-bootloader.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/bootloader/u-boot.scm (u-boot-ts7970-q-2g-1000mhz-c-bootloader): New
variable.
</span></span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2022-12-28 22:14:16 -0500'>2022-12-28</span></td><td><a href='/guix/commit/gnu/bootloader/u-boot.scm?id=d6ea9f8b38df7de1194d8106488a8c33cce64fd1'>gnu: u-boot-am335x-boneblack: Revert to old name.</a><span class='msg-avail'>...<span class='msg-tooltip'>This reverts to the name this package had previous to commit
c2c1dfdf5760873f1db86d14873f725a105f7feb ("gnu: bootloader: Add U-Boot
packages for Raspberry Pi models."), which caused the package name to be
derived from the board name.

* gnu/packages/bootloaders.scm (u-boot-am335x-evm-boneblack): Remove the
NAME-SUFFIX keyword argument.  Specify the full name via the name field.
* gnu/bootloader/u-boot.scm (u-boot-beaglebone-black-bootloader): Adjust to
the renamed package.

Reported-by: Vagrant Cascadian &lt;vagrant@debian.org&gt;
</span></span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2022-12-20 21:29:25 -0500'>2022-12-20</span></td><td><a href='/guix/commit/gnu/bootloader/u-boot.scm?id=c04528d2a2597d79278833f3607c806278253446'>gnu: u-boot-am335x-evm-boneblack: Fix variable name.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/bootloaders.scm (u-boot-am335x-boneblack): Rename to...
(u-boot-am335x-evm-boneblack), to match the package name.
* gnu/bootloader/u-boot.scm (u-boot-beaglebone-black-bootloader): Adjust
accordingly.
</span></span></td><td>Maxim Cournoyer</td></tr>

Age	Commit message (Expand)	Author
2024-05-22	bootloader: Add u-boot-starfive-visionfive2-bootloader....* gnu/bootloader/u-boot.scm (u-boot-starfive-visionfive2-bootloader): New variable. Change-Id: I4b73906fe18d481644102c271f5e0883167b3a50	Zheng Junjie
2024-03-31	bootloader: Add u-boot-qemu-riscv64-bootloader....* gnu/bootloader/u-boot.scm (u-boot-qemu-riscv64-bootloader): New variable. Change-Id: If6622838d2250c90a26380849b92387aa7122fbb Signed-off-by: Ludovic Courtès <ludo@gnu.org>	Zheng Junjie
2023-12-22	gnu: bootloader: Add orangepi-r1-plus-lts-rk3328 bootloader....* gnu/bootloader/u-boot.scm (install-orangepi-r1-plus-lts-rk3328-u-boot, u-boot-orangepi-r1-plus-lts-rk3328-bootloader): New variables. * gnu/packages/bootloaders.scm (u-boot-orangepi-r1-plus-lts-rk3328): New variable. Signed-off-by: Vagrant Cascadian <vagrant@debian.org>	Herman Rimm
2023-06-14	gnu: bootloader: Add u-boot-sifive-unmatched-bootloader....* gnu/bootloader/u-boot.scm (install-sifive-unmatched-u-boot, u-boot-sifive-unmatched-bootloader): New variables.	Efraim Flashner
2023-01-18	gnu: Add u-boot-ts7970-q-2g-1000mhz-c-bootloader....* gnu/bootloader/u-boot.scm (u-boot-ts7970-q-2g-1000mhz-c-bootloader): New variable.	Maxim Cournoyer
2022-12-28	gnu: u-boot-am335x-boneblack: Revert to old name....This reverts to the name this package had previous to commit c2c1dfdf5760873f1db86d14873f725a105f7feb ("gnu: bootloader: Add U-Boot packages for Raspberry Pi models."), which caused the package name to be derived from the board name. * gnu/packages/bootloaders.scm (u-boot-am335x-evm-boneblack): Remove the NAME-SUFFIX keyword argument. Specify the full name via the name field. * gnu/bootloader/u-boot.scm (u-boot-beaglebone-black-bootloader): Adjust to the renamed package. Reported-by: Vagrant Cascadian <vagrant@debian.org>	Maxim Cournoyer
2022-12-20	gnu: u-boot-am335x-evm-boneblack: Fix variable name....* gnu/packages/bootloaders.scm (u-boot-am335x-boneblack): Rename to... (u-boot-am335x-evm-boneblack), to match the package name. * gnu/bootloader/u-boot.scm (u-boot-beaglebone-black-bootloader): Adjust accordingly.	Maxim Cournoyer