[09/16] unzip: fix symlink problem

Message ID 20180727153248.22838-9-ross.burton@intel.com
State Accepted
Commit a001833b7c7a0a6eef88e053fe65e2a0c91ca7bc
Headers show
Series
  • [01/16] oeqa/sdk: add test that CMake works
Related show

Commit Message

Ross Burton July 27, 2018, 3:32 p.m.
Large zip files can cause unzip to crash, take a patch from Fedora to fix it.

Signed-off-by: Ross Burton <ross.burton@intel.com>

---
 meta/recipes-extended/unzip/unzip/symlink.patch | 26 +++++++++++++++++++++++++
 meta/recipes-extended/unzip/unzip_6.0.bb        |  1 +
 2 files changed, 27 insertions(+)
 create mode 100644 meta/recipes-extended/unzip/unzip/symlink.patch

-- 
2.11.0

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Patch

diff --git a/meta/recipes-extended/unzip/unzip/symlink.patch b/meta/recipes-extended/unzip/unzip/symlink.patch
new file mode 100644
index 00000000000..a38f6f16123
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/symlink.patch
@@ -0,0 +1,26 @@ 
+Unzip doesn't handle large zip files well and crashes:
+
+"This only happens if you have more then 16k entries and when one of
+the 16k entry infos is reused it happend to be previously used for
+a symlink entry."
+
+This patch is taken from Fedora (https://bugzilla.redhat.com/show_bug.cgi?id=972427)
+
+Upstream-Status: Pending (upstream is dead)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+--- unzip60/process.c.sav	2013-06-09 12:08:57.070392264 +0200
++++ unzip60/process.c	2013-06-09 12:10:08.641696988 +0200
+@@ -1751,6 +1751,12 @@
+         = (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11);
+ #endif
+ 
++#ifdef SYMLINKS
++    /* Initialize the symlink flag, may be set by the platform-specific
++       mapattr function.  */
++    G.pInfo->symlink = 0;
++#endif 
++
+     return PK_COOL;
+ 
+ } /* end function process_cdir_file_hdr() */
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index 105d048f55b..dbf4112a4c6 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -19,6 +19,7 @@  SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/
 	file://fix-security-format.patch \
 	file://18-cve-2014-9913-unzip-buffer-overflow.patch \
 	file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \
+	file://symlink.patch \
 "
 UPSTREAM_VERSION_UNKNOWN = "1"