guix/gnu/packages/patches/unzip-format-secure.patch
Mark H Weaver 48e4a9f32f gnu: unzip: Add various fixes.
* gnu/packages/patches/unzip-increase-size-of-cfactorstr.patch: Delete
  file.  Replace with ...
* gnu/packages/patches/unzip-overflow-long-fsize.patch: ... this new file.
* gnu/packages/patches/unzip-attribs-overflow.patch,
  gnu/packages/patches/unzip-fix-overflows-and-infloop.patch,
  gnu/packages/patches/unzip-format-secure.patch: New files.
* gnu/packages/patches/unzip-CVE-2014-9636.patch: Replace contents with
  fixed patch from Fedora.
* gnu-system.am (dist_patch_DATA): Adjust accordingly.
* gnu/packages/zip.scm (unzip)[source]: Adjust list of patches.
2015-10-08 10:07:44 -04:00

94 lines
4.3 KiB
Diff

Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/unzip.git/plain/unzip-6.0-format-secure.patch?id=d18f821e
diff --git a/extract.c b/extract.c
index eeb2f57..a0a4929 100644
--- a/extract.c
+++ b/extract.c
@@ -472,8 +472,8 @@ int extract_or_test_files(__G) /* return PK-type error code */
*/
Info(slide, 0x401, ((char *)slide,
LoadFarString(CentSigMsg), j + blknum*DIR_BLKSIZ + 1));
- Info(slide, 0x401, ((char *)slide,
- LoadFarString(ReportMsg)));
+ Info(slide, 0x401,
+ ((char *)slide,"%s", LoadFarString(ReportMsg)));
error_in_archive = PK_BADERR;
}
reached_end = TRUE; /* ...so no more left to do */
@@ -752,8 +752,8 @@ int extract_or_test_files(__G) /* return PK-type error code */
#ifndef SFX
if (no_endsig_found) { /* just to make sure */
- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
- Info(slide, 0x401, ((char *)slide, LoadFarString(ReportMsg)));
+ Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(EndSigMsg)));
+ Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(ReportMsg)));
if (!error_in_archive) /* don't overwrite stronger error */
error_in_archive = PK_WARN;
}
diff --git a/list.c b/list.c
index 15e0011..f7359c3 100644
--- a/list.c
+++ b/list.c
@@ -181,7 +181,7 @@ int list_files(__G) /* return PK-type error code */
Info(slide, 0x401,
((char *)slide, LoadFarString(CentSigMsg), j));
Info(slide, 0x401,
- ((char *)slide, LoadFarString(ReportMsg)));
+ ((char *)slide,"%s", LoadFarString(ReportMsg)));
return PK_BADERR; /* sig not found */
}
}
@@ -507,7 +507,8 @@ int list_files(__G) /* return PK-type error code */
&& (!G.ecrec.is_zip64_archive)
&& (memcmp(G.sig, end_central_sig, 4) != 0)
) { /* just to make sure again */
- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
+ Info(slide, 0x401,
+ ((char *)slide,"%s", LoadFarString(EndSigMsg)));
error_in_archive = PK_WARN; /* didn't find sig */
}
@@ -591,7 +592,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */
Info(slide, 0x401,
((char *)slide, LoadFarString(CentSigMsg), j));
Info(slide, 0x401,
- ((char *)slide, LoadFarString(ReportMsg)));
+ ((char *)slide,"%s", LoadFarString(ReportMsg)));
return PK_BADERR; /* sig not found */
}
}
@@ -674,7 +675,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */
---------------------------------------------------------------------------*/
if (memcmp(G.sig, end_central_sig, 4)) { /* just to make sure again */
- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
+ Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(EndSigMsg)));
error_in_archive = PK_WARN;
}
if (*nmember == 0L && error_in_archive <= PK_WARN)
diff --git a/zipinfo.c b/zipinfo.c
index 6e22cc8..ac5c61b 100644
--- a/zipinfo.c
+++ b/zipinfo.c
@@ -771,7 +771,7 @@ int zipinfo(__G) /* return PK-type error code */
Info(slide, 0x401,
((char *)slide, LoadFarString(CentSigMsg), j));
Info(slide, 0x401,
- ((char *)slide, LoadFarString(ReportMsg)));
+ ((char *)slide,"%s", LoadFarString(ReportMsg)));
error_in_archive = PK_BADERR; /* sig not found */
break;
}
@@ -960,7 +960,8 @@ int zipinfo(__G) /* return PK-type error code */
&& (!G.ecrec.is_zip64_archive)
&& (memcmp(G.sig, end_central_sig, 4) != 0)
) { /* just to make sure again */
- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
+ Info(slide, 0x401,
+ ((char *)slide,"%s", LoadFarString(EndSigMsg)));
error_in_archive = PK_WARN; /* didn't find sig */
}