branch master updated: gun: unzip/fixed: Fix tests on 32-bit systems.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

branch master updated: gun: unzip/fixed: Fix tests on 32-bit systems.

From:	guix-commits
Subject:	branch master updated: gun: unzip/fixed: Fix tests on 32-bit systems.
Date:	Sun, 14 Mar 2021 04:12:15 -0400

This is an automated email from the git hooks/post-receive script.

lle_bout pushed a commit to branch master
in repository guix.

The following commit(s) were added to refs/heads/master by this push:
     new 7038439  gun: unzip/fixed: Fix tests on 32-bit systems.
7038439 is described below

commit 703843922aa32c833b1c0ea56ac7362230e60a3a
Author: Léo Le Bouter <lle-bout@zaclys.net>
AuthorDate: Sun Mar 14 09:09:45 2021 +0100

    gun: unzip/fixed: Fix tests on 32-bit systems.
    
    * gnu/packages/patches/unzip-32bit-zipbomb-fix.patch: New patch.
    * gnu/local.mk (dist_patch_DATA): Register it.
    * gnu/packages/compression.scm (unzip/fixed): Apply patch.
---
 gnu/local.mk                                       |  1 +
 gnu/packages/compression.scm                       |  5 ++-
 gnu/packages/patches/unzip-32bit-zipbomb-fix.patch | 50 ++++++++++++++++++++++
 3 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index 6500f5b..25f8a7f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1760,6 +1760,7 @@ dist_patch_DATA =                                         
\
   %D%/packages/patches/unzip-zipbomb-part1.patch               \
   %D%/packages/patches/unzip-zipbomb-part2.patch               \
   %D%/packages/patches/unzip-zipbomb-part3.patch               \
+  %D%/packages/patches/unzip-32bit-zipbomb-fix.patch    \
   %D%/packages/patches/ustr-fix-build-with-gcc-5.patch         \
   %D%/packages/patches/util-linux-tests.patch                  \
   %D%/packages/patches/upower-builddir.patch                   \
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 399e445..123d408 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1676,7 +1676,10 @@ recreates the stored directory structure by default.")
                                 "unzip-zipbomb-manpage.patch"
                                 "unzip-zipbomb-part1.patch"
                                 "unzip-zipbomb-part2.patch"
-                                "unzip-zipbomb-part3.patch"))))))
+                                "unzip-zipbomb-part3.patch"
+
+                                ;; https://github.com/madler/unzip/issues/2
+                                "unzip-32bit-zipbomb-fix.patch"))))))
 
 (define-public ziptime
   (let ((commit "2a5bc9dfbf7c6a80e5f7cb4dd05b4036741478bc")
diff --git a/gnu/packages/patches/unzip-32bit-zipbomb-fix.patch 
b/gnu/packages/patches/unzip-32bit-zipbomb-fix.patch
new file mode 100644
index 0000000..ad6a157
--- /dev/null
+++ b/gnu/packages/patches/unzip-32bit-zipbomb-fix.patch
@@ -0,0 +1,50 @@
+From 13f0260beae851f7d5dd96e9ef757d8d6d7daac1 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Sun, 9 Feb 2020 07:20:13 -0800
+Subject: [PATCH] Fix false overlapped components detection on 32-bit systems.
+
+32-bit systems with ZIP64_SUPPORT enabled could have different
+size types for zoff_t and zusz_t. That resulted in bad parameter
+passing to the bound tracking functions, itself due to the lack of
+use of C function prototypes in unzip. This commit assures that
+parameters are cast properly for those calls.
+
+This problem occurred only for ill-chosen make options, which give
+a 32-bit zoff_t. A proper build will result in a zoff_t of 64 bits,
+even on 32-bit systems.
+---
+ extract.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/extract.c b/extract.c
+index 1b73cb0..d9866f9 100644
+--- a/extract.c
++++ b/extract.c
+@@ -329,7 +329,7 @@ static ZCONST char Far OverlappedComponents[] =
+ 
+ 
+ /* A growable list of spans. */
+-typedef zoff_t bound_t;
++typedef zusz_t bound_t;
+ typedef struct {
+     bound_t beg;        /* start of the span */
+     bound_t end;        /* one past the end of the span */
+@@ -518,7 +518,8 @@ int extract_or_test_files(__G)    /* return PK-type error 
code */
+         return PK_MEM;
+     }
+     if ((G.extra_bytes != 0 &&
+-         cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
++         cover_add((cover_t *)G.cover,
++                   (bound_t)0, (bound_t)G.extra_bytes) != 0) ||
+         (G.ecrec.have_ecr64 &&
+          cover_add((cover_t *)G.cover, G.ecrec.ec64_start,
+                    G.ecrec.ec64_end) != 0) ||
+@@ -1216,7 +1217,7 @@ static int extract_or_test_entrylist(__G__ numchunk,
+ 
+         /* seek_zipf(__G__ pInfo->offset);  */
+         request = G.pInfo->offset + G.extra_bytes;
+-        if (cover_within((cover_t *)G.cover, request)) {
++        if (cover_within((cover_t *)G.cover, (bound_t)request)) {
+             Info(slide, 0x401, ((char *)slide,
+               LoadFarString(OverlappedComponents)));
+             return PK_BOMB;

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated: gun: unzip/fixed: Fix tests on 32-bit systems., guix-commits <=

Prev by Date: branch master updated: gnu: unzip: Fix patch name.
Next by Date: branch master updated (7038439 -> 930d228)
Previous by thread: branch master updated: gnu: unzip: Fix patch name.
Next by thread: branch master updated (7038439 -> 930d228)
Index(es):
- Date
- Thread