openclaw/tqma6-yocto-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

Browse Source 
- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)
This commit is contained in:
Siggi (OpenClaw Agent)
2026-03-01 20:58:18 +00:00
commit 16accb6b24
15086 changed files with 1292356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
sources/poky/meta/recipes-extended/unzip/unzip/0001-configure-Add-correct-system-headers-and-prototypes-.patch Normal file
View File

@@ -0,0 +1,112 @@
From 5ac5885d35257888d0e4a9dda903405314f9fc84 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Wed, 10 Aug 2022 17:53:13 -0700
Subject: [PATCH] configure: Add correct system headers and prototypes to tests
Newer compilers e.g. clang-15+ have turned stricter towards these
warnings and turned them into errors which results in subtle failures
during build, therefore make the testcases use the needed headers and
modern C
Upstream-Status: Inactive-Upstream
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
unix/configure | 51 +++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 40 insertions(+), 11 deletions(-)
diff --git a/unix/configure b/unix/configure
index 49579f3..8fd82dd 100755
--- a/unix/configure
+++ b/unix/configure
@@ -379,14 +379,37 @@ $CC $CFLAGS -c conftest.c >/dev/null 2>/dev/null
# Check for missing functions
# add NO_'function_name' to flags if missing
-for func in fchmod fchown lchown nl_langinfo
-do
- echo Check for $func
- echo "int main(){ $func(); return 0; }" > conftest.c
- $CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
- [ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_`echo $func | tr '[a-z]' '[A-Z]'`"
-done
+echo Check for fchmod
+cat > conftest.c << _EOF_
+#include <sys/stat.h>
+int main(){ fchmod(0,0); return 0; }
+_EOF_
+$CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
+[ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_FCHMOD"
+echo Check for fchown
+cat > conftest.c << _EOF_
+#include <unistd.h>
+int main(){ fchown(0,0,0); return 0; }
+_EOF_
+$CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
+[ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_FCHOWN"
+
+echo Check for lchown
+cat > conftest.c << _EOF_
+#include <unistd.h>
+int main(){ lchown(NULL,0,0); return 0; }
+_EOF_
+$CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
+[ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_LCHOWN"
+
+echo Check for nl_langinfo
+cat > conftest.c << _EOF_
+#include <langinfo.h>
+int main(){ nl_langinfo(0); return 0; }
+_EOF_
+$CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
+[ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_NL_LANGINFO"
# Check (seriously) for a working lchmod.
echo 'Check for lchmod'
temp_file="/tmp/unzip_test_$$"
@@ -401,14 +424,17 @@ ln -s "${temp_link}" "${temp_file}" && \
rm -f "${temp_file}"
echo Check for memset
-echo "int main(){ char k; memset(&k,0,0); return 0; }" > conftest.c
+cat > conftest.c << _EOF_
+#include <string.h>
+int main(){ char k; memset(&k,0,0); return 0; }
+_EOF_
$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
[ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DZMEM"
echo Check for errno declaration
cat > conftest.c << _EOF_
#include <errno.h>
-main()
+int main()
{
errno = 0;
return 0;
@@ -419,6 +445,8 @@ $CC $CFLAGS -c conftest.c >/dev/null 2>/dev/null
echo Check for directory libraries
cat > conftest.c << _EOF_
+#include <sys/types.h>
+#include <dirent.h>
int main() { return closedir(opendir(".")); }
_EOF_
@@ -523,10 +551,11 @@ fi
# needed for AIX (and others ?) when mmap is used
echo Check for valloc
cat > conftest.c << _EOF_
-main()
+#include <stdlib.h>
+int main()
{
#ifdef MMAP
- valloc();
+ valloc(0);
#endif
}
_EOF_
--
2.37.1

137
sources/poky/meta/recipes-extended/unzip/unzip/0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch Normal file
View File

@@ -0,0 +1,137 @@
From da29ba6a27d8e78562052c79061476848915eb2a Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Wed, 9 Mar 2022 12:13:28 -0800
Subject: [PATCH] configure: Pass LDFLAGS to tests doing link step
Ensures that right flags from recipes are honored, otherwise tests fail
which otherwise should not.
Upstream-Status: Inactive-Upstream
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
unix/configure | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/unix/configure b/unix/configure
index d4b0a8e..49579f3 100755
--- a/unix/configure
+++ b/unix/configure
@@ -116,7 +116,7 @@ _EOF_
# Special Mac OS X shared library "ld" option?
if test ` uname -s 2> /dev/null ` = 'Darwin'; then
lf='-Wl,-search_paths_first'
- $CC $CFLAGS $lf conftest.c > /dev/null 2>/dev/null
+ $CC $CFLAGS $LDFLAGS $lf conftest.c > /dev/null 2>/dev/null
if test $? -eq 0; then
BZLF=${lf}
fi
@@ -276,7 +276,7 @@ int main()
}
_EOF_
# compile it
-$CC -o conftest conftest.c >/dev/null 2>/dev/null
+$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
if [ $? -ne 0 ]; then
echo -- no Large File Support
else
@@ -322,7 +322,7 @@ int main()
}
_EOF_
# compile it
-$CC -o conftest conftest.c >/dev/null 2>/dev/null
+$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
if [ $? -ne 0 ]; then
echo "-- no Unicode (wchar_t) support"
else
@@ -383,7 +383,7 @@ for func in fchmod fchown lchown nl_langinfo
do
echo Check for $func
echo "int main(){ $func(); return 0; }" > conftest.c
- $CC $BFLAG -o conftest conftest.c >/dev/null 2>/dev/null
+ $CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
[ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_`echo $func | tr '[a-z]' '[A-Z]'`"
done
@@ -395,14 +395,14 @@ temp_link="link_$$"
echo "int main() { lchmod(\"${temp_file}\", 0666); }" \
) > conftest.c
ln -s "${temp_link}" "${temp_file}" && \
- $CC $BFLAG -o conftest conftest.c >/dev/null 2>/dev/null && \
+ $CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null && \
./conftest
[ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_LCHMOD"
rm -f "${temp_file}"
echo Check for memset
echo "int main(){ char k; memset(&k,0,0); return 0; }" > conftest.c
-$CC -o conftest conftest.c >/dev/null 2>/dev/null
+$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
[ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DZMEM"
echo Check for errno declaration
@@ -422,12 +422,12 @@ cat > conftest.c << _EOF_
int main() { return closedir(opendir(".")); }
_EOF_
-$CC -o conftest conftest.c >/dev/null 2>/dev/null
+$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
if [ $? -ne 0 ]; then
OPT=""
for lib in ndir dir ucb bsd BSD PW x dirent
do
- $CC -o conftest conftest.c -l$lib >/dev/null 2>/dev/null
+ $CC $CLFAGS $LDFLAGS -o conftest conftest.c -l$lib >/dev/null 2>/dev/null
[ $? -eq 0 ] && OPT=-l$lib && break
done
if [ ${OPT} ]; then
@@ -440,9 +440,9 @@ fi
# Dynix/ptx 1.3 needed this
echo Check for readlink
echo "int main(){ return readlink(); }" > conftest.c
-$CC -o conftest conftest.c >/dev/null 2>/dev/null
+$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
if [ $? -ne 0 ]; then
- $CC -o conftest conftest.c -lseq >/dev/null 2>/dev/null
+ $CC $CFLAGS $LDFLAGS -o conftest conftest.c -lseq >/dev/null 2>/dev/null
[ $? -eq 0 ] && LFLAGS2="${LFLAGS2} -lseq"
fi
@@ -501,7 +501,7 @@ int main()
}
_EOF_
# compile it
-$CC ${CFLAGS} ${CFLAGSR} -o conftest conftest.c >/dev/null 2>/dev/null
+$CC ${CFLAGS} ${CFLAGSR} $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
if [ $? -ne 0 ]; then
echo "-- no MBCS support"
CFLAGSR="${CFLAGSR} -DNO_MBCS"
@@ -515,7 +515,7 @@ else
do
echo Check for MBCS $func
echo "int main() { $func(); return 0; }" > conftest.c
- $CC $BFLAG -o conftest conftest.c >/dev/null 2>/dev/null
+ $CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
[ $? -eq 0 ] && CFLAGSR="${CFLAGSR} -D`echo $func | tr '[a-z]' '[A-Z]'`=$func"
done
fi
@@ -557,7 +557,7 @@ elif [ -f /xenix ]; then
elif uname -X >/dev/null 2>/dev/null; then
# SCO shared library check
echo "int main() { return 0;}" > conftest.c
- $CC -o conftest conftest.c -lc_s -nointl >/dev/null 2> /dev/null
+ $CC $CFLAGS $LDFLAGS -o conftest conftest.c -lc_s -nointl >/dev/null 2> /dev/null
[ $? -eq 0 ] && LFLAGS2="-lc_s -nointl"
else
SYSTEM=`uname -s 2>/dev/null` || SYSTEM="unknown"
@@ -565,7 +565,7 @@ else
case $SYSTEM in
OSF1|ULTRIX)
echo Check for -Olimit option
- $CC ${CFLAGS} -Olimit 1000 -o conftest conftest.c >/dev/null 2>/dev/null
+ $CC ${CFLAGS} ${LDFLAGS} -Olimit 1000 -o conftest conftest.c >/dev/null 2>/dev/null
[ $? -eq 0 ] && CFLAGSR="${CFLAGSR} -Olimit 1000"
;;
### HP-UX)
--
2.35.1

103
sources/poky/meta/recipes-extended/unzip/unzip/0001-unix-configure-fix-detection-for-cross-compilation.patch Normal file
View File

@@ -0,0 +1,103 @@
From 5cbf901b5c3b6a7d1d0ed91b6df4194bb6d25a40 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Thu, 15 Jun 2023 07:14:17 -0700
Subject: [PATCH] unix/configure: fix detection for cross compilation
We're doing cross compilation, running a cross-compiled problem
on host to detemine feature is not correct. So we change runtime
check into compile-time check to detect the features.
Upstream-Status: Inactive-Upstream
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
unix/configure | 44 +++++++++++++++-----------------------------
1 file changed, 15 insertions(+), 29 deletions(-)
diff --git a/unix/configure b/unix/configure
index 8fd82dd..68dee98 100755
--- a/unix/configure
+++ b/unix/configure
@@ -259,6 +259,10 @@ cat > conftest.c << _EOF_
#include <sys/stat.h>
#include <unistd.h>
#include <stdio.h>
+
+_Static_assert(sizeof(off_t) < 8, "sizeof off_t < 8 failed");
+_Static_assert(sizeof((struct stat){0}.st_size) < 8, "sizeof st_size < 8 failed");
+
int main()
{
off_t offset;
@@ -278,21 +282,10 @@ _EOF_
# compile it
$CC $CFLAGS $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null
if [ $? -ne 0 ]; then
- echo -- no Large File Support
+ echo -- yes we have Large File Support!
+ CFLAGSR="${CFLAGSR} -DLARGE_FILE_SUPPORT"
else
-# run it
- ./conftest
- r=$?
- if [ $r -eq 1 ]; then
- echo -- no Large File Support - no 64-bit off_t
- elif [ $r -eq 2 ]; then
- echo -- no Large File Support - no 64-bit stat
- elif [ $r -eq 3 ]; then
- echo -- yes we have Large File Support!
- CFLAGSR="${CFLAGSR} -DLARGE_FILE_SUPPORT"
- else
- echo -- no Large File Support - conftest returned $r
- fi
+ echo -- no Large File Support
fi
# Added 11/24/2005 EG
@@ -302,6 +295,11 @@ cat > conftest.c << _EOF_
#include <stdlib.h>
#include <stdio.h>
#include <wchar.h>
+
+#ifndef __STDC_ISO_10646__
+#error "__STDC_ISO_10646__ not defined
+#endif
+
int main()
{
size_t wsize;
@@ -327,19 +325,8 @@ if [ $? -ne 0 ]; then
echo "-- no Unicode (wchar_t) support"
else
# have wide char support
-# run it
- ./conftest
- r=$?
- if [ $r -eq 0 ]; then
- echo -- no Unicode wchar_t support - wchar_t allocation error
- elif [ $r -eq 1 ]; then
- echo -- no Unicode support - wchar_t encoding unspecified
- elif [ $r -eq 2 ]; then
- echo -- have wchar_t with known UCS encoding - enabling Unicode support!
- CFLAGSR="${CFLAGSR} -DUNICODE_SUPPORT -DUNICODE_WCHAR"
- else
- echo "-- no Unicode (wchar_t) support - conftest returned $r"
- fi
+ echo -- have wchar_t with known UCS encoding - enabling Unicode support!
+ CFLAGSR="${CFLAGSR} -DUNICODE_SUPPORT -DUNICODE_WCHAR"
fi
echo "Check for setlocale support (needed for UNICODE Native check)"
@@ -418,8 +405,7 @@ temp_link="link_$$"
echo "int main() { lchmod(\"${temp_file}\", 0666); }" \
) > conftest.c
ln -s "${temp_link}" "${temp_file}" && \
- $CC $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null 2>/dev/null && \
- ./conftest
+ $CC -Werror=implicit-function-declaration $BFLAG $LDFLAGS -o conftest conftest.c >/dev/null
[ $? -ne 0 ] && CFLAGSR="${CFLAGSR} -DNO_LCHMOD"
rm -f "${temp_file}"
--
2.34.1

48
sources/poky/meta/recipes-extended/unzip/unzip/0001-unzip-fix-CVE-2018-1000035.patch Normal file
View File

@@ -0,0 +1,48 @@
From 349f566e6e757458843fa164a0f0584280e1501e Mon Sep 17 00:00:00 2001
From: Changqing Li <changqing.li@windriver.com>
Date: Wed, 15 Aug 2018 16:20:53 +0800
Subject: [PATCH] unzip: fix CVE-2018-1000035
Upstream-Status: Backport
CVE: CVE-2018-1000035
backport from unzip6.10c23
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
fileio.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/fileio.c b/fileio.c
index 36bfea3..7605a29 100644
--- a/fileio.c
+++ b/fileio.c
@@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
int r = IZ_PW_ENTERED;
char *m;
char *prompt;
+ char *ep;
+ char *zp;
#ifndef REENTRANT
/* tell picky compilers to shut up about "unused variable" warnings */
@@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
if (*rcnt == 0) { /* First call for current entry */
*rcnt = 2;
- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
- sprintf(prompt, LoadFarString(PasswPrompt),
- FnFilter1(zfn), FnFilter2(efn));
+ zp = FnFilter1( zfn);
+ ep = FnFilter2( efn);
+ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */
+ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
+ if (prompt != (char *)NULL) {
+ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
m = prompt;
} else
m = (char *)LoadFarString(PasswPrompt2);
--
2.7.4

403
sources/poky/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch Normal file
View File

@@ -0,0 +1,403 @@
From: Giovanni Scafora <giovanni.archlinux.org>
Subject: unzip files encoded with non-latin, non-unicode file names
Last-Update: 2015-02-11
Upstream-Status: Backport
CVE: CVE-2015-1315
Updated 2015-02-11 by Marc Deslauriers <marc.deslauriers@canonical.com>
to fix buffer overflow in charset_to_intern()
Signed-off-by: Marc Deslauriers <marc.deslauriers@canonical.com>
Index: unzip-6.0/unix/unix.c
===================================================================
--- unzip-6.0.orig/unix/unix.c 2015-02-11 08:46:43.675324290 -0500
+++ unzip-6.0/unix/unix.c 2015-02-11 09:18:04.902081319 -0500
@@ -30,6 +30,9 @@
#define UNZIP_INTERNAL
#include "unzip.h"
+#include <iconv.h>
+#include <langinfo.h>
+
#ifdef SCO_XENIX
# define SYSNDIR
#else /* SCO Unix, AIX, DNIX, TI SysV, Coherent 4.x, ... */
@@ -1874,3 +1877,102 @@
}
}
#endif /* QLZIP */
+
+
+typedef struct {
+ char *local_charset;
+ char *archive_charset;
+} CHARSET_MAP;
+
+/* A mapping of local <-> archive charsets used by default to convert filenames
+ * of DOS/Windows Zip archives. Currently very basic. */
+static CHARSET_MAP dos_charset_map[] = {
+ { "ANSI_X3.4-1968", "CP850" },
+ { "ISO-8859-1", "CP850" },
+ { "CP1252", "CP850" },
+ { "UTF-8", "CP866" },
+ { "KOI8-R", "CP866" },
+ { "KOI8-U", "CP866" },
+ { "ISO-8859-5", "CP866" }
+};
+
+char OEM_CP[MAX_CP_NAME] = "";
+char ISO_CP[MAX_CP_NAME] = "";
+
+/* Try to guess the default value of OEM_CP based on the current locale.
+ * ISO_CP is left alone for now. */
+void init_conversion_charsets()
+{
+ const char *local_charset;
+ int i;
+
+ /* Make a guess only if OEM_CP not already set. */
+ if(*OEM_CP == '\0') {
+ local_charset = nl_langinfo(CODESET);
+ for(i = 0; i < sizeof(dos_charset_map)/sizeof(CHARSET_MAP); i++)
+ if(!strcasecmp(local_charset, dos_charset_map[i].local_charset)) {
+ strncpy(OEM_CP, dos_charset_map[i].archive_charset,
+ sizeof(OEM_CP));
+ break;
+ }
+ }
+}
+
+/* Convert a string from one encoding to the current locale using iconv().
+ * Be as non-intrusive as possible. If error is encountered during covertion
+ * just leave the string intact. */
+static void charset_to_intern(char *string, char *from_charset)
+{
+ iconv_t cd;
+ char *s,*d, *buf;
+ size_t slen, dlen, buflen;
+ const char *local_charset;
+
+ if(*from_charset == '\0')
+ return;
+
+ buf = NULL;
+ local_charset = nl_langinfo(CODESET);
+
+ if((cd = iconv_open(local_charset, from_charset)) == (iconv_t)-1)
+ return;
+
+ slen = strlen(string);
+ s = string;
+
+ /* Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ
+ * as this function also gets called with G.outbuf in fileio.c
+ */
+ buflen = FILNAMSIZ;
+ if (OUTBUFSIZ + 1 < FILNAMSIZ)
+ {
+ buflen = OUTBUFSIZ + 1;
+ }
+
+ d = buf = malloc(buflen);
+ if(!d)
+ goto cleanup;
+
+ bzero(buf,buflen);
+ dlen = buflen - 1;
+
+ if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1)
+ goto cleanup;
+ strncpy(string, buf, buflen);
+
+ cleanup:
+ free(buf);
+ iconv_close(cd);
+}
+
+/* Convert a string from OEM_CP to the current locale charset. */
+inline void oem_intern(char *string)
+{
+ charset_to_intern(string, OEM_CP);
+}
+
+/* Convert a string from ISO_CP to the current locale charset. */
+inline void iso_intern(char *string)
+{
+ charset_to_intern(string, ISO_CP);
+}
Index: unzip-6.0/unix/unxcfg.h
===================================================================
--- unzip-6.0.orig/unix/unxcfg.h 2015-02-11 08:46:43.675324290 -0500
+++ unzip-6.0/unix/unxcfg.h 2015-02-11 08:46:43.671324260 -0500
@@ -228,4 +228,30 @@
/* wild_dir, dirname, wildname, matchname[], dirnamelen, have_dirname, */
/* and notfirstcall are used by do_wild(). */
+
+#define MAX_CP_NAME 25
+
+#ifdef SETLOCALE
+# undef SETLOCALE
+#endif
+#define SETLOCALE(category, locale) setlocale(category, locale)
+#include <locale.h>
+
+#ifdef _ISO_INTERN
+# undef _ISO_INTERN
+#endif
+#define _ISO_INTERN(str1) iso_intern(str1)
+
+#ifdef _OEM_INTERN
+# undef _OEM_INTERN
+#endif
+#ifndef IZ_OEM2ISO_ARRAY
+# define IZ_OEM2ISO_ARRAY
+#endif
+#define _OEM_INTERN(str1) oem_intern(str1)
+
+void iso_intern(char *);
+void oem_intern(char *);
+void init_conversion_charsets(void);
+
#endif /* !__unxcfg_h */
Index: unzip-6.0/unzip.c
===================================================================
--- unzip-6.0.orig/unzip.c 2015-02-11 08:46:43.675324290 -0500
+++ unzip-6.0/unzip.c 2015-02-11 08:46:43.675324290 -0500
@@ -327,11 +327,21 @@
-2 just filenames but allow -h/-t/-z -l long Unix \"ls -l\" format\n\
-v verbose, multi-page format\n";
+#ifndef UNIX
static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\
-h print header line -t print totals for listed files or for all\n\
-z print zipfile comment -T print file times in sortable decimal format\
\n -C be case-insensitive %s\
-x exclude filenames that follow from listing\n";
+#else /* UNIX */
+static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\
+ -h print header line -t print totals for listed files or for all\n\
+ -z print zipfile comment %c-T%c print file times in sortable decimal format\
+\n %c-C%c be case-insensitive %s\
+ -x exclude filenames that follow from listing\n\
+ -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\
+ -I CHARSET specify a character encoding for UNIX and other archives\n";
+#endif /* !UNIX */
#ifdef MORE
static ZCONST char Far ZipInfoUsageLine4[] =
" -M page output through built-in \"more\"\n";
@@ -664,6 +674,17 @@
-U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\
-C match filenames case-insensitively -L make (some) names \
lowercase\n %-42s -V retain VMS version numbers\n%s";
+#elif (defined UNIX)
+static ZCONST char Far UnzipUsageLine4[] = "\
+modifiers:\n\
+ -n never overwrite existing files -q quiet mode (-qq => quieter)\n\
+ -o overwrite files WITHOUT prompting -a auto-convert any text files\n\
+ -j junk paths (do not make directories) -aa treat ALL files as text\n\
+ -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\
+ -C match filenames case-insensitively -L make (some) names \
+lowercase\n %-42s -V retain VMS version numbers\n%s\
+ -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\
+ -I CHARSET specify a character encoding for UNIX and other archives\n\n";
#else /* !VMS */
static ZCONST char Far UnzipUsageLine4[] = "\
modifiers:\n\
@@ -802,6 +823,10 @@
#endif /* UNICODE_SUPPORT */
+#ifdef UNIX
+ init_conversion_charsets();
+#endif
+
#if (defined(__IBMC__) && defined(__DEBUG_ALLOC__))
extern void DebugMalloc(void);
@@ -1335,6 +1360,11 @@
argc = *pargc;
argv = *pargv;
+#ifdef UNIX
+ extern char OEM_CP[MAX_CP_NAME];
+ extern char ISO_CP[MAX_CP_NAME];
+#endif
+
while (++argv, (--argc > 0 && *argv != NULL && **argv == '-')) {
s = *argv + 1;
while ((c = *s++) != 0) { /* "!= 0": prevent Turbo C warning */
@@ -1516,6 +1546,35 @@
}
break;
#endif /* MACOS */
+#ifdef UNIX
+ case ('I'):
+ if (negative) {
+ Info(slide, 0x401, ((char *)slide,
+ "error: encodings can't be negated"));
+ return(PK_PARAM);
+ } else {
+ if(*s) { /* Handle the -Icharset case */
+ /* Assume that charsets can't start with a dash to spot arguments misuse */
+ if(*s == '-') {
+ Info(slide, 0x401, ((char *)slide,
+ "error: a valid character encoding should follow the -I argument"));
+ return(PK_PARAM);
+ }
+ strncpy(ISO_CP, s, sizeof(ISO_CP));
+ } else { /* -I charset */
+ ++argv;
+ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
+ Info(slide, 0x401, ((char *)slide,
+ "error: a valid character encoding should follow the -I argument"));
+ return(PK_PARAM);
+ }
+ s = *argv;
+ strncpy(ISO_CP, s, sizeof(ISO_CP));
+ }
+ while(*(++s)); /* No params straight after charset name */
+ }
+ break;
+#endif /* ?UNIX */
case ('j'): /* junk pathnames/directory structure */
if (negative)
uO.jflag = FALSE, negative = 0;
@@ -1591,6 +1650,35 @@
} else
++uO.overwrite_all;
break;
+#ifdef UNIX
+ case ('O'):
+ if (negative) {
+ Info(slide, 0x401, ((char *)slide,
+ "error: encodings can't be negated"));
+ return(PK_PARAM);
+ } else {
+ if(*s) { /* Handle the -Ocharset case */
+ /* Assume that charsets can't start with a dash to spot arguments misuse */
+ if(*s == '-') {
+ Info(slide, 0x401, ((char *)slide,
+ "error: a valid character encoding should follow the -I argument"));
+ return(PK_PARAM);
+ }
+ strncpy(OEM_CP, s, sizeof(OEM_CP));
+ } else { /* -O charset */
+ ++argv;
+ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
+ Info(slide, 0x401, ((char *)slide,
+ "error: a valid character encoding should follow the -O argument"));
+ return(PK_PARAM);
+ }
+ s = *argv;
+ strncpy(OEM_CP, s, sizeof(OEM_CP));
+ }
+ while(*(++s)); /* No params straight after charset name */
+ }
+ break;
+#endif /* ?UNIX */
case ('p'): /* pipes: extract to stdout, no messages */
if (negative) {
uO.cflag = FALSE;
Index: unzip-6.0/unzpriv.h
===================================================================
--- unzip-6.0.orig/unzpriv.h 2015-02-11 08:46:43.675324290 -0500
+++ unzip-6.0/unzpriv.h 2015-02-11 08:46:43.675324290 -0500
@@ -3008,7 +3008,7 @@
!(((islochdr) || (isuxatt)) && \
((hostver) == 25 || (hostver) == 26 || (hostver) == 40))) || \
(hostnum) == FS_HPFS_ || \
- ((hostnum) == FS_NTFS_ && (hostver) == 50)) { \
+ ((hostnum) == FS_NTFS_ /* && (hostver) == 50 */ )) { \
_OEM_INTERN((string)); \
} else { \
_ISO_INTERN((string)); \
Index: unzip-6.0/zipinfo.c
===================================================================
--- unzip-6.0.orig/zipinfo.c 2015-02-11 08:46:43.675324290 -0500
+++ unzip-6.0/zipinfo.c 2015-02-11 08:46:43.675324290 -0500
@@ -457,6 +457,10 @@
int tflag_slm=TRUE, tflag_2v=FALSE;
int explicit_h=FALSE, explicit_t=FALSE;
+#ifdef UNIX
+ extern char OEM_CP[MAX_CP_NAME];
+ extern char ISO_CP[MAX_CP_NAME];
+#endif
#ifdef MACOS
uO.lflag = LFLAG; /* reset default on each call */
@@ -501,6 +505,35 @@
uO.lflag = 0;
}
break;
+#ifdef UNIX
+ case ('I'):
+ if (negative) {
+ Info(slide, 0x401, ((char *)slide,
+ "error: encodings can't be negated"));
+ return(PK_PARAM);
+ } else {
+ if(*s) { /* Handle the -Icharset case */
+ /* Assume that charsets can't start with a dash to spot arguments misuse */
+ if(*s == '-') {
+ Info(slide, 0x401, ((char *)slide,
+ "error: a valid character encoding should follow the -I argument"));
+ return(PK_PARAM);
+ }
+ strncpy(ISO_CP, s, sizeof(ISO_CP));
+ } else { /* -I charset */
+ ++argv;
+ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
+ Info(slide, 0x401, ((char *)slide,
+ "error: a valid character encoding should follow the -I argument"));
+ return(PK_PARAM);
+ }
+ s = *argv;
+ strncpy(ISO_CP, s, sizeof(ISO_CP));
+ }
+ while(*(++s)); /* No params straight after charset name */
+ }
+ break;
+#endif /* ?UNIX */
case 'l': /* longer form of "ls -l" type listing */
if (negative)
uO.lflag = -2, negative = 0;
@@ -521,6 +554,35 @@
G.M_flag = TRUE;
break;
#endif
+#ifdef UNIX
+ case ('O'):
+ if (negative) {
+ Info(slide, 0x401, ((char *)slide,
+ "error: encodings can't be negated"));
+ return(PK_PARAM);
+ } else {
+ if(*s) { /* Handle the -Ocharset case */
+ /* Assume that charsets can't start with a dash to spot arguments misuse */
+ if(*s == '-') {
+ Info(slide, 0x401, ((char *)slide,
+ "error: a valid character encoding should follow the -I argument"));
+ return(PK_PARAM);
+ }
+ strncpy(OEM_CP, s, sizeof(OEM_CP));
+ } else { /* -O charset */
+ ++argv;
+ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
+ Info(slide, 0x401, ((char *)slide,
+ "error: a valid character encoding should follow the -O argument"));
+ return(PK_PARAM);
+ }
+ s = *argv;
+ strncpy(OEM_CP, s, sizeof(OEM_CP));
+ }
+ while(*(++s)); /* No params straight after charset name */
+ }
+ break;
+#endif /* ?UNIX */
case 's': /* default: shorter "ls -l" type listing */
if (negative)
uO.lflag = -2, negative = 0;

53
sources/poky/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch Normal file
View File

@@ -0,0 +1,53 @@
From: sms
Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow
Bug-Debian: http://bugs.debian.org/773722
The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
Upstream-Status: Backport
CVE: CVE-2014-8139
Signed-off-by: Roy Li <rongqing.li@windriver.com>
--- a/extract.c
+++ b/extract.c
@@ -298,6 +298,8 @@
#ifndef SFX
static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
+ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \
+ EF block length (%u bytes) invalid (< %d)\n";
static ZCONST char Far InvalidComprDataEAs[] =
" invalid compressed data for EAs\n";
# if (defined(WIN32) && defined(NTSD_EAS))
@@ -2023,7 +2025,8 @@
ebID = makeword(ef);
ebLen = (unsigned)makeword(ef+EB_LEN);
- if (ebLen > (ef_len - EB_HEADSIZE)) {
+ if (ebLen > (ef_len - EB_HEADSIZE))
+ {
/* Discovered some extra field inconsistency! */
if (uO.qflag)
Info(slide, 1, ((char *)slide, "%-22s ",
@@ -2158,11 +2161,19 @@
}
break;
case EF_PKVMS:
- if (makelong(ef+EB_HEADSIZE) !=
+ if (ebLen < 4)
+ {
+ Info(slide, 1,
+ ((char *)slide, LoadFarString(TooSmallEBlength),
+ ebLen, 4));
+ }
+ else if (makelong(ef+EB_HEADSIZE) !=
crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4),
(extent)(ebLen-4)))
+ {
Info(slide, 1, ((char *)slide,
LoadFarString(BadCRC_EAs)));
+ }
break;
case EF_PKW32:
case EF_PKUNIX:

36
sources/poky/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch Normal file
View File

@@ -0,0 +1,36 @@
From: sms
Subject: Fix CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
Bug-Debian: http://bugs.debian.org/773722
The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
Upstream-Status: Backport
CVE: CVE-2014-8140
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Index: unzip60/extract.c
===================================================================
--- unzip60.orig/extract.c
+++ unzip60/extract.c
@@ -2233,10 +2233,17 @@ static int test_compr_eb(__G__ eb, eb_si
if (compr_offset < 4) /* field is not compressed: */
return PK_OK; /* do nothing and signal OK */
+ /* Return no/bad-data error status if any problem is found:
+ * 1. eb_size is too small to hold the uncompressed size
+ * (eb_ucsize). (Else extract eb_ucsize.)
+ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS.
+ * 3. eb_ucsize is positive, but eb_size is too small to hold
+ * the compressed data header.
+ */
if ((eb_size < (EB_UCSIZE_P + 4)) ||
- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L &&
- eb_size <= (compr_offset + EB_CMPRHEADLEN)))
- return IZ_EF_TRUNC; /* no compressed data! */
+ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
+ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
+ return IZ_EF_TRUNC; /* no/bad compressed data! */
method = makeword(eb + (EB_HEADSIZE + compr_offset));
if ((method == STORED) &&

145
sources/poky/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch Normal file
View File

@@ -0,0 +1,145 @@
From: sms
Subject: Fix CVE-2014-8141: out-of-bounds read issues in getZip64Data()
Bug-Debian: http://bugs.debian.org/773722
The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
Upstream-Status: Backport
CVE: CVE-2014-8141
Signed-off-by: Roy Li <rongqing.li@windriver.com>
--- a/fileio.c
+++ b/fileio.c
@@ -176,6 +176,8 @@
#endif
static ZCONST char Far ExtraFieldTooLong[] =
"warning: extra field too long (%d). Ignoring...\n";
+static ZCONST char Far ExtraFieldCorrupt[] =
+ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n";
#ifdef WINDLL
static ZCONST char Far DiskFullQuery[] =
@@ -2295,7 +2297,12 @@
if (readbuf(__G__ (char *)G.extra_field, length) == 0)
return PK_EOF;
/* Looks like here is where extra fields are read */
- getZip64Data(__G__ G.extra_field, length);
+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
+ {
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
+ error = PK_WARN;
+ }
#ifdef UNICODE_SUPPORT
G.unipath_filename = NULL;
if (G.UzO.U_flag < 2) {
--- a/process.c
+++ b/process.c
@@ -1,5 +1,5 @@
/*
- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
See the accompanying file LICENSE, version 2009-Jan-02 or later
(the contents of which are also included in unzip.h) for terms of use.
@@ -1901,48 +1901,82 @@
and a 4-byte version of disk start number.
Sets both local header and central header fields. Not terribly clever,
but it means that this procedure is only called in one place.
+
+ 2014-12-05 SMS.
+ Added checks to ensure that enough data are available before calling
+ makeint64() or makelong(). Replaced various sizeof() values with
+ simple ("4" or "8") constants. (The Zip64 structures do not depend
+ on our variable sizes.) Error handling is crude, but we should now
+ stay within the buffer.
---------------------------------------------------------------------------*/
+#define Z64FLGS 0xffff
+#define Z64FLGL 0xffffffff
+
if (ef_len == 0 || ef_buf == NULL)
return PK_COOL;
Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n",
ef_len));
- while (ef_len >= EB_HEADSIZE) {
+ while (ef_len >= EB_HEADSIZE)
+ {
eb_id = makeword(EB_ID + ef_buf);
eb_len = makeword(EB_LEN + ef_buf);
- if (eb_len > (ef_len - EB_HEADSIZE)) {
- /* discovered some extra field inconsistency! */
+ if (eb_len > (ef_len - EB_HEADSIZE))
+ {
+ /* Extra block length exceeds remaining extra field length. */
Trace((stderr,
"getZip64Data: block length %u > rest ef_size %u\n", eb_len,
ef_len - EB_HEADSIZE));
break;
}
- if (eb_id == EF_PKSZ64) {
-
+ if (eb_id == EF_PKSZ64)
+ {
int offset = EB_HEADSIZE;
- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
- offset += sizeof(G.crec.ucsize);
+ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
+ {
+ if (offset+ 8 > ef_len)
+ return PK_ERR;
+
+ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);
+ offset += 8;
}
- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){
- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf);
- offset += sizeof(G.crec.csize);
+
+ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL))
+ {
+ if (offset+ 8 > ef_len)
+ return PK_ERR;
+
+ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf);
+ offset += 8;
}
- if (G.crec.relative_offset_local_header == 0xffffffff){
+
+ if (G.crec.relative_offset_local_header == Z64FLGL)
+ {
+ if (offset+ 8 > ef_len)
+ return PK_ERR;
+
G.crec.relative_offset_local_header = makeint64(offset + ef_buf);
- offset += sizeof(G.crec.relative_offset_local_header);
+ offset += 8;
}
- if (G.crec.disk_number_start == 0xffff){
+
+ if (G.crec.disk_number_start == Z64FLGS)
+ {
+ if (offset+ 4 > ef_len)
+ return PK_ERR;
+
G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
- offset += sizeof(G.crec.disk_number_start);
+ offset += 4;
}
+#if 0
+ break; /* Expect only one EF_PKSZ64 block. */
+#endif /* 0 */
}
- /* Skip this extra field block */
+ /* Skip this extra field block. */
ef_buf += (eb_len + EB_HEADSIZE);
ef_len -= (eb_len + EB_HEADSIZE);
}

33
sources/poky/meta/recipes-extended/unzip/unzip/18-cve-2014-9913-unzip-buffer-overflow.patch Normal file
View File

@@ -0,0 +1,33 @@
From: "Steven M. Schweda" <sms@antinode.info>
Subject: Fix CVE-2014-9913, buffer overflow in unzip
Bug: https://sourceforge.net/p/infozip/bugs/27/
Bug-Debian: https://bugs.debian.org/847485
Bug-Ubuntu: https://launchpad.net/bugs/387350
X-Debian-version: 6.0-21
Upstream-Status: Backport
CVE: CVE-2014-9913
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
--- a/list.c
+++ b/list.c
@@ -339,7 +339,18 @@
G.crec.compression_method == ENHDEFLATED) {
methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
} else if (methnum >= NUM_METHODS) {
- sprintf(&methbuf[4], "%03u", G.crec.compression_method);
+ /* 2013-02-26 SMS.
+ * http://sourceforge.net/p/infozip/bugs/27/ CVE-2014-9913.
+ * Unexpectedly large compression methods overflow
+ * &methbuf[]. Use the old, three-digit decimal format
+ * for values which fit. Otherwise, sacrifice the
+ * colon, and use four-digit hexadecimal.
+ */
+ if (G.crec.compression_method <= 999) {
+ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method);
+ } else {
+ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method);
+ }
}
#if 0 /* GRR/Euro: add this? */

32
sources/poky/meta/recipes-extended/unzip/unzip/19-cve-2016-9844-zipinfo-buffer-overflow.patch Normal file
View File

@@ -0,0 +1,32 @@
From: "Steven M. Schweda" <sms@antinode.info>
Subject: Fix CVE-2016-9844, buffer overflow in zipinfo
Bug-Debian: https://bugs.debian.org/847486
Bug-Ubuntu: https://launchpad.net/bugs/1643750
X-Debian-version: 6.0-21
Upstream-Status: Backport
CVE: CVE-2016-9844
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
--- a/zipinfo.c
+++ b/zipinfo.c
@@ -1921,7 +1921,18 @@
ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3);
methbuf[3] = dtype[dnum];
} else if (methnum >= NUM_METHODS) { /* unknown */
- sprintf(&methbuf[1], "%03u", G.crec.compression_method);
+ /* 2016-12-05 SMS.
+ * https://launchpad.net/bugs/1643750
+ * Unexpectedly large compression methods overflow
+ * &methbuf[]. Use the old, three-digit decimal format
+ * for values which fit. Otherwise, sacrifice the "u",
+ * and use four-digit hexadecimal.
+ */
+ if (G.crec.compression_method <= 999) {
+ sprintf( &methbuf[ 1], "%03u", G.crec.compression_method);
+ } else {
+ sprintf( &methbuf[ 0], "%04X", G.crec.compression_method);
+ }
}
for (k = 0; k < 15; ++k)

39
sources/poky/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch Normal file
View File

@@ -0,0 +1,39 @@
Upstream-Status: Backport
CVE: CVE-2015-7696
Signed-off-by: Tudor Florea <tudor.flore@enea.com>
From 68efed87fabddd450c08f3112f62a73f61d493c9 Mon Sep 17 00:00:00 2001
From: Petr Stodulka <pstodulk@redhat.com>
Date: Mon, 14 Sep 2015 18:23:17 +0200
Subject: [PATCH 1/2] upstream fix for heap overflow
https://bugzilla.redhat.com/attachment.cgi?id=1073002
---
crypt.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/crypt.c b/crypt.c
index 784e411..a8975f2 100644
--- a/crypt.c
+++ b/crypt.c
@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd)
GLOBAL(pInfo->encrypted) = FALSE;
defer_leftover_input(__G);
for (n = 0; n < RAND_HEAD_LEN; n++) {
- b = NEXTBYTE;
+ /* 2012-11-23 SMS. (OUSPG report.)
+ * Quit early if compressed size < HEAD_LEN. The resulting
+ * error message ("unable to get password") could be improved,
+ * but it's better than trying to read nonexistent data, and
+ * then continuing with a negative G.csize. (See
+ * fileio.c:readbyte()).
+ */
+ if ((b = NEXTBYTE) == (ush)EOF)
+ {
+ return PK_ERR;
+ }
h[n] = (uch)b;
Trace((stdout, " (%02x)", h[n]));
}
--
2.4.6

32
sources/poky/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch Normal file
View File

@@ -0,0 +1,32 @@
Upstream-Status: Backport
CVE: CVE-2015-7697
Signed-off-by: Tudor Florea <tudor.flore@enea.com>
From bd8a743ee0a77e65ad07ef4196c4cd366add3f26 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 14 Sep 2015 18:24:56 +0200
Subject: [PATCH 2/2] fix infinite loop when extracting empty bzip2 data
---
extract.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/extract.c b/extract.c
index 7134bfe..29db027 100644
--- a/extract.c
+++ b/extract.c
@@ -2733,6 +2733,12 @@ __GDEF
int repeated_buf_err;
bz_stream bstrm;
+ if (G.incnt <= 0 && G.csize <= 0L) {
+ /* avoid an infinite loop */
+ Trace((stderr, "UZbunzip2() got empty input\n"));
+ return 2;
+ }
+
#if (defined(DLL) && !defined(NO_SLIDE_REDIR))
if (G.redirect_slide)
wsize = G.redirect_size, redirSlide = G.redirect_buffer;
--
2.4.6

39
sources/poky/meta/recipes-extended/unzip/unzip/CVE-2018-18384.patch Normal file
View File

@@ -0,0 +1,39 @@
Upstream-Status: Backport [https://sourceforge.net/p/infozip/bugs/53/]
CVE: CVE-2018-18384
Signed-off-by: Changqing Li <changqing.li@windriver.com>
--- unzip60/list.c
+++ unzip60/list.c
@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type
{
int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
#ifndef WINDLL
- char sgn, cfactorstr[10];
+ char sgn, cfactorstr[1+10+1+1]; /* <sgn><int>%NUL */
int longhdr=(uO.vflag>1);
#endif
int date_format;
@@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type
}
#else /* !WINDLL */
if (cfactor == 100)
- sprintf(cfactorstr, LoadFarString(CompFactor100));
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
else
- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
if (longhdr)
Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats),
FmZofft(G.crec.ucsize, "8", "u"), methbuf,
@@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type
#else /* !WINDLL */
if (cfactor == 100)
- sprintf(cfactorstr, LoadFarString(CompFactor100));
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
else
- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
if (longhdr) {
Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer),
FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"),

33
sources/poky/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p1.patch Normal file
View File

@@ -0,0 +1,33 @@
From 080d52c3c9416c731f637f9c6e003961ef43f079 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Mon, 27 May 2019 08:20:32 -0700
Subject: [PATCH 1/3] Fix bug in undefer_input() that misplaced the input
state.
CVE: CVE-2019-13232
Upstream-Status: Backport
[https://github.com/madler/unzip/commit/41beb477c5744bc396fa1162ee0c14218ec12213]
Signed-off-by: Dan Tran <dantran@microsoft.com>
---
fileio.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fileio.c b/fileio.c
index 7605a29..14460f3 100644
--- a/fileio.c
+++ b/fileio.c
@@ -532,8 +532,10 @@ void undefer_input(__G)
* This condition was checked when G.incnt_leftover was set > 0 in
* defer_leftover_input(), and it is NOT allowed to touch G.csize
* before calling undefer_input() when (G.incnt_leftover > 0)
- * (single exception: see read_byte()'s "G.csize <= 0" handling) !!
+ * (single exception: see readbyte()'s "G.csize <= 0" handling) !!
*/
+ if (G.csize < 0L)
+ G.csize = 0L;
G.incnt = G.incnt_leftover + (int)G.csize;
G.inptr = G.inptr_leftover - (int)G.csize;
G.incnt_leftover = 0;
--
2.22.0.vfs.1.1.57.gbaf16c8

356
sources/poky/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p2.patch Normal file
View File

@@ -0,0 +1,356 @@
From 1aae47fa8935654a84403768f32c03ecbb1be470 Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Tue, 11 Jun 2019 22:01:18 -0700
Subject: [PATCH 2/3] Detect and reject a zip bomb using overlapped entries.
This detects an invalid zip file that has at least one entry that
overlaps with another entry or with the central directory to the
end of the file. A Fifield zip bomb uses overlapped local entries
to vastly increase the potential inflation ratio. Such an invalid
zip file is rejected.
See https://www.bamsoftware.com/hacks/zipbomb/ for David Fifield's
analysis, construction, and examples of such zip bombs.
The detection maintains a list of covered spans of the zip files
so far, where the central directory to the end of the file and any
bytes preceding the first entry at zip file offset zero are
considered covered initially. Then as each entry is decompressed
or tested, it is considered covered. When a new entry is about to
be processed, its initial offset is checked to see if it is
contained by a covered span. If so, the zip file is rejected as
invalid.
This commit depends on a preceding commit: "Fix bug in
undefer_input() that misplaced the input state."
CVE: CVE-2019-13232
Upstream-Status: Backport
[https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c]
Signed-off-by: Dan Tran <dantran@microsoft.com>
---
extract.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
globals.c | 1 +
globals.h | 3 +
process.c | 10 +++
unzip.h | 1 +
5 files changed, 204 insertions(+), 1 deletion(-)
diff --git a/extract.c b/extract.c
index 24db2a8..2bb72ba 100644
--- a/extract.c
+++ b/extract.c
@@ -321,6 +321,125 @@ static ZCONST char Far UnsupportedExtraField[] =
"\nerror: unsupported extra-field compression type (%u)--skipping\n";
static ZCONST char Far BadExtraFieldCRC[] =
"error [%s]: bad extra-field CRC %08lx (should be %08lx)\n";
+static ZCONST char Far NotEnoughMemCover[] =
+ "error: not enough memory for bomb detection\n";
+static ZCONST char Far OverlappedComponents[] =
+ "error: invalid zip file with overlapped components (possible zip bomb)\n";
+
+
+
+
+
+/* A growable list of spans. */
+typedef zoff_t bound_t;
+typedef struct {
+ bound_t beg; /* start of the span */
+ bound_t end; /* one past the end of the span */
+} span_t;
+typedef struct {
+ span_t *span; /* allocated, distinct, and sorted list of spans */
+ size_t num; /* number of spans in the list */
+ size_t max; /* allocated number of spans (num <= max) */
+} cover_t;
+
+/*
+ * Return the index of the first span in cover whose beg is greater than val.
+ * If there is no such span, then cover->num is returned.
+ */
+static size_t cover_find(cover, val)
+ cover_t *cover;
+ bound_t val;
+{
+ size_t lo = 0, hi = cover->num;
+ while (lo < hi) {
+ size_t mid = (lo + hi) >> 1;
+ if (val < cover->span[mid].beg)
+ hi = mid;
+ else
+ lo = mid + 1;
+ }
+ return hi;
+}
+
+/* Return true if val lies within any one of the spans in cover. */
+static int cover_within(cover, val)
+ cover_t *cover;
+ bound_t val;
+{
+ size_t pos = cover_find(cover, val);
+ return pos > 0 && val < cover->span[pos - 1].end;
+}
+
+/*
+ * Add a new span to the list, but only if the new span does not overlap any
+ * spans already in the list. The new span covers the values beg..end-1. beg
+ * must be less than end.
+ *
+ * Keep the list sorted and merge adjacent spans. Grow the allocated space for
+ * the list as needed. On success, 0 is returned. If the new span overlaps any
+ * existing spans, then 1 is returned and the new span is not added to the
+ * list. If the new span is invalid because beg is greater than or equal to
+ * end, then -1 is returned. If the list needs to be grown but the memory
+ * allocation fails, then -2 is returned.
+ */
+static int cover_add(cover, beg, end)
+ cover_t *cover;
+ bound_t beg;
+ bound_t end;
+{
+ size_t pos;
+ int prec, foll;
+
+ if (beg >= end)
+ /* The new span is invalid. */
+ return -1;
+
+ /* Find where the new span should go, and make sure that it does not
+ overlap with any existing spans. */
+ pos = cover_find(cover, beg);
+ if ((pos > 0 && beg < cover->span[pos - 1].end) ||
+ (pos < cover->num && end > cover->span[pos].beg))
+ return 1;
+
+ /* Check for adjacencies. */
+ prec = pos > 0 && beg == cover->span[pos - 1].end;
+ foll = pos < cover->num && end == cover->span[pos].beg;
+ if (prec && foll) {
+ /* The new span connects the preceding and following spans. Merge the
+ following span into the preceding span, and delete the following
+ span. */
+ cover->span[pos - 1].end = cover->span[pos].end;
+ cover->num--;
+ memmove(cover->span + pos, cover->span + pos + 1,
+ (cover->num - pos) * sizeof(span_t));
+ }
+ else if (prec)
+ /* The new span is adjacent only to the preceding span. Extend the end
+ of the preceding span. */
+ cover->span[pos - 1].end = end;
+ else if (foll)
+ /* The new span is adjacent only to the following span. Extend the
+ beginning of the following span. */
+ cover->span[pos].beg = beg;
+ else {
+ /* The new span has gaps between both the preceding and the following
+ spans. Assure that there is room and insert the span. */
+ if (cover->num == cover->max) {
+ size_t max = cover->max == 0 ? 16 : cover->max << 1;
+ span_t *span = realloc(cover->span, max * sizeof(span_t));
+ if (span == NULL)
+ return -2;
+ cover->span = span;
+ cover->max = max;
+ }
+ memmove(cover->span + pos + 1, cover->span + pos,
+ (cover->num - pos) * sizeof(span_t));
+ cover->num++;
+ cover->span[pos].beg = beg;
+ cover->span[pos].end = end;
+ }
+ return 0;
+}
@@ -376,6 +495,29 @@ int extract_or_test_files(__G) /* return PK-type error code */
}
#endif /* !SFX || SFX_EXDIR */
+ /* One more: initialize cover structure for bomb detection. Start with a
+ span that covers the central directory though the end of the file. */
+ if (G.cover == NULL) {
+ G.cover = malloc(sizeof(cover_t));
+ if (G.cover == NULL) {
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarString(NotEnoughMemCover)));
+ return PK_MEM;
+ }
+ ((cover_t *)G.cover)->span = NULL;
+ ((cover_t *)G.cover)->max = 0;
+ }
+ ((cover_t *)G.cover)->num = 0;
+ if ((G.extra_bytes != 0 &&
+ cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
+ cover_add((cover_t *)G.cover,
+ G.extra_bytes + G.ecrec.offset_start_central_directory,
+ G.ziplen) != 0) {
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarString(NotEnoughMemCover)));
+ return PK_MEM;
+ }
+
/*---------------------------------------------------------------------------
The basic idea of this function is as follows. Since the central di-
rectory lies at the end of the zipfile and the member files lie at the
@@ -593,7 +735,8 @@ int extract_or_test_files(__G) /* return PK-type error code */
if (error > error_in_archive)
error_in_archive = error;
/* ...and keep going (unless disk full or user break) */
- if (G.disk_full > 1 || error_in_archive == IZ_CTRLC) {
+ if (G.disk_full > 1 || error_in_archive == IZ_CTRLC ||
+ error == PK_BOMB) {
/* clear reached_end to signal premature stop ... */
reached_end = FALSE;
/* ... and cancel scanning the central directory */
@@ -1062,6 +1205,11 @@ static int extract_or_test_entrylist(__G__ numchunk,
/* seek_zipf(__G__ pInfo->offset); */
request = G.pInfo->offset + G.extra_bytes;
+ if (cover_within((cover_t *)G.cover, request)) {
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarString(OverlappedComponents)));
+ return PK_BOMB;
+ }
inbuf_offset = request % INBUFSIZ;
bufstart = request - inbuf_offset;
@@ -1593,6 +1741,18 @@ reprompt:
return IZ_CTRLC; /* cancel operation by user request */
}
#endif
+ error = cover_add((cover_t *)G.cover, request,
+ G.cur_zipfile_bufstart + (G.inptr - G.inbuf));
+ if (error < 0) {
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarString(NotEnoughMemCover)));
+ return PK_MEM;
+ }
+ if (error != 0) {
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarString(OverlappedComponents)));
+ return PK_BOMB;
+ }
#ifdef MACOS /* MacOS is no preemptive OS, thus call event-handling by hand */
UserStop();
#endif
@@ -1994,6 +2154,34 @@ static int extract_or_test_member(__G) /* return PK-type error code */
}
undefer_input(__G);
+
+ if ((G.lrec.general_purpose_bit_flag & 8) != 0) {
+ /* skip over data descriptor (harder than it sounds, due to signature
+ * ambiguity)
+ */
+# define SIG 0x08074b50
+# define LOW 0xffffffff
+ uch buf[12];
+ unsigned shy = 12 - readbuf((char *)buf, 12);
+ ulg crc = shy ? 0 : makelong(buf);
+ ulg clen = shy ? 0 : makelong(buf + 4);
+ ulg ulen = shy ? 0 : makelong(buf + 8); /* or high clen if ZIP64 */
+ if (crc == SIG && /* if not SIG, no signature */
+ (G.lrec.crc32 != SIG || /* if not SIG, have signature */
+ (clen == SIG && /* if not SIG, no signature */
+ ((G.lrec.csize & LOW) != SIG || /* if not SIG, have signature */
+ (ulen == SIG && /* if not SIG, no signature */
+ (G.zip64 ? G.lrec.csize >> 32 : G.lrec.ucsize) != SIG
+ /* if not SIG, have signature */
+ )))))
+ /* skip four more bytes to account for signature */
+ shy += 4 - readbuf((char *)buf, 4);
+ if (G.zip64)
+ shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */
+ if (shy)
+ error = PK_ERR;
+ }
+
return error;
} /* end function extract_or_test_member() */
diff --git a/globals.c b/globals.c
index fa8cca5..1e0f608 100644
--- a/globals.c
+++ b/globals.c
@@ -181,6 +181,7 @@ Uz_Globs *globalsCtor()
# if (!defined(NO_TIMESTAMPS))
uO.D_flag=1; /* default to '-D', no restoration of dir timestamps */
# endif
+ G.cover = NULL; /* not allocated yet */
#endif
uO.lflag=(-1);
diff --git a/globals.h b/globals.h
index 11b7215..2bdcdeb 100644
--- a/globals.h
+++ b/globals.h
@@ -260,12 +260,15 @@ typedef struct Globals {
ecdir_rec ecrec; /* used in unzip.c, extract.c */
z_stat statbuf; /* used by main, mapname, check_for_newer */
+ int zip64; /* true if Zip64 info in extra field */
+
int mem_mode;
uch *outbufptr; /* extract.c static */
ulg outsize; /* extract.c static */
int reported_backslash; /* extract.c static */
int disk_full;
int newfile;
+ void **cover; /* used in extract.c for bomb detection */
int didCRlast; /* fileio static */
ulg numlines; /* fileio static: number of lines printed */
diff --git a/process.c b/process.c
index a3c1a4d..208619c 100644
--- a/process.c
+++ b/process.c
@@ -637,6 +637,13 @@ void free_G_buffers(__G) /* releases all memory allocated in global vars */
}
#endif
+ /* Free the cover span list and the cover structure. */
+ if (G.cover != NULL) {
+ free(*(G.cover));
+ free(G.cover);
+ G.cover = NULL;
+ }
+
} /* end function free_G_buffers() */
@@ -1905,6 +1912,7 @@ int getZip64Data(__G__ ef_buf, ef_len)
#define Z64FLGS 0xffff
#define Z64FLGL 0xffffffff
+ G.zip64 = FALSE;
if (ef_len == 0 || ef_buf == NULL)
return PK_COOL;
@@ -1964,6 +1972,8 @@ int getZip64Data(__G__ ef_buf, ef_len)
G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
offset += 4;
}
+
+ G.zip64 = TRUE;
#if 0
break; /* Expect only one EF_PKSZ64 block. */
#endif /* 0 */
diff --git a/unzip.h b/unzip.h
index 5b2a326..ed24a5b 100644
--- a/unzip.h
+++ b/unzip.h
@@ -645,6 +645,7 @@ typedef struct _Uzp_cdir_Rec {
#define PK_NOZIP 9 /* zipfile not found */
#define PK_PARAM 10 /* bad or illegal parameters specified */
#define PK_FIND 11 /* no files found */
+#define PK_BOMB 12 /* likely zip bomb */
#define PK_DISK 50 /* disk full */
#define PK_EOF 51 /* unexpected EOF */
--
2.22.0.vfs.1.1.57.gbaf16c8

121
sources/poky/meta/recipes-extended/unzip/unzip/CVE-2019-13232_p3.patch Normal file
View File

@@ -0,0 +1,121 @@
From be88aa4811af47ca06d8b7dcda294f899eba70ea Mon Sep 17 00:00:00 2001
From: Mark Adler <madler@alumni.caltech.edu>
Date: Thu, 25 Jul 2019 20:43:17 -0700
Subject: [PATCH 3/3] Do not raise a zip bomb alert for a misplaced central
directory.
There is a zip-like file in the Firefox distribution, omni.ja,
which is a zip container with the central directory placed at the
start of the file instead of after the local entries as required
by the zip standard. This commit marks the actual location of the
central directory, as well as the end of central directory records,
as disallowed locations. This now permits such containers to not
raise a zip bomb alert, where in fact there are no overlaps.
CVE: CVE-2019-13232
Upstream-Status: Backport
[https://github.com/madler/unzip/commit/6d351831be705cc26d897db44f878a978f4138fc]
Signed-off-by: Dan Tran <dantran@microsoft.com>
---
extract.c | 25 +++++++++++++++++++------
process.c | 6 ++++++
unzpriv.h | 10 ++++++++++
3 files changed, 35 insertions(+), 6 deletions(-)
diff --git a/extract.c b/extract.c
index 2bb72ba..a9dcca8 100644
--- a/extract.c
+++ b/extract.c
@@ -495,8 +495,11 @@ int extract_or_test_files(__G) /* return PK-type error code */
}
#endif /* !SFX || SFX_EXDIR */
- /* One more: initialize cover structure for bomb detection. Start with a
- span that covers the central directory though the end of the file. */
+ /* One more: initialize cover structure for bomb detection. Start with
+ spans that cover any extra bytes at the start, the central directory,
+ the end of central directory record (including the Zip64 end of central
+ directory locator, if present), and the Zip64 end of central directory
+ record, if present. */
if (G.cover == NULL) {
G.cover = malloc(sizeof(cover_t));
if (G.cover == NULL) {
@@ -508,15 +511,25 @@ int extract_or_test_files(__G) /* return PK-type error code */
((cover_t *)G.cover)->max = 0;
}
((cover_t *)G.cover)->num = 0;
- if ((G.extra_bytes != 0 &&
- cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
- cover_add((cover_t *)G.cover,
+ if (cover_add((cover_t *)G.cover,
G.extra_bytes + G.ecrec.offset_start_central_directory,
- G.ziplen) != 0) {
+ G.extra_bytes + G.ecrec.offset_start_central_directory +
+ G.ecrec.size_central_directory) != 0) {
Info(slide, 0x401, ((char *)slide,
LoadFarString(NotEnoughMemCover)));
return PK_MEM;
}
+ if ((G.extra_bytes != 0 &&
+ cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
+ (G.ecrec.have_ecr64 &&
+ cover_add((cover_t *)G.cover, G.ecrec.ec64_start,
+ G.ecrec.ec64_end) != 0) ||
+ cover_add((cover_t *)G.cover, G.ecrec.ec_start,
+ G.ecrec.ec_end) != 0) {
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarString(OverlappedComponents)));
+ return PK_BOMB;
+ }
/*---------------------------------------------------------------------------
The basic idea of this function is as follows. Since the central di-
diff --git a/process.c b/process.c
index 208619c..5f8f6c6 100644
--- a/process.c
+++ b/process.c
@@ -1408,6 +1408,10 @@ static int find_ecrec64(__G__ searchlen) /* return PK-class error */
/* Now, we are (almost) sure that we have a Zip64 archive. */
G.ecrec.have_ecr64 = 1;
+ G.ecrec.ec_start -= ECLOC64_SIZE+4;
+ G.ecrec.ec64_start = ecrec64_start_offset;
+ G.ecrec.ec64_end = ecrec64_start_offset +
+ 12 + makeint64(&byterec[ECREC64_LENGTH]);
/* Update the "end-of-central-dir offset" for later checks. */
G.real_ecrec_offset = ecrec64_start_offset;
@@ -1542,6 +1546,8 @@ static int find_ecrec(__G__ searchlen) /* return PK-class error */
makelong(&byterec[OFFSET_START_CENTRAL_DIRECTORY]);
G.ecrec.zipfile_comment_length =
makeword(&byterec[ZIPFILE_COMMENT_LENGTH]);
+ G.ecrec.ec_start = G.real_ecrec_offset;
+ G.ecrec.ec_end = G.ecrec.ec_start + 22 + G.ecrec.zipfile_comment_length;
/* Now, we have to read the archive comment, BEFORE the file pointer
is moved away backwards to seek for a Zip64 ECLOC64 structure.
diff --git a/unzpriv.h b/unzpriv.h
index c8d3eab..5e177c7 100644
--- a/unzpriv.h
+++ b/unzpriv.h
@@ -2185,6 +2185,16 @@ typedef struct VMStimbuf {
int have_ecr64; /* valid Zip64 ecdir-record exists */
int is_zip64_archive; /* Zip64 ecdir-record is mandatory */
ush zipfile_comment_length;
+ zusz_t ec_start, ec_end; /* offsets of start and end of the
+ end of central directory record,
+ including if present the Zip64
+ end of central directory locator,
+ which immediately precedes the
+ end of central directory record */
+ zusz_t ec64_start, ec64_end; /* if have_ecr64 is true, then these
+ are the offsets of the start and
+ end of the Zip64 end of central
+ directory record */
} ecdir_rec;
--
2.22.0.vfs.1.1.57.gbaf16c8

67
sources/poky/meta/recipes-extended/unzip/unzip/CVE-2021-4217.patch Normal file
View File

@@ -0,0 +1,67 @@
From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001
From: Nils Bars <nils.bars@t-online.de>
Date: Mon, 17 Jan 2022 16:53:16 +0000
Subject: [PATCH] Fix null pointer dereference and use of uninitialized data
This fixes a bug that causes use of uninitialized heap data if `readbuf` fails
to read as many bytes as indicated by the extra field length attribute.
Furthermore, this fixes a null pointer dereference if an archive contains an
`EF_UNIPATH` extra field but does not have a filename set.
---
fileio.c | 5 ++++-
process.c | 6 +++++-
2 files changed, 9 insertions(+), 2 deletions(-)
---
Patch from:
https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
https://launchpadlibrarian.net/580782282/0001-Fix-null-pointer-dereference-and-use-of-uninitialized-data.patch
Regenerated to apply without offsets.
CVE: CVE-2021-4217
Upstream-Status: Inactive-Upstream [infozip upstream inactive]
Signed-off-by: Joe Slater <joe.slater@windriver.com>
diff --git a/fileio.c b/fileio.c
index 14460f3..1dc319e 100644
--- a/fileio.c
+++ b/fileio.c
@@ -2301,8 +2301,11 @@ int do_string(__G__ length, option) /* return PK-type error code */
seek_zipf(__G__ G.cur_zipfile_bufstart - G.extra_bytes +
(G.inptr-G.inbuf) + length);
} else {
- if (readbuf(__G__ (char *)G.extra_field, length) == 0)
+ unsigned bytes_read = readbuf(__G__ (char *)G.extra_field, length);
+ if (bytes_read == 0)
return PK_EOF;
+ if (bytes_read != length)
+ return PK_ERR;
/* Looks like here is where extra fields are read */
if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
{
diff --git a/process.c b/process.c
index 5f8f6c6..de843a5 100644
--- a/process.c
+++ b/process.c
@@ -2058,10 +2058,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
G.unipath_checksum = makelong(offset + ef_buf);
offset += 4;
+ if (!G.filename_full) {
+ /* Check if we have a unicode extra section but no filename set */
+ return PK_ERR;
+ }
+
/*
* Compute 32-bit crc
*/
-
chksum = crc32(chksum, (uch *)(G.filename_full),
strlen(G.filename_full));
--
2.32.0

39
sources/poky/meta/recipes-extended/unzip/unzip/CVE-2022-0529.patch Normal file
View File

@@ -0,0 +1,39 @@
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355
CVE: CVE-2022-0529
Upstream-Status: Inactive-Upstream [need a new release]
diff --git a/process.c b/process.c
index d2a846e..99b9c7b 100644
--- a/process.c
+++ b/process.c
@@ -2507,13 +2507,15 @@ char *wide_to_local_string(wide_string, escape_all)
char buf[9];
char *buffer = NULL;
char *local_string = NULL;
+ size_t buffer_size;
for (wsize = 0; wide_string[wsize]; wsize++) ;
if (max_bytes < MAX_ESCAPE_BYTES)
max_bytes = MAX_ESCAPE_BYTES;
- if ((buffer = (char *)malloc(wsize * max_bytes + 1)) == NULL) {
+ buffer_size = wsize * max_bytes + 1;
+ if ((buffer = (char *)malloc(buffer_size)) == NULL) {
return NULL;
}
@@ -2552,7 +2554,11 @@ char *wide_to_local_string(wide_string, escape_all)
/* no MB for this wide */
/* use escape for wide character */
char *escape_string = wide_to_escape_string(wide_string[i]);
- strcat(buffer, escape_string);
+ size_t buffer_len = strlen(buffer);
+ size_t escape_string_len = strlen(escape_string);
+ if (buffer_len + escape_string_len + 1 > buffer_size)
+ escape_string_len = buffer_size - buffer_len - 1;
+ strncat(buffer, escape_string, escape_string_len);
free(escape_string);
}
}

33
sources/poky/meta/recipes-extended/unzip/unzip/CVE-2022-0530.patch Normal file
View File

@@ -0,0 +1,33 @@
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355
CVE: CVE-2022-0530
Upstream-Status: Inactive-Upstream [need a new release]
diff --git a/fileio.c b/fileio.c
index 6290824..77e4b5f 100644
--- a/fileio.c
+++ b/fileio.c
@@ -2361,6 +2361,9 @@ int do_string(__G__ length, option) /* return PK-type error code */
/* convert UTF-8 to local character set */
fn = utf8_to_local_string(G.unipath_filename,
G.unicode_escape_all);
+ if (fn == NULL)
+ return PK_ERR;
+
/* make sure filename is short enough */
if (strlen(fn) >= FILNAMSIZ) {
fn[FILNAMSIZ - 1] = '\0';
diff --git a/process.c b/process.c
index d2a846e..715bc0f 100644
--- a/process.c
+++ b/process.c
@@ -2605,6 +2605,8 @@ char *utf8_to_local_string(utf8_string, escape_all)
int escape_all;
{
zwchar *wide = utf8_to_wide_string(utf8_string);
+ if (wide == NULL)
+ return NULL;
char *loc = wide_to_local_string(wide, escape_all);
free(wide);
return loc;

50
sources/poky/meta/recipes-extended/unzip/unzip/avoid-strip.patch Normal file
View File

@@ -0,0 +1,50 @@
Upstream-Status: Inactive-Upstream [need a new release]
unix/Makefile: remove hard coded strip commands
Remove the hard coded strip commands, both LF2 (used in linking) and
STRIP used alone.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
diff -ur unzip60.orig/unix/configure unzip60/unix/configure
--- unzip60.orig/unix/configure 2009-04-16 14:25:12.000000000 -0500
+++ unzip60/unix/configure 2011-06-21 11:23:36.822849960 -0500
@@ -17,7 +17,7 @@
IZ_BZIP2=${3}
CFLAGS="${CFLAGS} -I. -DUNIX"
LFLAGS1=""
-LFLAGS2="-s"
+LFLAGS2=""
LN="ln -s"
CFLAGS_OPT=''
diff -ur unzip60.orig/unix/Makefile unzip60/unix/Makefile
--- unzip60.orig/unix/Makefile 2009-01-18 16:41:18.000000000 -0600
+++ unzip60/unix/Makefile 2011-06-21 11:12:22.900003388 -0500
@@ -52,7 +52,7 @@
CF = $(CFLAGS) $(CF_NOOPT)
LFLAGS1 =
LF = -o unzip$E $(LFLAGS1)
-LF2 = -s
+LF2 =
# UnZipSFX flags
SL = -o unzipsfx$E $(LFLAGS1)
@@ -70,7 +70,7 @@
CHMOD = chmod
BINPERMS = 755
MANPERMS = 644
-STRIP = strip
+STRIP =
E =
O = .o
M = unix
@@ -776,7 +776,6 @@
#
gcc: unix_make
$(MAKE) unzips CC=gcc LD=gcc CFLAGS="-O3" LF2=""
- $(STRIP) $(UNZIPS)
# Heurikon HK68 (68010), UniPlus+ System V 5.0, Green Hills C-68000
hk68: unix_make

46
sources/poky/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch Normal file
View File

@@ -0,0 +1,46 @@
From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001
From: mancha <mancha1 AT zoho DOT com>
Date: Wed, 11 Feb 2015
Subject: Info-ZIP UnZip buffer overflow
Upstream-Status: Backport
CVE: CVE-2014-9636
By carefully crafting a corrupt ZIP archive with "extra fields" that
purport to have compressed blocks larger than the corresponding
uncompressed blocks in STORED no-compression mode, an attacker can
trigger a heap overflow that can result in application crash or
possibly have other unspecified impact.
This patch ensures that when extra fields use STORED mode, the
"compressed" and uncompressed block sizes match.
Signed-off-by: mancha <mancha1 AT zoho DOT com>
---
extract.c | 8 ++++++++
1 file changed, 8 insertions(+)
--- a/extract.c
+++ b/extract.c
@@ -2217,6 +2217,7 @@ static int test_compr_eb(__G__ eb, eb_si
ulg eb_ucsize;
uch *eb_ucptr;
int r;
+ ush method;
if (compr_offset < 4) /* field is not compressed: */
return PK_OK; /* do nothing and signal OK */
@@ -2226,6 +2227,13 @@ static int test_compr_eb(__G__ eb, eb_si
eb_size <= (compr_offset + EB_CMPRHEADLEN)))
return IZ_EF_TRUNC; /* no compressed data! */
+ method = makeword(eb + (EB_HEADSIZE + compr_offset));
+ if ((method == STORED) &&
+ (eb_size - compr_offset - EB_CMPRHEADLEN != eb_ucsize))
+ return PK_ERR; /* compressed & uncompressed
+ * should match in STORED
+ * method */
+
if (
#ifdef INT_16BIT
(((ulg)(extent)eb_ucsize) != eb_ucsize) ||

18
sources/poky/meta/recipes-extended/unzip/unzip/define-ldflags.patch Normal file
View File

@@ -0,0 +1,18 @@
Pass LDFLAGS to the linker
Upstream-Status: Inactive-Upstream [need a new release]
Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com>
diff -Naur old/unix/configure new/unix/configure
--- old/unix/configure 2014-01-13 21:59:27.000000000 +1100
+++ new/unix/configure 2014-01-14 16:36:02.000000000 +1100
@@ -16,7 +16,7 @@
CFLAGSR=${CFLAGS}
IZ_BZIP2=${3}
CFLAGS="${CFLAGS} -I. -DUNIX"
-LFLAGS1=""
+LFLAGS1=${LDFLAGS}
LFLAGS2=""
LN="ln -s"

97
sources/poky/meta/recipes-extended/unzip/unzip/fix-security-format.patch Normal file
View File

@@ -0,0 +1,97 @@
unzip: Fixing security formatting issues
Fix security formatting issues related to sprintf parameters expeted.
[YOCTO #9551]
[https://bugzilla.yoctoproject.org/show_bug.cgi?id=9551]
Upstream-Status: Inactive-Upstream [need a new release]
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
diff --git a/extract.c b/extract.c
index 7cd9123..25c5a62 100644
--- a/extract.c
+++ b/extract.c
@@ -475,7 +475,7 @@ int extract_or_test_files(__G) /* return PK-type error code */
Info(slide, 0x401, ((char *)slide,
LoadFarString(CentSigMsg), j + blknum*DIR_BLKSIZ + 1));
Info(slide, 0x401, ((char *)slide,
- LoadFarString(ReportMsg)));
+ "%s",LoadFarString(ReportMsg)));
error_in_archive = PK_BADERR;
}
reached_end = TRUE; /* ...so no more left to do */
@@ -754,8 +754,8 @@ int extract_or_test_files(__G) /* return PK-type error code */
#ifndef SFX
if (no_endsig_found) { /* just to make sure */
- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
- Info(slide, 0x401, ((char *)slide, LoadFarString(ReportMsg)));
+ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg)));
+ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(ReportMsg)));
if (!error_in_archive) /* don't overwrite stronger error */
error_in_archive = PK_WARN;
}
diff --git a/list.c b/list.c
index 15e0011..0b484f6 100644
--- a/list.c
+++ b/list.c
@@ -181,7 +181,7 @@ int list_files(__G) /* return PK-type error code */
Info(slide, 0x401,
((char *)slide, LoadFarString(CentSigMsg), j));
Info(slide, 0x401,
- ((char *)slide, LoadFarString(ReportMsg)));
+ ((char *)slide, "%s", LoadFarString(ReportMsg)));
return PK_BADERR; /* sig not found */
}
}
@@ -507,7 +507,7 @@ int list_files(__G) /* return PK-type error code */
&& (!G.ecrec.is_zip64_archive)
&& (memcmp(G.sig, end_central_sig, 4) != 0)
) { /* just to make sure again */
- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
+ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg)));
error_in_archive = PK_WARN; /* didn't find sig */
}
@@ -591,7 +591,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */
Info(slide, 0x401,
((char *)slide, LoadFarString(CentSigMsg), j));
Info(slide, 0x401,
- ((char *)slide, LoadFarString(ReportMsg)));
+ ((char *)slide, "%s", LoadFarString(ReportMsg)));
return PK_BADERR; /* sig not found */
}
}
@@ -674,7 +674,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */
---------------------------------------------------------------------------*/
if (memcmp(G.sig, end_central_sig, 4)) { /* just to make sure again */
- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
+ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg)));
error_in_archive = PK_WARN;
}
if (*nmember == 0L && error_in_archive <= PK_WARN)
diff --git a/zipinfo.c b/zipinfo.c
index 0ac75b3..1e7fa82 100644
--- a/zipinfo.c
+++ b/zipinfo.c
@@ -833,7 +833,7 @@ int zipinfo(__G) /* return PK-type error code */
Info(slide, 0x401,
((char *)slide, LoadFarString(CentSigMsg), j));
Info(slide, 0x401,
- ((char *)slide, LoadFarString(ReportMsg)));
+ ((char *)slide, "%s", LoadFarString(ReportMsg)));
error_in_archive = PK_BADERR; /* sig not found */
break;
}
@@ -1022,7 +1022,7 @@ int zipinfo(__G) /* return PK-type error code */
&& (!G.ecrec.is_zip64_archive)
&& (memcmp(G.sig, end_central_sig, 4) != 0)
) { /* just to make sure again */
- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
+ Info(slide, 0x401, ((char *)slide, "%s", LoadFarString(EndSigMsg)));
error_in_archive = PK_WARN; /* didn't find sig */
}

26
sources/poky/meta/recipes-extended/unzip/unzip/symlink.patch Normal file
View File

@@ -0,0 +1,26 @@
Unzip doesn't handle large zip files well and crashes:
"This only happens if you have more then 16k entries and when one of
the 16k entry infos is reused it happend to be previously used for
a symlink entry."
This patch is taken from Fedora (https://bugzilla.redhat.com/show_bug.cgi?id=972427)
Upstream-Status: Inactive-Upstream [need a new release]
Signed-off-by: Ross Burton <ross.burton@intel.com>
--- unzip60/process.c.sav 2013-06-09 12:08:57.070392264 +0200
+++ unzip60/process.c 2013-06-09 12:10:08.641696988 +0200
@@ -1751,6 +1751,12 @@
= (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11);
#endif
+#ifdef SYMLINKS
+ /* Initialize the symlink flag, may be set by the platform-specific
+ mapattr function. */
+ G.pInfo->symlink = 0;
+#endif
+
return PK_COOL;
} /* end function process_cdir_file_hdr() */

127
sources/poky/meta/recipes-extended/unzip/unzip/unzip_optimization.patch Normal file
View File

@@ -0,0 +1,127 @@
unzip: use optimization from bitbake
Remove -O3 optimizations to use bitbake default optimization levels.
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
diff -rup unix-orig/configure unix/configure
--- a/unix-orig/configure 2021-04-16 10:25:03.120858292 +0000
+++ b/unix/configure 2021-04-16 10:46:43.292546138 +0000
@@ -70,7 +70,7 @@ int main()
_EOF_
$CC $CFLAGS -c conftest.c > /dev/null 2>/dev/null
if test $? -eq 0; then
- CFLAGS_OPT='-O3'
+ CFLAGS_OPT=''
echo " DEC C ($CFLAGS_OPT)"
else
# HP-UX HP C?
@@ -111,7 +111,7 @@ int main()
_EOF_
$CC $CFLAGS -c conftest.c > /dev/null 2>/dev/null
if test $? -eq 0; then
- CFLAGS_OPT='-O3'
+ CFLAGS_OPT=''
echo " GNU C ($CFLAGS_OPT)"
# Special Mac OS X shared library "ld" option?
if test ` uname -s 2> /dev/null ` = 'Darwin'; then
diff -rup unix-orig/Makefile unix/Makefile
--- a/unix-orig/Makefile 2021-04-16 10:25:03.000863878 +0000
+++ b/unix/Makefile 2021-04-16 10:47:31.658299278 +0000
@@ -47,7 +47,7 @@ LD = $(CC)# must match, else "unresolved
AS = as
LOC = $(D_USE_BZ2) $(LOCAL_UNZIP)
AF = $(LOC)
-CFLAGS = -O
+CFLAGS =
CF_NOOPT = -I. -I$(IZ_BZIP2) -DUNIX $(LOC)
CF = $(CFLAGS) $(CF_NOOPT)
LFLAGS1 =
@@ -594,12 +594,12 @@ generic_shlib: unix_make
@echo\
'which is UnZip linked with the DLL). This target is an example only.'
@echo ""
- $(MAKE) objsdll CC=gcc CFLAGS="-O3 -Wall -fPIC -DDLL"
+ $(MAKE) objsdll CC=gcc CFLAGS="-Wall -fPIC -DDLL"
gcc -shared -Wl,-soname,libunzip.so.0 -o libunzip.so.0.4 $(OBJSDLL)
$(RM) libunzip.so.0 libunzip.so
$(LN) -s libunzip.so.0.4 libunzip.so.0
$(LN) -s libunzip.so.0 libunzip.so
- gcc -c -O unzipstb.c
+ gcc -c unzipstb.c
gcc -o unzip_shlib unzipstb.o -L. -lunzip
#----------------------------------------------------------------------------
@@ -775,7 +775,7 @@ freebsd: unix_make
# with "echo" instead).
#
gcc: unix_make
- $(MAKE) unzips CC=gcc LD=gcc CFLAGS="-O3" LF2=""
+ $(MAKE) unzips CC=gcc LD=gcc CFLAGS="" LF2=""
# Heurikon HK68 (68010), UniPlus+ System V 5.0, Green Hills C-68000
hk68: unix_make
@@ -792,7 +792,7 @@ isc: unix_make
isc_gcc: unix_make
$(MAKE) unzips AS=gcc CC=gcc LD=gcc CRCA_O=crc_gcc$O \
LF="-shlib $(LF)" SL="-shlib $(SL)" FL="-shlib $(FL)" LF2="" \
- CFLAGS="-O3" LOC="-DSYSV -DASM_CRC -DNO_UID_GID -DNEED_PTEM -DNO_LCHOWN -DNO_LCHMOD $(LOC)" \
+ CFLAGS="" LOC="-DSYSV -DASM_CRC -DNO_UID_GID -DNEED_PTEM -DNO_LCHOWN -DNO_LCHMOD $(LOC)" \
AF="-DNO_UNDERLINE -Djecxz=jcxz -DALIGNMENT='.align 16' $(AF)"
$(STRIP) $(UNZIPS)
@@ -808,7 +808,7 @@ isi: unix_make
linux: unix_make
@echo 'NOTE: use linux_noasm target for non-Intel Linux compiles.'
$(MAKE) unzips CC=gcc LD=gcc AS=gcc\
- CFLAGS="-O3 -Wall -DASM_CRC"\
+ CFLAGS="-Wall -DASM_CRC"\
AF="-Di386 $(AF)" CRCA_O=crc_gcc$O
# GRR: this echo is pointless; if user gets this far, no difference to install
# @echo 'Be sure to use the install_asm target rather than the install target'
@@ -818,14 +818,14 @@ linux_asm: linux
# Linux (Posix, approximately SysV): virtually any version since before 0.96,
# for any platform. Change "-O" to "-O3" or whatever, as desired...
linux_noasm: unix_make
- $(MAKE) unzips CC=gcc LD=gcc CFLAGS="-O -Wall"
+ $(MAKE) unzips CC=gcc LD=gcc CFLAGS="-Wall"
# Linux with lcc compiler: __inline__ (stat.h) not recognized, and must edit
# /usr/include/gnu/types.h to get rid of "long long" if __LCC__ defined. -O3
# (or -O2 or -O) is ignored. [GRR 960828: test target only]
#
linux_lcc: unix_make
- $(MAKE) unzips CC=lcc LD=lcc CFLAGS="-O3 -Wall -D__inline__= "
+ $(MAKE) unzips CC=lcc LD=lcc CFLAGS="-Wall -D__inline__= "
# Linux host with go32 (djgpp) cross-compiler (go32crs.tgz) for 32-bit DOS.
linux_dos: unix_make
@@ -844,7 +844,7 @@ linux_dos: unix_make
# library).
#
linux_shlib: unix_make
- $(MAKE) objsdll CC=gcc CFLAGS="-O3 -Wall -fPIC"\
+ $(MAKE) objsdll CC=gcc CFLAGS="-Wall -fPIC"\
LOC="-DDLL -DASM_CRC $(LOC)"\
AS=gcc AF="-fPIC -Di386 $(AF)" CRCA_O=crc_gcc$O
gcc -shared -Wl,-soname,libunzip.so.0 -o libunzip.so.0.4 $(OBJSDLL)\
@@ -858,7 +858,7 @@ linux_shlib: unix_make
# instead of the original UnZip version. (libz was libgz prior to 0.94)
linux_shlibz: unix_make
$(MAKE) objsdll CC=gcc AS=gcc AF="-fPIC -Di386 $(AF)" CRCA_O=crc_gcc$O\
- CFLAGS="-O3 -Wall -fPIC" LOC="-DDLL -DUSE_ZLIB -DASM_CRC $(LOC)"
+ CFLAGS="-Wall -fPIC" LOC="-DDLL -DUSE_ZLIB -DASM_CRC $(LOC)"
gcc -shared -Wl,-soname,libunzip.so.0 -o libunzip.so.0.4 $(OBJSDLL)\
crc_gcc.pic.o
ln -sf libunzip.so.0.4 libunzip.so.0
@@ -871,7 +871,7 @@ lynx: unix_make
# Macintosh MacOS X (Unix-compatible enviroment), using standard compiler
macosx: unix_make
- $(MAKE) unzips CFLAGS="-O3 -Wall -DBSD" LF2=""
+ $(MAKE) unzips CFLAGS="-Wall -DBSD" LF2=""
$(STRIP) $(UNZIPS)
# Macintosh MacOS X (Unix-compatible enviroment), using gcc

76
sources/poky/meta/recipes-extended/unzip/unzip_6.0.bb Normal file
View File

@@ -0,0 +1,76 @@
SUMMARY = "Utilities for extracting and viewing files in .zip archives"
HOMEPAGE = "http://www.info-zip.org"
DESCRIPTION = "Info-ZIP's purpose is to provide free, portable, high-quality versions of the Zip and UnZip compressor-archiver utilities that are compatible with the DOS-based PKZIP by PKWARE, Inc."
SECTION = "console/utils"
LICENSE = "Info-ZIP"
LIC_FILES_CHKSUM = "file://LICENSE;md5=94caec5a51ef55ef711ee4e8b1c69e29"
PE = "1"
SRC_URI = "${SOURCEFORGE_MIRROR}/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/unzip60.tar.gz \
file://avoid-strip.patch \
file://define-ldflags.patch \
file://06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch \
file://cve-2014-9636.patch \
file://09-cve-2014-8139-crc-overflow.patch \
file://10-cve-2014-8140-test-compr-eb.patch \
file://11-cve-2014-8141-getzip64data.patch \
file://CVE-2015-7696.patch \
file://CVE-2015-7697.patch \
file://fix-security-format.patch \
file://18-cve-2014-9913-unzip-buffer-overflow.patch \
file://19-cve-2016-9844-zipinfo-buffer-overflow.patch \
file://symlink.patch \
file://0001-unzip-fix-CVE-2018-1000035.patch \
file://CVE-2018-18384.patch \
file://CVE-2019-13232_p1.patch \
file://CVE-2019-13232_p2.patch \
file://CVE-2019-13232_p3.patch \
file://unzip_optimization.patch \
file://0001-configure-Pass-LDFLAGS-to-tests-doing-link-step.patch \
file://CVE-2021-4217.patch \
file://CVE-2022-0529.patch \
file://CVE-2022-0530.patch \
file://0001-configure-Add-correct-system-headers-and-prototypes-.patch \
file://0001-unix-configure-fix-detection-for-cross-compilation.patch \
"
UPSTREAM_VERSION_UNKNOWN = "1"
SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37"
CVE_STATUS[CVE-2008-0888] = "fixed-version: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source"
# exclude version 5.5.2 which triggers a false positive
UPSTREAM_CHECK_REGEX = "unzip(?P<pver>(?!552).+)\.tgz"
S = "${WORKDIR}/unzip60"
# Makefile uses CF_NOOPT instead of CFLAGS. We lifted the values from
# Makefile and add CFLAGS. Optimization will be overriden by unzip
# configure to be -O3.
#
EXTRA_OEMAKE = "-e MAKEFLAGS= STRIP=true LF2='' \
'CF_NOOPT=-I. -Ibzip2 -DUNIX ${CFLAGS}'"
export LD = "${CC}"
LD:class-native = "${CC}"
do_compile() {
oe_runmake -f unix/Makefile generic
}
do_install() {
oe_runmake -f unix/Makefile install prefix=${D}${prefix}
install -d ${D}${mandir}
mv ${D}${prefix}/man/* ${D}${mandir}
rmdir ${D}${prefix}/man/
}
inherit update-alternatives
ALTERNATIVE_PRIORITY = "100"
ALTERNATIVE:${PN} = "unzip"
ALTERNATIVE_LINK_NAME[unzip] = "${bindir}/unzip"
BBCLASSEXTEND = "native nativesdk"