Package: zip Version: 3.0-14ubuntu2 Severity: wishlist Tags: patch X-Debbugs-Cc: [email protected], [email protected]
Hello there, With the activation of _FORTIFY_SOURCE=3 in Ubuntu last year, zip has seen a few problems come into light. Please find attached a debdiff fixing them, along with the addition of a small dep8 test making sure they don't regress. Thanks Skia
diff -Nru zip-3.0/debian/changelog zip-3.0/debian/changelog --- zip-3.0/debian/changelog 2024-07-24 17:44:00.000000000 +0200 +++ zip-3.0/debian/changelog 2025-01-20 16:09:04.000000000 +0100 @@ -1,3 +1,16 @@ +zip (3.0-15) unstable; urgency=medium + + [ Shengjing Zhu ] + * d/p/13-buffer-overflow.patch: Fix buffer overflow when filename contains + unicode characters (LP: #2062535) + + [ Florent 'Skia' Jacquet ] + * d/p/14-buffer-overflow.patch: + Fix buffer overflow when invoked with `-T -TT` (LP: #2093024) + * d/tests: Add a basic dep8 test for these two bug fixes. + + -- Florent 'Skia' Jacquet <[email protected]> Mon, 20 Jan 2025 16:09:04 +0100 + zip (3.0-14) unstable; urgency=medium * Use https in all Bug-Debian fields. diff -Nru zip-3.0/debian/patches/13-buffer-overflow.patch zip-3.0/debian/patches/13-buffer-overflow.patch --- zip-3.0/debian/patches/13-buffer-overflow.patch 1970-01-01 01:00:00.000000000 +0100 +++ zip-3.0/debian/patches/13-buffer-overflow.patch 2025-01-20 16:01:00.000000000 +0100 @@ -0,0 +1,23 @@ +From: Shengjing Zhu <[email protected]> +Date: Wed, 6 Nov 2024 17:27:11 +0800 +Subject: Fix buffer overflow when filename contains unicode characters + +Bug-Ubuntu: https://launchpad.net/bugs/2062535 +Origin: https://src.fedoraproject.org/rpms/zip/raw/f41/f/buffer_overflow.patch +--- + fileio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fileio.c b/fileio.c +index 1847e62..5a2959d 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_string) + if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) { + ZIPERR(ZE_MEM, "local_to_wide_string"); + } +- wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1); ++ wsize = mbstowcs(wc_string, local_string, wsize + 1); + wc_string[wsize] = (wchar_t) 0; + + /* in case wchar_t is not zwchar */ diff -Nru zip-3.0/debian/patches/14-buffer-overflow.patch zip-3.0/debian/patches/14-buffer-overflow.patch --- zip-3.0/debian/patches/14-buffer-overflow.patch 1970-01-01 01:00:00.000000000 +0100 +++ zip-3.0/debian/patches/14-buffer-overflow.patch 2025-01-20 16:01:28.000000000 +0100 @@ -0,0 +1,19 @@ +Description: Fix buffer overflow when using '-T -TT' + `strlen(unzip_path) + strlen(zipname) + " " + "'" + "'" + '\0'` + The additional space required in the `cmd` buffer is 4, not 3. +Forwarded: no +Author: Florent 'Skia' Jacquet <[email protected]> +Bug-Ubuntu: https://launchpad.net/bugs/2093024 +Last-Update: 2025-01-17 + +--- a/zip.c ++++ b/zip.c +@@ -1437,7 +1437,7 @@ local void check_zipfile(zipname, zippat + /* Replace first {} with archive name. If no {} append name to string. */ + here = strstr(unzip_path, "{}"); + +- if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 3)) == NULL) { ++ if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 4)) == NULL) { + ziperr(ZE_MEM, "building command string for testing archive"); + } + diff -Nru zip-3.0/debian/patches/series zip-3.0/debian/patches/series --- zip-3.0/debian/patches/series 2024-07-24 17:44:00.000000000 +0200 +++ zip-3.0/debian/patches/series 2025-01-20 16:01:28.000000000 +0100 @@ -10,3 +10,5 @@ 10-remove-build-date.patch 11-typo-it-is-ambiguities-not-amgibuities.patch 12-fix-build-with-gcc-14.patch +13-buffer-overflow.patch +14-buffer-overflow.patch diff -Nru zip-3.0/debian/tests/control zip-3.0/debian/tests/control --- zip-3.0/debian/tests/control 1970-01-01 01:00:00.000000000 +0100 +++ zip-3.0/debian/tests/control 2025-01-20 16:01:28.000000000 +0100 @@ -0,0 +1 @@ +Tests: smoke diff -Nru zip-3.0/debian/tests/smoke zip-3.0/debian/tests/smoke --- zip-3.0/debian/tests/smoke 1970-01-01 01:00:00.000000000 +0100 +++ zip-3.0/debian/tests/smoke 2025-01-20 16:01:28.000000000 +0100 @@ -0,0 +1,10 @@ +#!/usr/bin/sh + +set -e + +cd /tmp +touch Ünicøde +zip unicode.zip Ünicøde + +touch other +zip ls-verified.zip other -T -TT "ls"
