Summary: | app-arch/unzip-6.0_p25: test failure: error: invalid zip file with overlapped components (possible zip bomb) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Current packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexey+gentoo |
Priority: | Normal | Keywords: | TESTFAILURE |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/madler/unzip/issues/2 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 691566 | ||
Attachments: | build.log |
Description
Thomas Deutschmann (RETIRED)
2019-10-27 22:10:04 UTC
Looks like an x86 problem. I am unable to reproduce on amd64. Reported upstream. same on hppa I've got this on arm. Same on ppc. (In reply to Thomas Deutschmann from comment #2) > Reported upstream. Upstream claim this is now fixed: https://github.com/madler/unzip/issues/2#issuecomment-583862515 >"Also take a look at the commit comments. >You should make sure that those builds are using large file support." Commit: https://github.com/madler/unzip/commit/13f0260beae851f7d5dd96e9ef757d8d6d7daac1 I have seen this but for yet unknown reason I have lost my reproducer (i.e. app-arch/unzip-6.0_p25 doesn't fail anymore) so I cannot really verify. Can still reproduce this on hppa, and the patch fixes it. The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26dd0be6dc420c5e4c4067fa60bd465fa23d0571 commit 26dd0be6dc420c5e4c4067fa60bd465fa23d0571 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-25 19:56:42 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-25 19:58:30 +0000 app-arch/unzip: fix false overlapped components detection on 32-bit systems Closes: https://bugs.gentoo.org/698694 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> ...-false-overlap-detection-on-32bit-systems.patch | 50 ++++++++++++++++++++++ ...nzip-6.0_p25.ebuild => unzip-6.0_p25-r1.ebuild} | 1 + 2 files changed, 51 insertions(+) |