Squashed 'yocto-poky/' content from commit ea562de
git-subtree-dir: yocto-poky
git-subtree-split: ea562de57590c966cd5a75fda8defecd397e6436
diff --git a/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch
new file mode 100644
index 0000000..9ba3c1d
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch
@@ -0,0 +1,402 @@
+From: Giovanni Scafora <giovanni.archlinux.org>
+Subject: unzip files encoded with non-latin, non-unicode file names
+Last-Update: 2015-02-11
+
+Upstream-Status: Backport
+
+Updated 2015-02-11 by Marc Deslauriers <marc.deslauriers@canonical.com>
+to fix buffer overflow in charset_to_intern()
+
+Signed-off-by: Marc Deslauriers <marc.deslauriers@canonical.com>
+
+Index: unzip-6.0/unix/unix.c
+===================================================================
+--- unzip-6.0.orig/unix/unix.c 2015-02-11 08:46:43.675324290 -0500
++++ unzip-6.0/unix/unix.c 2015-02-11 09:18:04.902081319 -0500
+@@ -30,6 +30,9 @@
+ #define UNZIP_INTERNAL
+ #include "unzip.h"
+
++#include <iconv.h>
++#include <langinfo.h>
++
+ #ifdef SCO_XENIX
+ # define SYSNDIR
+ #else /* SCO Unix, AIX, DNIX, TI SysV, Coherent 4.x, ... */
+@@ -1874,3 +1877,102 @@
+ }
+ }
+ #endif /* QLZIP */
++
++
++typedef struct {
++ char *local_charset;
++ char *archive_charset;
++} CHARSET_MAP;
++
++/* A mapping of local <-> archive charsets used by default to convert filenames
++ * of DOS/Windows Zip archives. Currently very basic. */
++static CHARSET_MAP dos_charset_map[] = {
++ { "ANSI_X3.4-1968", "CP850" },
++ { "ISO-8859-1", "CP850" },
++ { "CP1252", "CP850" },
++ { "UTF-8", "CP866" },
++ { "KOI8-R", "CP866" },
++ { "KOI8-U", "CP866" },
++ { "ISO-8859-5", "CP866" }
++};
++
++char OEM_CP[MAX_CP_NAME] = "";
++char ISO_CP[MAX_CP_NAME] = "";
++
++/* Try to guess the default value of OEM_CP based on the current locale.
++ * ISO_CP is left alone for now. */
++void init_conversion_charsets()
++{
++ const char *local_charset;
++ int i;
++
++ /* Make a guess only if OEM_CP not already set. */
++ if(*OEM_CP == '\0') {
++ local_charset = nl_langinfo(CODESET);
++ for(i = 0; i < sizeof(dos_charset_map)/sizeof(CHARSET_MAP); i++)
++ if(!strcasecmp(local_charset, dos_charset_map[i].local_charset)) {
++ strncpy(OEM_CP, dos_charset_map[i].archive_charset,
++ sizeof(OEM_CP));
++ break;
++ }
++ }
++}
++
++/* Convert a string from one encoding to the current locale using iconv().
++ * Be as non-intrusive as possible. If error is encountered during covertion
++ * just leave the string intact. */
++static void charset_to_intern(char *string, char *from_charset)
++{
++ iconv_t cd;
++ char *s,*d, *buf;
++ size_t slen, dlen, buflen;
++ const char *local_charset;
++
++ if(*from_charset == '\0')
++ return;
++
++ buf = NULL;
++ local_charset = nl_langinfo(CODESET);
++
++ if((cd = iconv_open(local_charset, from_charset)) == (iconv_t)-1)
++ return;
++
++ slen = strlen(string);
++ s = string;
++
++ /* Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ
++ * as this function also gets called with G.outbuf in fileio.c
++ */
++ buflen = FILNAMSIZ;
++ if (OUTBUFSIZ + 1 < FILNAMSIZ)
++ {
++ buflen = OUTBUFSIZ + 1;
++ }
++
++ d = buf = malloc(buflen);
++ if(!d)
++ goto cleanup;
++
++ bzero(buf,buflen);
++ dlen = buflen - 1;
++
++ if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1)
++ goto cleanup;
++ strncpy(string, buf, buflen);
++
++ cleanup:
++ free(buf);
++ iconv_close(cd);
++}
++
++/* Convert a string from OEM_CP to the current locale charset. */
++inline void oem_intern(char *string)
++{
++ charset_to_intern(string, OEM_CP);
++}
++
++/* Convert a string from ISO_CP to the current locale charset. */
++inline void iso_intern(char *string)
++{
++ charset_to_intern(string, ISO_CP);
++}
+Index: unzip-6.0/unix/unxcfg.h
+===================================================================
+--- unzip-6.0.orig/unix/unxcfg.h 2015-02-11 08:46:43.675324290 -0500
++++ unzip-6.0/unix/unxcfg.h 2015-02-11 08:46:43.671324260 -0500
+@@ -228,4 +228,30 @@
+ /* wild_dir, dirname, wildname, matchname[], dirnamelen, have_dirname, */
+ /* and notfirstcall are used by do_wild(). */
+
++
++#define MAX_CP_NAME 25
++
++#ifdef SETLOCALE
++# undef SETLOCALE
++#endif
++#define SETLOCALE(category, locale) setlocale(category, locale)
++#include <locale.h>
++
++#ifdef _ISO_INTERN
++# undef _ISO_INTERN
++#endif
++#define _ISO_INTERN(str1) iso_intern(str1)
++
++#ifdef _OEM_INTERN
++# undef _OEM_INTERN
++#endif
++#ifndef IZ_OEM2ISO_ARRAY
++# define IZ_OEM2ISO_ARRAY
++#endif
++#define _OEM_INTERN(str1) oem_intern(str1)
++
++void iso_intern(char *);
++void oem_intern(char *);
++void init_conversion_charsets(void);
++
+ #endif /* !__unxcfg_h */
+Index: unzip-6.0/unzip.c
+===================================================================
+--- unzip-6.0.orig/unzip.c 2015-02-11 08:46:43.675324290 -0500
++++ unzip-6.0/unzip.c 2015-02-11 08:46:43.675324290 -0500
+@@ -327,11 +327,21 @@
+ -2 just filenames but allow -h/-t/-z -l long Unix \"ls -l\" format\n\
+ -v verbose, multi-page format\n";
+
++#ifndef UNIX
+ static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\
+ -h print header line -t print totals for listed files or for all\n\
+ -z print zipfile comment -T print file times in sortable decimal format\
+ \n -C be case-insensitive %s\
+ -x exclude filenames that follow from listing\n";
++#else /* UNIX */
++static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\
++ -h print header line -t print totals for listed files or for all\n\
++ -z print zipfile comment %c-T%c print file times in sortable decimal format\
++\n %c-C%c be case-insensitive %s\
++ -x exclude filenames that follow from listing\n\
++ -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\
++ -I CHARSET specify a character encoding for UNIX and other archives\n";
++#endif /* !UNIX */
+ #ifdef MORE
+ static ZCONST char Far ZipInfoUsageLine4[] =
+ " -M page output through built-in \"more\"\n";
+@@ -664,6 +674,17 @@
+ -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\
+ -C match filenames case-insensitively -L make (some) names \
+ lowercase\n %-42s -V retain VMS version numbers\n%s";
++#elif (defined UNIX)
++static ZCONST char Far UnzipUsageLine4[] = "\
++modifiers:\n\
++ -n never overwrite existing files -q quiet mode (-qq => quieter)\n\
++ -o overwrite files WITHOUT prompting -a auto-convert any text files\n\
++ -j junk paths (do not make directories) -aa treat ALL files as text\n\
++ -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\
++ -C match filenames case-insensitively -L make (some) names \
++lowercase\n %-42s -V retain VMS version numbers\n%s\
++ -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\
++ -I CHARSET specify a character encoding for UNIX and other archives\n\n";
+ #else /* !VMS */
+ static ZCONST char Far UnzipUsageLine4[] = "\
+ modifiers:\n\
+@@ -802,6 +823,10 @@
+ #endif /* UNICODE_SUPPORT */
+
+
++#ifdef UNIX
++ init_conversion_charsets();
++#endif
++
+ #if (defined(__IBMC__) && defined(__DEBUG_ALLOC__))
+ extern void DebugMalloc(void);
+
+@@ -1335,6 +1360,11 @@
+ argc = *pargc;
+ argv = *pargv;
+
++#ifdef UNIX
++ extern char OEM_CP[MAX_CP_NAME];
++ extern char ISO_CP[MAX_CP_NAME];
++#endif
++
+ while (++argv, (--argc > 0 && *argv != NULL && **argv == '-')) {
+ s = *argv + 1;
+ while ((c = *s++) != 0) { /* "!= 0": prevent Turbo C warning */
+@@ -1516,6 +1546,35 @@
+ }
+ break;
+ #endif /* MACOS */
++#ifdef UNIX
++ case ('I'):
++ if (negative) {
++ Info(slide, 0x401, ((char *)slide,
++ "error: encodings can't be negated"));
++ return(PK_PARAM);
++ } else {
++ if(*s) { /* Handle the -Icharset case */
++ /* Assume that charsets can't start with a dash to spot arguments misuse */
++ if(*s == '-') {
++ Info(slide, 0x401, ((char *)slide,
++ "error: a valid character encoding should follow the -I argument"));
++ return(PK_PARAM);
++ }
++ strncpy(ISO_CP, s, sizeof(ISO_CP));
++ } else { /* -I charset */
++ ++argv;
++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
++ Info(slide, 0x401, ((char *)slide,
++ "error: a valid character encoding should follow the -I argument"));
++ return(PK_PARAM);
++ }
++ s = *argv;
++ strncpy(ISO_CP, s, sizeof(ISO_CP));
++ }
++ while(*(++s)); /* No params straight after charset name */
++ }
++ break;
++#endif /* ?UNIX */
+ case ('j'): /* junk pathnames/directory structure */
+ if (negative)
+ uO.jflag = FALSE, negative = 0;
+@@ -1591,6 +1650,35 @@
+ } else
+ ++uO.overwrite_all;
+ break;
++#ifdef UNIX
++ case ('O'):
++ if (negative) {
++ Info(slide, 0x401, ((char *)slide,
++ "error: encodings can't be negated"));
++ return(PK_PARAM);
++ } else {
++ if(*s) { /* Handle the -Ocharset case */
++ /* Assume that charsets can't start with a dash to spot arguments misuse */
++ if(*s == '-') {
++ Info(slide, 0x401, ((char *)slide,
++ "error: a valid character encoding should follow the -I argument"));
++ return(PK_PARAM);
++ }
++ strncpy(OEM_CP, s, sizeof(OEM_CP));
++ } else { /* -O charset */
++ ++argv;
++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
++ Info(slide, 0x401, ((char *)slide,
++ "error: a valid character encoding should follow the -O argument"));
++ return(PK_PARAM);
++ }
++ s = *argv;
++ strncpy(OEM_CP, s, sizeof(OEM_CP));
++ }
++ while(*(++s)); /* No params straight after charset name */
++ }
++ break;
++#endif /* ?UNIX */
+ case ('p'): /* pipes: extract to stdout, no messages */
+ if (negative) {
+ uO.cflag = FALSE;
+Index: unzip-6.0/unzpriv.h
+===================================================================
+--- unzip-6.0.orig/unzpriv.h 2015-02-11 08:46:43.675324290 -0500
++++ unzip-6.0/unzpriv.h 2015-02-11 08:46:43.675324290 -0500
+@@ -3008,7 +3008,7 @@
+ !(((islochdr) || (isuxatt)) && \
+ ((hostver) == 25 || (hostver) == 26 || (hostver) == 40))) || \
+ (hostnum) == FS_HPFS_ || \
+- ((hostnum) == FS_NTFS_ && (hostver) == 50)) { \
++ ((hostnum) == FS_NTFS_ /* && (hostver) == 50 */ )) { \
+ _OEM_INTERN((string)); \
+ } else { \
+ _ISO_INTERN((string)); \
+Index: unzip-6.0/zipinfo.c
+===================================================================
+--- unzip-6.0.orig/zipinfo.c 2015-02-11 08:46:43.675324290 -0500
++++ unzip-6.0/zipinfo.c 2015-02-11 08:46:43.675324290 -0500
+@@ -457,6 +457,10 @@
+ int tflag_slm=TRUE, tflag_2v=FALSE;
+ int explicit_h=FALSE, explicit_t=FALSE;
+
++#ifdef UNIX
++ extern char OEM_CP[MAX_CP_NAME];
++ extern char ISO_CP[MAX_CP_NAME];
++#endif
+
+ #ifdef MACOS
+ uO.lflag = LFLAG; /* reset default on each call */
+@@ -501,6 +505,35 @@
+ uO.lflag = 0;
+ }
+ break;
++#ifdef UNIX
++ case ('I'):
++ if (negative) {
++ Info(slide, 0x401, ((char *)slide,
++ "error: encodings can't be negated"));
++ return(PK_PARAM);
++ } else {
++ if(*s) { /* Handle the -Icharset case */
++ /* Assume that charsets can't start with a dash to spot arguments misuse */
++ if(*s == '-') {
++ Info(slide, 0x401, ((char *)slide,
++ "error: a valid character encoding should follow the -I argument"));
++ return(PK_PARAM);
++ }
++ strncpy(ISO_CP, s, sizeof(ISO_CP));
++ } else { /* -I charset */
++ ++argv;
++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
++ Info(slide, 0x401, ((char *)slide,
++ "error: a valid character encoding should follow the -I argument"));
++ return(PK_PARAM);
++ }
++ s = *argv;
++ strncpy(ISO_CP, s, sizeof(ISO_CP));
++ }
++ while(*(++s)); /* No params straight after charset name */
++ }
++ break;
++#endif /* ?UNIX */
+ case 'l': /* longer form of "ls -l" type listing */
+ if (negative)
+ uO.lflag = -2, negative = 0;
+@@ -521,6 +554,35 @@
+ G.M_flag = TRUE;
+ break;
+ #endif
++#ifdef UNIX
++ case ('O'):
++ if (negative) {
++ Info(slide, 0x401, ((char *)slide,
++ "error: encodings can't be negated"));
++ return(PK_PARAM);
++ } else {
++ if(*s) { /* Handle the -Ocharset case */
++ /* Assume that charsets can't start with a dash to spot arguments misuse */
++ if(*s == '-') {
++ Info(slide, 0x401, ((char *)slide,
++ "error: a valid character encoding should follow the -I argument"));
++ return(PK_PARAM);
++ }
++ strncpy(OEM_CP, s, sizeof(OEM_CP));
++ } else { /* -O charset */
++ ++argv;
++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
++ Info(slide, 0x401, ((char *)slide,
++ "error: a valid character encoding should follow the -O argument"));
++ return(PK_PARAM);
++ }
++ s = *argv;
++ strncpy(OEM_CP, s, sizeof(OEM_CP));
++ }
++ while(*(++s)); /* No params straight after charset name */
++ }
++ break;
++#endif /* ?UNIX */
+ case 's': /* default: shorter "ls -l" type listing */
+ if (negative)
+ uO.lflag = -2, negative = 0;
diff --git a/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
new file mode 100644
index 0000000..e137f0d
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
@@ -0,0 +1,52 @@
+From: sms
+Subject: Fix CVE-2014-8139: CRC32 verification heap-based overflow
+Bug-Debian: http://bugs.debian.org/773722
+
+The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
+
+Upstream-Status: Backport
+
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+
+--- a/extract.c
++++ b/extract.c
+@@ -298,6 +298,8 @@
+ #ifndef SFX
+ static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
+ EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
++ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \
++ EF block length (%u bytes) invalid (< %d)\n";
+ static ZCONST char Far InvalidComprDataEAs[] =
+ " invalid compressed data for EAs\n";
+ # if (defined(WIN32) && defined(NTSD_EAS))
+@@ -2023,7 +2025,8 @@
+ ebID = makeword(ef);
+ ebLen = (unsigned)makeword(ef+EB_LEN);
+
+- if (ebLen > (ef_len - EB_HEADSIZE)) {
++ if (ebLen > (ef_len - EB_HEADSIZE))
++ {
+ /* Discovered some extra field inconsistency! */
+ if (uO.qflag)
+ Info(slide, 1, ((char *)slide, "%-22s ",
+@@ -2158,11 +2161,19 @@
+ }
+ break;
+ case EF_PKVMS:
+- if (makelong(ef+EB_HEADSIZE) !=
++ if (ebLen < 4)
++ {
++ Info(slide, 1,
++ ((char *)slide, LoadFarString(TooSmallEBlength),
++ ebLen, 4));
++ }
++ else if (makelong(ef+EB_HEADSIZE) !=
+ crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4),
+ (extent)(ebLen-4)))
++ {
+ Info(slide, 1, ((char *)slide,
+ LoadFarString(BadCRC_EAs)));
++ }
+ break;
+ case EF_PKW32:
+ case EF_PKUNIX:
diff --git a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
new file mode 100644
index 0000000..edc7d51
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
@@ -0,0 +1,33 @@
+From: sms
+Subject: Fix CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
+Bug-Debian: http://bugs.debian.org/773722
+
+The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
+
+Upstream-Status: Backport
+
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+
+--- a/extract.c
++++ b/extract.c
+@@ -2232,10 +2232,17 @@
+ if (compr_offset < 4) /* field is not compressed: */
+ return PK_OK; /* do nothing and signal OK */
+
++ /* Return no/bad-data error status if any problem is found:
++ * 1. eb_size is too small to hold the uncompressed size
++ * (eb_ucsize). (Else extract eb_ucsize.)
++ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS.
++ * 3. eb_ucsize is positive, but eb_size is too small to hold
++ * the compressed data header.
++ */
+ if ((eb_size < (EB_UCSIZE_P + 4)) ||
+- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L &&
+- eb_size <= (compr_offset + EB_CMPRHEADLEN)))
+- return IZ_EF_TRUNC; /* no compressed data! */
++ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
++ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
++ return IZ_EF_TRUNC; /* no/bad compressed data! */
+
+ if (
+ #ifdef INT_16BIT
diff --git a/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch b/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch
new file mode 100644
index 0000000..d0c1db3
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch
@@ -0,0 +1,144 @@
+From: sms
+Subject: Fix CVE-2014-8141: out-of-bounds read issues in getZip64Data()
+Bug-Debian: http://bugs.debian.org/773722
+
+The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
+
+Upstream-Status: Backport
+
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+
+
+--- a/fileio.c
++++ b/fileio.c
+@@ -176,6 +176,8 @@
+ #endif
+ static ZCONST char Far ExtraFieldTooLong[] =
+ "warning: extra field too long (%d). Ignoring...\n";
++static ZCONST char Far ExtraFieldCorrupt[] =
++ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n";
+
+ #ifdef WINDLL
+ static ZCONST char Far DiskFullQuery[] =
+@@ -2295,7 +2297,12 @@
+ if (readbuf(__G__ (char *)G.extra_field, length) == 0)
+ return PK_EOF;
+ /* Looks like here is where extra fields are read */
+- getZip64Data(__G__ G.extra_field, length);
++ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
++ {
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
++ error = PK_WARN;
++ }
+ #ifdef UNICODE_SUPPORT
+ G.unipath_filename = NULL;
+ if (G.UzO.U_flag < 2) {
+--- a/process.c
++++ b/process.c
+@@ -1,5 +1,5 @@
+ /*
+- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
+
+ See the accompanying file LICENSE, version 2009-Jan-02 or later
+ (the contents of which are also included in unzip.h) for terms of use.
+@@ -1901,48 +1901,82 @@
+ and a 4-byte version of disk start number.
+ Sets both local header and central header fields. Not terribly clever,
+ but it means that this procedure is only called in one place.
++
++ 2014-12-05 SMS.
++ Added checks to ensure that enough data are available before calling
++ makeint64() or makelong(). Replaced various sizeof() values with
++ simple ("4" or "8") constants. (The Zip64 structures do not depend
++ on our variable sizes.) Error handling is crude, but we should now
++ stay within the buffer.
+ ---------------------------------------------------------------------------*/
+
++#define Z64FLGS 0xffff
++#define Z64FLGL 0xffffffff
++
+ if (ef_len == 0 || ef_buf == NULL)
+ return PK_COOL;
+
+ Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n",
+ ef_len));
+
+- while (ef_len >= EB_HEADSIZE) {
++ while (ef_len >= EB_HEADSIZE)
++ {
+ eb_id = makeword(EB_ID + ef_buf);
+ eb_len = makeword(EB_LEN + ef_buf);
+
+- if (eb_len > (ef_len - EB_HEADSIZE)) {
+- /* discovered some extra field inconsistency! */
++ if (eb_len > (ef_len - EB_HEADSIZE))
++ {
++ /* Extra block length exceeds remaining extra field length. */
+ Trace((stderr,
+ "getZip64Data: block length %u > rest ef_size %u\n", eb_len,
+ ef_len - EB_HEADSIZE));
+ break;
+ }
+- if (eb_id == EF_PKSZ64) {
+-
++ if (eb_id == EF_PKSZ64)
++ {
+ int offset = EB_HEADSIZE;
+
+- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
+- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
+- offset += sizeof(G.crec.ucsize);
++ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
++ {
++ if (offset+ 8 > ef_len)
++ return PK_ERR;
++
++ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);
++ offset += 8;
+ }
+- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){
+- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf);
+- offset += sizeof(G.crec.csize);
++
++ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL))
++ {
++ if (offset+ 8 > ef_len)
++ return PK_ERR;
++
++ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf);
++ offset += 8;
+ }
+- if (G.crec.relative_offset_local_header == 0xffffffff){
++
++ if (G.crec.relative_offset_local_header == Z64FLGL)
++ {
++ if (offset+ 8 > ef_len)
++ return PK_ERR;
++
+ G.crec.relative_offset_local_header = makeint64(offset + ef_buf);
+- offset += sizeof(G.crec.relative_offset_local_header);
++ offset += 8;
+ }
+- if (G.crec.disk_number_start == 0xffff){
++
++ if (G.crec.disk_number_start == Z64FLGS)
++ {
++ if (offset+ 4 > ef_len)
++ return PK_ERR;
++
+ G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
+- offset += sizeof(G.crec.disk_number_start);
++ offset += 4;
+ }
++#if 0
++ break; /* Expect only one EF_PKSZ64 block. */
++#endif /* 0 */
+ }
+
+- /* Skip this extra field block */
++ /* Skip this extra field block. */
+ ef_buf += (eb_len + EB_HEADSIZE);
+ ef_len -= (eb_len + EB_HEADSIZE);
+ }
diff --git a/meta/recipes-extended/unzip/unzip/avoid-strip.patch b/meta/recipes-extended/unzip/unzip/avoid-strip.patch
new file mode 100644
index 0000000..8f30e42
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/avoid-strip.patch
@@ -0,0 +1,50 @@
+Upstream-Status: Pending
+
+unix/Makefile: remove hard coded strip commands
+
+Remove the hard coded strip commands, both LF2 (used in linking) and
+STRIP used alone.
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+
+diff -ur unzip60.orig/unix/configure unzip60/unix/configure
+--- unzip60.orig/unix/configure 2009-04-16 14:25:12.000000000 -0500
++++ unzip60/unix/configure 2011-06-21 11:23:36.822849960 -0500
+@@ -17,7 +17,7 @@
+ IZ_BZIP2=${3}
+ CFLAGS="${CFLAGS} -I. -DUNIX"
+ LFLAGS1=""
+-LFLAGS2="-s"
++LFLAGS2=""
+ LN="ln -s"
+
+ CFLAGS_OPT=''
+diff -ur unzip60.orig/unix/Makefile unzip60/unix/Makefile
+--- unzip60.orig/unix/Makefile 2009-01-18 16:41:18.000000000 -0600
++++ unzip60/unix/Makefile 2011-06-21 11:12:22.900003388 -0500
+@@ -52,7 +52,7 @@
+ CF = $(CFLAGS) $(CF_NOOPT)
+ LFLAGS1 =
+ LF = -o unzip$E $(LFLAGS1)
+-LF2 = -s
++LF2 =
+
+ # UnZipSFX flags
+ SL = -o unzipsfx$E $(LFLAGS1)
+@@ -70,7 +70,7 @@
+ CHMOD = chmod
+ BINPERMS = 755
+ MANPERMS = 644
+-STRIP = strip
++STRIP =
+ E =
+ O = .o
+ M = unix
+@@ -776,7 +776,6 @@
+ #
+ gcc: unix_make
+ $(MAKE) unzips CC=gcc LD=gcc CFLAGS="-O3" LF2=""
+- $(STRIP) $(UNZIPS)
+
+ # Heurikon HK68 (68010), UniPlus+ System V 5.0, Green Hills C-68000
+ hk68: unix_make
diff --git a/meta/recipes-extended/unzip/unzip/define-ldflags.patch b/meta/recipes-extended/unzip/unzip/define-ldflags.patch
new file mode 100644
index 0000000..659c6e3
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/define-ldflags.patch
@@ -0,0 +1,18 @@
+Pass LDFLAGS to the linker
+
+Upstream-Status: Pending
+
+Signed-off-by: Mikhail Durnev <Mikhail_Durnev@mentor.com>
+
+diff -Naur old/unix/configure new/unix/configure
+--- old/unix/configure 2014-01-13 21:59:27.000000000 +1100
++++ new/unix/configure 2014-01-14 16:36:02.000000000 +1100
+@@ -16,7 +16,7 @@
+ CFLAGSR=${CFLAGS}
+ IZ_BZIP2=${3}
+ CFLAGS="${CFLAGS} -I. -DUNIX"
+-LFLAGS1=""
++LFLAGS1=${LDFLAGS}
+ LFLAGS2=""
+ LN="ln -s"
+
diff --git a/meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff b/meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff
new file mode 100644
index 0000000..0a0bfbb
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff
@@ -0,0 +1,45 @@
+From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1 AT zoho DOT com>
+Date: Wed, 11 Feb 2015
+Subject: Info-ZIP UnZip buffer overflow
+
+Upstream-Status: Backport
+
+By carefully crafting a corrupt ZIP archive with "extra fields" that
+purport to have compressed blocks larger than the corresponding
+uncompressed blocks in STORED no-compression mode, an attacker can
+trigger a heap overflow that can result in application crash or
+possibly have other unspecified impact.
+
+This patch ensures that when extra fields use STORED mode, the
+"compressed" and uncompressed block sizes match.
+
+Signed-off-by: mancha <mancha1 AT zoho DOT com>
+---
+ extract.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/extract.c
++++ b/extract.c
+@@ -2217,6 +2217,7 @@ static int test_compr_eb(__G__ eb, eb_si
+ ulg eb_ucsize;
+ uch *eb_ucptr;
+ int r;
++ ush method;
+
+ if (compr_offset < 4) /* field is not compressed: */
+ return PK_OK; /* do nothing and signal OK */
+@@ -2226,6 +2227,13 @@ static int test_compr_eb(__G__ eb, eb_si
+ eb_size <= (compr_offset + EB_CMPRHEADLEN)))
+ return IZ_EF_TRUNC; /* no compressed data! */
+
++ method = makeword(eb + (EB_HEADSIZE + compr_offset));
++ if ((method == STORED) &&
++ (eb_size - compr_offset - EB_CMPRHEADLEN != eb_ucsize))
++ return PK_ERR; /* compressed & uncompressed
++ * should match in STORED
++ * method */
++
+ if (
+ #ifdef INT_16BIT
+ (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
new file mode 100644
index 0000000..4a0a713
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -0,0 +1,51 @@
+SUMMARY = "Utilities for extracting and viewing files in .zip archives"
+HOMEPAGE = "http://www.info-zip.org"
+SECTION = "console/utils"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=94caec5a51ef55ef711ee4e8b1c69e29"
+PE = "1"
+PR = "r5"
+
+SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/unzip60.tgz \
+ file://avoid-strip.patch \
+ file://define-ldflags.patch \
+ file://06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch \
+ file://unzip-6.0_overflow3.diff \
+ file://09-cve-2014-8139-crc-overflow.patch \
+ file://10-cve-2014-8140-test-compr-eb.patch \
+ file://11-cve-2014-8141-getzip64data.patch \
+"
+
+SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
+SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37"
+S = "${WORKDIR}/unzip60"
+
+# Makefile uses CF_NOOPT instead of CFLAGS. We lifted the values from
+# Makefile and add CFLAGS. Optimization will be overriden by unzip
+# configure to be -O3.
+#
+EXTRA_OEMAKE += "STRIP=true LF2='' \
+ 'CF_NOOPT=-I. -Ibzip2 -DUNIX ${CFLAGS}'"
+
+export LD = "${CC}"
+LD_class-native = "${CC}"
+
+do_compile() {
+ oe_runmake -f unix/Makefile generic
+}
+
+do_install() {
+ oe_runmake -f unix/Makefile install prefix=${D}${prefix}
+ install -d ${D}${mandir}
+ mv ${D}${prefix}/man/* ${D}${mandir}
+ rmdir ${D}${prefix}/man/
+}
+
+inherit update-alternatives
+
+ALTERNATIVE_PRIORITY = "100"
+
+ALTERNATIVE_${PN} = "unzip"
+ALTERNATIVE_LINK_NAME[unzip] = "${bindir}/unzip"
+
+BBCLASSEXTEND = "native"