unzip: add valid patche headers and missing CVE informations

This commit adds a valid git patch header for each patch, so that
additional information can be stored. This is in this case and 'CVE:' tag.
This can be used by CVE scanner to find out if the patch fixes a CVE.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>

utils/unzip/patches/0001-fix-heap-based-buffer-overflow-in-the-CRC32-verifica.patch

@@ -1,3 +1,18 @@
+From 170eddb01887e61a581ed1ac78aff05a476bbe59 Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:37:54 +0100
+Subject: [PATCH] fix: heap-based buffer overflow in the CRC32
+ verification
+
+https://nvd.nist.gov/vuln/detail/CVE-2014-8139
+
+CVE: CVE-2014-8139
+---
+ extract.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/extract.c b/extract.c
+index 1acd769..df0fa1c 100644
 --- a/extract.c
 +++ b/extract.c
 @@ -1,5 +1,5 @@
@@ -16,7 +31,7 @@
     static ZCONST char Far InvalidComprDataEAs[] =
       " invalid compressed data for EAs\n";
  #  if (defined(WIN32) && defined(NTSD_EAS))
-@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_l
+@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_len)
          ebID = makeword(ef);
          ebLen = (unsigned)makeword(ef+EB_LEN);
  
@@ -26,7 +41,7 @@
             /* Discovered some extra field inconsistency! */
              if (uO.qflag)
                  Info(slide, 1, ((char *)slide, "%-22s ",
-@@ -2158,11 +2161,19 @@ static int TestExtraField(__G__ ef, ef_l
+@@ -2158,11 +2161,19 @@ static int TestExtraField(__G__ ef, ef_len)
                  }
                  break;
              case EF_PKVMS:
@@ -47,3 +62,5 @@
                  break;
              case EF_PKW32:
              case EF_PKUNIX:
+-- 
+

utils/unzip/patches/0002-fix-heap-based-buffer-overflow-in-the-test_compr_eb-.patch

@@ -1,6 +1,21 @@
+From 03e6da41ba5d588fe072465589a64def3dc4d82b Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:44:08 +0100
+Subject: [PATCH] fix: heap-based buffer overflow in the test_compr_eb
+ function
+
+https://nvd.nist.gov/vuln/detail/CVE-2014-8140
+
+CVE: CVE-2014-8140
+---
+ extract.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/extract.c b/extract.c
+index df0fa1c..ec31e60 100644
 --- a/extract.c
 +++ b/extract.c
-@@ -2232,10 +2232,17 @@ static int test_compr_eb(__G__ eb, eb_si
+@@ -2232,10 +2232,17 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
      if (compr_offset < 4)                /* field is not compressed: */
          return PK_OK;                    /* do nothing and signal OK */
  
@@ -21,3 +36,5 @@
  
      if (
  #ifdef INT_16BIT
+-- 
+

utils/unzip/patches/0003-fix-heap-based-buffer-overflow-in-the-getZip64Data-f.patch

@@ -1,6 +1,22 @@
+From 80614f70ca3a8ea0d1163a52ad670b631ac938cd Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:45:21 +0100
+Subject: [PATCH] fix: heap-based buffer overflow in the getZip64Data
+ function
+
+https://nvd.nist.gov/vuln/detail/CVE-2014-8141
+
+CVE: CVE-2014-8141
+---
+ fileio.c  |  9 +++++++-
+ process.c | 68 +++++++++++++++++++++++++++++++++++++++++--------------
+ 2 files changed, 59 insertions(+), 18 deletions(-)
+
+diff --git a/fileio.c b/fileio.c
+index ba0a1d0..36bfea3 100644
 --- a/fileio.c
 +++ b/fileio.c
-@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTr
+@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTrunc[] =
  #endif
  static ZCONST char Far ExtraFieldTooLong[] =
    "warning:  extra field too long (%d).  Ignoring...\n";
@@ -9,7 +25,7 @@
  
  #ifdef WINDLL
     static ZCONST char Far DiskFullQuery[] =
-@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option)   /*
+@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option)   /* return PK-type error code */
              if (readbuf(__G__ (char *)G.extra_field, length) == 0)
                  return PK_EOF;
              /* Looks like here is where extra fields are read */
@@ -23,6 +39,8 @@
  #ifdef UNICODE_SUPPORT
              G.unipath_filename = NULL;
              if (G.UzO.U_flag < 2) {
+diff --git a/process.c b/process.c
+index 1e9a1e1..e3a3f8c 100644
 --- a/process.c
 +++ b/process.c
 @@ -1,5 +1,5 @@
@@ -131,3 +149,5 @@
          ef_buf += (eb_len + EB_HEADSIZE);
          ef_len -= (eb_len + EB_HEADSIZE);
      }
+-- 
+

utils/unzip/patches/0004-fix-out-of-bounds-read-or-write-and-crash.patch

@@ -1,6 +1,20 @@
+From eca24c7ddd296fe8dd112fd89fb288411e407379 Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:46:57 +0100
+Subject: [PATCH] fix: out-of-bounds read or write and crash
+
+https://nvd.nist.gov/vuln/detail/CVE-2014-9636
+
+CVE: CVE-2014-9636
+---
+ extract.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/extract.c b/extract.c
+index ec31e60..d816603 100644
 --- a/extract.c
 +++ b/extract.c
-@@ -2228,6 +2228,7 @@ static int test_compr_eb(__G__ eb, eb_si
+@@ -2228,6 +2228,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
      ulg eb_ucsize;
      uch *eb_ucptr;
      int r;
@@ -8,7 +22,7 @@
  
      if (compr_offset < 4)                /* field is not compressed: */
          return PK_OK;                    /* do nothing and signal OK */
-@@ -2244,6 +2245,14 @@ static int test_compr_eb(__G__ eb, eb_si
+@@ -2244,6 +2245,14 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
       ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
          return IZ_EF_TRUNC;             /* no/bad compressed data! */
  
@@ -23,3 +37,5 @@
      if (
  #ifdef INT_16BIT
          (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
+-- 
+

utils/unzip/patches/0005-fix-heap-based-buffer-over-read-and-application-cras.patch

@@ -1,3 +1,17 @@
+From adc07e8e4ef9ff263c89d6e8f32ab5222e1a45a0 Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:48:38 +0100
+Subject: [PATCH] fix: heap-based buffer over-read and application crash
+
+https://nvd.nist.gov/vuln/detail/CVE-2015-7696
+
+CVE: CVE-2015-7696
+---
+ crypt.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/crypt.c b/crypt.c
+index 784e411..a8975f2 100644
 --- a/crypt.c
 +++ b/crypt.c
 @@ -465,7 +465,17 @@ int decrypt(__G__ passwrd)
@@ -19,3 +33,5 @@
          h[n] = (uch)b;
          Trace((stdout, " (%02x)", h[n]));
      }
+-- 
+

utils/unzip/patches/0006-fix-infinite-loop-because-of-an-empty-bzip2-data.patch

@@ -0,0 +1,31 @@
+From d354ffc9e0d1920dfc54cf13f1fc5d89405ee3f1 Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:49:12 +0100
+Subject: [PATCH] fix: infinite loop because of an empty bzip2 data
+
+https://nvd.nist.gov/vuln/detail/CVE-2015-7697
+
+CVE: CVE-2015-7697
+---
+ extract.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/extract.c b/extract.c
+index d816603..ad8b3f7 100644
+--- a/extract.c
++++ b/extract.c
+@@ -2728,6 +2728,12 @@ __GDEF
+     int repeated_buf_err;
+     bz_stream bstrm;
+ 
++    if (G.incnt <= 0 && G.csize <= 0L) {
++        /* avoid an infinite loop */
++        Trace((stderr, "UZbunzip2() got empty input\n"));
++        return 2;
++    }
++
+ #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
+     if (G.redirect_slide)
+         wsize = G.redirect_size, redirSlide = G.redirect_buffer;
+-- 
+

utils/unzip/patches/0007-fix-error-to-prevent-unsigned-overflow.patch

@@ -1,6 +1,17 @@
+From 673c5b95e5ead5b83cb81b208fe13a5352ccdafc Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:51:36 +0100
+Subject: [PATCH] fix: error to prevent unsigned overflow
+
+---
+ extract.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/extract.c b/extract.c
+index ad8b3f7..17b201f 100644
 --- a/extract.c
 +++ b/extract.c
-@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G
+@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk,
          if (G.lrec.compression_method == STORED) {
              zusz_t csiz_decrypted = G.lrec.csize;
  
@@ -19,3 +30,5 @@
              if (G.lrec.ucsize != csiz_decrypted) {
                  Info(slide, 0x401, ((char *)slide,
                    LoadFarStringSmall2(WrnStorUCSizCSizDiff),
+-- 
+

utils/unzip/patches/0008-fix-buffer-overflow-in-the-list_files-function.patch

@@ -1,13 +1,20 @@
-From: "Steven M. Schweda" <sms@antinode.info>
+From 2e856c62e68c9f53c232a9d74a210385ab6a3702 Mon Sep 17 00:00:00 2001
-Subject: Fix CVE-2014-9913, buffer overflow in unzip
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
-Bug: https://sourceforge.net/p/infozip/bugs/27/
+Date: Mon, 30 Oct 2023 14:52:11 +0100
-Bug-Debian: https://bugs.debian.org/847485
+Subject: [PATCH] fix: buffer overflow in the list_files function
-Bug-Ubuntu: https://launchpad.net/bugs/387350
-X-Debian-version: 6.0-21
 
+https://nvd.nist.gov/vuln/detail/CVE-2014-9913
+
+CVE: CVE-2014-9913
+---
+ list.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/list.c b/list.c
+index 15e0011..3a3d1cd 100644
 --- a/list.c
 +++ b/list.c
-@@ -339,7 +339,18 @@ int list_files(__G)    /* return PK-type
+@@ -339,7 +339,18 @@ int list_files(__G)    /* return PK-type error code */
                  G.crec.compression_method == ENHDEFLATED) {
                  methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
              } else if (methnum >= NUM_METHODS) {
@@ -27,3 +34,5 @@ X-Debian-version: 6.0-21
              }
  
  #if 0       /* GRR/Euro:  add this? */
+-- 
+

utils/unzip/patches/0009-fix-buffer-overflow-in-the-zi_short-function.patch

@@ -1,12 +1,20 @@
-From: "Steven M. Schweda" <sms@antinode.info>
+From 39aef60cc5c9fd870dd4fc26cec4ff5a49e8c559 Mon Sep 17 00:00:00 2001
-Subject: Fix CVE-2016-9844, buffer overflow in zipinfo
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
-Bug-Debian: https://bugs.debian.org/847486
+Date: Mon, 30 Oct 2023 14:53:08 +0100
-Bug-Ubuntu: https://launchpad.net/bugs/1643750
+Subject: [PATCH] fix: buffer overflow in the zi_short function
-X-Debian-version: 6.0-21
 
+https://nvd.nist.gov/vuln/detail/CVE-2016-9844
+
+CVE: CVE-2016-9844
+---
+ zipinfo.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/zipinfo.c b/zipinfo.c
+index a92bca9..0148255 100644
 --- a/zipinfo.c
 +++ b/zipinfo.c
-@@ -1921,7 +1921,18 @@ static int zi_short(__G)   /* return PK-
+@@ -1921,7 +1921,18 @@ static int zi_short(__G)   /* return PK-type error code */
          ush  dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3);
          methbuf[3] = dtype[dnum];
      } else if (methnum >= NUM_METHODS) {   /* unknown */
@@ -26,3 +34,5 @@ X-Debian-version: 6.0-21
      }
  
      for (k = 0;  k < 15;  ++k)
+-- 
+

utils/unzip/patches/0010-unix.c-Remove-build-date.patch

@@ -0,0 +1,28 @@
+From 634103b6311206b8206ef15b076b21fd32fd495f Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:54:43 +0100
+Subject: [PATCH] unix.c: Remove build date
+
+In order to make unzip build reproducibly, we remove the (already optional)
+build date from the binary.
+
+Bug-Debian: https://bugs.debian.org/782851
+---
+ unix/unix.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/unix/unix.c b/unix/unix.c
+index efa97fc..816e3da 100644
+--- a/unix/unix.c
++++ b/unix/unix.c
+@@ -1705,7 +1705,7 @@ void version(__G)
+ #endif /* Sun */
+ #endif /* SGI */
+ 
+-#ifdef __DATE__
++#if 0
+       " on ", __DATE__
+ #else
+       "", ""
+-- 
+

utils/unzip/patches/0011-fix-heap-based-buffer-overflow-in-the-password-prote.patch

@@ -1,3 +1,18 @@
+From 3c252bd75cab0e4b6a0983f3353cc4df2c6d2d5c Mon Sep 17 00:00:00 2001
+From: OpenWrt community <openwrt-devel@lists.openwrt.org>
+Date: Mon, 30 Oct 2023 14:55:12 +0100
+Subject: [PATCH] fix: heap-based buffer overflow in the
+ password-protected processing
+
+https://nvd.nist.gov/vuln/detail/CVE-2018-1000035
+
+CVE: CVE-2018-1000035
+---
+ fileio.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/fileio.c b/fileio.c
+index 36bfea3..cb05903 100644
 --- a/fileio.c
 +++ b/fileio.c
 @@ -1,5 +1,5 @@
@@ -7,7 +22,7 @@
  
    See the accompanying file LICENSE, version 2009-Jan-02 or later
    (the contents of which are also included in unzip.h) for terms of use.
-@@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
+@@ -1582,6 +1582,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
      int r = IZ_PW_ENTERED;
      char *m;
      char *prompt;
@@ -16,7 +31,7 @@
  
  #ifndef REENTRANT
      /* tell picky compilers to shut up about "unused variable" warnings */
-@@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
+@@ -1590,9 +1592,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn)
  
      if (*rcnt == 0) {           /* First call for current entry */
          *rcnt = 2;
@@ -32,3 +47,5 @@
              m = prompt;
          } else
              m = (char *)LoadFarString(PasswPrompt2);
+-- 
+

utils/unzip/patches/006-CVE-2015-7697-infinite-loop.patch

@@ -1,15 +0,0 @@
---- a/extract.c
-+++ b/extract.c
-@@ -2728,6 +2728,12 @@ __GDEF
-     int repeated_buf_err;
-     bz_stream bstrm;
- 
-+    if (G.incnt <= 0 && G.csize <= 0L) {
-+        /* avoid an infinite loop */
-+        Trace((stderr, "UZbunzip2() got empty input\n"));
-+        return 2;
-+    }
-+
- #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
-     if (G.redirect_slide)
-         wsize = G.redirect_size, redirSlide = G.redirect_buffer;

utils/unzip/patches/010-remove-build-date.patch

@@ -1,17 +0,0 @@
-From: Jérémy Bobbio <lunar@debian.org>
-Subject: Remove build date
-Bug-Debian: https://bugs.debian.org/782851
- In order to make unzip build reproducibly, we remove the
- (already optional) build date from the binary.
-
---- a/unix/unix.c
-+++ b/unix/unix.c
-@@ -1705,7 +1705,7 @@ void version(__G)
- #endif /* Sun */
- #endif /* SGI */
- 
--#ifdef __DATE__
-+#if 0
-       " on ", __DATE__
- #else
-       "", ""