diff --git a/CVE-2020-18770.patch b/CVE-2020-18770.patch deleted file mode 100644 index 91210ac..0000000 --- a/CVE-2020-18770.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 803f49aaae16b7f2899e4769afdfc673a21fa9e8 Mon Sep 17 00:00:00 2001 -From: Guido Draheim -Date: Mon, 26 Feb 2024 23:17:12 +0100 -Subject: [PATCH] #69 assert full zzip_file_header - ---- - zzip/mmapped.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/zzip/mmapped.c b/zzip/mmapped.c -index 2071882..306ba51 100644 ---- a/zzip/mmapped.c -+++ b/zzip/mmapped.c -@@ -276,7 +276,8 @@ struct zzip_file_header * - zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry) - { - zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry); -- if (disk->buffer > ptr || ptr >= disk->endbuf) -+ zzip_byte_t *const end = ptr + sizeof(struct zzip_file_header); -+ if (disk->buffer > ptr || end >= disk->endbuf || end <= NULL) - { - debug2("file header: offset out of bounds (0x%llx)", (long long unsigned)(disk->buffer)); - errno = EBADMSG; --- -2.35.3 - diff --git a/bsc1154002-prevent-unnecessary-perror.patch b/bsc1154002-prevent-unnecessary-perror.patch deleted file mode 100644 index 5803c9a..0000000 --- a/bsc1154002-prevent-unnecessary-perror.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: zziplib-0.13.69/bins/unzip-mem.c -=================================================================== ---- zziplib-0.13.69.orig/bins/unzip-mem.c -+++ zziplib-0.13.69/bins/unzip-mem.c -@@ -92,7 +92,7 @@ static void zzip_mem_entry_make(ZZIP_MEM - ZZIP_MEM_ENTRY* entry) - { - FILE* file = fopen (entry->zz_name, "wb"); -- if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); } -+ if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); return; } - perror (entry->zz_name); - if (status < EXIT_WARNINGS) status = EXIT_WARNINGS; - } diff --git a/zziplib-0.13.62.patch b/zziplib-0.13.62.patch deleted file mode 100644 index 7ce7618..0000000 --- a/zziplib-0.13.62.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: zziplib/m4/ax_cflags_no_writable_strings.m4 -=================================================================== ---- zziplib/m4/ax_cflags_no_writable_strings.m4 -+++ zziplib-new/m4/ax_cflags_no_writable_strings.m4 -@@ -40,6 +40,7 @@ VAR,[VAR="no, unknown" - for ac_arg dnl - in "-pedantic % -fno-writable-strings -Wwrite-strings" dnl GCC - "-pedantic % -fconst-strings -Wwrite-strings" dnl newer GCC -+ "-Wall % -Wwrite-strings" dnl GCC4.1+ - "-v -Xc % -xstrconst" dnl Solaris C - strings go into readonly segment - "+w1 -Aa % +ESlit" dnl HP-UX C - strings go into readonly segment - "-w0 -std1 % -readonly_strings" dnl Digital Unix - again readonly segment diff --git a/zziplib-0.13.72.tar.gz b/zziplib-0.13.72.tar.gz deleted file mode 100644 index a88f573..0000000 --- a/zziplib-0.13.72.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:93ef44bf1f1ea24fc66080426a469df82fa631d13ca3b2e4abaeab89538518dc -size 1162175 diff --git a/zziplib-0.13.78.tar.gz b/zziplib-0.13.78.tar.gz new file mode 100644 index 0000000..15ce168 --- /dev/null +++ b/zziplib-0.13.78.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:de4b440790a92bb1c26920faef8dfe6d858335393e1ec473e58419298a8940cf +size 1205742 diff --git a/zziplib.changes b/zziplib.changes index 42143a7..b7e07f8 100644 --- a/zziplib.changes +++ b/zziplib.changes @@ -1,10 +1,110 @@ ------------------------------------------------------------------- -Tue Feb 27 16:51:12 UTC 2024 - Valentin Lefebvre +Thu Aug 8 13:58:23 UTC 2024 - Valentin Lefebvre -- assert full zzip_file_header. +- Removing patches merged upstream: + [- CVE-2020-18770.patch] + [- bsc1154002-prevent-unnecessary-perror.patch] + [- zziplib-0.13.62.patch] +- Release to v0.13.78 + * fix windows crossgcc builds + * fix ZIP64 trailer and ZIP64 extras being too short sometimes #169 #170 + (bsc#1227178, CVE-2024-39134) + (bsc#1227175, CVE-2024-39133) +- Release to v0.13.77 + * make afl to check for fuzzer bugs + * update os versions to latest from docker_mirror.py + * add missing tests scenarios for later os releases + * fix Coverage include hack + * integrate mxe/src/zziplib-2-prefer-win32-mmap.patch + * make crossgcc/windows a working example for mingw + * `./testbuilds.py clean` will drop test-related docker images + * `./testbuilds.py` will automatically run clean if everything successful + * `./testbuilds.py help` shows the available tests and commands + * in test_2xx create /external bins and compile them by linking via cmake-configs + * fix bins/CMakeLists.txt to show realistic usage of cmake find_package + * note: it seems bins/unzzip*.c use internal headers which external programs can't +- Release to v0.13.76 + * add DEVGUIDE.md and prep release process + * add -DCOVERAGE=ON cmake option + * allow for 'make coverage' summary + * change zzipdoc to python3 typehints + * allow for make types check on python + * remove unused make-doc.py make-doc.pl + * add bins/*.c and test/*.c to make format + * for bins/ --version shorten the automatic binary name #156 + * simplify bins/ ssize_t construction + * tested 'make nextversion' to ensure version number is increased + * note: last 0.13.74 was internally still named 0.13.72 + * integrate opensuse patch for -Wwrite-strings for GCC4.1+ + * switch to mypy minimum of python3.8 + * fix dbk2man regression (from typehints changes) + * fixed again cmake bug - parallel builds can lead to race condition + * removed ubuntu1604 testbuilds - python3.5 is too old + * ubuntu2404 is ready - was waiting for sdl-dev in universe + * move definitions form zzip/stdint.h to zzip/cstdint.h + * note: some includepaths made zzip/stdint.h be found as stdint.h + * move some definitions from zzip/__hints.h to zzip/cdecl.h + * make zzip/cdecl.h use gcc's ansidecl.h definitions if found + * remove zzip/__hints.h in public headers - use zzip/cdecl.h instead + * the __*.h files were not meant to be installed + * some distros have installed them anyway - that should be dropped + * the "make format" will check for __*.h in public headers as well + * note: this should help to avoide it creep in again + * add "make bins" to ensure testing compilation of those binaries + * add PACKAGE_NAME and PACKAGE_VERSION to _msvc.h +- Release to v0.13.75 + * add DEVGUIDE.md and prep release process + * add -DCOVERAGE=ON cmake option + * allow for 'make coverage' summary + * change zzipdoc to python3 typehints + * allow for make types check on python + * remove unused make-doc.py make-doc.pl + * add bins/*.c and test/*.c to make format + * for bins/ --version shorten the automatic binary name #156 + * simplify bins/ ssize_t construction + * tested 'make nextversion' to ensure version number is increased + * note: last 0.13.74 was internally still named 0.13.72 + * integrate opensuse patch for -Wwrite-strings for GCC4.1+ + * switch to mypy minimum of python3.8 + * fix dbk2man regression (from typehints changes) + * fixed again cmake bug - parallel builds can lead to race condition + * removed ubuntu1604 testbuilds - python3.5 is too old + * ubuntu2404 is ready - was waiting for sdl-dev in universe + * disabled local file header offset64 + * allowed to 'make fortify' for extended debugging + * fixed all memleak bugs from address sanitizer + * fixed ZIP64 bugs - but the support is still incomplete + * fixed remaining failures as they were recorded in testsuite +- Release to v0.13.74 + * fixed last cmake bug - parallel builds can lead to race condition + * abolished centos8 testbuilds and prepared ubuntu24 + * integrated some github patches + * prepare autoformat with clang-format (not yet enforced) +- Release to v0.13.73 + * Switched docs from .htm to .md format. The mksite to .html is retained. + * Some cmake patches were included. Specifically MacOS seems to be special. + * Automated builds changed from azure-pipelines to github/workflows + * Added typehints and pep8 check for the python parts of the tools and tests + * Can still update automake for now. Continues the testbuilds.py comparison. + +------------------------------------------------------------------- +Mon Jul 15 14:53:47 UTC 2024 - Martin Jambor + +- Add -fpermissive to %{optflags} to workaround C99 violations which + cause GCC14 to throw an error by default. [boo#1225959] + +------------------------------------------------------------------- +Tue Feb 27 15:50:19 UTC 2024 - Valentin Lefebvre + +- assert full zzip_file_header. [bsc#1214577, CVE-2020-18770, CVE-2020-18770.patch] - Use autosetup +------------------------------------------------------------------- +Tue Feb 20 12:11:54 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + ------------------------------------------------------------------- Sun Feb 7 23:10:28 UTC 2021 - Dirk Müller diff --git a/zziplib.spec b/zziplib.spec index cd98668..29e4ebc 100644 --- a/zziplib.spec +++ b/zziplib.spec @@ -18,7 +18,7 @@ %define lname libzzip-0-13 Name: zziplib -Version: 0.13.72 +Version: 0.13.78 Release: 0 Summary: ZIP Compression Library License: LGPL-2.1-or-later @@ -26,9 +26,6 @@ Group: Development/Libraries/C and C++ URL: http://zziplib.sourceforge.net Source0: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source2: baselibs.conf -Patch0: zziplib-0.13.62.patch -Patch1: bsc1154002-prevent-unnecessary-perror.patch -Patch2: CVE-2020-18770.patch BuildRequires: cmake BuildRequires: pkgconfig BuildRequires: xmlto @@ -65,6 +62,8 @@ ZZipLib. sed -i -e 's:docs ::g' Makefile.am %build +# Workaround for boo#1225959 +%global optflags %{optflags} -fpermissive %cmake -DZZIP_TESTCVE=OFF %cmake_build @@ -72,6 +71,8 @@ sed -i -e 's:docs ::g' Makefile.am %cmake_install rm -f docs/Make* docs/zziplib-manpages.ar find %{buildroot} -type f -name "*.la" -delete -print +# Remove uneeded .cmake files +rm -rf %{buildroot}%{_libdir}/cmake %post -n %{lname} -p /sbin/ldconfig %postun -n %{lname} -p /sbin/ldconfig