Sync from SUSE:SLFO:Main zziplib revision 17a42f164bfa63cc337fa7f357b8a63e

CVE-2020-18770.patch

@@ -1,26 +0,0 @@
-From 803f49aaae16b7f2899e4769afdfc673a21fa9e8 Mon Sep 17 00:00:00 2001
-From: Guido Draheim <guidod@gmx.de>
-Date: Mon, 26 Feb 2024 23:17:12 +0100
-Subject: [PATCH] #69 assert full zzip_file_header
-
----
- zzip/mmapped.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/zzip/mmapped.c b/zzip/mmapped.c
-index 2071882..306ba51 100644
---- a/zzip/mmapped.c
-+++ b/zzip/mmapped.c
-@@ -276,7 +276,8 @@ struct zzip_file_header *
- zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
- {
-     zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry);
--    if (disk->buffer > ptr || ptr >= disk->endbuf)
-+    zzip_byte_t *const end = ptr + sizeof(struct zzip_file_header);
-+    if (disk->buffer > ptr || end >= disk->endbuf || end <= NULL)
-     {
-         debug2("file header: offset out of bounds (0x%llx)", (long long unsigned)(disk->buffer));
-         errno = EBADMSG;
--- 
-2.35.3
-

bsc1154002-prevent-unnecessary-perror.patch

@@ -1,13 +0,0 @@
-Index: zziplib-0.13.69/bins/unzip-mem.c
-===================================================================
---- zziplib-0.13.69.orig/bins/unzip-mem.c
-+++ zziplib-0.13.69/bins/unzip-mem.c
-@@ -92,7 +92,7 @@ static void zzip_mem_entry_make(ZZIP_MEM
- 				ZZIP_MEM_ENTRY* entry)
- {
-     FILE* file = fopen (entry->zz_name, "wb");
--    if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); }
-+    if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); return; }
-     perror (entry->zz_name);
-     if (status < EXIT_WARNINGS) status = EXIT_WARNINGS;
- }

zziplib-0.13.62.patch

@@ -1,12 +0,0 @@
-Index: zziplib/m4/ax_cflags_no_writable_strings.m4
-===================================================================
---- zziplib/m4/ax_cflags_no_writable_strings.m4
-+++ zziplib-new/m4/ax_cflags_no_writable_strings.m4
-@@ -40,6 +40,7 @@ VAR,[VAR="no, unknown"
- for ac_arg dnl
- in "-pedantic % -fno-writable-strings -Wwrite-strings" dnl   GCC
-    "-pedantic % -fconst-strings -Wwrite-strings" dnl newer  GCC
-+   "-Wall     %                       -Wwrite-strings" dnl   GCC4.1+
-    "-v -Xc    % -xstrconst" dnl Solaris C - strings go into readonly segment
-    "+w1 -Aa   % +ESlit"      dnl HP-UX C - strings go into readonly segment
-    "-w0 -std1 % -readonly_strings" dnl Digital Unix - again readonly segment

zziplib.changes

@@ -1,10 +1,110 @@
 -------------------------------------------------------------------
-Tue Feb 27 16:51:12 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
+Thu Aug  8 13:58:23 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
 
-- assert full zzip_file_header.
+- Removing patches merged upstream:
+  [- CVE-2020-18770.patch]
+  [- bsc1154002-prevent-unnecessary-perror.patch]
+  [- zziplib-0.13.62.patch]
+- Release to v0.13.78
+  * fix windows crossgcc builds
+  * fix ZIP64 trailer and ZIP64 extras being too short sometimes #169 #170
+    (bsc#1227178, CVE-2024-39134)
+    (bsc#1227175, CVE-2024-39133)
+- Release to v0.13.77
+  * make afl to check for fuzzer bugs
+  * update os versions to latest from docker_mirror.py
+  * add missing tests scenarios for later os releases
+  * fix Coverage include hack
+  * integrate mxe/src/zziplib-2-prefer-win32-mmap.patch
+  * make crossgcc/windows a working example for mingw
+  * `./testbuilds.py clean` will drop test-related docker images
+  * `./testbuilds.py` will automatically run clean if everything successful
+  * `./testbuilds.py help` shows the available tests and commands
+  * in test_2xx create /external bins and compile them by linking via cmake-configs
+  * fix bins/CMakeLists.txt to show realistic usage of cmake find_package
+  * note: it seems bins/unzzip*.c use internal headers which external programs can't
+- Release to v0.13.76
+  * add DEVGUIDE.md and prep release process
+  * add -DCOVERAGE=ON cmake option
+  * allow for 'make coverage' summary
+  * change zzipdoc to python3 typehints
+  * allow for make types check on python
+  * remove unused make-doc.py make-doc.pl
+  * add bins/*.c and test/*.c to make format
+  * for bins/ --version shorten the automatic binary name #156
+  * simplify bins/ ssize_t construction
+  * tested 'make nextversion' to ensure version number is increased
+  * note: last 0.13.74 was internally still named 0.13.72
+  * integrate opensuse patch for -Wwrite-strings for GCC4.1+
+  * switch to mypy minimum of python3.8
+  * fix dbk2man regression (from typehints changes)
+  * fixed again cmake bug - parallel builds can lead to race condition
+  * removed ubuntu1604 testbuilds - python3.5 is too old
+  * ubuntu2404 is ready - was waiting for sdl-dev in universe
+  * move definitions form zzip/stdint.h to zzip/cstdint.h
+  * note: some includepaths made zzip/stdint.h be found as stdint.h
+  * move some definitions from zzip/__hints.h to zzip/cdecl.h
+  * make zzip/cdecl.h use gcc's ansidecl.h definitions if found
+  * remove zzip/__hints.h in public headers - use zzip/cdecl.h instead
+  * the __*.h files were not meant to be installed
+  * some distros have installed them anyway - that should be dropped
+  * the "make format" will check for __*.h in public headers as well
+  * note: this should help to avoide it creep in again
+  * add "make bins" to ensure testing compilation of those binaries
+  * add PACKAGE_NAME and PACKAGE_VERSION to _msvc.h
+- Release to v0.13.75
+  * add DEVGUIDE.md and prep release process
+  * add -DCOVERAGE=ON cmake option
+  * allow for 'make coverage' summary
+  * change zzipdoc to python3 typehints
+  * allow for make types check on python
+  * remove unused make-doc.py make-doc.pl
+  * add bins/*.c and test/*.c to make format
+  * for bins/ --version shorten the automatic binary name #156
+  * simplify bins/ ssize_t construction
+  * tested 'make nextversion' to ensure version number is increased
+  * note: last 0.13.74 was internally still named 0.13.72
+  * integrate opensuse patch for -Wwrite-strings for GCC4.1+
+  * switch to mypy minimum of python3.8
+  * fix dbk2man regression (from typehints changes)
+  * fixed again cmake bug - parallel builds can lead to race condition
+  * removed ubuntu1604 testbuilds - python3.5 is too old
+  * ubuntu2404 is ready - was waiting for sdl-dev in universe
+  * disabled local file header offset64
+  * allowed to 'make fortify' for extended debugging
+  * fixed all memleak bugs from address sanitizer
+  * fixed ZIP64 bugs - but the support is still incomplete
+  * fixed remaining failures as they were recorded in testsuite
+- Release to v0.13.74
+  * fixed last cmake bug - parallel builds can lead to race condition
+  * abolished centos8 testbuilds and prepared ubuntu24
+  * integrated some github patches
+  * prepare autoformat with clang-format (not yet enforced)
+- Release to v0.13.73
+  * Switched docs from .htm to .md format. The mksite to .html is retained.
+  * Some cmake patches were included. Specifically MacOS seems to be special.
+  * Automated builds changed from azure-pipelines to github/workflows
+  * Added typehints and pep8 check for the python parts of the tools and tests
+  * Can still update automake for now. Continues the testbuilds.py comparison.
+
+-------------------------------------------------------------------
+Mon Jul 15 14:53:47 UTC 2024 - Martin Jambor <mjambor@suse.com>
+
+- Add -fpermissive to %{optflags} to workaround C99 violations which
+  cause GCC14 to throw an error by default. [boo#1225959]
+
+-------------------------------------------------------------------
+Tue Feb 27 15:50:19 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
+
+- assert full zzip_file_header.                                                 
   [bsc#1214577, CVE-2020-18770, CVE-2020-18770.patch]
 - Use autosetup
 
+-------------------------------------------------------------------
+Tue Feb 20 12:11:54 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Use %patch -P N instead of deprecated %patchN.
+
 -------------------------------------------------------------------
 Sun Feb  7 23:10:28 UTC 2021 - Dirk Müller <dmueller@suse.com>
 

zziplib.spec

@@ -18,7 +18,7 @@
 
 %define lname   libzzip-0-13
 Name:           zziplib
-Version:        0.13.72
+Version:        0.13.78
 Release:        0
 Summary:        ZIP Compression Library
 License:        LGPL-2.1-or-later
@@ -26,9 +26,6 @@ Group:          Development/Libraries/C and C++
 URL:            http://zziplib.sourceforge.net
 Source0:        https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source2:        baselibs.conf
-Patch0:         zziplib-0.13.62.patch
-Patch1:         bsc1154002-prevent-unnecessary-perror.patch
-Patch2:         CVE-2020-18770.patch
 BuildRequires:  cmake
 BuildRequires:  pkgconfig
 BuildRequires:  xmlto
@@ -65,6 +62,8 @@ ZZipLib.
 sed -i -e 's:docs ::g' Makefile.am
 
 %build
+# Workaround for boo#1225959
+%global optflags %{optflags} -fpermissive
 %cmake -DZZIP_TESTCVE=OFF
 %cmake_build
 
@@ -72,6 +71,8 @@ sed -i -e 's:docs ::g' Makefile.am
 %cmake_install
 rm -f docs/Make* docs/zziplib-manpages.ar
 find %{buildroot} -type f -name "*.la" -delete -print
+# Remove uneeded .cmake files
+rm -rf %{buildroot}%{_libdir}/cmake
 
 %post -n %{lname} -p /sbin/ldconfig
 %postun -n %{lname} -p /sbin/ldconfig