Accepting request 573379 from home:jmoellers:branches:devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/573379 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zziplib?expand=0&rev=24
2018-02-07 11:37:38 +00:00 · 2018-02-07 11:37:38 +00:00 · 852e18aefc
commit 852e18aefc
parent d191a5d2f2
3 changed files with 49 additions and 0 deletions
--- a/CVE-2018-6540.patch
+++ b/CVE-2018-6540.patch
@ -0,0 +1,37 @@
+Index: zziplib-0.13.67/zzip/mmapped.c
+===================================================================
+--- zziplib-0.13.67.orig/zzip/mmapped.c
+++ zziplib-0.13.67/zzip/mmapped.c
+@@ -457,6 +457,12 @@ zzip_disk_findfirst(ZZIP_DISK * disk)
+             errno = EBADMSG;
+             return 0;
+         }
+	if (root >= disk->endbuf)
+	{
+	    DBG1("root behind endbuf should be impossible");
+	    errno = EBADMSG;
+	    return 0;
+	}
+         if (zzip_disk_entry_check_magic(root))
+         {
+             DBG1("found the disk root");
+Index: zziplib-0.13.67/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.67.orig/zzip/memdisk.c
+++ zziplib-0.13.67/zzip/memdisk.c
+@@ -305,7 +305,14 @@ zzip_mem_entry_find_extra_block(ZZIP_MEM
+         char* ext_end = ext + entry->zz_extlen[i];
+         if (ext)
+         {
+-            while (ext + zzip_extra_block_headerlength <= ext_end)
+	    /*
+	     * Make sure that
+	     * 1) the extra block header
+	     * AND
+	     * 2) the block we're looking for
+	     * fit into the extra block!
+	     */
+            while (ext + zzip_extra_block_headerlength + blocksize <= ext_end)
+             {
+                 if (datatype == zzip_extra_block_get_datatype(ext))
+                 {
--- a/zziplib.changes
+++ b/zziplib.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Tue Feb  6 14:55:03 UTC 2018 - josef.moellers@suse.com
+
+- If an extension block is too small to hold an extension,
+  do not use the information therein.
+- If the End of central directory record (EOCD) contains an
+  Offset of start of central directory which is beyond the end of
+  the file, reject the file.
+  [CVE-2018-6540, bsc#1079096, CVE-2018-6540.patch]
+
 -------------------------------------------------------------------
 Fri Feb  2 09:31:49 UTC 2018 - josef.moellers@suse.com

--- a/zziplib.spec
+++ b/zziplib.spec
@ -31,6 +31,7 @@ Patch1:         zziplib-0.13.62-wronglinking.patch
 Patch2:         zziplib-largefile.patch
 Patch3:         CVE-2018-6381.patch
 Patch4:         CVE-2018-6484.patch
+Patch5:         CVE-2018-6540.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  fdupes
@ -70,6 +71,7 @@ ZZipLib.
 %patch2
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 # do not bother with html docs saving us python2 dependency
 sed -i -e 's:docs ::g' Makefile.am