Accepting request 588647 from home:jmoellers:branches:devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/588647 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zziplib?expand=0&rev=35
2018-03-19 17:24:00 +00:00 · 2018-03-19 17:24:00 +00:00 · a5d7ebe036
commit a5d7ebe036
parent 293db03ccf
5 changed files with 120 additions and 3 deletions
--- a/CVE-2018-7725.patch
+++ b/CVE-2018-7725.patch
@ -0,0 +1,32 @@
+Index: zziplib-0.13.69/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.69.orig/zzip/memdisk.c
+++ zziplib-0.13.69/zzip/memdisk.c
+@@ -222,6 +222,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+     item->zz_filetype = zzip_disk_entry_get_filetype(entry);
+ 
+     /*
+     * If zz_data+zz_csize exceeds the size of the file, bail out
+     */
+    if ((item->zz_data + item->zz_csize) < disk->buffer ||
+        (item->zz_data + item->zz_csize) >= disk->endbuf)
+    {
+        goto error;
+    }
+    /*
+      * If the file is uncompressed, zz_csize and zz_usize should be the same
+      * If they are not, we cannot guarantee that either is correct, so ...
+      */
+Index: zziplib-0.13.69/zzip/zip.c
+===================================================================
+--- zziplib-0.13.69.orig/zzip/zip.c
+++ zziplib-0.13.69/zzip/zip.c
+@@ -408,7 +408,7 @@ __zzip_parse_root_directory(int fd,
+                             struct _disk_trailer *trailer,
+                             struct zzip_dir_hdr **hdr_return,
+                             zzip_plugin_io_t io,
+-			    zzip_off_t filesize);
+			    zzip_off_t filesize)
+ {
+     auto struct zzip_disk_entry dirent;
+     struct zzip_dir_hdr *hdr;
--- a/CVE-2018-7726.patch
+++ b/CVE-2018-7726.patch
@ -0,0 +1,67 @@
+Index: zziplib-0.13.69/docs/zziplib.html
+===================================================================
+--- zziplib-0.13.69.orig/docs/zziplib.html
+++ zziplib-0.13.69/docs/zziplib.html
+@@ -415,7 +415,8 @@ generated 2003-12-12
+  <code>(<nobr>int fd</nobr>,
+ <nobr>struct zzip_disk_trailer * trailer</nobr>,
+ <nobr>struct zzip_dir_hdr ** hdr_return</nobr>,
+-<nobr>zzip_plugin_io_t io</nobr>)</code>
+<nobr>zzip_plugin_io_t io</nobr>,
+<nobr>zzip_off_t filesize</nobr>)</code>
+ 
+ </td></tr><tr valign="top">
+ <td valign="top"><code>ZZIP_DIR*
+@@ -1091,7 +1092,8 @@ generated 2003-12-12
+  <code>(<nobr>int fd</nobr>,
+ <nobr>struct zzip_disk_trailer * trailer</nobr>,
+ <nobr>struct zzip_dir_hdr ** hdr_return</nobr>,
+-<nobr>zzip_plugin_io_t io</nobr>)</code>
+<nobr>zzip_plugin_io_t io</nobr>,
+<nobr>zzip_off_t filesize</nobr>)</code>
+ 
+ </code></code><dt>
+ <dd><p> &nbsp;(../zzip/zip.c)
+Index: zziplib-0.13.69/zzip/zip.c
+===================================================================
+--- zziplib-0.13.69.orig/zzip/zip.c
+++ zziplib-0.13.69/zzip/zip.c
+@@ -82,7 +82,8 @@ int __zzip_fetch_disk_trailer(int fd, zz
+ int __zzip_parse_root_directory(int fd,
+                                 struct _disk_trailer *trailer,
+                                 struct zzip_dir_hdr **hdr_return,
+-                                zzip_plugin_io_t io);
+                                zzip_plugin_io_t io,
+				zzip_off_t filesize);
+ 
+ _zzip_inline static char *__zzip_aligned4(char *p);
+ 
+@@ -406,7 +407,8 @@ int
+ __zzip_parse_root_directory(int fd,
+                             struct _disk_trailer *trailer,
+                             struct zzip_dir_hdr **hdr_return,
+-                            zzip_plugin_io_t io)
+                            zzip_plugin_io_t io,
+			    zzip_off_t filesize);
+ {
+     auto struct zzip_disk_entry dirent;
+     struct zzip_dir_hdr *hdr;
+@@ -421,6 +423,9 @@ __zzip_parse_root_directory(int fd,
+     zzip_off64_t zz_rootseek = _disk_trailer_rootseek(trailer);
+     __correct_rootseek(zz_rootseek, zz_rootsize, trailer);
+ 
+    if (zz_rootsize <= 0 || zz_rootseek < 0 || zz_rootseek >= filesize)
+    	return ZZIP_CORRUPTED;
+
+     if (zz_entries < 0 || zz_rootseek < 0 || zz_rootsize < 0)
+         return ZZIP_CORRUPTED;
+ 
+@@ -755,7 +760,7 @@ __zzip_dir_parse(ZZIP_DIR * dir)
+           (long) _disk_trailer_rootseek(&trailer));
+ 
+     if ((rv = __zzip_parse_root_directory(dir->fd, &trailer, &dir->hdr0,
+-                                          dir->io)) != 0)
+                                          dir->io, filesize)) != 0)
+         { goto error; }
+   error:
+     return rv;
--- a/zziplib-largefile.patch
+++ b/zziplib-largefile.patch
@ -2,7 +2,7 @@ Index: configure.ac
 ===================================================================
 --- configure.ac.orig
 +++ configure.ac
-@@ -125,7 +125,7 @@ if test ".$ac_cv_sys_largefile_sensitive
+@@ -129,7 +129,7 @@ if test ".$ac_cv_sys_largefile_sensitive
 elif test ".$with_largefile" != ".no" ; then
   AC_MSG_RESULT(compiles library as 64bit off_t variant dnl
 - and renaming some function names)
--- a/zziplib.changes
+++ b/zziplib.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Mon Mar 19 13:57:10 UTC 2018 - josef.moellers@suse.com
+
+- Check if data from End of central directory record makes sense.
+  Especially the Offset of start of central directory must not
+  a) be negative or
+  b) point behind the end-of-file.
+- Check if compressed size in Central directory file header
+  makes sense, i.e. the file's data does not extend beyond the
+  end of the file.
+  [bsc#1084517, CVE-2018-7726, CVE-2018-7726.patch,
+   bsc#1084519, CVE-2018-7725, CVE-2018-7725.patch]
+
 -------------------------------------------------------------------
 Sat Mar 17 18:53:19 UTC 2018 - avindra@opensuse.org

--- a/zziplib.spec
+++ b/zziplib.spec
@ -1,7 +1,7 @@
 #
 # spec file for package zziplib
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -21,14 +21,17 @@ Name:           zziplib
 Version:        0.13.69
 Release:        0
 Summary:        ZIP Compression Library
-License:        LGPL-2.1-or-later
+License:        LGPL-2.1+
 Group:          Development/Libraries/C and C++
+# License:        LGPL-2.1-or-later
 Url:            http://zziplib.sourceforge.net
 Source0:        https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source2:        baselibs.conf
 Patch0:         zziplib-0.13.62.patch
 Patch1:         zziplib-0.13.62-wronglinking.patch
 Patch2:         zziplib-largefile.patch
+Patch3:         CVE-2018-7726.patch
+Patch4:         CVE-2018-7725.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libtool
@ -65,6 +68,8 @@ ZZipLib.
 %patch0
 %patch1
 %patch2
+%patch3 -p1
+%patch4 -p1
 # do not bother with html docs saving us python2 dependency
 sed -i -e 's:docs ::g' Makefile.am