pool/zziplib
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 571949 from home:jmoellers:branches:devel:libraries:c_c++

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/571949
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zziplib?expand=0&rev=23
This commit is contained in:
Adam Majer 2018-02-05 10:50:07 +00:00 committed by Git OBS Bridge
parent d31eba1de7
commit d191a5d2f2
4 changed files with 82 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
CVE-2018-6381.patch Normal file
View File

@ -0,0 +1,19 @@
Index: zziplib-0.13.67/zzip/memdisk.c
===================================================================
--- zziplib-0.13.67.orig/zzip/memdisk.c
+++ zziplib-0.13.67/zzip/memdisk.c
@@ -209,6 +209,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
item->zz_diskstart = zzip_disk_entry_get_diskstart(entry);
item->zz_filetype = zzip_disk_entry_get_filetype(entry);
+ /*
+ * If the file is uncompressed, zz_csize and zz_usize should be the same
+ * If they are not, we cannot guarantee that either is correct, so ...
+ */
+ if (item->zz_compr == ZZIP_IS_STORED && item->zz_csize != item->zz_usize)
+ {
+ goto error;
+ }
/* zz_comment and zz_name are empty strings if not present on disk */
if (! item->zz_comment || ! item->zz_name)
{

43
CVE-2018-6484.patch Normal file
View File

@ -0,0 +1,43 @@
Index: zziplib-0.13.67/zzip/zip.c
===================================================================
--- zziplib-0.13.67.orig/zzip/zip.c
+++ zziplib-0.13.67/zzip/zip.c
@@ -320,6 +320,12 @@ __zzip_fetch_disk_trailer(int fd, zzip_o
# endif
__fixup_rootseek(offset + tail - mapped, trailer);
+ /*
+ * "extract data from files archived in a single zip file."
+ * So the file offsets must be within the current ZIP archive!
+ */
+ if (trailer->zz_rootseek >= filesize || (trailer->zz_rootseek + trailer->zz_rootsize) >= filesize)
+ return(ZZIP_CORRUPTED);
{ return(0); }
} else if ((*tail == 'P') &&
end - tail >=
@@ -338,6 +344,12 @@ __zzip_fetch_disk_trailer(int fd, zzip_o
zzip_disk64_trailer_finalentries(orig);
trailer->zz_rootseek = zzip_disk64_trailer_rootseek(orig);
trailer->zz_rootsize = zzip_disk64_trailer_rootsize(orig);
+ /*
+ * "extract data from files archived in a single zip file."
+ * So the file offsets must be within the current ZIP archive!
+ */
+ if (trailer->zz_rootseek >= filesize || (trailer->zz_rootseek + trailer->zz_rootsize) >= filesize)
+ return(ZZIP_CORRUPTED);
{ return(0); }
# endif
}
Index: zziplib-0.13.67/bins/unzzipcat-zip.c
===================================================================
--- zziplib-0.13.67.orig/bins/unzzipcat-zip.c
+++ zziplib-0.13.67/bins/unzzipcat-zip.c
@@ -78,7 +78,7 @@ static int unzzip_cat (int argc, char **
disk = zzip_dir_open (argv[1], &error);
if (! disk) {
- perror(argv[1]);
+ fprintf(stderr, "%s: %s\n", argv[1], zzip_strerror(error));
return -1;
}

15
zziplib.changes
View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Fri Feb 2 09:31:49 UTC 2018 - josef.moellers@suse.com
- Reject the ZIP file and report it as corrupt if the size of the
central directory and/or the offset of start of central directory
point beyond the end of the ZIP file.
[CVE-2018-6484, boo#1078701, CVE-2018-6484.patch]
-------------------------------------------------------------------
Thu Feb 1 10:49:56 UTC 2018 - josef.moellers@suse.com
- If a file is uncompressed, compressed and uncompressed sizes
should be identical.
[CVE-2018-6381, bsc#1078497, CVE-2018-6381.patch]
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 20:18:19 UTC 2018 - tchvatal@suse.com Tue Jan 23 20:18:19 UTC 2018 - tchvatal@suse.com

6
zziplib.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package zziplib # spec file for package zziplib
# #
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -29,6 +29,8 @@ Source2: baselibs.conf
Patch0: zziplib-0.13.62.patch Patch0: zziplib-0.13.62.patch
Patch1: zziplib-0.13.62-wronglinking.patch Patch1: zziplib-0.13.62-wronglinking.patch
Patch2: zziplib-largefile.patch Patch2: zziplib-largefile.patch
Patch3: CVE-2018-6381.patch
Patch4: CVE-2018-6484.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: fdupes BuildRequires: fdupes
@ -66,6 +68,8 @@ ZZipLib.
%patch0 %patch0
%patch1 %patch1
%patch2 %patch2
%patch3 -p1
%patch4 -p1
# do not bother with html docs saving us python2 dependency # do not bother with html docs saving us python2 dependency
sed -i -e 's:docs ::g' Makefile.am sed -i -e 's:docs ::g' Makefile.am