Accepting request 571949 from home:jmoellers:branches:devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/571949 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zziplib?expand=0&rev=23
2018-02-05 10:50:07 +00:00 · 2018-02-05 10:50:07 +00:00 · d191a5d2f2
commit d191a5d2f2
parent d31eba1de7
4 changed files with 82 additions and 1 deletions
--- a/CVE-2018-6381.patch
+++ b/CVE-2018-6381.patch
@ -0,0 +1,19 @@
+Index: zziplib-0.13.67/zzip/memdisk.c
+===================================================================
+--- zziplib-0.13.67.orig/zzip/memdisk.c
+++ zziplib-0.13.67/zzip/memdisk.c
+@@ -209,6 +209,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
+     item->zz_diskstart = zzip_disk_entry_get_diskstart(entry);
+     item->zz_filetype = zzip_disk_entry_get_filetype(entry);
+ 
+    /*
+     * If the file is uncompressed, zz_csize and zz_usize should be the same
+     * If they are not, we cannot guarantee that either is correct, so ...
+     */
+    if (item->zz_compr == ZZIP_IS_STORED && item->zz_csize != item->zz_usize)
+    {
+        goto error;
+    }
+     /* zz_comment and zz_name are empty strings if not present on disk */
+     if (! item->zz_comment || ! item->zz_name)
+     {
--- a/CVE-2018-6484.patch
+++ b/CVE-2018-6484.patch
@ -0,0 +1,43 @@
+Index: zziplib-0.13.67/zzip/zip.c
+===================================================================
+--- zziplib-0.13.67.orig/zzip/zip.c
+++ zziplib-0.13.67/zzip/zip.c
+@@ -320,6 +320,12 @@ __zzip_fetch_disk_trailer(int fd, zzip_o
+ #                  endif
+ 
+                     __fixup_rootseek(offset + tail - mapped, trailer);
+		    /*
+		     * "extract data from files archived in a single zip file."
+		     * So the file offsets must be within the current ZIP archive!
+		     */
+		    if (trailer->zz_rootseek >= filesize || (trailer->zz_rootseek + trailer->zz_rootsize) >= filesize)
+		        return(ZZIP_CORRUPTED);
+                     { return(0); }
+                 } else if ((*tail == 'P') &&
+                            end - tail >=
+@@ -338,6 +344,12 @@ __zzip_fetch_disk_trailer(int fd, zzip_o
+                         zzip_disk64_trailer_finalentries(orig);
+                     trailer->zz_rootseek = zzip_disk64_trailer_rootseek(orig);
+                     trailer->zz_rootsize = zzip_disk64_trailer_rootsize(orig);
+		    /*
+		     * "extract data from files archived in a single zip file."
+		     * So the file offsets must be within the current ZIP archive!
+		     */
+		    if (trailer->zz_rootseek >= filesize || (trailer->zz_rootseek + trailer->zz_rootsize) >= filesize)
+		        return(ZZIP_CORRUPTED);
+                     { return(0); }
+ #                  endif
+                 }
+Index: zziplib-0.13.67/bins/unzzipcat-zip.c
+===================================================================
+--- zziplib-0.13.67.orig/bins/unzzipcat-zip.c
+++ zziplib-0.13.67/bins/unzzipcat-zip.c
+@@ -78,7 +78,7 @@ static int unzzip_cat (int argc, char **
+     
+     disk = zzip_dir_open (argv[1], &error);
+     if (! disk) {
+-	perror(argv[1]);
+	fprintf(stderr, "%s: %s\n", argv[1], zzip_strerror(error));
+ 	return -1;
+     }
+ 
--- a/zziplib.changes
+++ b/zziplib.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Feb  2 09:31:49 UTC 2018 - josef.moellers@suse.com
+
+- Reject the ZIP file and report it as corrupt if the size of the
+  central directory and/or the offset of start of central directory
+  point beyond the end of the ZIP file.
+  [CVE-2018-6484, boo#1078701, CVE-2018-6484.patch]
+
+-------------------------------------------------------------------
+Thu Feb  1 10:49:56 UTC 2018 - josef.moellers@suse.com
+
+- If a file is uncompressed, compressed and uncompressed sizes
+  should be identical.
+  [CVE-2018-6381, bsc#1078497, CVE-2018-6381.patch]
+
 -------------------------------------------------------------------
 Tue Jan 23 20:18:19 UTC 2018 - tchvatal@suse.com

--- a/zziplib.spec
+++ b/zziplib.spec
@ -1,7 +1,7 @@
 #
 # spec file for package zziplib
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -29,6 +29,8 @@ Source2:        baselibs.conf
 Patch0:         zziplib-0.13.62.patch
 Patch1:         zziplib-0.13.62-wronglinking.patch
 Patch2:         zziplib-largefile.patch
+Patch3:         CVE-2018-6381.patch
+Patch4:         CVE-2018-6484.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  fdupes
@ -66,6 +68,8 @@ ZZipLib.
 %patch0
 %patch1
 %patch2
+%patch3 -p1
+%patch4 -p1
 # do not bother with html docs saving us python2 dependency
 sed -i -e 's:docs ::g' Makefile.am