From d1d4a22afa9955257ff9b7ffbc4b0376c788ad3291ba28006371a0681ce14089 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Fri, 14 Jun 2019 06:11:56 +0000 Subject: [PATCH] Accepting request 709685 from home:jmoellers:branches:devel:libraries:c_c++ OBS-URL: https://build.opensuse.org/request/show/709685 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zziplib?expand=0&rev=42 --- bsc1129403-prevent-division-by-zero.patch | 49 +++++++++++++++++++++++ zziplib.changes | 8 ++++ zziplib.spec | 4 +- 3 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 bsc1129403-prevent-division-by-zero.patch diff --git a/bsc1129403-prevent-division-by-zero.patch b/bsc1129403-prevent-division-by-zero.patch new file mode 100644 index 0000000..cf64380 --- /dev/null +++ b/bsc1129403-prevent-division-by-zero.patch @@ -0,0 +1,49 @@ +Index: zziplib-0.13.69/bins/unzip-mem.c +=================================================================== +--- zziplib-0.13.69.orig/bins/unzip-mem.c ++++ zziplib-0.13.69/bins/unzip-mem.c +@@ -231,9 +231,12 @@ static void zzip_mem_entry_direntry(ZZIP + if (*name == '\n') name++; + + if (option_verbose) { ++ long percentage; ++ ++ percentage = usize ? (L (100 - (csize*100/usize))) : 0; /* 0% if file size is 0 */ + printf("%8li%c %s %8li%c%3li%% %s %8lx %s %s\n", + L usize, exp, comprlevel[compr], L csize, exp, +- L (100 - (csize*100/usize)), ++ percentage, + _zzip_ctime(&mtime), crc32, name, comment); + } else { + printf(" %8li%c %s %s %s\n", +Index: zziplib-0.13.69/test/zziptests.py +=================================================================== +--- zziplib-0.13.69.orig/test/zziptests.py ++++ zziplib-0.13.69/test/zziptests.py +@@ -3429,6 +3429,26 @@ class ZZipTest(unittest.TestCase): + txt = open(txtfile).read() + self.assertEqual(txt.split("\n"), run.output.split("\n")) + ++ def test_65485_list_verbose_compressed_with_directory(self): ++ """ verbously list a zipfile containing directories """ ++ tmpdir = self.testdir() ++ workdir = tmpdir + "/d" ++ zipname = "ZIPfile" ++ os.makedirs(workdir) ++ f= open(tmpdir + "/d/file","w+") ++ for i in range(10): ++ f.write("This is line %d\r\n" % (i+1)) ++ f.close() ++ # create the ZIPfile ++ exe=self.bins("zzip") ++ run = shell("chdir {tmpdir} && ../{exe} -9 {zipname}.zip d".format(**locals())) ++ self.assertFalse(run.returncode) ++ # list the ZIPfile ++ exe=self.bins("unzip-mem"); ++ run = shell("chdir {tmpdir} && ../{exe} -v {zipname}.zip".format(**locals())) ++ self.assertFalse(run.returncode) ++ self.rm_testdir() ++ + def test_99000_make_test1w_zip(self): + """ create a test1w.zip using zzip/write functions. """ + exe=self.bins("zzip") diff --git a/zziplib.changes b/zziplib.changes index 31c51a1..6dee6af 100644 --- a/zziplib.changes +++ b/zziplib.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Jun 13 06:39:36 UTC 2019 - josef.moellers@suse.com + +- Prevent division by zero by first checking if uncompressed size + is 0. This may happen with directories which have a compressed + and uncompressed size of 0. + [bsc#1129403, bsc1129403-prevent-division-by-zero.patch] + ------------------------------------------------------------------- Thu Oct 4 08:14:00 UTC 2018 - josef.moellers@suse.com diff --git a/zziplib.spec b/zziplib.spec index bdcf4d4..5d26ed1 100644 --- a/zziplib.spec +++ b/zziplib.spec @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,6 +33,7 @@ Patch3: CVE-2018-7726.patch Patch4: CVE-2018-7725.patch Patch5: CVE-2018-16548.patch Patch6: CVE-2018-17828.patch +Patch7: bsc1129403-prevent-division-by-zero.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -73,6 +74,7 @@ ZZipLib. %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 # do not bother with html docs saving us python2 dependency sed -i -e 's:docs ::g' Makefile.am