powerel9
/
zziplib
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

update zziplib 

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>
master
Toshaan Bharvani 2 months ago
parent
564e07c2de
commit
13ed555df5
2 changed files with 35 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      SOURCES/CVE-2020-18770.patch
  2. 13
      SPECS/zziplib.spec

23
SOURCES/CVE-2020-18770.patch
Unescape View File

@ -0,0 +1,23 @@ @@ -0,0 +1,23 @@
From 803f49aaae16b7f2899e4769afdfc673a21fa9e8 Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 26 Feb 2024 23:17:12 +0100
Subject: [PATCH] #69 assert full zzip_file_header

---
zzip/mmapped.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/zzip/mmapped.c b/zzip/mmapped.c
index 2071882..306ba51 100644
--- a/zzip/mmapped.c
+++ b/zzip/mmapped.c
@@ -276,7 +276,8 @@ struct zzip_file_header *
zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
{
zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry);
- if (disk->buffer > ptr || ptr >= disk->endbuf)
+ zzip_byte_t *const end = ptr + sizeof(struct zzip_file_header);
+ if (disk->buffer > ptr || end >= disk->endbuf || end <= NULL)
{
errno = EBADMSG;
return 0;

13
SPECS/zziplib.spec
Unescape View File

@ -1,7 +1,7 @@ @@ -1,7 +1,7 @@
Summary: Lightweight library to easily extract data from zip files
Name: zziplib
Version: 0.13.71
Release: 9%{?dist}
Release: 11%{?dist}
License: LGPLv2+ or MPLv1.1
URL: http://zziplib.sourceforge.net/
#Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz
@ -15,6 +15,7 @@ Source1: match.py @@ -15,6 +15,7 @@ Source1: match.py
Source2: options.py

Patch1: CVE-2020-18442.patch
Patch2: CVE-2020-18770.patch
Patch100: multilib-32.patch
Patch101: multilib-64.patch

@ -74,6 +75,7 @@ cp %{SOURCE1} docs/zzipdoc/ @@ -74,6 +75,7 @@ cp %{SOURCE1} docs/zzipdoc/
cp %{SOURCE2} docs/zzipdoc/

%patch1 -p1
%patch2 -p1


%build
@ -122,6 +124,15 @@ popd @@ -122,6 +124,15 @@ popd
%{_mandir}/man3/*

%changelog
* Wed Feb 28 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.71-11
- Fix CVE-2020-18770
Previous patch was causing segfault
Resolves: RHEL-14967

* Wed Jan 24 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.71-10
- Fix CVE-2020-18770
Resolves: RHEL-14967

* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.13.71-9
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

Write Preview
Loading…
Cancel
Save