From 936732df4742dab675f41aeaf49eb69c0f973bee Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 9 Nov 2021 04:50:48 -0500 Subject: [PATCH] import zziplib-0.13.68-9.el8 --- SOURCES/CVE-2020-18442.patch | 218 +++++++++++++++++++++++++++++++++++ SPECS/zziplib.spec | 9 +- 2 files changed, 226 insertions(+), 1 deletion(-) create mode 100644 SOURCES/CVE-2020-18442.patch diff --git a/SOURCES/CVE-2020-18442.patch b/SOURCES/CVE-2020-18442.patch new file mode 100644 index 0000000..3668fcd --- /dev/null +++ b/SOURCES/CVE-2020-18442.patch @@ -0,0 +1,218 @@ +From ac9ae39ef419e9f0f83da1e583314d8c7cda34a6 Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 4 Jan 2021 21:48:45 +0100 +Subject: [PATCH 1/7] #68 ssize_t return value of zzip_file_read is a signed + value being possibly -1 + +--- + bins/unzzipcat-zip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bins/unzzipcat-zip.c b/bins/unzzipcat-zip.c +index dd78c2b..385aeaf 100644 +--- a/bins/unzzipcat-zip.c ++++ b/bins/unzzipcat-zip.c +@@ -34,7 +34,7 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out) + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_file_read (file, buffer, 1024))) ++ while (0 < (len = zzip_file_read (file, buffer, 1024))) + { + fwrite (buffer, 1, len, out); + } +-- +2.32.0 + + +From 7e786544084548da7fcfcd9090d3c4e7f5777f7e Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 4 Jan 2021 21:50:26 +0100 +Subject: [PATCH 2/7] #68 return value of zzip_mem_disk_fread is signed + +--- + bins/unzip-mem.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c +index cc009f8..50eb5a6 100644 +--- a/bins/unzip-mem.c ++++ b/bins/unzip-mem.c +@@ -81,7 +81,7 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk, + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file))) ++ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file))) + fwrite (buffer, len, 1, out); + + zzip_mem_disk_fclose (file); +@@ -115,7 +115,7 @@ static void zzip_mem_entry_test(ZZIP_MEM_DISK* disk, + { + unsigned long crc = crc32 (0L, NULL, 0); + unsigned char buffer[1024]; int len; +- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file))) { ++ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file))) { + crc = crc32 (crc, buffer, len); + } + +-- +2.32.0 + + +From d453977f59ca59c61bf59dec28dd724498828f2a Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 4 Jan 2021 21:51:12 +0100 +Subject: [PATCH 3/7] #68 return value of zzip_entry_fread is signed + +--- + bins/unzzipcat-big.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bins/unzzipcat-big.c b/bins/unzzipcat-big.c +index 111ef47..ecebe11 100644 +--- a/bins/unzzipcat-big.c ++++ b/bins/unzzipcat-big.c +@@ -26,7 +26,7 @@ static void unzzip_big_entry_fprint(ZZIP_ENTRY* entry, FILE* out) + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_entry_fread (buffer, 1024, 1, file))) ++ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file))) + { + DBG2("entry read %i", len); + fwrite (buffer, len, 1, out); +@@ -45,7 +45,7 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out) + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_entry_fread (buffer, 1024, 1, file))) ++ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file))) + fwrite (buffer, len, 1, out); + + zzip_entry_fclose (file); +-- +2.32.0 + + +From 0a9db9ded9d15fbdb63bf5cf451920d0a368c00e Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 4 Jan 2021 21:51:56 +0100 +Subject: [PATCH 4/7] #68 return value of zzip_mem_disk_fread is signed + +--- + bins/unzzipcat-mem.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c +index 6bd79b7..1b5bc22 100644 +--- a/bins/unzzipcat-mem.c ++++ b/bins/unzzipcat-mem.c +@@ -35,7 +35,7 @@ static void unzzip_mem_entry_fprint(ZZIP_MEM_DISK* disk, + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file))) ++ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file))) + fwrite (buffer, len, 1, out); + + zzip_mem_disk_fclose (file); +@@ -48,7 +48,7 @@ static void unzzip_mem_disk_cat_file(ZZIP_MEM_DISK* disk, char* name, FILE* out) + if (file) + { + char buffer[1025]; int len; +- while ((len = zzip_mem_disk_fread (buffer, 1, 1024, file))) ++ while (0 < (len = zzip_mem_disk_fread (buffer, 1, 1024, file))) + { + fwrite (buffer, 1, len, out); + } +-- +2.32.0 + + +From a34a96fbda1e58fbec5c79f4c0b5063e031ce11d Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 4 Jan 2021 21:52:47 +0100 +Subject: [PATCH 5/7] #68 return value of zzip_fread is signed + +--- + bins/unzzipcat-mix.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bins/unzzipcat-mix.c b/bins/unzzipcat-mix.c +index e18987d..8f3d0b8 100644 +--- a/bins/unzzipcat-mix.c ++++ b/bins/unzzipcat-mix.c +@@ -34,7 +34,7 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out) + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_fread (buffer, 1, 1024, file))) ++ while (0 < (len = zzip_fread (buffer, 1, 1024, file))) + { + fwrite (buffer, 1, len, out); + } +-- +2.32.0 + + +From fa1f78abe1b08544061204019016809664f2618c Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 4 Jan 2021 21:53:50 +0100 +Subject: [PATCH 6/7] #68 return value of zzip_entry_fread is signed + +--- + bins/unzzipshow.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bins/unzzipshow.c b/bins/unzzipshow.c +index 9d8c2ed..5672d3b 100644 +--- a/bins/unzzipshow.c ++++ b/bins/unzzipshow.c +@@ -22,7 +22,7 @@ static void zzip_entry_fprint(ZZIP_ENTRY* entry, FILE* out) + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_entry_fread (buffer, 1024, 1, file))) ++ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file))) + fwrite (buffer, len, 1, out); + + zzip_entry_fclose (file); +@@ -35,7 +35,7 @@ static void zzip_cat_file(FILE* disk, char* name, FILE* out) + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_entry_fread (buffer, 1024, 1, file))) ++ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file))) + fwrite (buffer, len, 1, out); + + zzip_entry_fclose (file); +-- +2.32.0 + + +From f7a6fa9f0c29aecb4c2299568ed2e6094c34aca7 Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 4 Jan 2021 21:55:08 +0100 +Subject: [PATCH 7/7] #68 return value of posix read(2) is signed + +--- + bins/zzipmake-zip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bins/zzipmake-zip.c b/bins/zzipmake-zip.c +index 8e09c31..b37877c 100644 +--- a/bins/zzipmake-zip.c ++++ b/bins/zzipmake-zip.c +@@ -57,7 +57,7 @@ int rezzip_make (int argc, char ** argv) + continue; + } + +- while ((n = read (input, buf, 16))) ++ while (0 < (n = read (input, buf, 16))) + { + zzip_write (output, buf, n); + } +-- +2.32.0 + diff --git a/SPECS/zziplib.spec b/SPECS/zziplib.spec index f278d72..29ce6fc 100644 --- a/SPECS/zziplib.spec +++ b/SPECS/zziplib.spec @@ -1,7 +1,7 @@ Summary: Lightweight library to easily extract data from zip files Name: zziplib Version: 0.13.68 -Release: 8%{?dist} +Release: 9%{?dist} License: LGPLv2+ or MPLv1.1 Group: Applications/Archiving URL: http://zziplib.sourceforge.net/ @@ -25,6 +25,8 @@ Patch9: CVE-2018-16548.part3.patch Patch10: CVE-2018-17828.patch Patch11: CVE-2018-17828-singlez.patch +Patch12: CVE-2020-18442.patch + BuildRequires: perl-interpreter BuildRequires: python3-devel BuildRequires: python3-six @@ -89,6 +91,7 @@ zziplib library. %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 pathfix.py -i %{__python3} -pn docs @@ -140,6 +143,10 @@ make install DESTDIR=%{buildroot} %{_mandir}/man3/* %changelog +* Mon Aug 02 2021 Jakub Martisko - 0.13.68-9 +- Fix CVE-2020-18442 +- Resolves: CVE-2020-18442 + * Tue Oct 16 2018 Jakub Martisko - 0.13.68-8 - Fix CVE-2018-17828 in the "single z" binaries - Resolves: #1772447