Import from AlmaLinux stable repository

This commit is contained in:
eabdullin 2025-12-04 13:43:09 +00:00
parent 9ec946bec3
commit 9858df510d
3 changed files with 95 additions and 1 deletions

View File

@ -0,0 +1,64 @@
diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
index c45cb72..ff564a5 100644
--- a/bins/unzip-mem.c
+++ b/bins/unzip-mem.c
@@ -88,12 +88,56 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk,
}
}
+#include <zzip/file.h>
+
+
+
+static inline void
+remove_dotdotslash(char *path)
+{
+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
+ char *dotdotslash;
+ int warned = 0;
+
+ dotdotslash = path;
+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
+ {
+ /*
+ * Remove only if at the beginning of the pathname ("../path/name")
+ * or when preceded by a slash ("path/../name"),
+ * otherwise not ("path../name..")!
+ */
+ if (dotdotslash == path || dotdotslash[-1] == '/')
+ {
+ char *src, *dst;
+ if (!warned)
+ {
+ /* Note: the first time through the pathname is still intact */
+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
+ warned = 1;
+ }
+ /* We cannot use strcpy(), as there "The strings may not overlap" */
+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
+ ;
+ }
+ else
+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
+ }
+}
+
static void zzip_mem_entry_make(ZZIP_MEM_DISK* disk,
ZZIP_MEM_ENTRY* entry)
{
- FILE* file = fopen (entry->zz_name, "wb");
+ char name_stripped[PATH_MAX+1];
+ FILE* file;
+
+ strncpy(name_stripped, entry->zz_name, PATH_MAX);
+ name_stripped[PATH_MAX]='\0';
+ remove_dotdotslash(name_stripped);
+
+ file = fopen (name_stripped, "wb");
- if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); }
+ if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); return;}
- perror (entry->zz_name);
+ perror (name_stripped);
if (status < EXIT_WARNINGS) status = EXIT_WARNINGS;
}

View File

@ -0,0 +1,22 @@
From 4967d2254d9d1daf97fd525723c44aa6d2c4b731 Mon Sep 17 00:00:00 2001
From: Robin Ebert <ebertrobin2002@gmail.com>
Date: Fri, 5 Nov 2021 22:07:41 +0100
Subject: [PATCH] Fix bug where the wrong char pointer is used
---
bins/unzzip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bins/unzzip.c b/bins/unzzip.c
index 0c0b5e58..3f63e722 100644
--- a/bins/unzzip.c
+++ b/bins/unzzip.c
@@ -137,7 +137,7 @@ FILE* create_fopen(char* name, char* mode, int subdirs)
{
char* p = strrchr(name_stripped, '/');
if (p) {
- char* dir_name = _zzip_strndup(name_stripped, p-name);
+ char* dir_name = _zzip_strndup(name_stripped, p-name_stripped);
makedirs(dir_name);
free (dir_name);
}

View File

@ -1,7 +1,7 @@
Summary: Lightweight library to easily extract data from zip files
Name: zziplib
Version: 0.13.71
Release: 11%{?dist}
Release: 12%{?dist}
License: LGPLv2+ or MPLv1.1
URL: http://zziplib.sourceforge.net/
#Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz
@ -16,6 +16,8 @@ Source2: options.py
Patch1: CVE-2020-18442.patch
Patch2: CVE-2020-18770.patch
Patch3: CVE-2018-17828-singlez.patch
Patch4: CVE-2018-17828.patch
Patch100: multilib-32.patch
Patch101: multilib-64.patch
@ -76,6 +78,8 @@ cp %{SOURCE2} docs/zzipdoc/
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%build
@ -124,6 +128,10 @@ popd
%{_mandir}/man3/*
%changelog
* Thu Jun 12 2025 Jakub Martisko <jamartis@redhat.com> - 0.13.71-12
- Fix a directory traversal issue in unzip-mem
Resolves: RHEL-6266
* Wed Feb 28 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.71-11
- Fix CVE-2020-18770
Previous patch was causing segfault