import zziplib-0.13.68-8.el8
This commit is contained in:
parent
8a0cf4bd17
commit
c0a6678c14
59
SOURCES/CVE-2018-17828-singlez.patch
Normal file
59
SOURCES/CVE-2018-17828-singlez.patch
Normal file
@ -0,0 +1,59 @@
|
||||
diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
|
||||
index c45cb72..ff564a5 100644
|
||||
--- a/bins/unzip-mem.c
|
||||
+++ b/bins/unzip-mem.c
|
||||
@@ -88,10 +88,53 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk,
|
||||
}
|
||||
}
|
||||
|
||||
+
|
||||
+
|
||||
+
|
||||
+static inline void
|
||||
+remove_dotdotslash(char *path)
|
||||
+{
|
||||
+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
|
||||
+ char *dotdotslash;
|
||||
+ int warned = 0;
|
||||
+
|
||||
+ dotdotslash = path;
|
||||
+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
|
||||
+ {
|
||||
+ /*
|
||||
+ * Remove only if at the beginning of the pathname ("../path/name")
|
||||
+ * or when preceded by a slash ("path/../name"),
|
||||
+ * otherwise not ("path../name..")!
|
||||
+ */
|
||||
+ if (dotdotslash == path || dotdotslash[-1] == '/')
|
||||
+ {
|
||||
+ char *src, *dst;
|
||||
+ if (!warned)
|
||||
+ {
|
||||
+ /* Note: the first time through the pathname is still intact */
|
||||
+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
|
||||
+ warned = 1;
|
||||
+ }
|
||||
+ /* We cannot use strcpy(), as there "The strings may not overlap" */
|
||||
+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
|
||||
+ ;
|
||||
+ }
|
||||
+ else
|
||||
+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
static void zzip_mem_entry_make(ZZIP_MEM_DISK* disk,
|
||||
ZZIP_MEM_ENTRY* entry)
|
||||
{
|
||||
- FILE* file = fopen (entry->zz_name, "w");
|
||||
+ char name_stripped[PATH_MAX+1];
|
||||
+ FILE* file;
|
||||
+
|
||||
+ strncpy(name_stripped, entry->zz_name, PATH_MAX);
|
||||
+ name_stripped[PATH_MAX]='\0';
|
||||
+ remove_dotdotslash(name_stripped);
|
||||
+
|
||||
+ file = fopen (name_stripped, "wb");
|
||||
if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); }
|
||||
perror (entry->zz_name);
|
||||
if (status < EXIT_WARNINGS) status = EXIT_WARNINGS;
|
@ -1,7 +1,7 @@
|
||||
Summary: Lightweight library to easily extract data from zip files
|
||||
Name: zziplib
|
||||
Version: 0.13.68
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
License: LGPLv2+ or MPLv1.1
|
||||
Group: Applications/Archiving
|
||||
URL: http://zziplib.sourceforge.net/
|
||||
@ -23,6 +23,7 @@ Patch8: CVE-2018-16548.part2.patch
|
||||
Patch9: CVE-2018-16548.part3.patch
|
||||
|
||||
Patch10: CVE-2018-17828.patch
|
||||
Patch11: CVE-2018-17828-singlez.patch
|
||||
|
||||
BuildRequires: perl-interpreter
|
||||
BuildRequires: python3-devel
|
||||
@ -87,6 +88,7 @@ zziplib library.
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
|
||||
pathfix.py -i %{__python3} -pn docs
|
||||
|
||||
@ -138,6 +140,10 @@ make install DESTDIR=%{buildroot}
|
||||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Tue Oct 16 2018 Jakub Martisko <jamartis@redhat.com> - 0.13.68-8
|
||||
- Fix CVE-2018-17828 in the "single z" binaries
|
||||
- Resolves: #1772447
|
||||
|
||||
* Tue Oct 16 2018 Jakub Martisko <jamartis@redhat.com> - 0.13.68-7
|
||||
- Fix CVE-2018-17828
|
||||
- Resolves: #1635890
|
||||
|
Loading…
Reference in New Issue
Block a user