import zziplib-0.13.68-9.el8
This commit is contained in:
parent
b192da5bda
commit
d457bde0d2
218
SOURCES/CVE-2020-18442.patch
Normal file
218
SOURCES/CVE-2020-18442.patch
Normal file
@ -0,0 +1,218 @@
|
|||||||
|
From ac9ae39ef419e9f0f83da1e583314d8c7cda34a6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Guido Draheim <guidod@gmx.de>
|
||||||
|
Date: Mon, 4 Jan 2021 21:48:45 +0100
|
||||||
|
Subject: [PATCH 1/7] #68 ssize_t return value of zzip_file_read is a signed
|
||||||
|
value being possibly -1
|
||||||
|
|
||||||
|
---
|
||||||
|
bins/unzzipcat-zip.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/bins/unzzipcat-zip.c b/bins/unzzipcat-zip.c
|
||||||
|
index dd78c2b..385aeaf 100644
|
||||||
|
--- a/bins/unzzipcat-zip.c
|
||||||
|
+++ b/bins/unzzipcat-zip.c
|
||||||
|
@@ -34,7 +34,7 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
|
||||||
|
if (file)
|
||||||
|
{
|
||||||
|
char buffer[1024]; int len;
|
||||||
|
- while ((len = zzip_file_read (file, buffer, 1024)))
|
||||||
|
+ while (0 < (len = zzip_file_read (file, buffer, 1024)))
|
||||||
|
{
|
||||||
|
fwrite (buffer, 1, len, out);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
||||||
|
|
||||||
|
From 7e786544084548da7fcfcd9090d3c4e7f5777f7e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Guido Draheim <guidod@gmx.de>
|
||||||
|
Date: Mon, 4 Jan 2021 21:50:26 +0100
|
||||||
|
Subject: [PATCH 2/7] #68 return value of zzip_mem_disk_fread is signed
|
||||||
|
|
||||||
|
---
|
||||||
|
bins/unzip-mem.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
|
||||||
|
index cc009f8..50eb5a6 100644
|
||||||
|
--- a/bins/unzip-mem.c
|
||||||
|
+++ b/bins/unzip-mem.c
|
||||||
|
@@ -81,7 +81,7 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk,
|
||||||
|
if (file)
|
||||||
|
{
|
||||||
|
char buffer[1024]; int len;
|
||||||
|
- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
|
||||||
|
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
|
||||||
|
fwrite (buffer, len, 1, out);
|
||||||
|
|
||||||
|
zzip_mem_disk_fclose (file);
|
||||||
|
@@ -115,7 +115,7 @@ static void zzip_mem_entry_test(ZZIP_MEM_DISK* disk,
|
||||||
|
{
|
||||||
|
unsigned long crc = crc32 (0L, NULL, 0);
|
||||||
|
unsigned char buffer[1024]; int len;
|
||||||
|
- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file))) {
|
||||||
|
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file))) {
|
||||||
|
crc = crc32 (crc, buffer, len);
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
||||||
|
|
||||||
|
From d453977f59ca59c61bf59dec28dd724498828f2a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Guido Draheim <guidod@gmx.de>
|
||||||
|
Date: Mon, 4 Jan 2021 21:51:12 +0100
|
||||||
|
Subject: [PATCH 3/7] #68 return value of zzip_entry_fread is signed
|
||||||
|
|
||||||
|
---
|
||||||
|
bins/unzzipcat-big.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/bins/unzzipcat-big.c b/bins/unzzipcat-big.c
|
||||||
|
index 111ef47..ecebe11 100644
|
||||||
|
--- a/bins/unzzipcat-big.c
|
||||||
|
+++ b/bins/unzzipcat-big.c
|
||||||
|
@@ -26,7 +26,7 @@ static void unzzip_big_entry_fprint(ZZIP_ENTRY* entry, FILE* out)
|
||||||
|
if (file)
|
||||||
|
{
|
||||||
|
char buffer[1024]; int len;
|
||||||
|
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||||
|
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||||
|
{
|
||||||
|
DBG2("entry read %i", len);
|
||||||
|
fwrite (buffer, len, 1, out);
|
||||||
|
@@ -45,7 +45,7 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out)
|
||||||
|
if (file)
|
||||||
|
{
|
||||||
|
char buffer[1024]; int len;
|
||||||
|
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||||
|
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||||
|
fwrite (buffer, len, 1, out);
|
||||||
|
|
||||||
|
zzip_entry_fclose (file);
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
||||||
|
|
||||||
|
From 0a9db9ded9d15fbdb63bf5cf451920d0a368c00e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Guido Draheim <guidod@gmx.de>
|
||||||
|
Date: Mon, 4 Jan 2021 21:51:56 +0100
|
||||||
|
Subject: [PATCH 4/7] #68 return value of zzip_mem_disk_fread is signed
|
||||||
|
|
||||||
|
---
|
||||||
|
bins/unzzipcat-mem.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c
|
||||||
|
index 6bd79b7..1b5bc22 100644
|
||||||
|
--- a/bins/unzzipcat-mem.c
|
||||||
|
+++ b/bins/unzzipcat-mem.c
|
||||||
|
@@ -35,7 +35,7 @@ static void unzzip_mem_entry_fprint(ZZIP_MEM_DISK* disk,
|
||||||
|
if (file)
|
||||||
|
{
|
||||||
|
char buffer[1024]; int len;
|
||||||
|
- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
|
||||||
|
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
|
||||||
|
fwrite (buffer, len, 1, out);
|
||||||
|
|
||||||
|
zzip_mem_disk_fclose (file);
|
||||||
|
@@ -48,7 +48,7 @@ static void unzzip_mem_disk_cat_file(ZZIP_MEM_DISK* disk, char* name, FILE* out)
|
||||||
|
if (file)
|
||||||
|
{
|
||||||
|
char buffer[1025]; int len;
|
||||||
|
- while ((len = zzip_mem_disk_fread (buffer, 1, 1024, file)))
|
||||||
|
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1, 1024, file)))
|
||||||
|
{
|
||||||
|
fwrite (buffer, 1, len, out);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
||||||
|
|
||||||
|
From a34a96fbda1e58fbec5c79f4c0b5063e031ce11d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Guido Draheim <guidod@gmx.de>
|
||||||
|
Date: Mon, 4 Jan 2021 21:52:47 +0100
|
||||||
|
Subject: [PATCH 5/7] #68 return value of zzip_fread is signed
|
||||||
|
|
||||||
|
---
|
||||||
|
bins/unzzipcat-mix.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/bins/unzzipcat-mix.c b/bins/unzzipcat-mix.c
|
||||||
|
index e18987d..8f3d0b8 100644
|
||||||
|
--- a/bins/unzzipcat-mix.c
|
||||||
|
+++ b/bins/unzzipcat-mix.c
|
||||||
|
@@ -34,7 +34,7 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
|
||||||
|
if (file)
|
||||||
|
{
|
||||||
|
char buffer[1024]; int len;
|
||||||
|
- while ((len = zzip_fread (buffer, 1, 1024, file)))
|
||||||
|
+ while (0 < (len = zzip_fread (buffer, 1, 1024, file)))
|
||||||
|
{
|
||||||
|
fwrite (buffer, 1, len, out);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
||||||
|
|
||||||
|
From fa1f78abe1b08544061204019016809664f2618c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Guido Draheim <guidod@gmx.de>
|
||||||
|
Date: Mon, 4 Jan 2021 21:53:50 +0100
|
||||||
|
Subject: [PATCH 6/7] #68 return value of zzip_entry_fread is signed
|
||||||
|
|
||||||
|
---
|
||||||
|
bins/unzzipshow.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/bins/unzzipshow.c b/bins/unzzipshow.c
|
||||||
|
index 9d8c2ed..5672d3b 100644
|
||||||
|
--- a/bins/unzzipshow.c
|
||||||
|
+++ b/bins/unzzipshow.c
|
||||||
|
@@ -22,7 +22,7 @@ static void zzip_entry_fprint(ZZIP_ENTRY* entry, FILE* out)
|
||||||
|
if (file)
|
||||||
|
{
|
||||||
|
char buffer[1024]; int len;
|
||||||
|
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||||
|
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||||
|
fwrite (buffer, len, 1, out);
|
||||||
|
|
||||||
|
zzip_entry_fclose (file);
|
||||||
|
@@ -35,7 +35,7 @@ static void zzip_cat_file(FILE* disk, char* name, FILE* out)
|
||||||
|
if (file)
|
||||||
|
{
|
||||||
|
char buffer[1024]; int len;
|
||||||
|
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||||
|
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||||
|
fwrite (buffer, len, 1, out);
|
||||||
|
|
||||||
|
zzip_entry_fclose (file);
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
||||||
|
|
||||||
|
From f7a6fa9f0c29aecb4c2299568ed2e6094c34aca7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Guido Draheim <guidod@gmx.de>
|
||||||
|
Date: Mon, 4 Jan 2021 21:55:08 +0100
|
||||||
|
Subject: [PATCH 7/7] #68 return value of posix read(2) is signed
|
||||||
|
|
||||||
|
---
|
||||||
|
bins/zzipmake-zip.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/bins/zzipmake-zip.c b/bins/zzipmake-zip.c
|
||||||
|
index 8e09c31..b37877c 100644
|
||||||
|
--- a/bins/zzipmake-zip.c
|
||||||
|
+++ b/bins/zzipmake-zip.c
|
||||||
|
@@ -57,7 +57,7 @@ int rezzip_make (int argc, char ** argv)
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
- while ((n = read (input, buf, 16)))
|
||||||
|
+ while (0 < (n = read (input, buf, 16)))
|
||||||
|
{
|
||||||
|
zzip_write (output, buf, n);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: Lightweight library to easily extract data from zip files
|
Summary: Lightweight library to easily extract data from zip files
|
||||||
Name: zziplib
|
Name: zziplib
|
||||||
Version: 0.13.68
|
Version: 0.13.68
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
License: LGPLv2+ or MPLv1.1
|
License: LGPLv2+ or MPLv1.1
|
||||||
Group: Applications/Archiving
|
Group: Applications/Archiving
|
||||||
URL: http://zziplib.sourceforge.net/
|
URL: http://zziplib.sourceforge.net/
|
||||||
@ -25,6 +25,8 @@ Patch9: CVE-2018-16548.part3.patch
|
|||||||
Patch10: CVE-2018-17828.patch
|
Patch10: CVE-2018-17828.patch
|
||||||
Patch11: CVE-2018-17828-singlez.patch
|
Patch11: CVE-2018-17828-singlez.patch
|
||||||
|
|
||||||
|
Patch12: CVE-2020-18442.patch
|
||||||
|
|
||||||
BuildRequires: perl-interpreter
|
BuildRequires: perl-interpreter
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel
|
||||||
BuildRequires: python3-six
|
BuildRequires: python3-six
|
||||||
@ -89,6 +91,7 @@ zziplib library.
|
|||||||
%patch9 -p1
|
%patch9 -p1
|
||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
%patch11 -p1
|
%patch11 -p1
|
||||||
|
%patch12 -p1
|
||||||
|
|
||||||
pathfix.py -i %{__python3} -pn docs
|
pathfix.py -i %{__python3} -pn docs
|
||||||
|
|
||||||
@ -140,6 +143,10 @@ make install DESTDIR=%{buildroot}
|
|||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Aug 02 2021 Jakub Martisko <jamartis@redhat.com> - 0.13.68-9
|
||||||
|
- Fix CVE-2020-18442
|
||||||
|
- Resolves: CVE-2020-18442
|
||||||
|
|
||||||
* Tue Oct 16 2018 Jakub Martisko <jamartis@redhat.com> - 0.13.68-8
|
* Tue Oct 16 2018 Jakub Martisko <jamartis@redhat.com> - 0.13.68-8
|
||||||
- Fix CVE-2018-17828 in the "single z" binaries
|
- Fix CVE-2018-17828 in the "single z" binaries
|
||||||
- Resolves: #1772447
|
- Resolves: #1772447
|
||||||
|
Loading…
Reference in New Issue
Block a user