Fix CVE 2018-6381

.gitignore

@@ -2,3 +2,4 @@ zziplib-0.13.49.tar.bz2
 /zziplib-0.13.59.tar.bz2
 /zziplib-0.13.60.tar.bz2
 /zziplib-0.13.62.tar.bz2
+/v0.13.67.tar.gz

sources

@@ -1 +1 @@
-5fe874946390f939ee8f4abe9624b96c  zziplib-0.13.62.tar.bz2
+SHA512 (v0.13.67.tar.gz) = a34b801a18a2051aa3898a572508ffd327521b69878413af679b10f6a68b37e770651884ae611bf9c01ce14013c6a1e06adeadd3ef6219d4b9278f1b9e7a6459

zziplib-0.13.67-CVE-2018-6381.patch

@@ -0,0 +1,28 @@
+From a803559fa9194be895422ba3684cf6309b6bb598 Mon Sep 17 00:00:00 2001
+From: Guido Draheim <guidod@gmx.de>
+Date: Thu, 1 Feb 2018 12:27:49 +0100
+Subject: [PATCH] merge CVE-2018-6381.patch from @jmoellers #12
+
+---
+ zzip/memdisk.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/zzip/memdisk.c b/zzip/memdisk.c
+index cab883b..a85dab0 100644
+--- a/zzip/memdisk.c
++++ b/zzip/memdisk.c
+@@ -210,6 +210,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZIP_DISK_ENTRY * entry)
+     item->zz_diskstart = zzip_disk_entry_get_diskstart(entry);
+     item->zz_filetype = zzip_disk_entry_get_filetype(entry);
+ 
++    /*
++     * If the file is uncompressed, zz_csize and zz_usize should be the same
++     * If they are not, we cannot guarantee that either is correct, so ...
++     */
++    if (item->zz_compr == ZZIP_IS_STORED && item->zz_csize != item->zz_usize)
++    {
++        goto error;
++    }
+     /* zz_comment and zz_name are empty strings if not present on disk */
+     if (! item->zz_comment || ! item->zz_name)
+     {

zziplib-0.13.67-multilib.patch

@@ -1,6 +1,6 @@
-diff -Naupr zziplib-0.13.59.orig/zzip/_config.h zziplib-0.13.59/zzip/_config.h
+diff -up ./x86_64-redhat-linux-gnu/zzip/_config.h.orig ./x86_64-redhat-linux-gnu/zzip/_config.h
---- zziplib-0.13.59.orig/zzip/_config.h	2010-02-14 22:29:34.000000000 +0100
+--- ./x86_64-redhat-linux-gnu/zzip/_config.h.orig	2018-02-01 22:13:36.593910695 +0200
-+++ zziplib-0.13.59/zzip/_config.h	2010-12-04 16:22:19.809534085 +0100
++++ ./x86_64-redhat-linux-gnu/zzip/_config.h	2018-02-01 22:15:40.341476130 +0200
 @@ -133,7 +133,11 @@
  
  /* whether the system defaults to 32bit off_t but can do 64bit when requested
@@ -14,7 +14,7 @@ diff -Naupr zziplib-0.13.59.orig/zzip/_config.h zziplib-0.13.59/zzip/_config.h
  
  /* Define to the sub-directory in which libtool stores uninstalled libraries.
     */
-@@ -178,8 +181,12 @@
+@@ -183,8 +187,12 @@
  
  /* The number of bytes in type long */
  #ifndef ZZIP_SIZEOF_LONG 
@@ -27,7 +27,7 @@ diff -Naupr zziplib-0.13.59.orig/zzip/_config.h zziplib-0.13.59/zzip/_config.h
  
  /* The number of bytes in type short */
  #ifndef ZZIP_SIZEOF_SHORT 
-@@ -209,7 +216,11 @@
+@@ -219,7 +227,11 @@
  #endif
  
  /* Number of bits in a file offset, on hosts where this is settable. */

zziplib.spec

@@ -6,7 +6,8 @@ License: LGPLv2+ or MPLv1.1
 Group: Applications/Archiving
 URL: http://zziplib.sourceforge.net/
 Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz
-Patch0: zziplib-0.13.59-multilib.patch
+Patch0: zziplib-0.13.67-CVE-2018-6381.patch
+Patch1: zziplib-0.13.67-multilib.patch
 BuildRequires: perl-interpreter
 BuildRequires: python
 BuildRequires: zip
@@ -59,8 +60,6 @@ zziplib library.
 %prep
 %setup -q
 %patch0 -p1
-# Save the common patched _config.h file to overwrite the generated one
-cp -a zzip/_config.h _config.h
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
@@ -71,13 +70,15 @@ export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
 # Remove rpath on 64bit archs
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' */libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool
+cd %{_host}
+%apply_patch %{PATCH1} -p2
+cd ..
+
 %{__make} %{?_smp_mflags}
 
+
 %install
 make install DESTDIR=%{buildroot}
-# Overwrite the platform specific _config.h with our own modified common one
-rm -f %{buildroot}%{_includedir}/zzip/_config.h
-install -p -m 0644 _config.h %{buildroot}%{_includedir}/zzip/_config.h
 
 %post -p /sbin/ldconfig