2 changed files with 2 additions and 46 deletions
--- a/SOURCES/CVE-2020-18770.patch
+++ b/SOURCES/CVE-2020-18770.patch
@ -1,23 +0,0 @@
 From 803f49aaae16b7f2899e4769afdfc673a21fa9e8 Mon Sep 17 00:00:00 2001
 From: Guido Draheim <guidod@gmx.de>
 Date: Mon, 26 Feb 2024 23:17:12 +0100
 Subject: [PATCH] #69 assert full zzip_file_header
 ---
 zzip/mmapped.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/zzip/mmapped.c b/zzip/mmapped.c
 index 2071882..306ba51 100644
 --- a/zzip/mmapped.c
 +++ b/zzip/mmapped.c
@@ -276,7 +276,8 @@ struct zzip_file_header *
 zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
 {
     zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry);
 -    if (disk->buffer > ptr || ptr >= disk->endbuf)
 +    zzip_byte_t *const end = ptr + sizeof(struct zzip_file_header);
 +    if (disk->buffer > ptr || end >= disk->endbuf || end <= NULL)
     {
         errno = EBADMSG;
         return 0;
--- a/SPECS/zziplib.spec
+++ b/SPECS/zziplib.spec
@ -1,7 +1,7 @@
 Summary: Lightweight library to easily extract data from zip files
 Name: zziplib
 Version: 0.13.68
-Release: 13%{?dist}
+Release: 9%{?dist}
 License: LGPLv2+ or MPLv1.1
 Group: Applications/Archiving
 URL: http://zziplib.sourceforge.net/
@ -26,7 +26,6 @@ Patch10: CVE-2018-17828.patch
 Patch11: CVE-2018-17828-singlez.patch
 Patch12: CVE-2020-18442.patch
 Patch13: CVE-2020-18770.patch
 BuildRequires: perl-interpreter
 BuildRequires: python3-devel
@ -93,7 +92,6 @@ zziplib library.
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
 pathfix.py -i %{__python3} -pn docs
@ -103,9 +101,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
    --disable-static \
    --enable-sdl \
    --enable-frame-pointer \
-    --enable-builddir=_builddir \
+    --enable-builddir=_builddir
    ac_cv_path_PYTHON=%__python3
 # Remove rpath on 64bit archs
 sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' */libtool
 sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool
@ -147,23 +143,6 @@ make install DESTDIR=%{buildroot}
 %{_mandir}/man3/*
 %changelog
 * Wed Feb 28 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.68-13
 - Fix CVE-2020-18770
  Previous patch contained segfault bug
  Resolves: RHEL-14966
 * Tue Feb 06 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.68-12
 - Add the gating tests from the 8.8.0 branch
  Resolves: RHEL-24429
 * Sat Jan 27 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.68-11
 - Use %__python3 macro during the config phase (used for doc generation)
  Resolves: RHEL-22880
 * Wed Jan 24 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.68-10
 - Fix CVE-2020-18770
  Resolves: RHEL-14966
 * Mon Aug 02 2021 Jakub Martisko <jamartis@redhat.com> - 0.13.68-9
 - Fix CVE-2020-18442
 - Resolves: CVE-2020-18442