Compare commits
No commits in common. "c8" and "c8s" have entirely different histories.
|
@ -1,23 +0,0 @@
|
||||||
From 803f49aaae16b7f2899e4769afdfc673a21fa9e8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Guido Draheim <guidod@gmx.de>
|
|
||||||
Date: Mon, 26 Feb 2024 23:17:12 +0100
|
|
||||||
Subject: [PATCH] #69 assert full zzip_file_header
|
|
||||||
|
|
||||||
---
|
|
||||||
zzip/mmapped.c | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/zzip/mmapped.c b/zzip/mmapped.c
|
|
||||||
index 2071882..306ba51 100644
|
|
||||||
--- a/zzip/mmapped.c
|
|
||||||
+++ b/zzip/mmapped.c
|
|
||||||
@@ -276,7 +276,8 @@ struct zzip_file_header *
|
|
||||||
zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
|
|
||||||
{
|
|
||||||
zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry);
|
|
||||||
- if (disk->buffer > ptr || ptr >= disk->endbuf)
|
|
||||||
+ zzip_byte_t *const end = ptr + sizeof(struct zzip_file_header);
|
|
||||||
+ if (disk->buffer > ptr || end >= disk->endbuf || end <= NULL)
|
|
||||||
{
|
|
||||||
errno = EBADMSG;
|
|
||||||
return 0;
|
|
|
@ -1,7 +1,7 @@
|
||||||
Summary: Lightweight library to easily extract data from zip files
|
Summary: Lightweight library to easily extract data from zip files
|
||||||
Name: zziplib
|
Name: zziplib
|
||||||
Version: 0.13.68
|
Version: 0.13.68
|
||||||
Release: 13%{?dist}
|
Release: 9%{?dist}
|
||||||
License: LGPLv2+ or MPLv1.1
|
License: LGPLv2+ or MPLv1.1
|
||||||
Group: Applications/Archiving
|
Group: Applications/Archiving
|
||||||
URL: http://zziplib.sourceforge.net/
|
URL: http://zziplib.sourceforge.net/
|
||||||
|
@ -26,7 +26,6 @@ Patch10: CVE-2018-17828.patch
|
||||||
Patch11: CVE-2018-17828-singlez.patch
|
Patch11: CVE-2018-17828-singlez.patch
|
||||||
|
|
||||||
Patch12: CVE-2020-18442.patch
|
Patch12: CVE-2020-18442.patch
|
||||||
Patch13: CVE-2020-18770.patch
|
|
||||||
|
|
||||||
BuildRequires: perl-interpreter
|
BuildRequires: perl-interpreter
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel
|
||||||
|
@ -93,7 +92,6 @@ zziplib library.
|
||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
%patch11 -p1
|
%patch11 -p1
|
||||||
%patch12 -p1
|
%patch12 -p1
|
||||||
%patch13 -p1
|
|
||||||
|
|
||||||
pathfix.py -i %{__python3} -pn docs
|
pathfix.py -i %{__python3} -pn docs
|
||||||
|
|
||||||
|
@ -103,9 +101,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
|
||||||
--disable-static \
|
--disable-static \
|
||||||
--enable-sdl \
|
--enable-sdl \
|
||||||
--enable-frame-pointer \
|
--enable-frame-pointer \
|
||||||
--enable-builddir=_builddir \
|
--enable-builddir=_builddir
|
||||||
ac_cv_path_PYTHON=%__python3
|
|
||||||
|
|
||||||
# Remove rpath on 64bit archs
|
# Remove rpath on 64bit archs
|
||||||
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' */libtool
|
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' */libtool
|
||||||
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool
|
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool
|
||||||
|
@ -147,23 +143,6 @@ make install DESTDIR=%{buildroot}
|
||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Feb 28 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.68-13
|
|
||||||
- Fix CVE-2020-18770
|
|
||||||
Previous patch contained segfault bug
|
|
||||||
Resolves: RHEL-14966
|
|
||||||
|
|
||||||
* Tue Feb 06 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.68-12
|
|
||||||
- Add the gating tests from the 8.8.0 branch
|
|
||||||
Resolves: RHEL-24429
|
|
||||||
|
|
||||||
* Sat Jan 27 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.68-11
|
|
||||||
- Use %__python3 macro during the config phase (used for doc generation)
|
|
||||||
Resolves: RHEL-22880
|
|
||||||
|
|
||||||
* Wed Jan 24 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.68-10
|
|
||||||
- Fix CVE-2020-18770
|
|
||||||
Resolves: RHEL-14966
|
|
||||||
|
|
||||||
* Mon Aug 02 2021 Jakub Martisko <jamartis@redhat.com> - 0.13.68-9
|
* Mon Aug 02 2021 Jakub Martisko <jamartis@redhat.com> - 0.13.68-9
|
||||||
- Fix CVE-2020-18442
|
- Fix CVE-2020-18442
|
||||||
- Resolves: CVE-2020-18442
|
- Resolves: CVE-2020-18442
|
||||||
|
|
Loading…
Reference in New Issue