Compare commits
3 Commits
imports/c8
...
c8
Author | SHA1 | Date | |
---|---|---|---|
dafc59baf0 | |||
|
936732df47 | ||
|
c0a6678c14 |
59
SOURCES/CVE-2018-17828-singlez.patch
Normal file
59
SOURCES/CVE-2018-17828-singlez.patch
Normal file
@ -0,0 +1,59 @@
|
||||
diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
|
||||
index c45cb72..ff564a5 100644
|
||||
--- a/bins/unzip-mem.c
|
||||
+++ b/bins/unzip-mem.c
|
||||
@@ -88,10 +88,53 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk,
|
||||
}
|
||||
}
|
||||
|
||||
+
|
||||
+
|
||||
+
|
||||
+static inline void
|
||||
+remove_dotdotslash(char *path)
|
||||
+{
|
||||
+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
|
||||
+ char *dotdotslash;
|
||||
+ int warned = 0;
|
||||
+
|
||||
+ dotdotslash = path;
|
||||
+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
|
||||
+ {
|
||||
+ /*
|
||||
+ * Remove only if at the beginning of the pathname ("../path/name")
|
||||
+ * or when preceded by a slash ("path/../name"),
|
||||
+ * otherwise not ("path../name..")!
|
||||
+ */
|
||||
+ if (dotdotslash == path || dotdotslash[-1] == '/')
|
||||
+ {
|
||||
+ char *src, *dst;
|
||||
+ if (!warned)
|
||||
+ {
|
||||
+ /* Note: the first time through the pathname is still intact */
|
||||
+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
|
||||
+ warned = 1;
|
||||
+ }
|
||||
+ /* We cannot use strcpy(), as there "The strings may not overlap" */
|
||||
+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
|
||||
+ ;
|
||||
+ }
|
||||
+ else
|
||||
+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
static void zzip_mem_entry_make(ZZIP_MEM_DISK* disk,
|
||||
ZZIP_MEM_ENTRY* entry)
|
||||
{
|
||||
- FILE* file = fopen (entry->zz_name, "w");
|
||||
+ char name_stripped[PATH_MAX+1];
|
||||
+ FILE* file;
|
||||
+
|
||||
+ strncpy(name_stripped, entry->zz_name, PATH_MAX);
|
||||
+ name_stripped[PATH_MAX]='\0';
|
||||
+ remove_dotdotslash(name_stripped);
|
||||
+
|
||||
+ file = fopen (name_stripped, "wb");
|
||||
if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); }
|
||||
perror (entry->zz_name);
|
||||
if (status < EXIT_WARNINGS) status = EXIT_WARNINGS;
|
218
SOURCES/CVE-2020-18442.patch
Normal file
218
SOURCES/CVE-2020-18442.patch
Normal file
@ -0,0 +1,218 @@
|
||||
From ac9ae39ef419e9f0f83da1e583314d8c7cda34a6 Mon Sep 17 00:00:00 2001
|
||||
From: Guido Draheim <guidod@gmx.de>
|
||||
Date: Mon, 4 Jan 2021 21:48:45 +0100
|
||||
Subject: [PATCH 1/7] #68 ssize_t return value of zzip_file_read is a signed
|
||||
value being possibly -1
|
||||
|
||||
---
|
||||
bins/unzzipcat-zip.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/bins/unzzipcat-zip.c b/bins/unzzipcat-zip.c
|
||||
index dd78c2b..385aeaf 100644
|
||||
--- a/bins/unzzipcat-zip.c
|
||||
+++ b/bins/unzzipcat-zip.c
|
||||
@@ -34,7 +34,7 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
|
||||
if (file)
|
||||
{
|
||||
char buffer[1024]; int len;
|
||||
- while ((len = zzip_file_read (file, buffer, 1024)))
|
||||
+ while (0 < (len = zzip_file_read (file, buffer, 1024)))
|
||||
{
|
||||
fwrite (buffer, 1, len, out);
|
||||
}
|
||||
--
|
||||
2.32.0
|
||||
|
||||
|
||||
From 7e786544084548da7fcfcd9090d3c4e7f5777f7e Mon Sep 17 00:00:00 2001
|
||||
From: Guido Draheim <guidod@gmx.de>
|
||||
Date: Mon, 4 Jan 2021 21:50:26 +0100
|
||||
Subject: [PATCH 2/7] #68 return value of zzip_mem_disk_fread is signed
|
||||
|
||||
---
|
||||
bins/unzip-mem.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
|
||||
index cc009f8..50eb5a6 100644
|
||||
--- a/bins/unzip-mem.c
|
||||
+++ b/bins/unzip-mem.c
|
||||
@@ -81,7 +81,7 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk,
|
||||
if (file)
|
||||
{
|
||||
char buffer[1024]; int len;
|
||||
- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
|
||||
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
|
||||
fwrite (buffer, len, 1, out);
|
||||
|
||||
zzip_mem_disk_fclose (file);
|
||||
@@ -115,7 +115,7 @@ static void zzip_mem_entry_test(ZZIP_MEM_DISK* disk,
|
||||
{
|
||||
unsigned long crc = crc32 (0L, NULL, 0);
|
||||
unsigned char buffer[1024]; int len;
|
||||
- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file))) {
|
||||
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file))) {
|
||||
crc = crc32 (crc, buffer, len);
|
||||
}
|
||||
|
||||
--
|
||||
2.32.0
|
||||
|
||||
|
||||
From d453977f59ca59c61bf59dec28dd724498828f2a Mon Sep 17 00:00:00 2001
|
||||
From: Guido Draheim <guidod@gmx.de>
|
||||
Date: Mon, 4 Jan 2021 21:51:12 +0100
|
||||
Subject: [PATCH 3/7] #68 return value of zzip_entry_fread is signed
|
||||
|
||||
---
|
||||
bins/unzzipcat-big.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/bins/unzzipcat-big.c b/bins/unzzipcat-big.c
|
||||
index 111ef47..ecebe11 100644
|
||||
--- a/bins/unzzipcat-big.c
|
||||
+++ b/bins/unzzipcat-big.c
|
||||
@@ -26,7 +26,7 @@ static void unzzip_big_entry_fprint(ZZIP_ENTRY* entry, FILE* out)
|
||||
if (file)
|
||||
{
|
||||
char buffer[1024]; int len;
|
||||
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||
{
|
||||
DBG2("entry read %i", len);
|
||||
fwrite (buffer, len, 1, out);
|
||||
@@ -45,7 +45,7 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out)
|
||||
if (file)
|
||||
{
|
||||
char buffer[1024]; int len;
|
||||
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||
fwrite (buffer, len, 1, out);
|
||||
|
||||
zzip_entry_fclose (file);
|
||||
--
|
||||
2.32.0
|
||||
|
||||
|
||||
From 0a9db9ded9d15fbdb63bf5cf451920d0a368c00e Mon Sep 17 00:00:00 2001
|
||||
From: Guido Draheim <guidod@gmx.de>
|
||||
Date: Mon, 4 Jan 2021 21:51:56 +0100
|
||||
Subject: [PATCH 4/7] #68 return value of zzip_mem_disk_fread is signed
|
||||
|
||||
---
|
||||
bins/unzzipcat-mem.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c
|
||||
index 6bd79b7..1b5bc22 100644
|
||||
--- a/bins/unzzipcat-mem.c
|
||||
+++ b/bins/unzzipcat-mem.c
|
||||
@@ -35,7 +35,7 @@ static void unzzip_mem_entry_fprint(ZZIP_MEM_DISK* disk,
|
||||
if (file)
|
||||
{
|
||||
char buffer[1024]; int len;
|
||||
- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
|
||||
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
|
||||
fwrite (buffer, len, 1, out);
|
||||
|
||||
zzip_mem_disk_fclose (file);
|
||||
@@ -48,7 +48,7 @@ static void unzzip_mem_disk_cat_file(ZZIP_MEM_DISK* disk, char* name, FILE* out)
|
||||
if (file)
|
||||
{
|
||||
char buffer[1025]; int len;
|
||||
- while ((len = zzip_mem_disk_fread (buffer, 1, 1024, file)))
|
||||
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1, 1024, file)))
|
||||
{
|
||||
fwrite (buffer, 1, len, out);
|
||||
}
|
||||
--
|
||||
2.32.0
|
||||
|
||||
|
||||
From a34a96fbda1e58fbec5c79f4c0b5063e031ce11d Mon Sep 17 00:00:00 2001
|
||||
From: Guido Draheim <guidod@gmx.de>
|
||||
Date: Mon, 4 Jan 2021 21:52:47 +0100
|
||||
Subject: [PATCH 5/7] #68 return value of zzip_fread is signed
|
||||
|
||||
---
|
||||
bins/unzzipcat-mix.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/bins/unzzipcat-mix.c b/bins/unzzipcat-mix.c
|
||||
index e18987d..8f3d0b8 100644
|
||||
--- a/bins/unzzipcat-mix.c
|
||||
+++ b/bins/unzzipcat-mix.c
|
||||
@@ -34,7 +34,7 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
|
||||
if (file)
|
||||
{
|
||||
char buffer[1024]; int len;
|
||||
- while ((len = zzip_fread (buffer, 1, 1024, file)))
|
||||
+ while (0 < (len = zzip_fread (buffer, 1, 1024, file)))
|
||||
{
|
||||
fwrite (buffer, 1, len, out);
|
||||
}
|
||||
--
|
||||
2.32.0
|
||||
|
||||
|
||||
From fa1f78abe1b08544061204019016809664f2618c Mon Sep 17 00:00:00 2001
|
||||
From: Guido Draheim <guidod@gmx.de>
|
||||
Date: Mon, 4 Jan 2021 21:53:50 +0100
|
||||
Subject: [PATCH 6/7] #68 return value of zzip_entry_fread is signed
|
||||
|
||||
---
|
||||
bins/unzzipshow.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/bins/unzzipshow.c b/bins/unzzipshow.c
|
||||
index 9d8c2ed..5672d3b 100644
|
||||
--- a/bins/unzzipshow.c
|
||||
+++ b/bins/unzzipshow.c
|
||||
@@ -22,7 +22,7 @@ static void zzip_entry_fprint(ZZIP_ENTRY* entry, FILE* out)
|
||||
if (file)
|
||||
{
|
||||
char buffer[1024]; int len;
|
||||
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||
fwrite (buffer, len, 1, out);
|
||||
|
||||
zzip_entry_fclose (file);
|
||||
@@ -35,7 +35,7 @@ static void zzip_cat_file(FILE* disk, char* name, FILE* out)
|
||||
if (file)
|
||||
{
|
||||
char buffer[1024]; int len;
|
||||
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
|
||||
fwrite (buffer, len, 1, out);
|
||||
|
||||
zzip_entry_fclose (file);
|
||||
--
|
||||
2.32.0
|
||||
|
||||
|
||||
From f7a6fa9f0c29aecb4c2299568ed2e6094c34aca7 Mon Sep 17 00:00:00 2001
|
||||
From: Guido Draheim <guidod@gmx.de>
|
||||
Date: Mon, 4 Jan 2021 21:55:08 +0100
|
||||
Subject: [PATCH 7/7] #68 return value of posix read(2) is signed
|
||||
|
||||
---
|
||||
bins/zzipmake-zip.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/bins/zzipmake-zip.c b/bins/zzipmake-zip.c
|
||||
index 8e09c31..b37877c 100644
|
||||
--- a/bins/zzipmake-zip.c
|
||||
+++ b/bins/zzipmake-zip.c
|
||||
@@ -57,7 +57,7 @@ int rezzip_make (int argc, char ** argv)
|
||||
continue;
|
||||
}
|
||||
|
||||
- while ((n = read (input, buf, 16)))
|
||||
+ while (0 < (n = read (input, buf, 16)))
|
||||
{
|
||||
zzip_write (output, buf, n);
|
||||
}
|
||||
--
|
||||
2.32.0
|
||||
|
23
SOURCES/CVE-2020-18770.patch
Normal file
23
SOURCES/CVE-2020-18770.patch
Normal file
@ -0,0 +1,23 @@
|
||||
From 803f49aaae16b7f2899e4769afdfc673a21fa9e8 Mon Sep 17 00:00:00 2001
|
||||
From: Guido Draheim <guidod@gmx.de>
|
||||
Date: Mon, 26 Feb 2024 23:17:12 +0100
|
||||
Subject: [PATCH] #69 assert full zzip_file_header
|
||||
|
||||
---
|
||||
zzip/mmapped.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/zzip/mmapped.c b/zzip/mmapped.c
|
||||
index 2071882..306ba51 100644
|
||||
--- a/zzip/mmapped.c
|
||||
+++ b/zzip/mmapped.c
|
||||
@@ -276,7 +276,8 @@ struct zzip_file_header *
|
||||
zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
|
||||
{
|
||||
zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry);
|
||||
- if (disk->buffer > ptr || ptr >= disk->endbuf)
|
||||
+ zzip_byte_t *const end = ptr + sizeof(struct zzip_file_header);
|
||||
+ if (disk->buffer > ptr || end >= disk->endbuf || end <= NULL)
|
||||
{
|
||||
errno = EBADMSG;
|
||||
return 0;
|
@ -1,7 +1,7 @@
|
||||
Summary: Lightweight library to easily extract data from zip files
|
||||
Name: zziplib
|
||||
Version: 0.13.68
|
||||
Release: 7%{?dist}
|
||||
Release: 13%{?dist}
|
||||
License: LGPLv2+ or MPLv1.1
|
||||
Group: Applications/Archiving
|
||||
URL: http://zziplib.sourceforge.net/
|
||||
@ -23,6 +23,10 @@ Patch8: CVE-2018-16548.part2.patch
|
||||
Patch9: CVE-2018-16548.part3.patch
|
||||
|
||||
Patch10: CVE-2018-17828.patch
|
||||
Patch11: CVE-2018-17828-singlez.patch
|
||||
|
||||
Patch12: CVE-2020-18442.patch
|
||||
Patch13: CVE-2020-18770.patch
|
||||
|
||||
BuildRequires: perl-interpreter
|
||||
BuildRequires: python3-devel
|
||||
@ -87,6 +91,9 @@ zziplib library.
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
|
||||
pathfix.py -i %{__python3} -pn docs
|
||||
|
||||
@ -96,7 +103,9 @@ export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
|
||||
--disable-static \
|
||||
--enable-sdl \
|
||||
--enable-frame-pointer \
|
||||
--enable-builddir=_builddir
|
||||
--enable-builddir=_builddir \
|
||||
ac_cv_path_PYTHON=%__python3
|
||||
|
||||
# Remove rpath on 64bit archs
|
||||
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' */libtool
|
||||
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool
|
||||
@ -138,6 +147,31 @@ make install DESTDIR=%{buildroot}
|
||||
%{_mandir}/man3/*
|
||||
|
||||
%changelog
|
||||
* Wed Feb 28 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.68-13
|
||||
- Fix CVE-2020-18770
|
||||
Previous patch contained segfault bug
|
||||
Resolves: RHEL-14966
|
||||
|
||||
* Tue Feb 06 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.68-12
|
||||
- Add the gating tests from the 8.8.0 branch
|
||||
Resolves: RHEL-24429
|
||||
|
||||
* Sat Jan 27 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.68-11
|
||||
- Use %__python3 macro during the config phase (used for doc generation)
|
||||
Resolves: RHEL-22880
|
||||
|
||||
* Wed Jan 24 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.68-10
|
||||
- Fix CVE-2020-18770
|
||||
Resolves: RHEL-14966
|
||||
|
||||
* Mon Aug 02 2021 Jakub Martisko <jamartis@redhat.com> - 0.13.68-9
|
||||
- Fix CVE-2020-18442
|
||||
- Resolves: CVE-2020-18442
|
||||
|
||||
* Tue Oct 16 2018 Jakub Martisko <jamartis@redhat.com> - 0.13.68-8
|
||||
- Fix CVE-2018-17828 in the "single z" binaries
|
||||
- Resolves: #1772447
|
||||
|
||||
* Tue Oct 16 2018 Jakub Martisko <jamartis@redhat.com> - 0.13.68-7
|
||||
- Fix CVE-2018-17828
|
||||
- Resolves: #1635890
|
||||
|
Loading…
Reference in New Issue
Block a user