packages/zziplib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2024-39134

Browse Source
This commit is contained in:
baiguo 2024-08-09 16:10:22 +08:00
parent 8b675c25da
commit 4cdc7d3330
2 changed files with 51 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
backport-0008-fix-CVE-2024-39134.patch Normal file
View File

@ -0,0 +1,45 @@
From 2a84ae73e93b0c1f4f12f2c58104f8327d10e41b Mon Sep 17 00:00:00 2001
From: vlefebvre <valentin.lefebvre@suse.com>
Date: Wed, 7 Aug 2024 11:10:05 +0200
Subject: [PATCH] fetch_disk_trailer: Don't truncate the size verif
Reference:https://github.com/gdraheim/zziplib/commit/2a84ae73e93b0c1f4f12f2c58104f8327d10e41b
* We must check if the tail obtained have the size of the zzip_disk_trailer
struct. end - tail should be at least >= of the size but not size - 2.
Where truncated by 2 was good for pre-C99 compilers.
* Fix gdraheim#165
---
zzip/zip.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/zzip/zip.c b/zzip/zip.c
index f97a40a..6d9c041 100644
--- a/zzip/zip.c
+++ b/zzip/zip.c
@@ -292,7 +292,7 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
for (tail = end - 1; (tail >= mapped); tail--)
{
if ((*tail == 'P') && /* quick pre-check for trailer magic */
- end - tail >= __sizeof(struct zzip_disk_trailer) - 2 &&
+ end - tail >= __sizeof(struct zzip_disk_trailer) &&
zzip_disk_trailer_check_magic(tail))
{
# ifndef ZZIP_DISK64_TRAILER
@@ -328,10 +328,9 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
if (trailer->zz_rootseek >= filesize || (trailer->zz_rootseek + trailer->zz_rootsize) >= filesize)
return(ZZIP_CORRUPTED);
{ return(0); }
- } else if ((*tail == 'P') &&
- end - tail >=
- __sizeof(struct zzip_disk64_trailer) - 2
- && zzip_disk64_trailer_check_magic(tail))
+ }
+ else if ((*tail == 'P') && end - tail >= __sizeof(struct zzip_disk64_trailer) &&
+ zzip_disk64_trailer_check_magic(tail))
{
# ifndef ZZIP_DISK64_TRAILER
return (ZZIP_DIR_LARGEFILE);
--
2.27.0

7
zziplib.spec
View File

@ -4,7 +4,7 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool
Name: zziplib Name: zziplib
Version: 0.13.69 Version: 0.13.69
Release: 11 Release: 12
Summary: Lightweight library for zip compression Summary: Lightweight library for zip compression
License: LGPLv2+ or MPLv1.1 License: LGPLv2+ or MPLv1.1
URL: http://zziplib.sourceforge.net URL: http://zziplib.sourceforge.net
@ -22,6 +22,7 @@ Patch6008: backport-0005-CVE-2020-18442.patch
Patch6009: backport-0006-CVE-2020-18442.patch Patch6009: backport-0006-CVE-2020-18442.patch
Patch6010: backport-0007-CVE-2020-18442.patch Patch6010: backport-0007-CVE-2020-18442.patch
Patch6011: backport-CVE-2020-18770.patch Patch6011: backport-CVE-2020-18770.patch
Patch6012: backport-0008-fix-CVE-2024-39134.patch
BuildRequires: perl-interpreter python2 python2-rpm-macros zip xmlto BuildRequires: perl-interpreter python2 python2-rpm-macros zip xmlto
BuildRequires: zlib-devel SDL-devel pkgconfig autoconf automake gcc make BuildRequires: zlib-devel SDL-devel pkgconfig autoconf automake gcc make
@ -68,6 +69,7 @@ This package includes help documentation and manuals related to zziplib.
%patch6009 -p1 %patch6009 -p1
%patch6010 -p1 %patch6010 -p1
%patch6011 -p1 %patch6011 -p1
%patch6012 -p1
find . -name '*.py' | xargs sed -i 's@#! /usr/bin/python@#! %__python2@g;s@#! /usr/bin/env python@#! %__python2@g' find . -name '*.py' | xargs sed -i 's@#! /usr/bin/python@#! %__python2@g;s@#! /usr/bin/env python@#! %__python2@g'
@ -103,6 +105,9 @@ export PYTHON=%__python2
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Fri Aug 09 2024 baiguo <baiguo@kylinos.cn> - 0.13.69-12
- fix CVE-2024-39134
* Thu May 09 2024 liweigang <liweiganga@uniontech.com> - 0.13.69-11 * Thu May 09 2024 liweigang <liweiganga@uniontech.com> - 0.13.69-11
- sync upstream patch for modify patch6011 - sync upstream patch for modify patch6011