!49 fix CVE-2024-39134

From: @baiguoguo 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen

backport-0008-fix-CVE-2024-39134.patch

@@ -0,0 +1,45 @@
+From 2a84ae73e93b0c1f4f12f2c58104f8327d10e41b Mon Sep 17 00:00:00 2001
+From: vlefebvre <valentin.lefebvre@suse.com>
+Date: Wed, 7 Aug 2024 11:10:05 +0200
+Subject: [PATCH] fetch_disk_trailer: Don't truncate the size verif
+Reference:https://github.com/gdraheim/zziplib/commit/2a84ae73e93b0c1f4f12f2c58104f8327d10e41b
+
+* We must check if the tail obtained have the size of the zzip_disk_trailer
+  struct. end - tail should be at least >= of the size but not size - 2.
+  Where truncated by 2 was good for pre-C99 compilers.
+* Fix gdraheim#165
+
+---
+ zzip/zip.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/zzip/zip.c b/zzip/zip.c
+index f97a40a..6d9c041 100644
+--- a/zzip/zip.c
++++ b/zzip/zip.c
+@@ -292,7 +292,7 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
+             for (tail = end - 1; (tail >= mapped); tail--)
+             {
+                 if ((*tail == 'P') &&   /* quick pre-check for trailer magic */
+-                    end - tail >= __sizeof(struct zzip_disk_trailer) - 2 &&
++                    end - tail >= __sizeof(struct zzip_disk_trailer) &&
+                     zzip_disk_trailer_check_magic(tail))
+                 {
+ #                  ifndef ZZIP_DISK64_TRAILER
+@@ -328,10 +328,9 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
+ 		    if (trailer->zz_rootseek >= filesize || (trailer->zz_rootseek + trailer->zz_rootsize) >= filesize)
+ 		        return(ZZIP_CORRUPTED);
+                     { return(0); }
+-                } else if ((*tail == 'P') &&
+-                           end - tail >=
+-                           __sizeof(struct zzip_disk64_trailer) - 2
+-                           && zzip_disk64_trailer_check_magic(tail))
++                } 
++                else if ((*tail == 'P') && end - tail >= __sizeof(struct zzip_disk64_trailer) &&
++                           zzip_disk64_trailer_check_magic(tail))
+                 {
+ #                  ifndef ZZIP_DISK64_TRAILER
+                     return (ZZIP_DIR_LARGEFILE);
+-- 
+2.27.0
+

backport-CVE-2020-18770.patch

@@ -0,0 +1,23 @@
+From 803f49aaae16b7f2899e4769afdfc673a21fa9e8 Mon Sep 17 00:00:00 2001
+From: Guido Draheim <guidod@gmx.de>
+Date: Mon, 26 Feb 2024 23:17:12 +0100
+Subject: [PATCH] #69 assert full zzip_file_header
+
+---
+ zzip/mmapped.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/zzip/mmapped.c b/zzip/mmapped.c
+index 2071882..306ba51 100644
+--- a/zzip/mmapped.c
++++ b/zzip/mmapped.c
+@@ -276,7 +276,8 @@ struct zzip_file_header *
+ zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
+ {
+     zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry);
+-    if (disk->buffer > ptr || ptr >= disk->endbuf)
++    zzip_byte_t *const end = ptr + sizeof(struct zzip_file_header);
++    if (disk->buffer > ptr || end >= disk->endbuf || end <= NULL)
+     {
+         errno = EBADMSG;
+         return 0;

zziplib.spec

@@ -4,7 +4,7 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool
 
 Name:            zziplib
 Version:         0.13.69
-Release:         8
+Release:         12
 Summary:         Lightweight library for zip compression
 License:         LGPLv2+ or MPLv1.1
 URL:             http://zziplib.sourceforge.net
@@ -21,6 +21,8 @@ Patch6007:       backport-0004-CVE-2020-18442.patch
 Patch6008:       backport-0005-CVE-2020-18442.patch
 Patch6009:       backport-0006-CVE-2020-18442.patch
 Patch6010:       backport-0007-CVE-2020-18442.patch
+Patch6011:       backport-CVE-2020-18770.patch
+Patch6012:       backport-0008-fix-CVE-2024-39134.patch
 
 BuildRequires:   perl-interpreter python2 python2-rpm-macros zip xmlto
 BuildRequires:   zlib-devel SDL-devel pkgconfig autoconf automake gcc make
@@ -66,6 +68,8 @@ This package includes help documentation and manuals related to zziplib.
 %patch6008 -p1
 %patch6009 -p1
 %patch6010 -p1
+%patch6011 -p1
+%patch6012 -p1
 
 find . -name '*.py' | xargs sed -i 's@#! /usr/bin/python@#! %__python2@g;s@#! /usr/bin/env python@#! %__python2@g'
 
@@ -101,23 +105,35 @@ export PYTHON=%__python2
 %{_mandir}/man3/*
 
 %changelog
-- Fri Jun 25 2021 shixuantong <shixuantong@huawei.com> - 0.13.36-8
+* Fri Aug 09 2024 baiguo <baiguo@kylinos.cn> - 0.13.69-12
+- fix CVE-2024-39134
+
+* Thu May 09 2024 liweigang <liweiganga@uniontech.com> - 0.13.69-11
+- sync upstream patch for modify patch6011
+
+* Tue Dec 05 2023 wangshuo <wangshuo@kylinos.cn> - 0.13.69-10
+- Modify bad version in changelog
+
+* Thu Sep 28 2023 licihua <licihua@huawei.com> - 0.13.69-9
+- fix CVE-2020-18770
+
+* Fri Jun 25 2021 shixuantong <shixuantong@huawei.com> - 0.13.69-8
 - fix CVE-2020-18442
 
-* Fri Nov 13 2020 shixuantong <shixuantong@huawei.com> - 0.13.36-7
+* Fri Nov 13 2020 shixuantong <shixuantong@huawei.com> - 0.13.69-7
 - Change the installation dependency on the help package from requires to recommends 
 
-* Fri Nov 6 2020 shixuantong <shixuantong@huawei.com> - 0.13.36-6
+* Fri Nov 6 2020 shixuantong <shixuantong@huawei.com> - 0.13.69-6
 - Adding help package to the installation dependency of the main package
 
-* Fri Feb 14 2020 chengquan <chengquan3@huawei.com> - 0.13.36-5
+* Fri Feb 14 2020 chengquan <chengquan3@huawei.com> - 0.13.69-5
 - Add necessary BuildRequires
 
-* Thu Jan 9 2020 BruceGW <gyl93216@163.com> - 0.13.36-4
+* Thu Jan 9 2020 BruceGW <gyl93216@163.com> - 0.13.69-4
 - Delete useless patch
 
-* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.13.36-3
+* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.13.69-3
 - Fix CVE-2018-16548 and CVE-2018-17828
 
-* Thu Sep 12 2019 dongjian <dongjian13@huawei.com> 0.13.36-2
+* Thu Sep 12 2019 dongjian <dongjian13@huawei.com> 0.13.69-2
 - Modification summary