packages/zziplib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:811c698b69e8adc39f954c5a804cc9210c7e9752
Branches Tags
packages:main
...
compare: packages:aca266462ad5312e8569addfae25dfc4ab2cb7e7
Branches Tags
packages:main

10 Commits
811c698b69 ... aca266462a

Author SHA1 Message Date
openeuler-ci-bot
aca266462a
!24 fix CVE-2020-18770 
From: @licihua 
Reviewed-by: @overweight 
Signed-off-by: @overweight
 2023-09-28 01:15:17 +00:00
licihua
0cd19f9aeb fix CVE-2020-18770 2023-09-27 21:32:28 +08:00
openeuler-ci-bot
95ef717c79
!21 [sync] PR-20: 添加sw架构 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2022-11-03 01:44:16 +00:00
wzx
673b9fabc5 Add sw64 architecture 
Signed-off-by: wzx <wuzx1226@qq.com>
(cherry picked from commit f13bbb8d41494fc9b6710e835c82fba214130db3)
 2022-10-31 11:30:37 +08:00
openeuler-ci-bot
b5c54ef35f !15 remove rpath 
From: @tong_1001
Reviewed-by: @overweight
Signed-off-by: @overweight
 2021-09-06 07:41:28 +00:00
shixuantong
ed65f63de1 remove rpath 2021-09-04 18:05:07 +08:00
openeuler-ci-bot
2021077e48 !9 fix CVE-2020-18442 
From: @tong_1001
Reviewed-by: @openeuler-basic
Signed-off-by: @openeuler-basic
 2021-06-25 03:26:53 +00:00
tong_1001
6b963bea56 fix CVE-2020-18442 2021-06-25 09:51:47 +08:00
openeuler-ci-bot
0c5427a1b6 !4 update zziplib and remove python2 
From: @weiwei_150212
Reviewed-by: @xiezhipeng1
Signed-off-by: @xiezhipeng1
 2020-11-05 10:39:24 +08:00
19909236985
615c63830a update zziplib and remove python2 2020-11-03 10:22:48 +08:00
16 changed files with 306 additions and 518 deletions
Show Stats Expand all files Collapse all files

76
CVE-2018-16548-1.patch
View File

@ -1,76 +0,0 @@
From b6ce8a1ca9442f89fae3482921fadc928ecbbb05 Mon Sep 17 00:00:00 2001
From: jmoellers <josef.moellers@suse.com>
Date: Fri, 7 Sep 2018 11:32:04 +0200
Subject: [PATCH 1/3] Avoid memory leak from __zzip_parse_root_directory().
(cherry picked from commit 9411bde3e4a70a81ff3ffd256b71927b2d90dcbb)
https://github.com/gdraheim/zziplib/commit/9411bde3e4a70a81ff3ffd256b71927b2d90dcbb
Signed-off-by: Yufa Fang <fangyufa1@huawei.com>
---
zzip/zip.c | 36 ++++++++++++++++++++++++++++++++++--
1 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/zzip/zip.c b/zzip/zip.c
index 14e2e06..8318463 100644
--- a/zzip/zip.c
+++ b/zzip/zip.c
@@ -472,9 +472,15 @@ __zzip_parse_root_directory(int fd,
} else
{
if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0)
+ {
+ free(hdr0);
return ZZIP_DIR_SEEK;
+ }
if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent))
+ {
+ free(hdr0);
return ZZIP_DIR_READ;
+ }
d = &dirent;
}
@@ -574,12 +580,38 @@ __zzip_parse_root_directory(int fd,
if (hdr_return)
*hdr_return = hdr0;
+ else
+ {
+ /* If it is not assigned to *hdr_return, it will never be free()'d */
+ free(hdr0);
+ /* Make sure we don't free it again in case of error */
+ hdr0 = NULL;
+ }
} /* else zero (sane) entries */
# ifndef ZZIP_ALLOW_MODULO_ENTRIES
- return (entries != zz_entries ? ZZIP_CORRUPTED : 0);
+ if (entries != zz_entries)
+ {
+ /* If it was assigned to *hdr_return, undo assignment */
+ if (p_reclen && hdr_return)
+ *hdr_return = NULL;
+ /* Free it, if it was not already free()'d */
+ if (hdr0 != NULL)
+ free(hdr0);
+ return ZZIP_CORRUPTED;
+ }
# else
- return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0);
+ if (((entries & (unsigned)0xFFFF) != zz_entries)
+ {
+ /* If it was assigned to *hdr_return, undo assignment */
+ if (p_reclen && hdr_return)
+ *hdr_return = NULL;
+ /* Free it, if it was not already free()'d */
+ if (hdr0 != NULL)
+ free(hdr0);
+ return ZZIP_CORRUPTED;
+ }
# endif
+ return 0;
}
/* ------------------------- high-level interface ------------------------- */
--
2.19.1

56
CVE-2018-16548-2.patch
View File

@ -1,56 +0,0 @@
From e8d90fe7525c177f0c28f6843f2a25da2e6e5045 Mon Sep 17 00:00:00 2001
From: jmoellers <josef.moellers@suse.com>
Date: Fri, 7 Sep 2018 11:49:28 +0200
Subject: [PATCH 2/3] Avoid memory leak from __zzip_parse_root_directory().
(cherry picked from commit d2e5d5c53212e54a97ad64b793a4389193fec687)
https://github.com/gdraheim/zziplib/commit/d2e5d5c53212e54a97ad64b793a4389193fec687
Signed-off-by: Yufa Fang <fangyufa1@huawei.com>
---
zzip/zip.c | 25 ++-----------------------
1 file changed, 2 insertions(+), 23 deletions(-)
diff --git a/zzip/zip.c b/zzip/zip.c
index 8318463..79fd9ad 100644
--- a/zzip/zip.c
+++ b/zzip/zip.c
@@ -584,34 +584,13 @@ __zzip_parse_root_directory(int fd,
{
/* If it is not assigned to *hdr_return, it will never be free()'d */
free(hdr0);
- /* Make sure we don't free it again in case of error */
- hdr0 = NULL;
}
} /* else zero (sane) entries */
# ifndef ZZIP_ALLOW_MODULO_ENTRIES
- if (entries != zz_entries)
- {
- /* If it was assigned to *hdr_return, undo assignment */
- if (p_reclen && hdr_return)
- *hdr_return = NULL;
- /* Free it, if it was not already free()'d */
- if (hdr0 != NULL)
- free(hdr0);
- return ZZIP_CORRUPTED;
- }
+ return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
# else
- if (((entries & (unsigned)0xFFFF) != zz_entries)
- {
- /* If it was assigned to *hdr_return, undo assignment */
- if (p_reclen && hdr_return)
- *hdr_return = NULL;
- /* Free it, if it was not already free()'d */
- if (hdr0 != NULL)
- free(hdr0);
- return ZZIP_CORRUPTED;
- }
+ return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0;
# endif
- return 0;
}
/* ------------------------- high-level interface ------------------------- */
--
2.19.1

28
CVE-2018-16548-3.patch
View File

@ -1,28 +0,0 @@
From a37ce0d441050356efc5fcaa48e1cdcf21a6b8e1 Mon Sep 17 00:00:00 2001
From: jmoellers <josef.moellers@suse.com>
Date: Fri, 7 Sep 2018 13:55:35 +0200
Subject: [PATCH 3/3] One more free() to avoid memory leak.
(cherry picked from commit 0e1dadb05c1473b9df2d7b8f298dab801778ef99)
https://github.com/gdraheim/zziplib/commit/0e1dadb05c1473b9df2d7b8f298dab801778ef99
Signed-off-by: Yufa Fang <fangyufa1@huawei.com>
---
zzip/zip.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/zzip/zip.c b/zzip/zip.c
index 79fd9ad..f97a40a 100644
--- a/zzip/zip.c
+++ b/zzip/zip.c
@@ -586,6 +586,8 @@ __zzip_parse_root_directory(int fd,
free(hdr0);
}
} /* else zero (sane) entries */
+ else
+ free(hdr0);
# ifndef ZZIP_ALLOW_MODULO_ENTRIES
return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
# else
--
2.19.1

345
CVE-2018-17828.patch
View File

@ -1,345 +0,0 @@
From 81dfa6b3e08f6934885ba5c98939587d6850d08e Mon Sep 17 00:00:00 2001
From: Josef Moellers <jmoellers@suse.de>
Date: Thu, 4 Oct 2018 14:21:48 +0200
Subject: [PATCH] Fix issue #62: Remove any "../" components from pathnames of
extracted files. [CVE-2018-17828]
https://github.com/gdraheim/zziplib/commit/f609ae8971f3c0ce64d38276b778001d0bbfc84b
---
bins/unzzipcat-big.c | 57 +++++++++++++++++++++++++++++++++++++++++++-
bins/unzzipcat-mem.c | 57 +++++++++++++++++++++++++++++++++++++++++++-
bins/unzzipcat-mix.c | 57 +++++++++++++++++++++++++++++++++++++++++++-
bins/unzzipcat-zip.c | 57 +++++++++++++++++++++++++++++++++++++++++++-
4 files changed, 224 insertions(+), 4 deletions(-)
diff --git a/bins/unzzipcat-big.c b/bins/unzzipcat-big.c
index 982d262..88c4d65 100644
--- a/bins/unzzipcat-big.c
+++ b/bins/unzzipcat-big.c
@@ -53,6 +53,48 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out)
}
}
+/*
+ * NAME: remove_dotdotslash
+ * PURPOSE: To remove any "../" components from the given pathname
+ * ARGUMENTS: path: path name with maybe "../" components
+ * RETURNS: Nothing, "path" is modified in-place
+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
+ * Also, "path" is not used after creating it.
+ * So modifying "path" in-place is safe to do.
+ */
+static inline void
+remove_dotdotslash(char *path)
+{
+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
+ char *dotdotslash;
+ int warned = 0;
+
+ dotdotslash = path;
+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
+ {
+ /*
+ * Remove only if at the beginning of the pathname ("../path/name")
+ * or when preceded by a slash ("path/../name"),
+ * otherwise not ("path../name..")!
+ */
+ if (dotdotslash == path || dotdotslash[-1] == '/')
+ {
+ char *src, *dst;
+ if (!warned)
+ {
+ /* Note: the first time through the pathname is still intact */
+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
+ warned = 1;
+ }
+ /* We cannot use strcpy(), as there "The strings may not overlap" */
+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
+ ;
+ }
+ else
+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
+ }
+}
+
static void makedirs(const char* name)
{
char* p = strrchr(name, '/');
@@ -70,6 +112,16 @@ static void makedirs(const char* name)
static FILE* create_fopen(char* name, char* mode, int subdirs)
{
+ char *name_stripped;
+ FILE *fp;
+ int mustfree = 0;
+
+ if ((name_stripped = strdup(name)) != NULL)
+ {
+ remove_dotdotslash(name_stripped);
+ name = name_stripped;
+ mustfree = 1;
+ }
if (subdirs)
{
char* p = strrchr(name, '/');
@@ -79,7 +131,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs)
free (dir_name);
}
}
- return fopen(name, mode);
+ fp = fopen(name, mode);
+ if (mustfree)
+ free(name_stripped);
+ return fp;
}
diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c
index 9bc966b..793bde8 100644
--- a/bins/unzzipcat-mem.c
+++ b/bins/unzzipcat-mem.c
@@ -58,6 +58,48 @@ static void unzzip_mem_disk_cat_file(ZZIP_MEM_DISK* disk, char* name, FILE* out)
}
}
+/*
+ * NAME: remove_dotdotslash
+ * PURPOSE: To remove any "../" components from the given pathname
+ * ARGUMENTS: path: path name with maybe "../" components
+ * RETURNS: Nothing, "path" is modified in-place
+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
+ * Also, "path" is not used after creating it.
+ * So modifying "path" in-place is safe to do.
+ */
+static inline void
+remove_dotdotslash(char *path)
+{
+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
+ char *dotdotslash;
+ int warned = 0;
+
+ dotdotslash = path;
+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
+ {
+ /*
+ * Remove only if at the beginning of the pathname ("../path/name")
+ * or when preceded by a slash ("path/../name"),
+ * otherwise not ("path../name..")!
+ */
+ if (dotdotslash == path || dotdotslash[-1] == '/')
+ {
+ char *src, *dst;
+ if (!warned)
+ {
+ /* Note: the first time through the pathname is still intact */
+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
+ warned = 1;
+ }
+ /* We cannot use strcpy(), as there "The strings may not overlap" */
+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
+ ;
+ }
+ else
+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
+ }
+}
+
static void makedirs(const char* name)
{
char* p = strrchr(name, '/');
@@ -75,6 +117,16 @@ static void makedirs(const char* name)
static FILE* create_fopen(char* name, char* mode, int subdirs)
{
+ char *name_stripped;
+ FILE *fp;
+ int mustfree = 0;
+
+ if ((name_stripped = strdup(name)) != NULL)
+ {
+ remove_dotdotslash(name_stripped);
+ name = name_stripped;
+ mustfree = 1;
+ }
if (subdirs)
{
char* p = strrchr(name, '/');
@@ -84,7 +136,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs)
free (dir_name);
}
}
- return fopen(name, mode);
+ fp = fopen(name, mode);
+ if (mustfree)
+ free(name_stripped);
+ return fp;
}
static int unzzip_cat (int argc, char ** argv, int extract)
diff --git a/bins/unzzipcat-mix.c b/bins/unzzipcat-mix.c
index 91c2f00..73b6ed6 100644
--- a/bins/unzzipcat-mix.c
+++ b/bins/unzzipcat-mix.c
@@ -69,6 +69,48 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
}
}
+/*
+ * NAME: remove_dotdotslash
+ * PURPOSE: To remove any "../" components from the given pathname
+ * ARGUMENTS: path: path name with maybe "../" components
+ * RETURNS: Nothing, "path" is modified in-place
+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
+ * Also, "path" is not used after creating it.
+ * So modifying "path" in-place is safe to do.
+ */
+static inline void
+remove_dotdotslash(char *path)
+{
+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
+ char *dotdotslash;
+ int warned = 0;
+
+ dotdotslash = path;
+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
+ {
+ /*
+ * Remove only if at the beginning of the pathname ("../path/name")
+ * or when preceded by a slash ("path/../name"),
+ * otherwise not ("path../name..")!
+ */
+ if (dotdotslash == path || dotdotslash[-1] == '/')
+ {
+ char *src, *dst;
+ if (!warned)
+ {
+ /* Note: the first time through the pathname is still intact */
+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
+ warned = 1;
+ }
+ /* We cannot use strcpy(), as there "The strings may not overlap" */
+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
+ ;
+ }
+ else
+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
+ }
+}
+
static void makedirs(const char* name)
{
char* p = strrchr(name, '/');
@@ -86,6 +128,16 @@ static void makedirs(const char* name)
static FILE* create_fopen(char* name, char* mode, int subdirs)
{
+ char *name_stripped;
+ FILE *fp;
+ int mustfree = 0;
+
+ if ((name_stripped = strdup(name)) != NULL)
+ {
+ remove_dotdotslash(name_stripped);
+ name = name_stripped;
+ mustfree = 1;
+ }
if (subdirs)
{
char* p = strrchr(name, '/');
@@ -95,7 +147,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs)
free (dir_name);
}
}
- return fopen(name, mode);
+ fp = fopen(name, mode);
+ if (mustfree)
+ free(name_stripped);
+ return fp;
}
static int unzzip_cat (int argc, char ** argv, int extract)
diff --git a/bins/unzzipcat-zip.c b/bins/unzzipcat-zip.c
index 2810f85..7f7f3fa 100644
--- a/bins/unzzipcat-zip.c
+++ b/bins/unzzipcat-zip.c
@@ -69,6 +69,48 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
}
}
+/*
+ * NAME: remove_dotdotslash
+ * PURPOSE: To remove any "../" components from the given pathname
+ * ARGUMENTS: path: path name with maybe "../" components
+ * RETURNS: Nothing, "path" is modified in-place
+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
+ * Also, "path" is not used after creating it.
+ * So modifying "path" in-place is safe to do.
+ */
+static inline void
+remove_dotdotslash(char *path)
+{
+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
+ char *dotdotslash;
+ int warned = 0;
+
+ dotdotslash = path;
+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
+ {
+ /*
+ * Remove only if at the beginning of the pathname ("../path/name")
+ * or when preceded by a slash ("path/../name"),
+ * otherwise not ("path../name..")!
+ */
+ if (dotdotslash == path || dotdotslash[-1] == '/')
+ {
+ char *src, *dst;
+ if (!warned)
+ {
+ /* Note: the first time through the pathname is still intact */
+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
+ warned = 1;
+ }
+ /* We cannot use strcpy(), as there "The strings may not overlap" */
+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
+ ;
+ }
+ else
+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
+ }
+}
+
static void makedirs(const char* name)
{
char* p = strrchr(name, '/');
@@ -86,6 +128,16 @@ static void makedirs(const char* name)
static FILE* create_fopen(char* name, char* mode, int subdirs)
{
+ char *name_stripped;
+ FILE *fp;
+ int mustfree = 0;
+
+ if ((name_stripped = strdup(name)) != NULL)
+ {
+ remove_dotdotslash(name_stripped);
+ name = name_stripped;
+ mustfree = 1;
+ }
if (subdirs)
{
char* p = strrchr(name, '/');
@@ -95,7 +147,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs)
free (dir_name);
}
}
- return fopen(name, mode);
+ fp = fopen(name, mode);
+ if (mustfree)
+ free(name_stripped);
+ return fp;
}
static int unzzip_cat (int argc, char ** argv, int extract)
--
2.19.1

26
backport-0001-CVE-2020-18442.patch Normal file
View File

@ -0,0 +1,26 @@
From ac9ae39ef419e9f0f83da1e583314d8c7cda34a6 Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 4 Jan 2021 21:48:45 +0100
Subject: [PATCH 01/35] #68 ssize_t return value of zzip_file_read is a signed
value being possibly -1
---
bins/unzzipcat-zip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bins/unzzipcat-zip.c b/bins/unzzipcat-zip.c
index dd78c2b..385aeaf 100644
--- a/bins/unzzipcat-zip.c
+++ b/bins/unzzipcat-zip.c
@@ -34,7 +34,7 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_file_read (file, buffer, 1024)))
+ while (0 < (len = zzip_file_read (file, buffer, 1024)))
{
fwrite (buffer, 1, len, out);
}
--
1.8.3.1

34
backport-0002-CVE-2020-18442.patch Normal file
View File

@ -0,0 +1,34 @@
From 7e786544084548da7fcfcd9090d3c4e7f5777f7e Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 4 Jan 2021 21:50:26 +0100
Subject: [PATCH 02/35] #68 return value of zzip_mem_disk_fread is signed
---
bins/unzip-mem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
index cc009f8..50eb5a6 100644
--- a/bins/unzip-mem.c
+++ b/bins/unzip-mem.c
@@ -81,7 +81,7 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk,
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
fwrite (buffer, len, 1, out);
zzip_mem_disk_fclose (file);
@@ -115,7 +115,7 @@ static void zzip_mem_entry_test(ZZIP_MEM_DISK* disk,
{
unsigned long crc = crc32 (0L, NULL, 0);
unsigned char buffer[1024]; int len;
- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file))) {
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file))) {
crc = crc32 (crc, buffer, len);
}
--
1.8.3.1

34
backport-0003-CVE-2020-18442.patch Normal file
View File

@ -0,0 +1,34 @@
From d453977f59ca59c61bf59dec28dd724498828f2a Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 4 Jan 2021 21:51:12 +0100
Subject: [PATCH 03/35] #68 return value of zzip_entry_fread is signed
---
bins/unzzipcat-big.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bins/unzzipcat-big.c b/bins/unzzipcat-big.c
index 111ef47..ecebe11 100644
--- a/bins/unzzipcat-big.c
+++ b/bins/unzzipcat-big.c
@@ -26,7 +26,7 @@ static void unzzip_big_entry_fprint(ZZIP_ENTRY* entry, FILE* out)
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
{
DBG2("entry read %i", len);
fwrite (buffer, len, 1, out);
@@ -45,7 +45,7 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out)
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
fwrite (buffer, len, 1, out);
zzip_entry_fclose (file);
--
1.8.3.1

34
backport-0004-CVE-2020-18442.patch Normal file
View File

@ -0,0 +1,34 @@
From 0a9db9ded9d15fbdb63bf5cf451920d0a368c00e Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 4 Jan 2021 21:51:56 +0100
Subject: [PATCH 04/35] #68 return value of zzip_mem_disk_fread is signed
---
bins/unzzipcat-mem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c
index 6bd79b7..1b5bc22 100644
--- a/bins/unzzipcat-mem.c
+++ b/bins/unzzipcat-mem.c
@@ -35,7 +35,7 @@ static void unzzip_mem_entry_fprint(ZZIP_MEM_DISK* disk,
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file)))
fwrite (buffer, len, 1, out);
zzip_mem_disk_fclose (file);
@@ -48,7 +48,7 @@ static void unzzip_mem_disk_cat_file(ZZIP_MEM_DISK* disk, char* name, FILE* out)
if (file)
{
char buffer[1025]; int len;
- while ((len = zzip_mem_disk_fread (buffer, 1, 1024, file)))
+ while (0 < (len = zzip_mem_disk_fread (buffer, 1, 1024, file)))
{
fwrite (buffer, 1, len, out);
}
--
1.8.3.1

25
backport-0005-CVE-2020-18442.patch Normal file
View File

@ -0,0 +1,25 @@
From a34a96fbda1e58fbec5c79f4c0b5063e031ce11d Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 4 Jan 2021 21:52:47 +0100
Subject: [PATCH 05/35] #68 return value of zzip_fread is signed
---
bins/unzzipcat-mix.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bins/unzzipcat-mix.c b/bins/unzzipcat-mix.c
index e18987d..8f3d0b8 100644
--- a/bins/unzzipcat-mix.c
+++ b/bins/unzzipcat-mix.c
@@ -34,7 +34,7 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out)
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_fread (buffer, 1, 1024, file)))
+ while (0 < (len = zzip_fread (buffer, 1, 1024, file)))
{
fwrite (buffer, 1, len, out);
}
--
1.8.3.1

34
backport-0006-CVE-2020-18442.patch Normal file
View File

@ -0,0 +1,34 @@
From fa1f78abe1b08544061204019016809664f2618c Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 4 Jan 2021 21:53:50 +0100
Subject: [PATCH 06/35] #68 return value of zzip_entry_fread is signed
---
bins/unzzipshow.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bins/unzzipshow.c b/bins/unzzipshow.c
index 9d8c2ed..5672d3b 100644
--- a/bins/unzzipshow.c
+++ b/bins/unzzipshow.c
@@ -22,7 +22,7 @@ static void zzip_entry_fprint(ZZIP_ENTRY* entry, FILE* out)
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
fwrite (buffer, len, 1, out);
zzip_entry_fclose (file);
@@ -35,7 +35,7 @@ static void zzip_cat_file(FILE* disk, char* name, FILE* out)
if (file)
{
char buffer[1024]; int len;
- while ((len = zzip_entry_fread (buffer, 1024, 1, file)))
+ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file)))
fwrite (buffer, len, 1, out);
zzip_entry_fclose (file);
--
1.8.3.1

25
backport-0007-CVE-2020-18442.patch Normal file
View File

@ -0,0 +1,25 @@
From f7a6fa9f0c29aecb4c2299568ed2e6094c34aca7 Mon Sep 17 00:00:00 2001
From: Guido Draheim <guidod@gmx.de>
Date: Mon, 4 Jan 2021 21:55:08 +0100
Subject: [PATCH 07/35] #68 return value of posix read(2) is signed
---
bins/zzipmake-zip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bins/zzipmake-zip.c b/bins/zzipmake-zip.c
index 8e09c31..b37877c 100644
--- a/bins/zzipmake-zip.c
+++ b/bins/zzipmake-zip.c
@@ -57,7 +57,7 @@ int rezzip_make (int argc, char ** argv)
continue;
}
- while ((n = read (input, buf, 16)))
+ while (0 < (n = read (input, buf, 16)))
{
zzip_write (output, buf, n);
}
--
1.8.3.1

33
backport-CVE-2020-18770.patch Normal file
View File

@ -0,0 +1,33 @@
From 99462cac1c6581bce36fe17fd1f430cbe114f0af Mon Sep 17 00:00:00 2001
From: Valentin Lefebvre <valentin.lefebvre@suse.com>
Date: Wed, 20 Sep 2023 12:04:56 +0200
Subject: [PATCH] mmappend.c: pre-check header trailer magic
* Avoid potential ASAN:SIGSEGV invalid memory access by pre-check the header
trailer magic.
* CVE-2020-18770
Signed-off-by: Valentin Lefebvre <valentin.lefebvre@suse.com>
---
zzip/mmapped.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/zzip/mmapped.c b/zzip/mmapped.c
index 8af18f4..49990e6 100644
--- a/zzip/mmapped.c
+++ b/zzip/mmapped.c
@@ -269,7 +269,9 @@ zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
return 0;
}
___ struct zzip_file_header *file_header = (void *) ptr;
- if (zzip_file_header_get_magic(file_header) != ZZIP_FILE_HEADER_MAGIC)
+ if (file_header != 'P' || /* quick pre-check for trailer magic */
+ zzip_file_header_get_magic(file_header) != ZZIP_FILE_HEADER_MAGIC)
+
{
errno = EBADMSG;
return 0;
--
2.40.1

BIN
v0.13.69.tar.gz
View File

Binary file not shown.

BIN
v0.13.71.tar.gz Normal file
View File

Binary file not shown.

24
zziplib-0.13.71-sw.patch Executable file
View File

@ -0,0 +1,24 @@
diff -Naur zziplib-0.13.71.org/configure zziplib-0.13.71.sw/configure
--- zziplib-0.13.71.org/configure 2022-02-28 06:07:23.580000000 +0000
+++ zziplib-0.13.71.sw/configure 2022-02-28 06:08:52.270000000 +0000
@@ -14802,7 +14802,7 @@
$as_echo_n "(cached) " >&6
else
if test "$cross_compiling" = "yes"; then
- case "$host_cpu" in alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
+ case "$host_cpu" in sw_64*|alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
ax_cv_have_aligned_access_required="yes"
;; esac
else
diff -Naur zziplib-0.13.71.org/m4/ax_check_aligned_access_required.m4 zziplib-0.13.71.sw/m4/ax_check_aligned_access_required.m4
--- zziplib-0.13.71.org/m4/ax_check_aligned_access_required.m4 2022-02-28 06:07:23.590000000 +0000
+++ zziplib-0.13.71.sw/m4/ax_check_aligned_access_required.m4 2022-02-28 06:08:21.470000000 +0000
@@ -29,7 +29,7 @@
[AC_CACHE_CHECK([if pointers to integers require aligned access],
[ax_cv_have_aligned_access_required],
[if test "$cross_compiling" = "yes"; then
- case "$host_cpu" in alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
+ case "$host_cpu" in sw_64*|alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
ax_cv_have_aligned_access_required="yes"
;; esac
else

50
zziplib.spec
View File

@ -1,21 +1,26 @@
%define disable_rpath \ %define disable_rpath \
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' */libtool \ sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool \
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
Name: zziplib Name: zziplib
Version: 0.13.69 Version: 0.13.71
Release: 5 Release: 5
Summary: Lightweight library for zip compression Summary: Lightweight library for zip compression
License: LGPLv2+ or MPLv1.1 License: LGPLv2+ or MPLv1.1
URL: http://zziplib.sourceforge.net URL: http://zziplib.sourceforge.net
Source0: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz Source0: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz
Patch6000: CVE-2018-16548-1.patch Patch6000: backport-0001-CVE-2020-18442.patch
Patch6001: CVE-2018-16548-2.patch Patch6001: backport-0002-CVE-2020-18442.patch
Patch6002: CVE-2018-16548-3.patch Patch6002: backport-0003-CVE-2020-18442.patch
Patch6003: CVE-2018-17828.patch Patch6003: backport-0004-CVE-2020-18442.patch
Patch6004: backport-0005-CVE-2020-18442.patch
Patch6005: backport-0006-CVE-2020-18442.patch
Patch6006: backport-0007-CVE-2020-18442.patch
Patch6007: zziplib-0.13.71-sw.patch
Patch6008: backport-CVE-2020-18770.patch
BuildRequires: perl-interpreter python2 python2-rpm-macros zip xmlto BuildRequires: perl-interpreter zip xmlto
BuildRequires: zlib-devel SDL-devel pkgconfig autoconf automake gcc make BuildRequires: zlib-devel SDL-devel pkgconfig autoconf automake gcc make
Provides: zziplib-utils Provides: zziplib-utils
@ -47,23 +52,27 @@ This package includes help documentation and manuals related to zziplib.
%prep %prep
%setup -q %setup -q
sed -i -e 's:docs ::g' Makefile.am
%patch6000 -p1 %patch6000 -p1
%patch6001 -p1 %patch6001 -p1
%patch6002 -p1 %patch6002 -p1
%patch6003 -p1 %patch6003 -p1
%patch6004 -p1
find . -name '*.py' | xargs sed -i 's@#! /usr/bin/python@#! %__python2@g;s@#! /usr/bin/env python@#! %__python2@g' %patch6005 -p1
%patch6006 -p1
%patch6007 -p1
%patch6008 -p1
%build %build
export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
export PYTHON=%__python2
%configure --disable-static --enable-sdl --enable-frame-pointer --enable-builddir=_builddir %configure --disable-static --enable-sdl --enable-frame-pointer --enable-builddir=_builddir
# remove rpath
%disable_rpath %disable_rpath
%make_build %make_build
%install %install
%make_install %make_install
rm -rf docs/Make* docs/zziplib-manpages.ar
find %{buildroot} -type f -name "*.la" -delete -print
%post -p /sbin/ldconfig %post -p /sbin/ldconfig
@ -86,6 +95,21 @@ export PYTHON=%__python2
%{_mandir}/man3/* %{_mandir}/man3/*
%changelog %changelog
* Wed Sep 27 2023 licihua <licihua@huawei.com> - 0.13.71-5
- fix CVE-2020-18770
* Wed Oct 26 2022 wuzx<wuzx1226@qq.com> - 0.13.71-4
- Add sw64 architecture
* Sat Sep 04 2021 shixuantong <shixuantong@huawei.com> - 0.13.71-3
- remove rpath
* Fri Jun 25 2021 shixuantong <shixuantong@huawei.com> - 0.13.71-2
- fix CVE-2020-18442
* Tue Nov 3 2020 tianwei <tianwei12@huawei.com> - 0.13.71-1
- update to 0.13.71 and remove python2
* Fri Feb 14 2020 chengquan <chengquan3@huawei.com> - 0.13.36-5 * Fri Feb 14 2020 chengquan <chengquan3@huawei.com> - 0.13.36-5
- Add necessary BuildRequires - Add necessary BuildRequires