From bf189fead43c9c7dc57b46dd2ec3ba96b0397162 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 1 May 2024 04:05:57 +0300 Subject: [PATCH] import zziplib-0.13.71-11.el9_4 --- SOURCES/CVE-2020-18770.patch | 23 +++++++++++++++++++++++ SPECS/zziplib.spec | 13 ++++++++++++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 SOURCES/CVE-2020-18770.patch diff --git a/SOURCES/CVE-2020-18770.patch b/SOURCES/CVE-2020-18770.patch new file mode 100644 index 0000000..9244a6f --- /dev/null +++ b/SOURCES/CVE-2020-18770.patch @@ -0,0 +1,23 @@ +From 803f49aaae16b7f2899e4769afdfc673a21fa9e8 Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 26 Feb 2024 23:17:12 +0100 +Subject: [PATCH] #69 assert full zzip_file_header + +--- + zzip/mmapped.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/zzip/mmapped.c b/zzip/mmapped.c +index 2071882..306ba51 100644 +--- a/zzip/mmapped.c ++++ b/zzip/mmapped.c +@@ -276,7 +276,8 @@ struct zzip_file_header * + zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry) + { + zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry); +- if (disk->buffer > ptr || ptr >= disk->endbuf) ++ zzip_byte_t *const end = ptr + sizeof(struct zzip_file_header); ++ if (disk->buffer > ptr || end >= disk->endbuf || end <= NULL) + { + errno = EBADMSG; + return 0; diff --git a/SPECS/zziplib.spec b/SPECS/zziplib.spec index 04bea7e..45d3ffb 100644 --- a/SPECS/zziplib.spec +++ b/SPECS/zziplib.spec @@ -1,7 +1,7 @@ Summary: Lightweight library to easily extract data from zip files Name: zziplib Version: 0.13.71 -Release: 9%{?dist} +Release: 11%{?dist} License: LGPLv2+ or MPLv1.1 URL: http://zziplib.sourceforge.net/ #Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz @@ -15,6 +15,7 @@ Source1: match.py Source2: options.py Patch1: CVE-2020-18442.patch +Patch2: CVE-2020-18770.patch Patch100: multilib-32.patch Patch101: multilib-64.patch @@ -74,6 +75,7 @@ cp %{SOURCE1} docs/zzipdoc/ cp %{SOURCE2} docs/zzipdoc/ %patch1 -p1 +%patch2 -p1 %build @@ -122,6 +124,15 @@ popd %{_mandir}/man3/* %changelog +* Wed Feb 28 2024 Jakub Martisko - 0.13.71-11 +- Fix CVE-2020-18770 + Previous patch was causing segfault + Resolves: RHEL-14967 + +* Wed Jan 24 2024 Jakub Martisko - 0.13.71-10 +- Fix CVE-2020-18770 + Resolves: RHEL-14967 + * Wed Mar 15 2023 MSVSphere Packaging Team - 0.13.71-9 - Rebuilt for MSVSphere 9.1.