From e3db5caf0deb1bb1fe0297bf4be411f1ff97cfb9 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Feb 01 2018 21:04:31 +0000 Subject: Fix CVE 2018-6381 --- diff --git a/.gitignore b/.gitignore index 575c8ca..e06560b 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ zziplib-0.13.49.tar.bz2 /zziplib-0.13.59.tar.bz2 /zziplib-0.13.60.tar.bz2 /zziplib-0.13.62.tar.bz2 +/v0.13.67.tar.gz diff --git a/sources b/sources index 77b7c33..0f2de80 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5fe874946390f939ee8f4abe9624b96c zziplib-0.13.62.tar.bz2 +SHA512 (v0.13.67.tar.gz) = a34b801a18a2051aa3898a572508ffd327521b69878413af679b10f6a68b37e770651884ae611bf9c01ce14013c6a1e06adeadd3ef6219d4b9278f1b9e7a6459 diff --git a/zziplib-0.13.59-multilib.patch b/zziplib-0.13.59-multilib.patch deleted file mode 100644 index f4b7a98..0000000 --- a/zziplib-0.13.59-multilib.patch +++ /dev/null @@ -1,42 +0,0 @@ -diff -Naupr zziplib-0.13.59.orig/zzip/_config.h zziplib-0.13.59/zzip/_config.h ---- zziplib-0.13.59.orig/zzip/_config.h 2010-02-14 22:29:34.000000000 +0100 -+++ zziplib-0.13.59/zzip/_config.h 2010-12-04 16:22:19.809534085 +0100 -@@ -133,7 +133,11 @@ - - /* whether the system defaults to 32bit off_t but can do 64bit when requested - */ --/* #undef LARGEFILE_SENSITIVE */ -+#if __WORDSIZE == 32 -+#ifndef ZZIP_LARGEFILE_SENSITIVE -+#define ZZIP_LARGEFILE_SENSITIVE 1 -+#endif -+#endif - - /* Define to the sub-directory in which libtool stores uninstalled libraries. - */ -@@ -178,8 +181,12 @@ - - /* The number of bytes in type long */ - #ifndef ZZIP_SIZEOF_LONG -+#if __WORDSIZE == 32 -+#define ZZIP_SIZEOF_LONG 4 -+#elif __WORDSIZE == 64 - #define ZZIP_SIZEOF_LONG 8 - #endif -+#endif - - /* The number of bytes in type short */ - #ifndef ZZIP_SIZEOF_SHORT -@@ -209,7 +216,11 @@ - #endif - - /* Number of bits in a file offset, on hosts where this is settable. */ --/* #undef _FILE_OFFSET_BITS */ -+#if __WORDSIZE == 32 -+#ifndef ZZIP__FILE_OFFSET_BITS -+#define ZZIP__FILE_OFFSET_BITS 64 -+#endif -+#endif - - /* Define for large files, on AIX-style hosts. */ - /* #undef _LARGE_FILES */ diff --git a/zziplib-0.13.67-CVE-2018-6381.patch b/zziplib-0.13.67-CVE-2018-6381.patch new file mode 100644 index 0000000..d614558 --- /dev/null +++ b/zziplib-0.13.67-CVE-2018-6381.patch @@ -0,0 +1,28 @@ +From a803559fa9194be895422ba3684cf6309b6bb598 Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Thu, 1 Feb 2018 12:27:49 +0100 +Subject: [PATCH] merge CVE-2018-6381.patch from @jmoellers #12 + +--- + zzip/memdisk.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/zzip/memdisk.c b/zzip/memdisk.c +index cab883b..a85dab0 100644 +--- a/zzip/memdisk.c ++++ b/zzip/memdisk.c +@@ -210,6 +210,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZIP_DISK_ENTRY * entry) + item->zz_diskstart = zzip_disk_entry_get_diskstart(entry); + item->zz_filetype = zzip_disk_entry_get_filetype(entry); + ++ /* ++ * If the file is uncompressed, zz_csize and zz_usize should be the same ++ * If they are not, we cannot guarantee that either is correct, so ... ++ */ ++ if (item->zz_compr == ZZIP_IS_STORED && item->zz_csize != item->zz_usize) ++ { ++ goto error; ++ } + /* zz_comment and zz_name are empty strings if not present on disk */ + if (! item->zz_comment || ! item->zz_name) + { diff --git a/zziplib-0.13.67-multilib.patch b/zziplib-0.13.67-multilib.patch new file mode 100644 index 0000000..169520b --- /dev/null +++ b/zziplib-0.13.67-multilib.patch @@ -0,0 +1,42 @@ +diff -up ./x86_64-redhat-linux-gnu/zzip/_config.h.orig ./x86_64-redhat-linux-gnu/zzip/_config.h +--- ./x86_64-redhat-linux-gnu/zzip/_config.h.orig 2018-02-01 22:13:36.593910695 +0200 ++++ ./x86_64-redhat-linux-gnu/zzip/_config.h 2018-02-01 22:15:40.341476130 +0200 +@@ -133,7 +133,11 @@ + + /* whether the system defaults to 32bit off_t but can do 64bit when requested + */ +-/* #undef LARGEFILE_SENSITIVE */ ++#if __WORDSIZE == 32 ++#ifndef ZZIP_LARGEFILE_SENSITIVE ++#define ZZIP_LARGEFILE_SENSITIVE 1 ++#endif ++#endif + + /* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +@@ -183,8 +187,12 @@ + + /* The number of bytes in type long */ + #ifndef ZZIP_SIZEOF_LONG ++#if __WORDSIZE == 32 ++#define ZZIP_SIZEOF_LONG 4 ++#elif __WORDSIZE == 64 + #define ZZIP_SIZEOF_LONG 8 + #endif ++#endif + + /* The number of bytes in type short */ + #ifndef ZZIP_SIZEOF_SHORT +@@ -219,7 +227,11 @@ + #endif + + /* Number of bits in a file offset, on hosts where this is settable. */ +-/* #undef _FILE_OFFSET_BITS */ ++#if __WORDSIZE == 32 ++#ifndef ZZIP__FILE_OFFSET_BITS ++#define ZZIP__FILE_OFFSET_BITS 64 ++#endif ++#endif + + /* Define for large files, on AIX-style hosts. */ + /* #undef _LARGE_FILES */ diff --git a/zziplib.spec b/zziplib.spec index 5bb0f7b..49f773f 100644 --- a/zziplib.spec +++ b/zziplib.spec @@ -6,7 +6,8 @@ License: LGPLv2+ or MPLv1.1 Group: Applications/Archiving URL: http://zziplib.sourceforge.net/ Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz -Patch0: zziplib-0.13.59-multilib.patch +Patch0: zziplib-0.13.67-CVE-2018-6381.patch +Patch1: zziplib-0.13.67-multilib.patch BuildRequires: perl-interpreter BuildRequires: python BuildRequires: zip @@ -59,8 +60,6 @@ zziplib library. %prep %setup -q %patch0 -p1 -# Save the common patched _config.h file to overwrite the generated one -cp -a zzip/_config.h _config.h %build export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" @@ -71,13 +70,15 @@ export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" # Remove rpath on 64bit archs sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' */libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool +cd %{_host} +%apply_patch %{PATCH1} -p2 +cd .. + %{__make} %{?_smp_mflags} + %install make install DESTDIR=%{buildroot} -# Overwrite the platform specific _config.h with our own modified common one -rm -f %{buildroot}%{_includedir}/zzip/_config.h -install -p -m 0644 _config.h %{buildroot}%{_includedir}/zzip/_config.h %post -p /sbin/ldconfig