diff --git a/backport-0001-CVE-2020-18442.patch b/backport-0001-CVE-2020-18442.patch new file mode 100644 index 0000000000000000000000000000000000000000..1127528aab82be4a4b9083aa2fd58867a1e70557 --- /dev/null +++ b/backport-0001-CVE-2020-18442.patch @@ -0,0 +1,26 @@ +From ac9ae39ef419e9f0f83da1e583314d8c7cda34a6 Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 4 Jan 2021 21:48:45 +0100 +Subject: [PATCH 01/35] #68 ssize_t return value of zzip_file_read is a signed + value being possibly -1 + +--- + bins/unzzipcat-zip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bins/unzzipcat-zip.c b/bins/unzzipcat-zip.c +index dd78c2b..385aeaf 100644 +--- a/bins/unzzipcat-zip.c ++++ b/bins/unzzipcat-zip.c +@@ -34,7 +34,7 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out) + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_file_read (file, buffer, 1024))) ++ while (0 < (len = zzip_file_read (file, buffer, 1024))) + { + fwrite (buffer, 1, len, out); + } +-- +1.8.3.1 + diff --git a/backport-0002-CVE-2020-18442.patch b/backport-0002-CVE-2020-18442.patch new file mode 100644 index 0000000000000000000000000000000000000000..f7b857345b5b1f5c468969725127a3f86175d0e2 --- /dev/null +++ b/backport-0002-CVE-2020-18442.patch @@ -0,0 +1,34 @@ +From 7e786544084548da7fcfcd9090d3c4e7f5777f7e Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 4 Jan 2021 21:50:26 +0100 +Subject: [PATCH 02/35] #68 return value of zzip_mem_disk_fread is signed + +--- + bins/unzip-mem.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c +index cc009f8..50eb5a6 100644 +--- a/bins/unzip-mem.c ++++ b/bins/unzip-mem.c +@@ -81,7 +81,7 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk, + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file))) ++ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file))) + fwrite (buffer, len, 1, out); + + zzip_mem_disk_fclose (file); +@@ -115,7 +115,7 @@ static void zzip_mem_entry_test(ZZIP_MEM_DISK* disk, + { + unsigned long crc = crc32 (0L, NULL, 0); + unsigned char buffer[1024]; int len; +- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file))) { ++ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file))) { + crc = crc32 (crc, buffer, len); + } + +-- +1.8.3.1 + diff --git a/backport-0003-CVE-2020-18442.patch b/backport-0003-CVE-2020-18442.patch new file mode 100644 index 0000000000000000000000000000000000000000..01a884e7a10f636b229d5b984b849291e3db469d --- /dev/null +++ b/backport-0003-CVE-2020-18442.patch @@ -0,0 +1,34 @@ +From d453977f59ca59c61bf59dec28dd724498828f2a Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 4 Jan 2021 21:51:12 +0100 +Subject: [PATCH 03/35] #68 return value of zzip_entry_fread is signed + +--- + bins/unzzipcat-big.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bins/unzzipcat-big.c b/bins/unzzipcat-big.c +index 111ef47..ecebe11 100644 +--- a/bins/unzzipcat-big.c ++++ b/bins/unzzipcat-big.c +@@ -26,7 +26,7 @@ static void unzzip_big_entry_fprint(ZZIP_ENTRY* entry, FILE* out) + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_entry_fread (buffer, 1024, 1, file))) ++ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file))) + { + DBG2("entry read %i", len); + fwrite (buffer, len, 1, out); +@@ -45,7 +45,7 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out) + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_entry_fread (buffer, 1024, 1, file))) ++ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file))) + fwrite (buffer, len, 1, out); + + zzip_entry_fclose (file); +-- +1.8.3.1 + diff --git a/backport-0004-CVE-2020-18442.patch b/backport-0004-CVE-2020-18442.patch new file mode 100644 index 0000000000000000000000000000000000000000..08a82dd8fc8a0f9d4443a7fd4fd2efaa625e49f5 --- /dev/null +++ b/backport-0004-CVE-2020-18442.patch @@ -0,0 +1,34 @@ +From 0a9db9ded9d15fbdb63bf5cf451920d0a368c00e Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 4 Jan 2021 21:51:56 +0100 +Subject: [PATCH 04/35] #68 return value of zzip_mem_disk_fread is signed + +--- + bins/unzzipcat-mem.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c +index 6bd79b7..1b5bc22 100644 +--- a/bins/unzzipcat-mem.c ++++ b/bins/unzzipcat-mem.c +@@ -35,7 +35,7 @@ static void unzzip_mem_entry_fprint(ZZIP_MEM_DISK* disk, + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_mem_disk_fread (buffer, 1024, 1, file))) ++ while (0 < (len = zzip_mem_disk_fread (buffer, 1024, 1, file))) + fwrite (buffer, len, 1, out); + + zzip_mem_disk_fclose (file); +@@ -48,7 +48,7 @@ static void unzzip_mem_disk_cat_file(ZZIP_MEM_DISK* disk, char* name, FILE* out) + if (file) + { + char buffer[1025]; int len; +- while ((len = zzip_mem_disk_fread (buffer, 1, 1024, file))) ++ while (0 < (len = zzip_mem_disk_fread (buffer, 1, 1024, file))) + { + fwrite (buffer, 1, len, out); + } +-- +1.8.3.1 + diff --git a/backport-0005-CVE-2020-18442.patch b/backport-0005-CVE-2020-18442.patch new file mode 100644 index 0000000000000000000000000000000000000000..f3aa57e70d041f13a4c0a2fd316a52d366f2f38e --- /dev/null +++ b/backport-0005-CVE-2020-18442.patch @@ -0,0 +1,25 @@ +From a34a96fbda1e58fbec5c79f4c0b5063e031ce11d Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 4 Jan 2021 21:52:47 +0100 +Subject: [PATCH 05/35] #68 return value of zzip_fread is signed + +--- + bins/unzzipcat-mix.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bins/unzzipcat-mix.c b/bins/unzzipcat-mix.c +index e18987d..8f3d0b8 100644 +--- a/bins/unzzipcat-mix.c ++++ b/bins/unzzipcat-mix.c +@@ -34,7 +34,7 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out) + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_fread (buffer, 1, 1024, file))) ++ while (0 < (len = zzip_fread (buffer, 1, 1024, file))) + { + fwrite (buffer, 1, len, out); + } +-- +1.8.3.1 + diff --git a/backport-0006-CVE-2020-18442.patch b/backport-0006-CVE-2020-18442.patch new file mode 100644 index 0000000000000000000000000000000000000000..6b3d30bd4af6667b7c5f9465ea59914b9d8964bf --- /dev/null +++ b/backport-0006-CVE-2020-18442.patch @@ -0,0 +1,34 @@ +From fa1f78abe1b08544061204019016809664f2618c Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 4 Jan 2021 21:53:50 +0100 +Subject: [PATCH 06/35] #68 return value of zzip_entry_fread is signed + +--- + bins/unzzipshow.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bins/unzzipshow.c b/bins/unzzipshow.c +index 9d8c2ed..5672d3b 100644 +--- a/bins/unzzipshow.c ++++ b/bins/unzzipshow.c +@@ -22,7 +22,7 @@ static void zzip_entry_fprint(ZZIP_ENTRY* entry, FILE* out) + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_entry_fread (buffer, 1024, 1, file))) ++ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file))) + fwrite (buffer, len, 1, out); + + zzip_entry_fclose (file); +@@ -35,7 +35,7 @@ static void zzip_cat_file(FILE* disk, char* name, FILE* out) + if (file) + { + char buffer[1024]; int len; +- while ((len = zzip_entry_fread (buffer, 1024, 1, file))) ++ while (0 < (len = zzip_entry_fread (buffer, 1024, 1, file))) + fwrite (buffer, len, 1, out); + + zzip_entry_fclose (file); +-- +1.8.3.1 + diff --git a/backport-0007-CVE-2020-18442.patch b/backport-0007-CVE-2020-18442.patch new file mode 100644 index 0000000000000000000000000000000000000000..20ff5822c9c867bc040efede3e97d2865587237a --- /dev/null +++ b/backport-0007-CVE-2020-18442.patch @@ -0,0 +1,25 @@ +From f7a6fa9f0c29aecb4c2299568ed2e6094c34aca7 Mon Sep 17 00:00:00 2001 +From: Guido Draheim +Date: Mon, 4 Jan 2021 21:55:08 +0100 +Subject: [PATCH 07/35] #68 return value of posix read(2) is signed + +--- + bins/zzipmake-zip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bins/zzipmake-zip.c b/bins/zzipmake-zip.c +index 8e09c31..b37877c 100644 +--- a/bins/zzipmake-zip.c ++++ b/bins/zzipmake-zip.c +@@ -57,7 +57,7 @@ int rezzip_make (int argc, char ** argv) + continue; + } + +- while ((n = read (input, buf, 16))) ++ while (0 < (n = read (input, buf, 16))) + { + zzip_write (output, buf, n); + } +-- +1.8.3.1 + diff --git a/zziplib.spec b/zziplib.spec index c933bd247af3cbacf47a6ad94de6db74f310cac4..f3b80a2c3424337fcfc40b641be7367706a0a474 100644 --- a/zziplib.spec +++ b/zziplib.spec @@ -4,7 +4,7 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool Name: zziplib Version: 0.13.69 -Release: 7 +Release: 8 Summary: Lightweight library for zip compression License: LGPLv2+ or MPLv1.1 URL: http://zziplib.sourceforge.net @@ -14,6 +14,13 @@ Patch6000: CVE-2018-16548-1.patch Patch6001: CVE-2018-16548-2.patch Patch6002: CVE-2018-16548-3.patch Patch6003: CVE-2018-17828.patch +Patch6004: backport-0001-CVE-2020-18442.patch +Patch6005: backport-0002-CVE-2020-18442.patch +Patch6006: backport-0003-CVE-2020-18442.patch +Patch6007: backport-0004-CVE-2020-18442.patch +Patch6008: backport-0005-CVE-2020-18442.patch +Patch6009: backport-0006-CVE-2020-18442.patch +Patch6010: backport-0007-CVE-2020-18442.patch BuildRequires: perl-interpreter python2 python2-rpm-macros zip xmlto BuildRequires: zlib-devel SDL-devel pkgconfig autoconf automake gcc make @@ -52,6 +59,13 @@ This package includes help documentation and manuals related to zziplib. %patch6001 -p1 %patch6002 -p1 %patch6003 -p1 +%patch6004 -p1 +%patch6005 -p1 +%patch6006 -p1 +%patch6007 -p1 +%patch6008 -p1 +%patch6009 -p1 +%patch6010 -p1 find . -name '*.py' | xargs sed -i 's@#! /usr/bin/python@#! %__python2@g;s@#! /usr/bin/env python@#! %__python2@g' @@ -87,6 +101,9 @@ export PYTHON=%__python2 %{_mandir}/man3/* %changelog +- Fri Jun 25 2021 shixuantong - 0.13.36-8 +- fix CVE-2020-18442 + * Fri Nov 13 2020 shixuantong - 0.13.36-7 - Change the installation dependency on the help package from requires to recommends