From 00c9327ad4292ee5c2e06c44a73c9909072e86aa Mon Sep 17 00:00:00 2001
From: baiguo <baiguo@kylinos.cn>
Date: Fri, 9 Aug 2024 15:48:44 +0800
Subject: [PATCH] fix CVE-2024-39134

---
 backport-0008-fix-CVE-2024-39134.patch | 45 ++++++++++++++++++++++++++
 zziplib.spec                           |  7 +++-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 backport-0008-fix-CVE-2024-39134.patch

diff --git a/backport-0008-fix-CVE-2024-39134.patch b/backport-0008-fix-CVE-2024-39134.patch
new file mode 100644
index 0000000..24d6bb1
--- /dev/null
+++ b/backport-0008-fix-CVE-2024-39134.patch
@@ -0,0 +1,45 @@
+From 2a84ae73e93b0c1f4f12f2c58104f8327d10e41b Mon Sep 17 00:00:00 2001
+From: vlefebvre <valentin.lefebvre@suse.com>
+Date: Wed, 7 Aug 2024 11:10:05 +0200
+Subject: [PATCH] fetch_disk_trailer: Don't truncate the size verif
+Reference:https://github.com/gdraheim/zziplib/commit/2a84ae73e93b0c1f4f12f2c58104f8327d10e41b
+
+* We must check if the tail obtained have the size of the zzip_disk_trailer
+  struct. end - tail should be at least >= of the size but not size - 2.
+  Where truncated by 2 was good for pre-C99 compilers.
+* Fix gdraheim#165
+
+---
+ zzip/zip.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/zzip/zip.c b/zzip/zip.c
+index 66a6e50..70c59ec 100644
+--- a/zzip/zip.c
++++ b/zzip/zip.c
+@@ -293,7 +293,7 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
+             for (tail = end - 1; (tail >= mapped); tail--)
+             {
+                 if ((*tail == 'P') &&   /* quick pre-check for trailer magic */
+-                    end - tail >= __sizeof(struct zzip_disk_trailer) - 2 &&
++                    end - tail >= __sizeof(struct zzip_disk_trailer) &&
+                     zzip_disk_trailer_check_magic(tail))
+                 {
+ #                  ifndef ZZIP_DISK64_TRAILER
+@@ -329,10 +329,9 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
+ 		    if (trailer->zz_rootseek >= filesize || (trailer->zz_rootseek + trailer->zz_rootsize) >= filesize)
+ 		        return(ZZIP_CORRUPTED);
+                     { return(0); }
+-                } else if ((*tail == 'P') &&
+-                           end - tail >=
+-                           __sizeof(struct zzip_disk64_trailer) - 2
+-                           && zzip_disk64_trailer_check_magic(tail))
++	        }
++	        else if ((*tail == 'P') && end - tail >= __sizeof(struct zzip_disk64_trailer) &&
++			zzip_disk64_trailer_check_magic(tail))
+                 {
+ #                  ifndef ZZIP_DISK64_TRAILER
+                     return (ZZIP_DIR_LARGEFILE);
+-- 
+2.27.0
+
diff --git a/zziplib.spec b/zziplib.spec
index 0c9406f..625e794 100644
--- a/zziplib.spec
+++ b/zziplib.spec
@@ -4,7 +4,7 @@ sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 
 Name:            zziplib
 Version:         0.13.71
-Release:         5
+Release:         6
 Summary:         Lightweight library for zip compression
 License:         LGPLv2+ or MPLv1.1
 URL:             http://zziplib.sourceforge.net
@@ -19,6 +19,7 @@ Patch6005:       backport-0006-CVE-2020-18442.patch
 Patch6006:       backport-0007-CVE-2020-18442.patch
 Patch6007:       zziplib-0.13.71-sw.patch
 Patch6008:	 backport-CVE-2020-18770.patch
+Patch6009:       backport-0008-fix-CVE-2024-39134.patch
 
 BuildRequires:   perl-interpreter  zip xmlto
 BuildRequires:   zlib-devel SDL-devel pkgconfig autoconf automake gcc make
@@ -62,6 +63,7 @@ sed -i -e 's:docs ::g' Makefile.am
 %patch6006 -p1
 %patch6007 -p1
 %patch6008 -p1
+%patch6009 -p1
 
 %build
 %configure --disable-static --enable-sdl --enable-frame-pointer --enable-builddir=_builddir
@@ -95,6 +97,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_mandir}/man3/*
 
 %changelog
+* Fri Aug 9 2024 baiguo <baiguo@kylinos.cn> - 0.13.71-6
+- fix CVE-2024-39134 
+
 * Wed Sep 27 2023 licihua <licihua@huawei.com> - 0.13.71-5
 - fix CVE-2020-18770
 
-- 
Gitee