summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--libzip-0.11-php.patch67
-rw-r--r--libzip-0.11.2-CVE-2015-2331.patch12
-rw-r--r--libzip.spec41
3 files changed, 46 insertions, 74 deletions
diff --git a/libzip-0.11-php.patch b/libzip-0.11-php.patch
deleted file mode 100644
index dd12de9..0000000
--- a/libzip-0.11-php.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-diff -ru libzip-0.11.1.orig/lib/zip_close.c libzip-0.11.1/lib/zip_close.c
---- libzip-0.11.1.orig/lib/zip_close.c 2013-08-08 11:01:26.000000000 +0200
-+++ libzip-0.11.1/lib/zip_close.c 2013-08-08 11:03:07.000000000 +0200
-@@ -596,18 +596,22 @@
- FILE *tfp;
-
- if (za->tempdir) {
-- if ((temp=(char *)malloc(strlen(za->tempdir)+13)) == NULL) {
-+ int len = strlen(za->tempdir)+13;
-+
-+ if ((temp=(char *)malloc(len)) == NULL) {
- _zip_error_set(&za->error, ZIP_ER_MEMORY, 0);
- return NULL;
- }
-- sprintf(temp, "%s/.zip.XXXXXX", za->tempdir);
-+ snprintf(temp, len, "%s/.zip.XXXXXX", za->tempdir);
- }
- else {
-- if ((temp=(char *)malloc(strlen(za->zn)+8)) == NULL) {
-+ int len = strlen(za->zn)+8;
-+
-+ if ((temp=(char *)malloc(len)) == NULL) {
- _zip_error_set(&za->error, ZIP_ER_MEMORY, 0);
- return NULL;
- }
-- sprintf(temp, "%s.XXXXXX", za->zn);
-+ snprintf(temp, len, "%s.XXXXXX", za->zn);
- }
-
- if ((tfd=mkstemp(temp)) == -1) {
-diff -ru libzip-0.11.1.orig/lib/zip_fclose.c libzip-0.11.1/lib/zip_fclose.c
---- libzip-0.11.1.orig/lib/zip_fclose.c 2013-08-08 11:01:26.000000000 +0200
-+++ libzip-0.11.1/lib/zip_fclose.c 2013-08-08 11:06:46.000000000 +0200
-@@ -48,14 +48,15 @@
- if (zf->src)
- zip_source_free(zf->src);
-
-- for (i=0; i<zf->za->nfile; i++) {
-- if (zf->za->file[i] == zf) {
-- zf->za->file[i] = zf->za->file[zf->za->nfile-1];
-- zf->za->nfile--;
-- break;
-+ if (zf->za) {
-+ for (i=0; i<zf->za->nfile; i++) {
-+ if (zf->za->file[i] == zf) {
-+ zf->za->file[i] = zf->za->file[zf->za->nfile-1];
-+ zf->za->nfile--;
-+ break;
-+ }
-+ }
- }
-- }
--
- ret = 0;
- if (zf->error.zip_err)
- ret = zf->error.zip_err;
---- libzip-0.11.1.orig/lib/zip.h 2013-08-08 11:01:26.000000000 +0200
-+++ libzip-0.11.1/lib/zip.h 2013-08-08 11:19:57.000000000 +0200
-@@ -62,6 +62,8 @@
- #define ZIP_EXCL 2
- #define ZIP_CHECKCONS 4
- #define ZIP_TRUNCATE 8
-+/* PHP use this name, same behavior */
-+#define ZIP_OVERWRITE 8
-
-
- /* flags for zip_name_locate, zip_fopen, zip_stat, ... */
diff --git a/libzip-0.11.2-CVE-2015-2331.patch b/libzip-0.11.2-CVE-2015-2331.patch
new file mode 100644
index 0000000..67d2abc
--- /dev/null
+++ b/libzip-0.11.2-CVE-2015-2331.patch
@@ -0,0 +1,12 @@
+diff -up libzip-0.11.2/lib/zip_dirent.c.CVE-2015-2331 libzip-0.11.2/lib/zip_dirent.c
+--- libzip-0.11.2/lib/zip_dirent.c.CVE-2015-2331 2013-11-28 10:57:10.000000000 -0600
++++ libzip-0.11.2/lib/zip_dirent.c 2015-03-23 07:45:27.486986723 -0500
+@@ -110,7 +110,7 @@ _zip_cdir_new(zip_uint64_t nentry, struc
+
+ if (nentry == 0)
+ cd->entry = NULL;
+- else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
++ else if ((nentry > SIZE_MAX/sizeof(*(cd->entry))) || (cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
+ _zip_error_set(error, ZIP_ER_MEMORY, 0);
+ free(cd);
+ return NULL;
diff --git a/libzip.spec b/libzip.spec
index c87ba8b..323d352 100644
--- a/libzip.spec
+++ b/libzip.spec
@@ -2,23 +2,24 @@
%define multilib_archs x86_64 %{ix86} ppc64 ppc s390x s390 sparc64 sparcv9
Name: libzip
-Version: 0.11.1
-Release: 1%{?dist}
+Version: 0.11.2
+Release: 5%{?dist}
Summary: C library for reading, creating, and modifying zip archives
License: BSD
URL: http://www.nih.at/libzip/index.html
Source0: http://www.nih.at/libzip/libzip-%{version}.tar.xz
+# https://bugzilla.redhat.com/show_bug.cgi?id=1204677
+# http://hg.nih.at/libzip/raw-rev/9f11d54f692e
+Patch1: libzip-0.11.2-CVE-2015-2331.patch
+
#BuildRequires: automake libtool
BuildRequires: zlib-devel
# to handle multiarch headers, ex from mysql-devel package
Source1: zipconf.h
-# fonctionnal changes from php bundled library
-Patch0: libzip-0.11-php.patch
-
%description
libzip is a C library for reading, creating, and modifying zip archives. Files
@@ -37,7 +38,7 @@ developing applications that use %{name}.
%prep
%setup -q
-%patch0 -p1 -b .forphp
+%patch1 -p1 -b .cve
# Avoid lib64 rpaths (FIXME: recheck this on newer releases)
%if "%{_libdir}" != "/usr/lib"
@@ -72,11 +73,15 @@ ln -s ../%{_lib}/libzip/include/zipconf.h \
%endif
+%check
+make check
+
+
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
-%doc AUTHORS NEWS README THANKS TODO
+%doc API-CHANGES AUTHORS LICENSE NEWS README THANKS TODO
%{_bindir}/zipcmp
%{_bindir}/zipmerge
%{_bindir}/ziptorrent
@@ -94,6 +99,28 @@ ln -s ../%{_lib}/libzip/include/zipconf.h \
%changelog
+* Mon Mar 23 2015 Rex Dieter <rdieter@fedoraproject.org> 0.11.2-5
+- actually apply patch (using %%autosetup)
+
+* Mon Mar 23 2015 Rex Dieter <rdieter@fedoraproject.org> 0.11.2-4
+- CVE-2015-2331: integer overflow when processing ZIP archives (#1204676,#1204677)
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.11.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Thu Dec 19 2013 Remi Collet <remi@fedoraproject.org> - 0.11.2-1
+- update to 0.11.2
+- run test during build
+
+* Thu Oct 24 2013 Remi Collet <remi@fedoraproject.org> - 0.11.1-3
+- replace php patch with upstream one
+
+* Fri Aug 23 2013 Remi Collet <remi@fedoraproject.org> - 0.11.1-2
+- include API-CHANGES and LICENSE in package doc
+
* Thu Aug 08 2013 Remi Collet <remi@fedoraproject.org> - 0.11.1-1
- update to 0.11.1