From 29ad9cc6df1cd7628f5d3be923002b32a4d317a2 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 5 May 2015 15:15:19 +0200 Subject: libzip: sync with rawhide --- libzip-0.11-php.patch | 67 --------------------------------------- libzip-0.11.2-CVE-2015-2331.patch | 12 +++++++ libzip.spec | 41 ++++++++++++++++++++---- 3 files changed, 46 insertions(+), 74 deletions(-) delete mode 100644 libzip-0.11-php.patch create mode 100644 libzip-0.11.2-CVE-2015-2331.patch diff --git a/libzip-0.11-php.patch b/libzip-0.11-php.patch deleted file mode 100644 index dd12de9..0000000 --- a/libzip-0.11-php.patch +++ /dev/null @@ -1,67 +0,0 @@ -diff -ru libzip-0.11.1.orig/lib/zip_close.c libzip-0.11.1/lib/zip_close.c ---- libzip-0.11.1.orig/lib/zip_close.c 2013-08-08 11:01:26.000000000 +0200 -+++ libzip-0.11.1/lib/zip_close.c 2013-08-08 11:03:07.000000000 +0200 -@@ -596,18 +596,22 @@ - FILE *tfp; - - if (za->tempdir) { -- if ((temp=(char *)malloc(strlen(za->tempdir)+13)) == NULL) { -+ int len = strlen(za->tempdir)+13; -+ -+ if ((temp=(char *)malloc(len)) == NULL) { - _zip_error_set(&za->error, ZIP_ER_MEMORY, 0); - return NULL; - } -- sprintf(temp, "%s/.zip.XXXXXX", za->tempdir); -+ snprintf(temp, len, "%s/.zip.XXXXXX", za->tempdir); - } - else { -- if ((temp=(char *)malloc(strlen(za->zn)+8)) == NULL) { -+ int len = strlen(za->zn)+8; -+ -+ if ((temp=(char *)malloc(len)) == NULL) { - _zip_error_set(&za->error, ZIP_ER_MEMORY, 0); - return NULL; - } -- sprintf(temp, "%s.XXXXXX", za->zn); -+ snprintf(temp, len, "%s.XXXXXX", za->zn); - } - - if ((tfd=mkstemp(temp)) == -1) { -diff -ru libzip-0.11.1.orig/lib/zip_fclose.c libzip-0.11.1/lib/zip_fclose.c ---- libzip-0.11.1.orig/lib/zip_fclose.c 2013-08-08 11:01:26.000000000 +0200 -+++ libzip-0.11.1/lib/zip_fclose.c 2013-08-08 11:06:46.000000000 +0200 -@@ -48,14 +48,15 @@ - if (zf->src) - zip_source_free(zf->src); - -- for (i=0; iza->nfile; i++) { -- if (zf->za->file[i] == zf) { -- zf->za->file[i] = zf->za->file[zf->za->nfile-1]; -- zf->za->nfile--; -- break; -+ if (zf->za) { -+ for (i=0; iza->nfile; i++) { -+ if (zf->za->file[i] == zf) { -+ zf->za->file[i] = zf->za->file[zf->za->nfile-1]; -+ zf->za->nfile--; -+ break; -+ } -+ } - } -- } -- - ret = 0; - if (zf->error.zip_err) - ret = zf->error.zip_err; ---- libzip-0.11.1.orig/lib/zip.h 2013-08-08 11:01:26.000000000 +0200 -+++ libzip-0.11.1/lib/zip.h 2013-08-08 11:19:57.000000000 +0200 -@@ -62,6 +62,8 @@ - #define ZIP_EXCL 2 - #define ZIP_CHECKCONS 4 - #define ZIP_TRUNCATE 8 -+/* PHP use this name, same behavior */ -+#define ZIP_OVERWRITE 8 - - - /* flags for zip_name_locate, zip_fopen, zip_stat, ... */ diff --git a/libzip-0.11.2-CVE-2015-2331.patch b/libzip-0.11.2-CVE-2015-2331.patch new file mode 100644 index 0000000..67d2abc --- /dev/null +++ b/libzip-0.11.2-CVE-2015-2331.patch @@ -0,0 +1,12 @@ +diff -up libzip-0.11.2/lib/zip_dirent.c.CVE-2015-2331 libzip-0.11.2/lib/zip_dirent.c +--- libzip-0.11.2/lib/zip_dirent.c.CVE-2015-2331 2013-11-28 10:57:10.000000000 -0600 ++++ libzip-0.11.2/lib/zip_dirent.c 2015-03-23 07:45:27.486986723 -0500 +@@ -110,7 +110,7 @@ _zip_cdir_new(zip_uint64_t nentry, struc + + if (nentry == 0) + cd->entry = NULL; +- else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) { ++ else if ((nentry > SIZE_MAX/sizeof(*(cd->entry))) || (cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) { + _zip_error_set(error, ZIP_ER_MEMORY, 0); + free(cd); + return NULL; diff --git a/libzip.spec b/libzip.spec index c87ba8b..323d352 100644 --- a/libzip.spec +++ b/libzip.spec @@ -2,23 +2,24 @@ %define multilib_archs x86_64 %{ix86} ppc64 ppc s390x s390 sparc64 sparcv9 Name: libzip -Version: 0.11.1 -Release: 1%{?dist} +Version: 0.11.2 +Release: 5%{?dist} Summary: C library for reading, creating, and modifying zip archives License: BSD URL: http://www.nih.at/libzip/index.html Source0: http://www.nih.at/libzip/libzip-%{version}.tar.xz +# https://bugzilla.redhat.com/show_bug.cgi?id=1204677 +# http://hg.nih.at/libzip/raw-rev/9f11d54f692e +Patch1: libzip-0.11.2-CVE-2015-2331.patch + #BuildRequires: automake libtool BuildRequires: zlib-devel # to handle multiarch headers, ex from mysql-devel package Source1: zipconf.h -# fonctionnal changes from php bundled library -Patch0: libzip-0.11-php.patch - %description libzip is a C library for reading, creating, and modifying zip archives. Files @@ -37,7 +38,7 @@ developing applications that use %{name}. %prep %setup -q -%patch0 -p1 -b .forphp +%patch1 -p1 -b .cve # Avoid lib64 rpaths (FIXME: recheck this on newer releases) %if "%{_libdir}" != "/usr/lib" @@ -72,11 +73,15 @@ ln -s ../%{_lib}/libzip/include/zipconf.h \ %endif +%check +make check + + %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files -%doc AUTHORS NEWS README THANKS TODO +%doc API-CHANGES AUTHORS LICENSE NEWS README THANKS TODO %{_bindir}/zipcmp %{_bindir}/zipmerge %{_bindir}/ziptorrent @@ -94,6 +99,28 @@ ln -s ../%{_lib}/libzip/include/zipconf.h \ %changelog +* Mon Mar 23 2015 Rex Dieter 0.11.2-5 +- actually apply patch (using %%autosetup) + +* Mon Mar 23 2015 Rex Dieter 0.11.2-4 +- CVE-2015-2331: integer overflow when processing ZIP archives (#1204676,#1204677) + +* Sun Aug 17 2014 Fedora Release Engineering - 0.11.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.11.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Dec 19 2013 Remi Collet - 0.11.2-1 +- update to 0.11.2 +- run test during build + +* Thu Oct 24 2013 Remi Collet - 0.11.1-3 +- replace php patch with upstream one + +* Fri Aug 23 2013 Remi Collet - 0.11.1-2 +- include API-CHANGES and LICENSE in package doc + * Thu Aug 08 2013 Remi Collet - 0.11.1-1 - update to 0.11.1 -- cgit