Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2018-02-16 21:40:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zziplib" Fri Feb 16 21:40:46 2018 rev:27 rq:577013 version:0.13.67 Changes: -------- --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-02-09 15:45:22.196079635 +0100 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-02-16 21:40:49.431415249 +0100 @@ -1,0 +2,13 @@ +Wed Feb 14 13:36:43 UTC 2018 - [email protected] + +- Changed %license to %doc in SPEC file. + +------------------------------------------------------------------- +Mon Feb 12 16:14:31 UTC 2018 - [email protected] + +- If the size of the central directory is too big, reject + the file. + Then, if loading the ZIP file fails, display an error message. + [CVE-2018-6542.patch, CVE-2018-6542, bsc#1079094] + +------------------------------------------------------------------- New: ---- CVE-2018-6542.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zziplib.spec ++++++ --- /var/tmp/diff_new_pack.BTuyQg/_old 2018-02-16 21:40:50.451378465 +0100 +++ /var/tmp/diff_new_pack.BTuyQg/_new 2018-02-16 21:40:50.455378321 +0100 @@ -32,6 +32,7 @@ Patch3: CVE-2018-6381.patch Patch4: CVE-2018-6484.patch Patch5: CVE-2018-6540.patch +Patch6: CVE-2018-6542.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: fdupes @@ -72,6 +73,7 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 # do not bother with html docs saving us python2 dependency sed -i -e 's:docs ::g' Makefile.am @@ -94,7 +96,7 @@ %postun -n %{lname} -p /sbin/ldconfig %files -n %{lname} -%license COPYING.LIB +%doc COPYING.LIB %{_libdir}/libzzip*.so.* %files devel ++++++ CVE-2018-6542.patch ++++++ Index: zziplib-0.13.67/zzip/mmapped.c =================================================================== --- zziplib-0.13.67.orig/zzip/mmapped.c +++ zziplib-0.13.67/zzip/mmapped.c @@ -413,16 +413,19 @@ zzip_disk_findfirst(ZZIP_DISK * disk) for (; p >= disk->buffer; p--) { zzip_byte_t *root; /* (struct zzip_disk_entry*) */ + zzip_size_t rootsize; /* Size of root central directory */ + if (zzip_disk_trailer_check_magic(p)) { struct zzip_disk_trailer *trailer = (struct zzip_disk_trailer *) p; zzip_size_t rootseek = zzip_disk_trailer_get_rootseek(trailer); + rootsize = zzip_disk_trailer_get_rootsize(trailer); + root = disk->buffer + rootseek; DBG2("disk rootseek at %lli", (long long)rootseek); if (root > p) { /* the first disk_entry is after the disk_trailer? can't be! */ - zzip_size_t rootsize = zzip_disk_trailer_get_rootsize(trailer); DBG2("have rootsize at %lli", (long long)rootsize); if (disk->buffer + rootsize > p) continue; @@ -441,6 +444,7 @@ zzip_disk_findfirst(ZZIP_DISK * disk) return 0; } zzip_size_t rootseek = zzip_disk64_trailer_get_rootseek(trailer); + rootsize = zzip_disk64_trailer_get_rootsize(trailer); DBG2("disk64 rootseek at %lli", (long long)rootseek); root = disk->buffer + rootseek; if (root > p) @@ -457,7 +461,7 @@ zzip_disk_findfirst(ZZIP_DISK * disk) errno = EBADMSG; return 0; } - if (root >= disk->endbuf) + if (root >= disk->endbuf || (root + rootsize) >= disk->endbuf) { DBG1("root behind endbuf should be impossible"); errno = EBADMSG; Index: zziplib-0.13.67/zzip/memdisk.c =================================================================== --- zziplib-0.13.67.orig/zzip/memdisk.c +++ zziplib-0.13.67/zzip/memdisk.c @@ -143,6 +143,7 @@ zzip_mem_disk_load(ZZIP_MEM_DISK * dir, zzip_mem_disk_unload(dir); ___ long count = 0; ___ struct zzip_disk_entry *entry = zzip_disk_findfirst(disk); + if (!entry) goto error; for (; entry; entry = zzip_disk_findnext(disk, entry)) { ZZIP_MEM_ENTRY *item = zzip_mem_entry_new(disk, entry);
