Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2018-09-20 11:39:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zziplib" Thu Sep 20 11:39:26 2018 rev:31 rq:634660 version:0.13.69 Changes: -------- --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-03-26 12:01:11.518866901 +0200 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-09-20 11:39:36.932921486 +0200 @@ -1,0 +2,7 @@ +Fri Sep 7 11:51:45 UTC 2018 - [email protected] + +- Avoid memory leak from __zzip_parse_root_directory(). + Free allocated structure if its address is not passed back. + [bsc#1107424, CVE-2018-16548, CVE-2018-16548.patch] + +------------------------------------------------------------------- New: ---- CVE-2018-16548.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zziplib.spec ++++++ --- /var/tmp/diff_new_pack.xkR3pA/_old 2018-09-20 11:39:38.620920494 +0200 +++ /var/tmp/diff_new_pack.xkR3pA/_new 2018-09-20 11:39:38.620920494 +0200 @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,9 +21,8 @@ Version: 0.13.69 Release: 0 Summary: ZIP Compression Library -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ -# License: LGPL-2.1-or-later Url: http://zziplib.sourceforge.net Source0: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source2: baselibs.conf @@ -32,6 +31,7 @@ Patch2: zziplib-largefile.patch Patch3: CVE-2018-7726.patch Patch4: CVE-2018-7725.patch +Patch5: CVE-2018-16548.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -70,6 +70,7 @@ %patch2 %patch3 -p1 %patch4 -p1 +%patch5 -p1 # do not bother with html docs saving us python2 dependency sed -i -e 's:docs ::g' Makefile.am ++++++ CVE-2018-16548.patch ++++++ Index: zziplib-0.13.69/zzip/zip.c =================================================================== --- zziplib-0.13.69.orig/zzip/zip.c +++ zziplib-0.13.69/zzip/zip.c @@ -477,9 +477,15 @@ __zzip_parse_root_directory(int fd, } else { if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0) + { + free(hdr0); return ZZIP_DIR_SEEK; + } if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent)) + { + free(hdr0); return ZZIP_DIR_READ; + } d = &dirent; } @@ -579,11 +585,18 @@ __zzip_parse_root_directory(int fd, if (hdr_return) *hdr_return = hdr0; + else + { + /* If it is not assigned to *hdr_return, it will never be free()'d */ + free(hdr0); + } } /* else zero (sane) entries */ + else + free(hdr0); # ifndef ZZIP_ALLOW_MODULO_ENTRIES - return (entries != zz_entries ? ZZIP_CORRUPTED : 0); + return (entries != zz_entries) ? ZZIP_CORRUPTED : 0; # else - return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0); + return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0; # endif }
