Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2019-12-16 17:26:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new.4691 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "zziplib" Mon Dec 16 17:26:27 2019 rev:35 rq:756875 version:0.13.69 Changes: -------- --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2019-10-30 14:42:21.449833842 +0100 +++ /work/SRC/openSUSE:Factory/.zziplib.new.4691/zziplib.changes 2019-12-16 17:26:30.155956935 +0100 @@ -1,0 +2,9 @@ +Fri Dec 13 12:28:30 UTC 2019 - Josef Möllers <[email protected]> + +- Make an unconditional error message conditional by checking + the return value of a function call. + Also removed an unwanted debug output. + [bsc#154002, bsc1154002-prevent-unnecessary-perror.patch, + CVE-2018-7725.patch] + +------------------------------------------------------------------- New: ---- bsc1154002-prevent-unnecessary-perror.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ zziplib.spec ++++++ --- /var/tmp/diff_new_pack.solnFj/_old 2019-12-16 17:26:30.959956613 +0100 +++ /var/tmp/diff_new_pack.solnFj/_new 2019-12-16 17:26:30.963956611 +0100 @@ -34,6 +34,7 @@ Patch5: CVE-2018-16548.patch Patch6: CVE-2018-17828.patch Patch7: bsc1129403-prevent-division-by-zero.patch +Patch8: bsc1154002-prevent-unnecessary-perror.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -75,6 +76,7 @@ %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 # do not bother with html docs saving us python2 dependency sed -i -e 's:docs ::g' Makefile.am ++++++ CVE-2018-7725.patch ++++++ --- /var/tmp/diff_new_pack.solnFj/_old 2019-12-16 17:26:30.987956601 +0100 +++ /var/tmp/diff_new_pack.solnFj/_new 2019-12-16 17:26:30.987956601 +0100 @@ -17,6 +17,14 @@ * If the file is uncompressed, zz_csize and zz_usize should be the same * If they are not, we cannot guarantee that either is correct, so ... */ +@@ -521,7 +529,6 @@ zzip_mem_entry_fopen(ZZIP_MEM_DISK * dir + file->zlib.avail_in = zzip_mem_entry_csize(entry); + file->zlib.next_in = zzip_mem_entry_to_data(entry); + +- debug2("compressed size %i", (int) file->zlib.avail_in); + if (file->zlib.next_in + file->zlib.avail_in >= file->endbuf) + goto error; + if (file->zlib.next_in < file->buffer) Index: zziplib-0.13.69/zzip/zip.c =================================================================== --- zziplib-0.13.69.orig/zzip/zip.c ++++++ bsc1154002-prevent-unnecessary-perror.patch ++++++ Index: zziplib-0.13.69/bins/unzip-mem.c =================================================================== --- zziplib-0.13.69.orig/bins/unzip-mem.c +++ zziplib-0.13.69/bins/unzip-mem.c @@ -93,7 +93,7 @@ static void zzip_mem_entry_make(ZZIP_MEM { FILE* file = fopen (entry->zz_name, "wb"); if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); } - perror (entry->zz_name); + else perror (entry->zz_name); if (status < EXIT_WARNINGS) status = EXIT_WARNINGS; }
