[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/15: gnu: zziplib: Fix CVE-2018-16548.
From: |
guix-commits |
Subject: |
01/15: gnu: zziplib: Fix CVE-2018-16548. |
Date: |
Wed, 4 Mar 2020 05:10:29 -0500 (EST) |
efraim pushed a commit to branch master
in repository guix.
commit 790b66e34fd81cdda246361303072065e6339c97
Author: Efraim Flashner <address@hidden>
AuthorDate: Wed Mar 4 10:15:06 2020 +0200
gnu: zziplib: Fix CVE-2018-16548.
* gnu/packages/compression.scm (zziplib)[replacement]: New field.
(zziplib/fixed): New private variable.
* gnu/packages/patches/zziplib-CVE-2018-16548.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
---
gnu/local.mk | 3 +-
gnu/packages/compression.scm | 8 ++++
gnu/packages/patches/zziplib-CVE-2018-16548.patch | 49 +++++++++++++++++++++++
3 files changed, 59 insertions(+), 1 deletion(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 359ed4b..cbb7d2b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1513,7 +1513,8 @@ dist_patch_DATA =
\
%D%/packages/patches/xsane-fix-pdf-floats.patch \
%D%/packages/patches/xsane-fix-snprintf-buffer-length.patch \
%D%/packages/patches/xsane-support-ipv6.patch \
- %D%/packages/patches/xsane-tighten-default-umask.patch
+ %D%/packages/patches/xsane-tighten-default-umask.patch \
+ %D%/packages/patches/zziplib-CVE-2018-16548.patch
MISC_DISTRO_FILES = \
%D%/packages/ld-wrapper.in \
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index ee10bd0..6463b50 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1584,6 +1584,7 @@ recreates the stored directory structure by default.")
(package
(name "zziplib")
(version "0.13.69")
+ (replacement zziplib/fixed)
(home-page "https://github.com/gdraheim/zziplib")
(source (origin
(method git-fetch)
@@ -1621,6 +1622,13 @@ recreates the stored directory structure by default.")
;; files carry the Zlib license; see "docs/copying.html" for details.
(license (list license:lgpl2.0+ license:mpl1.1))))
+(define zziplib/fixed
+ (package
+ (inherit zziplib)
+ (source (origin
+ (inherit (package-source zziplib))
+ (patches (search-patches "zziplib-CVE-2018-16548.patch"))))))
+
(define-public libzip
(package
(name "libzip")
diff --git a/gnu/packages/patches/zziplib-CVE-2018-16548.patch
b/gnu/packages/patches/zziplib-CVE-2018-16548.patch
new file mode 100644
index 0000000..a17c6a9
--- /dev/null
+++ b/gnu/packages/patches/zziplib-CVE-2018-16548.patch
@@ -0,0 +1,49 @@
+The following 3 patches applied to 0.13.69 in this order, combined:
+https://github.com/gdraheim/zziplib/commit/9411bde3e4a70a81ff3ffd256b71927b2d90dcbb.patch
+https://github.com/gdraheim/zziplib/commit/d2e5d5c53212e54a97ad64b793a4389193fec687.patch
+https://github.com/gdraheim/zziplib/commit/0e1dadb05c1473b9df2d7b8f298dab801778ef99.patch
+
+diff --git a/test/test.zip b/test/test.zip
+index 2c992ea..952d475 100644
+Binary files a/test/test.zip and b/test/test.zip differ
+diff --git a/zzip/zip.c b/zzip/zip.c
+index 14e2e06..f97a40a 100644
+--- a/zzip/zip.c
++++ b/zzip/zip.c
+@@ -472,9 +472,15 @@ __zzip_parse_root_directory(int fd,
+ } else
+ {
+ if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0)
++ {
++ free(hdr0);
+ return ZZIP_DIR_SEEK;
++ }
+ if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent))
++ {
++ free(hdr0);
+ return ZZIP_DIR_READ;
++ }
+ d = &dirent;
+ }
+
+@@ -574,11 +580,18 @@ __zzip_parse_root_directory(int fd,
+
+ if (hdr_return)
+ *hdr_return = hdr0;
++ else
++ {
++ /* If it is not assigned to *hdr_return, it will never be free()'d
*/
++ free(hdr0);
++ }
+ } /* else zero (sane) entries */
++ else
++ free(hdr0);
+ # ifndef ZZIP_ALLOW_MODULO_ENTRIES
+- return (entries != zz_entries ? ZZIP_CORRUPTED : 0);
++ return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
+ # else
+- return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0);
++ return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0;
+ # endif
+ }
+
- branch master updated (cc51c03 -> 12fe38a), guix-commits, 2020/03/04
- 05/15: gnu: vim-neosnippet-snippets: Use copy-build-system., guix-commits, 2020/03/04
- 02/15: gnu: ucd: Use copy-build-system., guix-commits, 2020/03/04
- 04/15: gnu: vim-neocomplete: Use copy-build-system., guix-commits, 2020/03/04
- 06/15: gnu: vim-neosnippet: Use copy-build-system., guix-commits, 2020/03/04
- 03/15: gnu: unicode-cldr-common: Use copy-build-system., guix-commits, 2020/03/04
- 10/15: gnu: vim-fugitive: Use copy-build-system., guix-commits, 2020/03/04
- 08/15: gnu: vim-luna: Use copy-build-system., guix-commits, 2020/03/04
- 09/15: gnu: vim-context-filetype: Use copy-build-system., guix-commits, 2020/03/04
- 07/15: gnu: vim-scheme: Use copy-build-system., guix-commits, 2020/03/04
- 01/15: gnu: zziplib: Fix CVE-2018-16548.,
guix-commits <=
- 12/15: gnu: vim-airline-themes: Use copy-build-system., guix-commits, 2020/03/04
- 15/15: gnu: vim-guix-vim: Use copy-build-system., guix-commits, 2020/03/04
- 11/15: gnu: vim-airline: Use copy-build-system., guix-commits, 2020/03/04
- 13/15: gnu: vim-syntastic: Use copy-build-system., guix-commits, 2020/03/04
- 14/15: gnu: editorconfig-vim: Use copy-build-system., guix-commits, 2020/03/04