mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2025-01-19 22:16:32 +01:00
gnu: zziplib: Fix CVE-2018-16548.
* gnu/packages/compression.scm (zziplib)[replacement]: New field. (zziplib/fixed): New private variable. * gnu/packages/patches/zziplib-CVE-2018-16548.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it.
This commit is contained in:
parent
cc51c03ff8
commit
790b66e34f
3 changed files with 59 additions and 1 deletions
|
@ -1513,7 +1513,8 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/xsane-fix-pdf-floats.patch \
|
||||
%D%/packages/patches/xsane-fix-snprintf-buffer-length.patch \
|
||||
%D%/packages/patches/xsane-support-ipv6.patch \
|
||||
%D%/packages/patches/xsane-tighten-default-umask.patch
|
||||
%D%/packages/patches/xsane-tighten-default-umask.patch \
|
||||
%D%/packages/patches/zziplib-CVE-2018-16548.patch
|
||||
|
||||
MISC_DISTRO_FILES = \
|
||||
%D%/packages/ld-wrapper.in \
|
||||
|
|
|
@ -1584,6 +1584,7 @@ (define-public zziplib
|
|||
(package
|
||||
(name "zziplib")
|
||||
(version "0.13.69")
|
||||
(replacement zziplib/fixed)
|
||||
(home-page "https://github.com/gdraheim/zziplib")
|
||||
(source (origin
|
||||
(method git-fetch)
|
||||
|
@ -1621,6 +1622,13 @@ (define-public zziplib
|
|||
;; files carry the Zlib license; see "docs/copying.html" for details.
|
||||
(license (list license:lgpl2.0+ license:mpl1.1))))
|
||||
|
||||
(define zziplib/fixed
|
||||
(package
|
||||
(inherit zziplib)
|
||||
(source (origin
|
||||
(inherit (package-source zziplib))
|
||||
(patches (search-patches "zziplib-CVE-2018-16548.patch"))))))
|
||||
|
||||
(define-public libzip
|
||||
(package
|
||||
(name "libzip")
|
||||
|
|
49
gnu/packages/patches/zziplib-CVE-2018-16548.patch
Normal file
49
gnu/packages/patches/zziplib-CVE-2018-16548.patch
Normal file
|
@ -0,0 +1,49 @@
|
|||
The following 3 patches applied to 0.13.69 in this order, combined:
|
||||
https://github.com/gdraheim/zziplib/commit/9411bde3e4a70a81ff3ffd256b71927b2d90dcbb.patch
|
||||
https://github.com/gdraheim/zziplib/commit/d2e5d5c53212e54a97ad64b793a4389193fec687.patch
|
||||
https://github.com/gdraheim/zziplib/commit/0e1dadb05c1473b9df2d7b8f298dab801778ef99.patch
|
||||
|
||||
diff --git a/test/test.zip b/test/test.zip
|
||||
index 2c992ea..952d475 100644
|
||||
Binary files a/test/test.zip and b/test/test.zip differ
|
||||
diff --git a/zzip/zip.c b/zzip/zip.c
|
||||
index 14e2e06..f97a40a 100644
|
||||
--- a/zzip/zip.c
|
||||
+++ b/zzip/zip.c
|
||||
@@ -472,9 +472,15 @@ __zzip_parse_root_directory(int fd,
|
||||
} else
|
||||
{
|
||||
if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0)
|
||||
+ {
|
||||
+ free(hdr0);
|
||||
return ZZIP_DIR_SEEK;
|
||||
+ }
|
||||
if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent))
|
||||
+ {
|
||||
+ free(hdr0);
|
||||
return ZZIP_DIR_READ;
|
||||
+ }
|
||||
d = &dirent;
|
||||
}
|
||||
|
||||
@@ -574,11 +580,18 @@ __zzip_parse_root_directory(int fd,
|
||||
|
||||
if (hdr_return)
|
||||
*hdr_return = hdr0;
|
||||
+ else
|
||||
+ {
|
||||
+ /* If it is not assigned to *hdr_return, it will never be free()'d */
|
||||
+ free(hdr0);
|
||||
+ }
|
||||
} /* else zero (sane) entries */
|
||||
+ else
|
||||
+ free(hdr0);
|
||||
# ifndef ZZIP_ALLOW_MODULO_ENTRIES
|
||||
- return (entries != zz_entries ? ZZIP_CORRUPTED : 0);
|
||||
+ return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
|
||||
# else
|
||||
- return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0);
|
||||
+ return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0;
|
||||
# endif
|
||||
}
|
||||
|
Loading…
Reference in a new issue