gnu: zziplib: Fix CVE-2018-16548.

* gnu/packages/compression.scm (zziplib)[replacement]: New field. (zziplib/fixed): New private variable. * gnu/packages/patches/zziplib-CVE-2018-16548.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it.
2020-03-04 10:15:06 +02:00 · 2020-03-04 10:15:06 +02:00 · 790b66e34f
parent cc51c03ff8
commit 790b66e34f
3 changed files with 59 additions and 1 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -1513,7 +1513,8 @@ dist_patch_DATA =						\
  %D%/packages/patches/xsane-fix-pdf-floats.patch		\
  %D%/packages/patches/xsane-fix-snprintf-buffer-length.patch	\
  %D%/packages/patches/xsane-support-ipv6.patch			\
-  %D%/packages/patches/xsane-tighten-default-umask.patch
+  %D%/packages/patches/xsane-tighten-default-umask.patch	\
+  %D%/packages/patches/zziplib-CVE-2018-16548.patch

 MISC_DISTRO_FILES =				\
  %D%/packages/ld-wrapper.in			\
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@ -1584,6 +1584,7 @@ (define-public zziplib
  (package
    (name "zziplib")
    (version "0.13.69")
+    (replacement zziplib/fixed)
    (home-page "https://github.com/gdraheim/zziplib")
    (source (origin
              (method git-fetch)
@ -1621,6 +1622,13 @@ (define-public zziplib
    ;; files carry the Zlib license; see "docs/copying.html" for details.
    (license (list license:lgpl2.0+ license:mpl1.1))))

+(define zziplib/fixed
+  (package
+    (inherit zziplib)
+    (source (origin
+              (inherit (package-source zziplib))
+              (patches (search-patches "zziplib-CVE-2018-16548.patch"))))))
+
 (define-public libzip
  (package
    (name "libzip")
--- a/gnu/packages/patches/zziplib-CVE-2018-16548.patch
+++ b/gnu/packages/patches/zziplib-CVE-2018-16548.patch
@ -0,0 +1,49 @@
+The following 3 patches applied to 0.13.69 in this order, combined:
+https://github.com/gdraheim/zziplib/commit/9411bde3e4a70a81ff3ffd256b71927b2d90dcbb.patch
+https://github.com/gdraheim/zziplib/commit/d2e5d5c53212e54a97ad64b793a4389193fec687.patch
+https://github.com/gdraheim/zziplib/commit/0e1dadb05c1473b9df2d7b8f298dab801778ef99.patch
+
+diff --git a/test/test.zip b/test/test.zip
+index 2c992ea..952d475 100644
+Binary files a/test/test.zip and b/test/test.zip differ
+diff --git a/zzip/zip.c b/zzip/zip.c
+index 14e2e06..f97a40a 100644
+--- a/zzip/zip.c
+++ b/zzip/zip.c
+@@ -472,9 +472,15 @@ __zzip_parse_root_directory(int fd,
+         } else
+         {
+             if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0)
+	    {
+	    	free(hdr0);
+                 return ZZIP_DIR_SEEK;
+	    }
+             if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent))
+	    {
+	    	free(hdr0);
+                 return ZZIP_DIR_READ;
+	    }
+             d = &dirent;
+         }
+ 
+@@ -574,11 +580,18 @@ __zzip_parse_root_directory(int fd,
+ 
+         if (hdr_return)
+             *hdr_return = hdr0;
+	else
+	{
+	    /* If it is not assigned to *hdr_return, it will never be free()'d */
+	    free(hdr0);
+	}
+     }                           /* else zero (sane) entries */
+    else
+        free(hdr0);
+ #  ifndef ZZIP_ALLOW_MODULO_ENTRIES
+-    return (entries != zz_entries ? ZZIP_CORRUPTED : 0);
+    return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
+ #  else
+-    return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0);
+    return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0;
+ #  endif
+ }
+