[mingw-libzip] Fix CVE-2015-2331

Sandro Mani smani at fedoraproject.org
Mon Mar 23 16:19:53 UTC 2015 

commit b0a2cb5c8ab796dfaf94e174092a47edbb9ebe31
Author: Sandro Mani <manisandro at gmail.com>
Date:   Mon Mar 23 17:19:50 2015 +0100

    Fix CVE-2015-2331

 libzip-0.11.2-CVE-2015-2331.patch | 12 ++++++++++++
 mingw-libzip.spec                 | 10 +++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)
---
diff --git a/libzip-0.11.2-CVE-2015-2331.patch b/libzip-0.11.2-CVE-2015-2331.patch
new file mode 100644
index 0000000..44aeb5a
--- /dev/null
+++ b/libzip-0.11.2-CVE-2015-2331.patch
@@ -0,0 +1,12 @@
+diff -up libzip-0.11.2/lib/zip_dirent.c.CVE-2015-2331 libzip-0.11.2/lib/zip_dirent.c
+--- libzip-0.11.2/lib/zip_dirent.c.CVE-2015-2331	2013-11-28 10:57:10.000000000 -0600
++++ libzip-0.11.2/lib/zip_dirent.c	2015-03-23 07:45:27.486986723 -0500
+@@ -110,7 +110,7 @@ _zip_cdir_new(zip_uint64_t nentry, struc
+ 
+     if (nentry == 0)
+ 	cd->entry = NULL;
+-    else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
++    else if ((nentry > SIZE_MAX/sizeof(*(cd->entry))) || (cd->entry=(zip_entry_t *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
+ 	_zip_error_set(error, ZIP_ER_MEMORY, 0);
+ 	free(cd);
+ 	return NULL;
diff --git a/mingw-libzip.spec b/mingw-libzip.spec
index 93ec60c..b7490de 100644
--- a/mingw-libzip.spec
+++ b/mingw-libzip.spec
@@ -4,7 +4,7 @@
 
 Name:           mingw-%{pkgname}
 Version:        0.11.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        C library for reading, creating, and modifying zip archives
 
 License:        BSD
@@ -12,6 +12,10 @@ BuildArch:      noarch
 URL:            http://www.nih.at/libzip/index.html
 Source0:        http://www.nih.at/libzip/%{pkgname}-%{version}.tar.xz
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=1204677
+# http://hg.nih.at/libzip/raw-rev/9f11d54f692e
+Patch0: libzip-0.11.2-CVE-2015-2331.patch
+
 BuildRequires:  mingw32-filesystem >= 95
 BuildRequires:  mingw32-gcc
 BuildRequires:  mingw32-binutils
@@ -55,6 +59,7 @@ The API is documented by man pages.
 
 %prep
 %setup -q -n %{pkgname}-%{version}
+%patch0 -p1
 
 
 %build
@@ -101,6 +106,9 @@ ln -s %{mingw64_libdir}/libzip/include/zipconf.h %{buildroot}%{mingw64_includedi
 
 
 %changelog
+* Mon Mar 23 2015 Sandro Mani <manisandro at gmail.com> - 0.11.2-3
+- CVE-2015-2331: integer overflow when processing ZIP archives (#1204676,#1204677)
+
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.11.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

More information about the scm-commits mailing list