[mingw-libzip] Fix CVE-2015-2331
Sandro Mani
smani at fedoraproject.org
Mon Mar 23 16:19:53 UTC 2015
commit b0a2cb5c8ab796dfaf94e174092a47edbb9ebe31
Author: Sandro Mani <manisandro at gmail.com>
Date: Mon Mar 23 17:19:50 2015 +0100
Fix CVE-2015-2331
libzip-0.11.2-CVE-2015-2331.patch | 12 ++++++++++++
mingw-libzip.spec | 10 +++++++++-
2 files changed, 21 insertions(+), 1 deletion(-)
---
diff --git a/libzip-0.11.2-CVE-2015-2331.patch b/libzip-0.11.2-CVE-2015-2331.patch
new file mode 100644
index 0000000..44aeb5a
--- /dev/null
+++ b/libzip-0.11.2-CVE-2015-2331.patch
@@ -0,0 +1,12 @@
+diff -up libzip-0.11.2/lib/zip_dirent.c.CVE-2015-2331 libzip-0.11.2/lib/zip_dirent.c
+--- libzip-0.11.2/lib/zip_dirent.c.CVE-2015-2331 2013-11-28 10:57:10.000000000 -0600
++++ libzip-0.11.2/lib/zip_dirent.c 2015-03-23 07:45:27.486986723 -0500
+@@ -110,7 +110,7 @@ _zip_cdir_new(zip_uint64_t nentry, struc
+
+ if (nentry == 0)
+ cd->entry = NULL;
+- else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
++ else if ((nentry > SIZE_MAX/sizeof(*(cd->entry))) || (cd->entry=(zip_entry_t *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
+ _zip_error_set(error, ZIP_ER_MEMORY, 0);
+ free(cd);
+ return NULL;
diff --git a/mingw-libzip.spec b/mingw-libzip.spec
index 93ec60c..b7490de 100644
--- a/mingw-libzip.spec
+++ b/mingw-libzip.spec
@@ -4,7 +4,7 @@
Name: mingw-%{pkgname}
Version: 0.11.2
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: C library for reading, creating, and modifying zip archives
License: BSD
@@ -12,6 +12,10 @@ BuildArch: noarch
URL: http://www.nih.at/libzip/index.html
Source0: http://www.nih.at/libzip/%{pkgname}-%{version}.tar.xz
+# https://bugzilla.redhat.com/show_bug.cgi?id=1204677
+# http://hg.nih.at/libzip/raw-rev/9f11d54f692e
+Patch0: libzip-0.11.2-CVE-2015-2331.patch
+
BuildRequires: mingw32-filesystem >= 95
BuildRequires: mingw32-gcc
BuildRequires: mingw32-binutils
@@ -55,6 +59,7 @@ The API is documented by man pages.
%prep
%setup -q -n %{pkgname}-%{version}
+%patch0 -p1
%build
@@ -101,6 +106,9 @@ ln -s %{mingw64_libdir}/libzip/include/zipconf.h %{buildroot}%{mingw64_includedi
%changelog
+* Mon Mar 23 2015 Sandro Mani <manisandro at gmail.com> - 0.11.2-3
+- CVE-2015-2331: integer overflow when processing ZIP archives (#1204676,#1204677)
+
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.11.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
More information about the scm-commits
mailing list