[packages/libzip] - fix CVE-2015-2331

draenog draenog at pld-linux.org
Fri Apr 24 20:58:41 CEST 2015 

commit 6800feff4d62454c624b65828b4745c730a5845c
Author: Kacper Kornet <draenog at pld-linux.org>
Date:   Fri Apr 24 19:57:56 2015 +0100

    - fix CVE-2015-2331

 libzip-CVE-2015-2331.patch | 17 +++++++++++++++++
 libzip.spec                |  4 +++-
 2 files changed, 20 insertions(+), 1 deletion(-)
---
diff --git a/libzip.spec b/libzip.spec
index 52e0807..95f326c 100644
--- a/libzip.spec
+++ b/libzip.spec
@@ -2,11 +2,12 @@ Summary:	C library for reading, creating, and modifying zip archives
 Summary(pl.UTF-8):	Biblioteka C do odczytu, zapisu i modyfikacji archiwów zip
 Name:		libzip
 Version:	0.11.2
-Release:	2
+Release:	3
 License:	BSD
 Group:		Libraries
 Source0:	http://www.nih.at/libzip/%{name}-%{version}.tar.xz
 # Source0-md5:	44c99b67dca34707b5728e5f8434fe91
+Patch0:		%{name}-CVE-2015-2331.patch
 URL:		http://www.nih.at/libzip/
 BuildRequires:	autoconf >= 2.57
 BuildRequires:	automake
@@ -55,6 +56,7 @@ Statyczna biblioteka libzip.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %{__libtoolize}
diff --git a/libzip-CVE-2015-2331.patch b/libzip-CVE-2015-2331.patch
new file mode 100644
index 0000000..6aa8943
--- /dev/null
+++ b/libzip-CVE-2015-2331.patch
@@ -0,0 +1,17 @@
+changeset:   1718:9f11d54f692e
+user:        Thomas Klausner <tk at giga.or.at>
+date:        Sat Mar 21 12:28:42 2015 +0100
+summary:     Avoid integer overflow. Addresses CVE-2015-2331.
+
+diff -r fa78ab51417f -r 9f11d54f692e lib/zip_dirent.c
+--- a/lib/zip_dirent.c	Wed Mar 11 18:17:53 2015 +0100
++++ b/lib/zip_dirent.c	Sat Mar 21 12:28:42 2015 +0100
+@@ -105,7 +105,7 @@
+ 
+     if (nentry == 0)
+ 	cd->entry = NULL;
+-    else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
++    else if ((nentry > SIZE_MAX/sizeof(*(cd->entry))) || (cd->entry=(struct zip_entry_t *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
+ 	_zip_error_set(error, ZIP_ER_MEMORY, 0);
+ 	free(cd);
+ 	return NULL;
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/libzip.git/commitdiff/6800feff4d62454c624b65828b4745c730a5845c

More information about the pld-cvs-commit mailing list