From 4dc4fca2c8bba57d2d256abeb9be5512271a01fc Mon Sep 17 00:00:00 2001
From: Zhao Hang <wb-zh951434@alibaba-inc.com>
Date: Thu, 16 May 2024 15:15:05 +0800
Subject: [PATCH] update to zziplib-0.13.71-11.src.rpm

Signed-off-by: Zhao Hang <wb-zh951434@alibaba-inc.com>
---
 CVE-2020-18770.patch     | 23 +++++++++++++++++++++++
 dist                     |  1 +
 zziplib-0.13.71-sw.patch | 24 ------------------------
 zziplib.spec             | 13 ++++++++++++-
 4 files changed, 36 insertions(+), 25 deletions(-)
 create mode 100644 CVE-2020-18770.patch
 create mode 100644 dist
 delete mode 100644 zziplib-0.13.71-sw.patch

diff --git a/CVE-2020-18770.patch b/CVE-2020-18770.patch
new file mode 100644
index 0000000..9244a6f
--- /dev/null
+++ b/CVE-2020-18770.patch
@@ -0,0 +1,23 @@
+From 803f49aaae16b7f2899e4769afdfc673a21fa9e8 Mon Sep 17 00:00:00 2001
+From: Guido Draheim <guidod@gmx.de>
+Date: Mon, 26 Feb 2024 23:17:12 +0100
+Subject: [PATCH] #69 assert full zzip_file_header
+
+---
+ zzip/mmapped.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/zzip/mmapped.c b/zzip/mmapped.c
+index 2071882..306ba51 100644
+--- a/zzip/mmapped.c
++++ b/zzip/mmapped.c
+@@ -276,7 +276,8 @@ struct zzip_file_header *
+ zzip_disk_entry_to_file_header(ZZIP_DISK * disk, struct zzip_disk_entry *entry)
+ {
+     zzip_byte_t *const ptr = disk->buffer + zzip_disk_entry_fileoffset(entry);
+-    if (disk->buffer > ptr || ptr >= disk->endbuf)
++    zzip_byte_t *const end = ptr + sizeof(struct zzip_file_header);
++    if (disk->buffer > ptr || end >= disk->endbuf || end <= NULL)
+     {
+         errno = EBADMSG;
+         return 0;
diff --git a/dist b/dist
new file mode 100644
index 0000000..9b27344
--- /dev/null
+++ b/dist
@@ -0,0 +1 @@
+an9_4
diff --git a/zziplib-0.13.71-sw.patch b/zziplib-0.13.71-sw.patch
deleted file mode 100644
index 39ecb27..0000000
--- a/zziplib-0.13.71-sw.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff -Nuar zziplib-0.13.71.org/configure zziplib-0.13.71.sw/configure
---- zziplib-0.13.71.org/configure	2023-08-01 16:51:10.648917042 +0800
-+++ zziplib-0.13.71.sw/configure	2023-08-01 16:52:46.743310515 +0800
-@@ -14802,7 +14802,7 @@
-   $as_echo_n "(cached) " >&6
- else
-   if test "$cross_compiling" = "yes"; then
--  case "$host_cpu" in alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
-+  case "$host_cpu" in sw_64*|alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
-     ax_cv_have_aligned_access_required="yes"
-   ;; esac
- else
-diff -Nuar zziplib-0.13.71.org/m4/ax_check_aligned_access_required.m4 zziplib-0.13.71.sw/m4/ax_check_aligned_access_required.m4
---- zziplib-0.13.71.org/m4/ax_check_aligned_access_required.m4	2023-08-01 16:51:10.645916936 +0800
-+++ zziplib-0.13.71.sw/m4/ax_check_aligned_access_required.m4	2023-08-01 16:54:22.015674958 +0800
-@@ -29,7 +29,7 @@
- [AC_CACHE_CHECK([if pointers to integers require aligned access],
-   [ax_cv_have_aligned_access_required],
- [if test "$cross_compiling" = "yes"; then
--  case "$host_cpu" in alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
-+  case "$host_cpu" in sw_64*|alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
-     ax_cv_have_aligned_access_required="yes"
-   ;; esac
- else
diff --git a/zziplib.spec b/zziplib.spec
index 088e291..ba18d9c 100644
--- a/zziplib.spec
+++ b/zziplib.spec
@@ -1,7 +1,7 @@
 Summary: Lightweight library to easily extract data from zip files
 Name: zziplib
 Version: 0.13.71
-Release: 9%{?dist}
+Release: 11%{?dist}
 License: LGPLv2+ or MPLv1.1
 URL: http://zziplib.sourceforge.net/
 #Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz
@@ -15,6 +15,7 @@ Source1: match.py
 Source2: options.py
 
 Patch1: CVE-2020-18442.patch 
+Patch2: CVE-2020-18770.patch
 Patch100: multilib-32.patch
 Patch101: multilib-64.patch
 
@@ -74,6 +75,7 @@ cp %{SOURCE1} docs/zzipdoc/
 cp %{SOURCE2} docs/zzipdoc/
 
 %patch1 -p1
+%patch2 -p1
 
 
 %build
@@ -122,6 +124,15 @@ popd
 %{_mandir}/man3/*
 
 %changelog
+* Wed Feb 28 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.71-11
+- Fix CVE-2020-18770
+  Previous patch was causing segfault
+  Resolves: RHEL-14967
+
+* Wed Jan 24 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.71-10
+- Fix CVE-2020-18770
+  Resolves: RHEL-14967
+
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.13.71-9
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688
-- 
Gitee