From c4f11e850bc089a39741f2e46cf8b4fbeaadc8ff Mon Sep 17 00:00:00 2001
From: Jacob Wang <jacob.wang@openanolis.org>
Date: Wed, 12 Nov 2025 10:44:45 +0800
Subject: [PATCH 1/2] [CVE]update to zziplib-0.13.71-12

to #ID66FJ

update to zziplib-0.13.71-12 for CVE-2018-17828

Project: TC2024080204
Signed-off-by: Jacob Wang <jacob.wang@openanolis.org>
---
 CVE-2018-17828-singlez.patch | 64 ++++++++++++++++++++++++++++++++++++
 CVE-2018-17828.patch         | 22 +++++++++++++
 dist                         |  2 +-
 zziplib-0.13.71-sw.patch     | 24 --------------
 zziplib.spec                 | 16 ++++-----
 5 files changed, 95 insertions(+), 33 deletions(-)
 create mode 100644 CVE-2018-17828-singlez.patch
 create mode 100644 CVE-2018-17828.patch
 delete mode 100644 zziplib-0.13.71-sw.patch

diff --git a/CVE-2018-17828-singlez.patch b/CVE-2018-17828-singlez.patch
new file mode 100644
index 0000000..e45aa4b
--- /dev/null
+++ b/CVE-2018-17828-singlez.patch
@@ -0,0 +1,64 @@
+diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
+index c45cb72..ff564a5 100644
+--- a/bins/unzip-mem.c
++++ b/bins/unzip-mem.c
+@@ -88,12 +88,56 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk,
+     }
+ }
+
++#include <zzip/file.h>
++
++ 
++
++static inline void
++remove_dotdotslash(char *path)
++{
++    /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
++    char *dotdotslash;
++    int warned = 0;
++
++    dotdotslash = path;
++    while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
++    {
++        /*
++         * Remove only if at the beginning of the pathname ("../path/name")
++         * or when preceded by a slash ("path/../name"),
++         * otherwise not ("path../name..")!
++         */
++        if (dotdotslash == path || dotdotslash[-1] == '/')
++        {
++            char *src, *dst;
++            if (!warned)
++            {
++                /* Note: the first time through the pathname is still intact */
++                fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
++                warned = 1;
++            }
++            /* We cannot use strcpy(), as there "The strings may not overlap" */
++            for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
++                ;
++        }
++        else
++            dotdotslash +=3;	/* skip this instance to prevent infinite loop */
++    }
++}
++
+ static void zzip_mem_entry_make(ZZIP_MEM_DISK* disk, 
+ 				ZZIP_MEM_ENTRY* entry)
+ {
+-    FILE* file = fopen (entry->zz_name, "wb");
++    char name_stripped[PATH_MAX+1];
++    FILE* file;
++
++    strncpy(name_stripped, entry->zz_name, PATH_MAX);
++    name_stripped[PATH_MAX]='\0';
++    remove_dotdotslash(name_stripped);
++    
++    file = fopen (name_stripped, "wb");
+-    if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); }
++    if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); return;}
+-    perror (entry->zz_name);
++    perror (name_stripped);
+     if (status < EXIT_WARNINGS) status = EXIT_WARNINGS;
+ }
+ 
diff --git a/CVE-2018-17828.patch b/CVE-2018-17828.patch
new file mode 100644
index 0000000..a2088fb
--- /dev/null
+++ b/CVE-2018-17828.patch
@@ -0,0 +1,22 @@
+From 4967d2254d9d1daf97fd525723c44aa6d2c4b731 Mon Sep 17 00:00:00 2001
+From: Robin Ebert <ebertrobin2002@gmail.com>
+Date: Fri, 5 Nov 2021 22:07:41 +0100
+Subject: [PATCH] Fix bug where the wrong char pointer is used
+
+---
+ bins/unzzip.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bins/unzzip.c b/bins/unzzip.c
+index 0c0b5e58..3f63e722 100644
+--- a/bins/unzzip.c
++++ b/bins/unzzip.c
+@@ -137,7 +137,7 @@ FILE* create_fopen(char* name, char* mode, int subdirs)
+    {
+       char* p = strrchr(name_stripped, '/');
+       if (p) {
+-          char* dir_name = _zzip_strndup(name_stripped, p-name);
++          char* dir_name = _zzip_strndup(name_stripped, p-name_stripped);
+           makedirs(dir_name); 
+           free (dir_name);
+       }
diff --git a/dist b/dist
index 9b27344..89c1faf 100644
--- a/dist
+++ b/dist
@@ -1 +1 @@
-an9_4
+an9
diff --git a/zziplib-0.13.71-sw.patch b/zziplib-0.13.71-sw.patch
deleted file mode 100644
index 39ecb27..0000000
--- a/zziplib-0.13.71-sw.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff -Nuar zziplib-0.13.71.org/configure zziplib-0.13.71.sw/configure
---- zziplib-0.13.71.org/configure	2023-08-01 16:51:10.648917042 +0800
-+++ zziplib-0.13.71.sw/configure	2023-08-01 16:52:46.743310515 +0800
-@@ -14802,7 +14802,7 @@
-   $as_echo_n "(cached) " >&6
- else
-   if test "$cross_compiling" = "yes"; then
--  case "$host_cpu" in alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
-+  case "$host_cpu" in sw_64*|alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
-     ax_cv_have_aligned_access_required="yes"
-   ;; esac
- else
-diff -Nuar zziplib-0.13.71.org/m4/ax_check_aligned_access_required.m4 zziplib-0.13.71.sw/m4/ax_check_aligned_access_required.m4
---- zziplib-0.13.71.org/m4/ax_check_aligned_access_required.m4	2023-08-01 16:51:10.645916936 +0800
-+++ zziplib-0.13.71.sw/m4/ax_check_aligned_access_required.m4	2023-08-01 16:54:22.015674958 +0800
-@@ -29,7 +29,7 @@
- [AC_CACHE_CHECK([if pointers to integers require aligned access],
-   [ax_cv_have_aligned_access_required],
- [if test "$cross_compiling" = "yes"; then
--  case "$host_cpu" in alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
-+  case "$host_cpu" in sw_64*|alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
-     ax_cv_have_aligned_access_required="yes"
-   ;; esac
- else
diff --git a/zziplib.spec b/zziplib.spec
index 5a2414c..e733c46 100644
--- a/zziplib.spec
+++ b/zziplib.spec
@@ -1,9 +1,7 @@
-%define anolis_release .0.1
-
 Summary: Lightweight library to easily extract data from zip files
 Name: zziplib
 Version: 0.13.71
-Release: 11%{?anolis_release}%{?dist}
+Release: 12%{?dist}
 License: LGPLv2+ or MPLv1.1
 URL: http://zziplib.sourceforge.net/
 #Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz
@@ -18,11 +16,11 @@ Source2: options.py
 
 Patch1: CVE-2020-18442.patch 
 Patch2: CVE-2020-18770.patch
+Patch3: CVE-2018-17828-singlez.patch
+Patch4: CVE-2018-17828.patch
 Patch100: multilib-32.patch
 Patch101: multilib-64.patch
 
-Patch1000: zziplib-0.13.71-sw.patch
-
 BuildRequires: make
 BuildRequires:  gcc
 BuildRequires: perl-interpreter
@@ -80,8 +78,9 @@ cp %{SOURCE2} docs/zzipdoc/
 
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
 
-%patch1000 -p1
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
@@ -129,8 +128,9 @@ popd
 %{_mandir}/man3/*
 
 %changelog
-* Fri Nov 15 2024 wxiat <nijie@wxiat.com> - 0.13.71-11.0.1
-- cherry pick `add sw #4a81c729f6935d5698fa3c4fadd8602a3d3fafb5`.
+* Thu Jun 12 2025 Jakub Martisko <jamartis@redhat.com> - 0.13.71-12
+- Fix a directory traversal issue in unzip-mem
+  Resolves: RHEL-6266
 
 * Wed Feb 28 2024 Jakub Martisko <jamartis@redhat.com> - 0.13.71-11
 - Fix CVE-2020-18770
-- 
Gitee


From e7c31b3e2f6c0639791ec10aad94cb7a51b28850 Mon Sep 17 00:00:00 2001
From: wxiat <nijie@wxiat.com>
Date: Tue, 1 Aug 2023 16:56:38 +0800
Subject: [PATCH 2/2] add sw

Signed-off-by: Weisson <Weisson@linux.alibaba.com>
---
 1000-zziplib-0.13.71-sw.patch | 24 ++++++++++++++++++++++++
 zziplib.spec                  | 10 +++++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 1000-zziplib-0.13.71-sw.patch

diff --git a/1000-zziplib-0.13.71-sw.patch b/1000-zziplib-0.13.71-sw.patch
new file mode 100644
index 0000000..39ecb27
--- /dev/null
+++ b/1000-zziplib-0.13.71-sw.patch
@@ -0,0 +1,24 @@
+diff -Nuar zziplib-0.13.71.org/configure zziplib-0.13.71.sw/configure
+--- zziplib-0.13.71.org/configure	2023-08-01 16:51:10.648917042 +0800
++++ zziplib-0.13.71.sw/configure	2023-08-01 16:52:46.743310515 +0800
+@@ -14802,7 +14802,7 @@
+   $as_echo_n "(cached) " >&6
+ else
+   if test "$cross_compiling" = "yes"; then
+-  case "$host_cpu" in alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
++  case "$host_cpu" in sw_64*|alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
+     ax_cv_have_aligned_access_required="yes"
+   ;; esac
+ else
+diff -Nuar zziplib-0.13.71.org/m4/ax_check_aligned_access_required.m4 zziplib-0.13.71.sw/m4/ax_check_aligned_access_required.m4
+--- zziplib-0.13.71.org/m4/ax_check_aligned_access_required.m4	2023-08-01 16:51:10.645916936 +0800
++++ zziplib-0.13.71.sw/m4/ax_check_aligned_access_required.m4	2023-08-01 16:54:22.015674958 +0800
+@@ -29,7 +29,7 @@
+ [AC_CACHE_CHECK([if pointers to integers require aligned access],
+   [ax_cv_have_aligned_access_required],
+ [if test "$cross_compiling" = "yes"; then
+-  case "$host_cpu" in alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
++  case "$host_cpu" in sw_64*|alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
+     ax_cv_have_aligned_access_required="yes"
+   ;; esac
+ else
diff --git a/zziplib.spec b/zziplib.spec
index e733c46..8de5215 100644
--- a/zziplib.spec
+++ b/zziplib.spec
@@ -1,7 +1,9 @@
+%define anolis_release .0.1
+
 Summary: Lightweight library to easily extract data from zip files
 Name: zziplib
 Version: 0.13.71
-Release: 12%{?dist}
+Release: 12%{?anolis_release}%{?dist}
 License: LGPLv2+ or MPLv1.1
 URL: http://zziplib.sourceforge.net/
 #Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz
@@ -21,6 +23,8 @@ Patch4: CVE-2018-17828.patch
 Patch100: multilib-32.patch
 Patch101: multilib-64.patch
 
+Patch1000: 1000-zziplib-0.13.71-sw.patch
+
 BuildRequires: make
 BuildRequires:  gcc
 BuildRequires: perl-interpreter
@@ -81,6 +85,7 @@ cp %{SOURCE2} docs/zzipdoc/
 %patch3 -p1
 %patch4 -p1
 
+%patch1000 -p1
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
@@ -128,6 +133,9 @@ popd
 %{_mandir}/man3/*
 
 %changelog
+* Wed Nov 12 2025 wxiat <nijie@wxiat.com> - 0.13.71-12.0.1
+- cherry pick `add sw #4a81c729f6935d5698fa3c4fadd8602a3d3fafb5`.
+
 * Thu Jun 12 2025 Jakub Martisko <jamartis@redhat.com> - 0.13.71-12
 - Fix a directory traversal issue in unzip-mem
   Resolves: RHEL-6266
-- 
Gitee