packages/zlib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!38 Fix CVE-2023-45853

Browse Source 
From: @li_ning_jie 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2023-10-18 08:06:13 +00:00 committed by Gitee
commit 89245a2c3c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
backport-CVE-2023-45853.patch Normal file
View File

@ -0,0 +1,39 @@
From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001
From: Hans Wennborg <hans@chromium.org>
Date: Fri, 18 Aug 2023 11:05:33 +0200
Subject: [PATCH] Reject overflows of zip header fields in minizip.
This checks the lengths of the file name, extra field, and comment
that would be put in the zip headers, and rejects them if they are
too long. They are each limited to 65535 bytes in length by the zip
format. This also avoids possible buffer overflows if the provided
fields are too long.
---
contrib/minizip/zip.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c
index 3d3d4ca..0446109 100644
--- a/contrib/minizip/zip.c
+++ b/contrib/minizip/zip.c
@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
return ZIP_PARAMERROR;
#endif
+ // The filename and comment length must fit in 16 bits.
+ if ((filename!=NULL) && (strlen(filename)>0xffff))
+ return ZIP_PARAMERROR;
+ if ((comment!=NULL) && (strlen(comment)>0xffff))
+ return ZIP_PARAMERROR;
+ // The extra field length must fit in 16 bits. If the member also requires
+ // a Zip64 extra block, that will also need to fit within that 16-bit
+ // length, but that will be checked for later.
+ if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff))
+ return ZIP_PARAMERROR;
+
zi = (zip64_internal*)file;
if (zi->in_opened_file_inzip == 1)
--
2.41.0.windows.3

6
zlib.spec
View File

@ -1,6 +1,6 @@
Name: zlib Name: zlib
Version: 1.2.13 Version: 1.2.13
Release: 1 Release: 2
Summary: A lossless data-compression library Summary: A lossless data-compression library
License: zlib and Boost License: zlib and Boost
URL: http://www.zlib.net URL: http://www.zlib.net
@ -9,6 +9,7 @@ Source0: http://www.zlib.net/zlib-%{version}.tar.xz
# Patch0 get from fedora # Patch0 get from fedora
Patch6000: backport-zlib-1.2.5-minizip-fixuncrypt.patch Patch6000: backport-zlib-1.2.5-minizip-fixuncrypt.patch
Patch6001: backport-fix-undefined-buffer-detected-by-oss-fuzz.patch Patch6001: backport-fix-undefined-buffer-detected-by-oss-fuzz.patch
Patch6002: backport-CVE-2023-45853.patch
Patch9000: zlib-Optimize-CRC32.patch Patch9000: zlib-Optimize-CRC32.patch
Patch9001: zlib-1.2.11-SIMD.patch Patch9001: zlib-1.2.11-SIMD.patch
@ -112,6 +113,9 @@ make test
%{_libdir}/pkgconfig/minizip.pc %{_libdir}/pkgconfig/minizip.pc
%changelog %changelog
* Tue Oct 17 2023 liningjie <liningjie@xfusion.com> - 1.2.13-2
- DESC:Fix CVE-2023-45853
* Thu Dec 29 2022 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.2.13-1 * Thu Dec 29 2022 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.2.13-1
- update to zlib-1.2.13 - update to zlib-1.2.13
- remove openEuler uncompiled patch : 0005-Accelerate-Adler32-using-arm64-SVE-instructions.patch - remove openEuler uncompiled patch : 0005-Accelerate-Adler32-using-arm64-SVE-instructions.patch