guix-devel/gnu/packages/patches/zziplib-CVE-2017-5981.patch

Fix CVE-2017-5981:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5981

Patch copied from Debian.
Index: zziplib-0.13.62/zzip/fseeko.c
===================================================================
--- zziplib-0.13.62.orig/zzip/fseeko.c
+++ zziplib-0.13.62/zzip/fseeko.c
@@ -311,7 +311,8 @@ zzip_entry_findfirst(FILE * disk)
             } else
                 continue;
 
-            assert(0 <= root && root < mapsize);
+	    if (root < 0 || root >= mapsize)
+	        goto error;
             if (fseeko(disk, root, SEEK_SET) == -1)
                 goto error;
             if (fread(disk_(entry), 1, sizeof(*disk_(entry)), disk)
gnu: zziplib: Fix CVE-2017-{5974,5975,5976,5978,5979,5981}. * gnu/packages/patches/zziplib-CVE-2017-5974.patch, gnu/packages/patches/zziplib-CVE-2017-5975.patch, gnu/packages/patches/zziplib-CVE-2017-5976.patch, gnu/packages/patches/zziplib-CVE-2017-5978.patch, gnu/packages/patches/zziplib-CVE-2017-5979.patch, gnu/packages/patches/zziplib-CVE-2017-5981.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/zip.scm (zziplib)[source]: Use them. 2017-06-14 22:34:10 +02:00			`Fix CVE-2017-5981:`

			`https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5981`

			`Patch copied from Debian.`
			`Index: zziplib-0.13.62/zzip/fseeko.c`
			`===================================================================`
			`--- zziplib-0.13.62.orig/zzip/fseeko.c`
			`+++ zziplib-0.13.62/zzip/fseeko.c`
			`@@ -311,7 +311,8 @@ zzip_entry_findfirst(FILE * disk)`
			`} else`
			`continue;`

			`- assert(0 <= root && root < mapsize);`
			`+ if (root < 0 \|\| root >= mapsize)`
			`+ goto error;`
			`if (fseeko(disk, root, SEEK_SET) == -1)`
			`goto error;`
			`if (fread(disk_(entry), 1, sizeof(*disk_(entry)), disk)`