Page MenuHomeSolus
Differential D882

Update libzip to 1.3.0 + fix CVE-2017-12858 and CVE-2017-14107
ClosedPublic
Actions

Authored by kyrios123 on Aug 26 2017, 7:04 PM.
Tags
Referenced Files
F11073080: D882.id1988.diff
Sat, Aug 12, 3:49 AM
F11073079: D882.id2059.diff
Sat, Aug 12, 3:49 AM
F11073078: D882.id2161.diff
Sat, Aug 12, 3:49 AM
F11054305: D882.diff
Fri, Aug 11, 12:38 AM
F11038518: D882.id1988.diff
Wed, Aug 9, 11:01 PM
F10988986: D882.id1988.diff
Mon, Jul 24, 1:12 PM
F10951333: D882.id2059.diff
Sun, Jul 16, 11:08 AM
F10944000: D882.id.diff
Fri, Jul 14, 10:01 PM
View All 19 Files
Subscribers
Requires Rebuilds

Details

Reviewers
ikey
Group Reviewers
Triage Team
Maniphest Tasks
T2912: Update libzip to 1.2.0
Commits
R1951:2801adf70e1e: Update libzip to 1.3.0 + fix CVE-2017-12858 and CVE-2017-14107
Summary
  • Support bzip2 compressed zip archives
  • Improve file progress callback code
  • Fix zip_fdopen()
  • CVE-2017-12858: Fix double free().
  • CVE-2017-14107: Improve EOCD64 parsing.
  • Support for AES encryption (Winzip version), both encryption and decryption.
  • Support legacy zip files with >64k entries.
  • Fix seeking in zip_source_file if start > 0.
  • Add zip_fseek() for seeking in uncompressed data.
  • Add zip_ftell() for telling position in uncompressed data.
  • Add zip_register_progress_callback() for UI updates during zip_close()

Invalidates T2912.

Packaging:

  • Add: make check
  • dependencies: add bzip2, remove zlib

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan

ziptool testbuffer.zip add teststring.txt \"This is a test.\n\"`

Diff Detail

Repository
R1951 libzip
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kyrios123 created this revision.Aug 26 2017, 7:04 PM
Herald added a reviewer: Triage Team. · View Herald TranscriptAug 26 2017, 7:04 PM
kyrios123 updated this revision to Diff 1988.Aug 29 2017, 2:17 PM
kyrios123 retitled this revision from Update libzip to 1.2.0 to Update libzip to 1.2.0 + patch for CVE-2017-12858.
kyrios123 edited the summary of this revision. (Show Details)
kyrios123 added a project: Restricted Project.

Fix high severity CVE-2017-12858

kyrios123 updated this revision to Diff 2058.Sep 2 2017, 7:27 PM
kyrios123 retitled this revision from Update libzip to 1.2.0 + patch for CVE-2017-12858 to Update libzip to 1.3.0 + fix CVE-2017-12858 and CVE-2017-14107.
kyrios123 edited the summary of this revision. (Show Details)

bump to 1.3.0

also address CVE-2017-14107

kyrios123 updated this revision to Diff 2059.Sep 2 2017, 7:28 PM

you have seen NOTHING ! ;-)

ikey accepted this revision.Sep 11 2017, 1:34 PM
ikey added a subscriber: Requires Rebuilds.
This revision is now accepted and ready to land.Sep 11 2017, 1:34 PM
Closed by commit R1951:2801adf70e1e: Update libzip to 1.3.0 + fix CVE-2017-12858 and CVE-2017-14107 (authored by kyrios123, committed by ikey). · Explain WhySep 11 2017, 1:34 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
198 lines
1 line
10 lines
16 lines

Diff 2161

View Options

abi_symbols

Loading...
View Options

abi_used_libs

Loading...
View Options

package.yml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.