Summary: Lightweight library to easily extract data from zip files Name: zziplib Version: 0.13.62 Release: 12%{?dist} License: LGPLv2+ or MPLv1.1 Group: Applications/Archiving URL: http://zziplib.sourceforge.net/ Source: http://switch.dl.sourceforge.net/project/zziplib/zziplib13/%{version}/zziplib-%{version}.tar.bz2 Patch0: zziplib-0.13.59-multilib.patch Patch1: 0001-fix-CVE-2018-7725.patch Patch2: 0001-fix-CVE-2018-7726.patch Patch3: 0001-fix-CVE-2018-7727.patch Patch4: CVE-2018-16548.part1.patch Patch5: CVE-2018-16548.part2.patch Patch6: CVE-2018-16548.part3.patch Patch7: CVE-2018-6541.patch Patch8: CVE-2018-17828-singlez.patch BuildRequires: perl BuildRequires: python BuildRequires: zip BuildRequires: xmlto BuildRequires: zlib-devel BuildRequires: SDL-devel BuildRequires: pkgconfig #BuildRequires: autoconf #BuildRequires: automake %description The zziplib library is intentionally lightweight, it offers the ability to easily extract data from files archived in a single zip file. Applications can bundle files into a single zip archive and access them. The implementation is based only on the (free) subset of compression with the zlib algorithm which is actually used by the zip/unzip tools. %package utils Summary: Utilities for the zziplib library Group: Applications/Archiving Requires: %{name}%{?_isa} = %{version}-%{release} %description utils The zziplib library is intentionally lightweight, it offers the ability to easily extract data from files archived in a single zip file. Applications can bundle files into a single zip archive and access them. The implementation is based only on the (free) subset of compression with the zlib algorithm which is actually used by the zip/unzip tools. This packages contains all the utilities that come with the zziplib library. %package devel Summary: Development files for the zziplib library Group: Development/Libraries Requires: %{name}%{?_isa} = %{version}-%{release} Requires: pkgconfig Requires: zlib-devel Requires: SDL-devel %description devel The zziplib library is intentionally lightweight, it offers the ability to easily extract data from files archived in a single zip file. Applications can bundle files into a single zip archive and access them. The implementation is based only on the (free) subset of compression with the zlib algorithm which is actually used by the zip/unzip tools. This package contains files required to build applications that will use the zziplib library. %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 # Save the common patched _config.h file to overwrite the generated one cp -a zzip/_config.h _config.h %build export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" %configure \ --disable-static \ --enable-sdl \ --enable-frame-pointer # Remove rpath on 64bit archs sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' */libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool %{__make} %{?_smp_mflags} %install make install DESTDIR=%{buildroot} # Overwrite the platform specific _config.h with our own modified common one rm -f %{buildroot}%{_includedir}/zzip/_config.h install -p -m 0644 _config.h %{buildroot}%{_includedir}/zzip/_config.h %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files %doc docs/COPYING* ChangeLog README TODO %{_libdir}/*.so.* %files utils %{_bindir}/* %files devel %doc docs/README.SDL docs/*.htm %{_includedir}/* %exclude %{_libdir}/*.la %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc %{_datadir}/aclocal/*.m4 %{_mandir}/man3/* %changelog * Thu Oct 24 2019 Jakub Martisko - 0.13.62-12 - Fix a directory traversal bug - unzip-mem should now strip all "../" prefixes from the archived files - Resolves: CVE-2018-17828 * Thu Feb 28 2019 Jakub Martisko - 0.13.62-11 - Fix CVE-2018-6541 - Part of the original patch has already been applied in the past (CVE-2018-7726), so the bug should not be reproducible in a way described in the github issue, even without this commit. Applying the rest of the original patch anyway. - https://github.com/gdraheim/zziplib/issues/16 - Related: CVE-2018-6541 * Thu Feb 28 2019 Jakub Martisko - 0.13.62-10 - Fix CVE-2018-16548 - Resolves: CVE-2018-16548 * Wed Jun 20 2018 Jakub Martisko - 0.13.62-9 - Fix covscan warning - "Variable "file" going out of scope leaks the storage it points to." has been introduced by the original version of 0001-fix-CVE-2018-7725.patch - Related: 1558596 * Thu Jun 14 2018 Jakub Martisko - 0.13.62-8 - Fix CVE-2018-7727 - Resolves: 1558891 * Wed Jun 13 2018 Jakub Martisko - 0.13.62-7 - Fix CVE-2018-7726 - Resolves: 1558623 * Wed Jun 13 2018 Jakub Martisko - 0.13.62-6 - Fix CVE-2018-7725 - Resolves: 1558596 * Fri Jan 24 2014 Daniel Mach - 0.13.62-5 - Mass rebuild 2014-01-24 * Fri Dec 27 2013 Daniel Mach - 0.13.62-4 - Mass rebuild 2013-12-27 * Thu Jul 4 2013 Michal Luscon 0.13.62-3 - Fix source address * Wed Jan 30 2013 Jindrich Novy 0.13.62-2 - rebuild with -fno-strict-aliasing * Wed Oct 10 2012 Matthias Saou 0.13.62-1 - Update to 0.13.62. - Remove no longer needed -Wl patch. * Sun Jul 22 2012 Fedora Release Engineering - 0.13.60-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Mar 8 2012 Tom Callaway - 0.13.60-1 - update to 0.13.60 * Sat Jan 14 2012 Fedora Release Engineering - 0.13.59-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Tue Feb 08 2011 Fedora Release Engineering - 0.13.59-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Thu Dec 9 2010 Hans de Goede 0.13.59-2 - Fix broken zzip/_config.h which causes apps using zziplib to fail to compile * Sat Dec 4 2010 Matthias Saou 0.13.59-1 - Update to 0.13.59. - Remove no longer needed 'open' patch. - Rebase the multilib patch, still required. - Re-enable _smp_mflags, build works again with it apparently. * Mon Jul 27 2009 Fedora Release Engineering - 0.13.49-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Feb 25 2009 Fedora Release Engineering - 0.13.49-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Mon Dec 22 2008 Matthias Saou 0.13.49-6 - Patch _config.h to make it identical for 32bit and 64bit archs (#343521). * Tue Feb 19 2008 Fedora Release Engineering - Autorebuild for GCC 4.3 * Wed Aug 8 2007 Matthias Saou 0.13.49-4 - Include patch to fix fd.open calls with recent glibc. - Disable _smp_mflags since the docs fail to build. * Fri Aug 3 2007 Matthias Saou 0.13.49-3 - Update License field. * Tue Jun 19 2007 Matthias Saou 0.13.49-2 - Disable static lib build instead of excluding it later. - Remove rpath on 64bit archs. - Switch to using DESTDIR install method. * Mon Mar 26 2007 Matthias Saou 0.13.49-1 - Update to 0.13.49 to fix CVE-2007-1614 (rhbz #233700). - Include new man3 pages to the devel sub-package. * Mon Aug 28 2006 Matthias Saou 0.13.47-1 - Update to 0.13.47. - FC6 rebuild. * Mon Jul 24 2006 Matthias Saou 0.13.45-3 - Split off -utils sub-package (#199467). Could have been plain "zzip"? - Have sub-packages require exact release too. - Build require automake to make the aclocal-1.9 check happy. - Use --enable-frame-pointer otherwise -g gets removed from the CFLAGS. * Mon Mar 6 2006 Matthias Saou 0.13.45-2 - FC5 rebuild. * Thu Feb 9 2006 Matthias Saou 0.13.45-1 - Update to 0.13.45. - Exclude static library. * Sun May 22 2005 Jeremy Katz - 0.13.38-2 - rebuild on all arches * Tue Apr 5 2005 Matthias Saou 0.13.38-1 - Update to 0.13.38, fixes gcc4 compile issues (Adrian Reber). * Tue Nov 16 2004 Matthias Saou 0.13.36-2 - Bump release to provide Extras upgrade path. * Tue Jun 8 2004 Matthias Saou 0.13.36-1 - Initial RPM release.