From aaefae12da010bf5f2aaf9ce9848a45b33a0194d Mon Sep 17 00:00:00 2001
From: Bolehu <heyaohua@xfusion.com>
Date: Mon, 12 Jun 2023 08:16:40 +0800
Subject: [PATCH] Use after free when fseeko fails

Signed-off-by: Bolehu <heyaohua@xfusion.com>
---
 ...ort-Use-after-free-when-fseeko-fails.patch | 26 +++++++++++++++++++
 libzip.spec                                   |  6 ++++-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 backport-Use-after-free-when-fseeko-fails.patch

diff --git a/backport-Use-after-free-when-fseeko-fails.patch b/backport-Use-after-free-when-fseeko-fails.patch
new file mode 100644
index 0000000..e886c3a
--- /dev/null
+++ b/backport-Use-after-free-when-fseeko-fails.patch
@@ -0,0 +1,26 @@
+From 32028b567b09cea9d61e0b4cdc79e43b8b19093a Mon Sep 17 00:00:00 2001
+From: Giovanni <561184+wargio@users.noreply.github.com>
+Date: Fri, 10 Sep 2021 23:53:36 +0200
+Subject: [PATCH] Use after free when fseeko fails
+
+In _zip_stdio_op_create_temp_output_cloning when fseeko fails the temp
+value gets freed but then the freed pointer is assigned to ctx->tmpname.
+---
+ lib/zip_source_file_stdio_named.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/zip_source_file_stdio_named.c b/lib/zip_source_file_stdio_named.c
+index 5387c766..8027e738 100644
+--- a/lib/zip_source_file_stdio_named.c
++++ b/lib/zip_source_file_stdio_named.c
+@@ -255,6 +255,7 @@ _zip_stdio_op_create_temp_output_cloning(zip_source_file_context_t *ctx, zip_uin
+         (void)remove(temp);
+         free(temp);
+         zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, errno);
++        return -1;
+     }
+ 
+     ctx->fout = tfp;
+-- 
+2.36.1
+
diff --git a/libzip.spec b/libzip.spec
index 5e3bf84..417c487 100644
--- a/libzip.spec
+++ b/libzip.spec
@@ -1,6 +1,6 @@
 Name:                  libzip
 Version:               1.8.0
-Release:               4
+Release:               5
 Summary:               A C library for reading, creating, and modifying zip archives
 License:               BSD
 URL:                   https://libzip.org/
@@ -8,6 +8,7 @@ Source0:               https://libzip.org/download/libzip-%{version}.tar.xz
 
 Patch6000:             backport-Return-false-instead-of-1.patch
 Patch6001:             backport-fix-install-destination-of-executables-for-iOS-tvOS-.patch
+Patch6002:             backport-Use-after-free-when-fseeko-fails.patch
 
 BuildRequires:         gcc zlib-devel bzip2-devel openssl-devel cmake 
 BuildRequires:         perl-interpreter perl(Cwd) perl(File::Copy) perl(File::Path) perl(Getopt::Long)
@@ -75,6 +76,9 @@ make test
 
 
 %changelog
+* Sun Aug 6 2023 Bolehu <heyaohua@xfusion.com> - 1.8.0-5
+- Use after free when fseeko fails
+
 * Tue Aug 1 2023 Bolehu <heyaohua@xfusion.com> - 1.8.0-4
 - fix install destination of executables for iOS/tvOS/watchOS
 
-- 
Gitee