rpms/gzip/F-12 gzip-1.3.12-cve-2009-2624.patch, NONE, 1.1 gzip-1.3.12-cve-2010-0001.patch, NONE, 1.1 gzip.spec, 1.51, 1.52
Karel Klíč
kklic at fedoraproject.org
Thu Jan 21 19:27:26 UTC 2010
Author: kklic
Update of /cvs/extras/rpms/gzip/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9404
Modified Files:
gzip.spec
Added Files:
gzip-1.3.12-cve-2009-2624.patch
gzip-1.3.12-cve-2010-0001.patch
Log Message:
Fixes for CVE-2009-2624 and CVE-2010-0001
gzip-1.3.12-cve-2009-2624.patch:
inflate.c | 6 ++++--
unlzh.c | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
--- NEW FILE gzip-1.3.12-cve-2009-2624.patch ---
diff -up gzip-1.3.12/inflate.c.cve-2009-2624 gzip-1.3.12/inflate.c
--- gzip-1.3.12/inflate.c.cve-2009-2624 2006-12-21 00:30:17.000000000 +0100
+++ gzip-1.3.12/inflate.c 2010-01-14 14:42:14.670374060 +0100
@@ -335,13 +335,15 @@ int *m; /* maximum looku
} while (--i);
if (c[0] == n) /* null input--all zero length codes */
{
- q = (struct huft *) malloc (2 * sizeof *q);
+ q = (struct huft *) malloc (3 * sizeof *q);
if (!q)
return 3;
- hufts += 2;
+ hufts += 3;
q[0].v.t = (struct huft *) NULL;
q[1].e = 99; /* invalid code marker */
q[1].b = 1;
+ q[2].e = 99; /* invalid code marker */
+ q[2].b = 1;
*t = q + 1;
*m = 1;
return 0;
--- gzip-1.3.12/unlzh.c.orig 2010-01-15 09:16:07.417407717 -0500
+++ gzip-1.3.12/unlzh.c 2010-01-15 09:17:05.828404953 -0500
@@ -151,7 +151,7 @@ local void make_table(nchar, bitlen, tab
for (i = 1; i <= 16; i++)
start[i + 1] = start[i] + (count[i] << (16 - i));
if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
- error("Bad table (case b)\n");
+ gzip_error("Bad table\n");
jutbits = 16 - tablebits;
for (i = 1; i <= (unsigned)tablebits; i++) {
gzip-1.3.12-cve-2010-0001.patch:
unlzw.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- NEW FILE gzip-1.3.12-cve-2010-0001.patch ---
diff -up gzip-1.3.12/inflate.c.cve-2010-0001 gzip-1.3.12/inflate.c
diff -up gzip-1.3.12/unlzw.c.cve-2010-0001 gzip-1.3.12/unlzw.c
--- gzip-1.3.12/unlzw.c.cve-2010-0001 2006-12-11 19:54:39.000000000 +0100
+++ gzip-1.3.12/unlzw.c 2010-01-14 14:38:58.408250047 +0100
@@ -248,7 +248,8 @@ int unlzw(in, out)
int o;
resetbuf:
- e = insize-(o = (posbits>>3));
+ o = posbits >> 3;
+ e = o <= insize ? insize - o : 0;
for (i = 0 ; i < e ; ++i) {
inbuf[i] = inbuf[i+o];
Index: gzip.spec
===================================================================
RCS file: /cvs/extras/rpms/gzip/F-12/gzip.spec,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -p -r1.51 -r1.52
--- gzip.spec 1 Dec 2009 13:53:34 -0000 1.51
+++ gzip.spec 21 Jan 2010 19:27:25 -0000 1.52
@@ -1,7 +1,7 @@
Summary: The GNU data compression program
Name: gzip
Version: 1.3.12
-Release: 13%{?dist}
+Release: 14%{?dist}
# info pages are under GFDL license
License: GPLv2 and GFDL
Group: Applications/File
@@ -19,6 +19,8 @@ Patch17: gzip-1.3.12-futimens.patch
Patch18: gzip-1.3.12-zdiff.patch
# Fixed in upstream 1.3.13
Patch19: gzip-1.3.12-close-stdout.patch
+Patch20: gzip-1.3.12-cve-2009-2624.patch
+Patch21: gzip-1.3.12-cve-2010-0001.patch
URL: http://www.gzip.org/
Requires: /sbin/install-info
Requires: mktemp less
@@ -46,6 +48,8 @@ very commonly used data compression prog
%patch17 -p1 -b .futimens
%patch18 -p1 -b .ret
%patch19 -p1 -b .close-stdout
+%patch20 -p1 -b .cve-2009-2624
+%patch21 -p1 -b .cve-2010-0001
%build
export DEFS="NO_ASM"
@@ -97,6 +101,10 @@ fi
%{_infodir}/gzip.info*
%changelog
+* Tue Jan 19 2010 Karel Klic <kklic at redhat.com> - 1.3.12-14
+- Fixed CVE-2009-2624 and CVE-2010-0001
+ Resolves: rhbz#557471
+
* Mon Nov 30 2009 Karel Klic <kklic at redhat.com> - 1.3.12-13
- Fixed silent data loss due to unchecked close of stdout (rhbz#514562)
More information about the scm-commits
mailing list