rpms/gzip/F-12 gzip-1.3.12-cve-2009-2624.patch, NONE, 1.1 gzip-1.3.12-cve-2010-0001.patch, NONE, 1.1 gzip.spec, 1.51, 1.52

[Karel Klíč]

Author: kklic

Update of /cvs/extras/rpms/gzip/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9404

Modified Files:
	gzip.spec 
Added Files:
	gzip-1.3.12-cve-2009-2624.patch 
	gzip-1.3.12-cve-2010-0001.patch 
Log Message:
Fixes for CVE-2009-2624 and CVE-2010-0001

gzip-1.3.12-cve-2009-2624.patch:
 inflate.c |    6 ++++--
 unlzh.c   |    2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

--- NEW FILE gzip-1.3.12-cve-2009-2624.patch ---
diff -up gzip-1.3.12/inflate.c.cve-2009-2624 gzip-1.3.12/inflate.c
--- gzip-1.3.12/inflate.c.cve-2009-2624	2006-12-21 00:30:17.000000000 +0100
+++ gzip-1.3.12/inflate.c	2010-01-14 14:42:14.670374060 +0100
@@ -335,13 +335,15 @@ int *m;                 /* maximum looku
   } while (--i);
   if (c[0] == n)                /* null input--all zero length codes */
   {
-    q = (struct huft *) malloc (2 * sizeof *q);
+    q = (struct huft *) malloc (3 * sizeof *q);
     if (!q)
       return 3;
-    hufts += 2;
+    hufts += 3;
     q[0].v.t = (struct huft *) NULL;
     q[1].e = 99;    /* invalid code marker */
     q[1].b = 1;
+    q[2].e = 99;    /* invalid code marker */
+    q[2].b = 1;
     *t = q + 1;
     *m = 1;
     return 0;
--- gzip-1.3.12/unlzh.c.orig	2010-01-15 09:16:07.417407717 -0500
+++ gzip-1.3.12/unlzh.c	2010-01-15 09:17:05.828404953 -0500
@@ -151,7 +151,7 @@ local void make_table(nchar, bitlen, tab
     for (i = 1; i <= 16; i++)
 	start[i + 1] = start[i] + (count[i] << (16 - i));
     if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
-      error("Bad table (case b)\n"); 
+      gzip_error("Bad table\n"); 
 
     jutbits = 16 - tablebits;
     for (i = 1; i <= (unsigned)tablebits; i++) {

gzip-1.3.12-cve-2010-0001.patch:
 unlzw.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- NEW FILE gzip-1.3.12-cve-2010-0001.patch ---
diff -up gzip-1.3.12/inflate.c.cve-2010-0001 gzip-1.3.12/inflate.c
diff -up gzip-1.3.12/unlzw.c.cve-2010-0001 gzip-1.3.12/unlzw.c
--- gzip-1.3.12/unlzw.c.cve-2010-0001	2006-12-11 19:54:39.000000000 +0100
+++ gzip-1.3.12/unlzw.c	2010-01-14 14:38:58.408250047 +0100
@@ -248,7 +248,8 @@ int unlzw(in, out)
 	int  o;
 
     resetbuf:
-	e = insize-(o = (posbits>>3));
+	o = posbits >> 3;
+	e = o <= insize ? insize - o : 0;
 
 	for (i = 0 ; i < e ; ++i) {
 	    inbuf[i] = inbuf[i+o];


Index: gzip.spec
===================================================================
RCS file: /cvs/extras/rpms/gzip/F-12/gzip.spec,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -p -r1.51 -r1.52
--- gzip.spec	1 Dec 2009 13:53:34 -0000	1.51
+++ gzip.spec	21 Jan 2010 19:27:25 -0000	1.52
@@ -1,7 +1,7 @@
 Summary: The GNU data compression program
 Name: gzip
 Version: 1.3.12
-Release: 13%{?dist}
+Release: 14%{?dist}
 # info pages are under GFDL license
 License: GPLv2 and GFDL
 Group: Applications/File
@@ -19,6 +19,8 @@ Patch17: gzip-1.3.12-futimens.patch
 Patch18: gzip-1.3.12-zdiff.patch
 # Fixed in upstream 1.3.13
 Patch19: gzip-1.3.12-close-stdout.patch
+Patch20: gzip-1.3.12-cve-2009-2624.patch
+Patch21: gzip-1.3.12-cve-2010-0001.patch
 URL: http://www.gzip.org/
 Requires: /sbin/install-info
 Requires: mktemp less
@@ -46,6 +48,8 @@ very commonly used data compression prog
 %patch17 -p1 -b .futimens
 %patch18 -p1 -b .ret
 %patch19 -p1 -b .close-stdout
+%patch20 -p1 -b .cve-2009-2624
+%patch21 -p1 -b .cve-2010-0001
 
 %build
 export DEFS="NO_ASM"
@@ -97,6 +101,10 @@ fi
 %{_infodir}/gzip.info*
 
 %changelog
+* Tue Jan 19 2010 Karel Klic <kklic at redhat.com> - 1.3.12-14
+- Fixed CVE-2009-2624 and CVE-2010-0001
+  Resolves: rhbz#557471
+
 * Mon Nov 30 2009 Karel Klic <kklic at redhat.com> - 1.3.12-13
 - Fixed silent data loss due to unchecked close of stdout (rhbz#514562)