rpms/gzip/F-13 gzip-1.3.13-crc-error.patch, NONE, 1.1 gzip.spec, 1.53, 1.54

Karel Klíč kklic at fedoraproject.org
Mon Jun 28 14:44:52 UTC 2010 

Author: kklic

Update of /cvs/extras/rpms/gzip/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv28542

Modified Files:
	gzip.spec 
Added Files:
	gzip-1.3.13-crc-error.patch 
Log Message:
Added a patch to fix CRC error on valid file

gzip-1.3.13-crc-error.patch:
 inflate.c          |    2 +-
 tests/memcpy-abuse |    1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

--- NEW FILE gzip-1.3.13-crc-error.patch ---
>From b9e94c93df914bd1d9eec9f150b2e4e00702ae7b Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering at redhat.com>
Date: Sun, 10 Jan 2010 19:53:10 +0000
Subject: gzip -d would fail with a CRC error...

...for some inputs, and some memcpy implementations.  It is possible
that an offending input has to be compressed "from FAT filesystem
(MS-DOS, OS/2, NT)", since the sole reproducer no longer evokes a
CRC error when uncompressed and recompressed on a GNU/Linux system.
Also, using an unpatched reverse-memcpy-gzip on over 100,000 inputs
on a GNU/Linux system did not turn up another reproducer.
* inflate.c (inflate_codes): Don't call memcpy with overlapping regions.
Properly detect when source and destination overlap.
* tests/memcpy-abuse: New test, to trigger misbehavior.
* Makefile.am (TESTS): Add it.
* NEWS (Bug fixes): Mention it.
Reported by Alain Magloire in
http://thread.gmane.org/gmane.comp.gnu.gzip.bugs/307
---
diff --git a/inflate.c b/inflate.c
index affab37..5b68314 100644
--- a/inflate.c
+++ b/inflate.c
@@ -589,7 +589,7 @@ int bl, bd;             /* number of bits decoded by tl[] and td[] */
       do {
         n -= (e = (e = WSIZE - ((d &= WSIZE-1) > w ? d : w)) > n ? n : e);
 #if !defined(NOMEMCPY) && !defined(DEBUG)
-        if (w - d >= e)         /* (this test assumes unsigned comparison) */
+        if (d < w && w - d >= e)
         {
           memcpy(slide + w, slide + d, e);
           w += e;
diff --git a/tests/memcpy-abuse b/tests/memcpy-abuse
new file mode 100755
index 0000000..8f2abd5
--
cgit v0.8.2.1


Index: gzip.spec
===================================================================
RCS file: /cvs/extras/rpms/gzip/F-13/gzip.spec,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -p -r1.53 -r1.54
--- gzip.spec	22 Feb 2010 15:54:07 -0000	1.53
+++ gzip.spec	28 Jun 2010 14:44:51 -0000	1.54
@@ -1,7 +1,7 @@
 Summary: The GNU data compression program
 Name: gzip
 Version: 1.3.13
-Release: 3%{?dist}
+Release: 4%{?dist}
 # info pages are under GFDL license
 License: GPLv3+ and GFDL
 Group: Applications/File
@@ -21,6 +21,9 @@ Patch10: gzip-1.3.12-cve-2010-0001.patch
 # Fixed in upstream code.
 # http://thread.gmane.org/gmane.comp.gnu.gzip.bugs/378
 Patch11: gzip-1.3.13-noemptysuffix.patch
+# Fixed in upstream code.
+# http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=b9e94c93df914bd1d9eec9f150b2e4e00702ae7b
+Patch12: gzip-1.3.13-crc-error.patch
 URL: http://www.gzip.org/
 Requires: /sbin/install-info
 Requires: mktemp less
@@ -48,6 +51,7 @@ very commonly used data compression prog
 %patch9 -p1 -b .ret
 %patch10 -p1 -b .cve-2010-0001
 %patch11 -p1 -b .noemptysuffix
+%patch12 -p1 -b .crc-error
 
 %build
 export DEFS="NO_ASM"
@@ -99,6 +103,9 @@ fi
 %{_infodir}/gzip.info*
 
 %changelog
+* Mon Jun 28 2010 Karel Klic <kklic at redhat.com> - 1.3.13-4
+- Added a patch to fix CRC error on valid file (rhbz#588644)
+
 * Mon Feb 22 2010 Karel Klic <kklic at redhat.com> - 1.3.13-3
 - Added a patch to disallow -S '' parameter (noemptysuffix)

More information about the scm-commits mailing list