[zlib] - Resolves: #678603 zlib from minizip allowed NULL pointer parameter of function unzGetCurrentFile
Ivana Varekova
varekova at fedoraproject.org
Wed Apr 6 09:12:10 UTC 2011
commit 957d1732f6a25cdc5ccbf3eb69990593ece3ead2
Author: Ivana Hutarova Varekova <varekova at redhat.com>
Date: Wed Apr 6 12:27:12 2011 +0200
- Resolves: #678603
zlib from minizip allowed NULL pointer parameter of function unzGetCurrentFileInfo
minizip-null.patch | 12 ++++++++++++
zlib.spec | 8 +++++++-
2 files changed, 19 insertions(+), 1 deletions(-)
---
diff --git a/minizip-null.patch b/minizip-null.patch
new file mode 100644
index 0000000..bffe207
--- /dev/null
+++ b/minizip-null.patch
@@ -0,0 +1,12 @@
+diff -up zlib-1.2.5/contrib/minizip/unzip.c.pom zlib-1.2.5/contrib/minizip/unzip.c
+--- zlib-1.2.5/contrib/minizip/unzip.c.pom 2010-02-15 12:59:40.000000000 +0100
++++ zlib-1.2.5/contrib/minizip/unzip.c 2011-04-06 12:06:04.000000000 +0200
+@@ -1145,7 +1145,7 @@ extern int ZEXPORT unzGetCurrentFileInfo
+ szFileName,fileNameBufferSize,
+ extraField,extraFieldBufferSize,
+ szComment,commentBufferSize);
+- if (err==UNZ_OK)
++ if (pfile_info && err==UNZ_OK)
+ {
+ pfile_info->version = file_info64.version;
+ pfile_info->version_needed = file_info64.version_needed;
diff --git a/zlib.spec b/zlib.spec
index a14d11d..637f9ba 100644
--- a/zlib.spec
+++ b/zlib.spec
@@ -1,12 +1,13 @@
Summary: The zlib compression and decompression library
Name: zlib
Version: 1.2.5
-Release: 3%{?dist}
+Release: 4%{?dist}
Group: System Environment/Libraries
Source: http://www.zlib.net/zlib-%{version}.tar.bz2
Patch3: zlib-1.2.4-autotools.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=591317
Patch4: zlib-1.2.5-gentoo.patch
+Patch5: minizip-null.patch
URL: http://www.gzip.org/zlib/
# /contrib/dotzlib/ have Boost license
License: zlib and Boost
@@ -60,6 +61,7 @@ developing applications which use minizip.
%setup -q
%patch3 -p1 -b .atools
%patch4 -p1 -b .g
+%patch5 -p1 -b .null
# patch cannot create an empty dir
mkdir contrib/minizip/m4
cp minigzip.c contrib/minizip
@@ -139,6 +141,10 @@ rm -rf ${RPM_BUILD_ROOT}
%{_libdir}/pkgconfig/minizip.pc
%changelog
+* Wed Apr 6 2011 Ivana Hutarova Varekova <varekova at redhat.com> - 1.2.5-4
+- Resolves: #678603
+ zlib from minizip allowed NULL pointer parameter of function unzGetCurrentFileInfo
+
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
More information about the scm-commits
mailing list