[zlib] - Resolves: #678603 zlib from minizip allowed NULL pointer parameter of function unzGetCurrentFile

Ivana Varekova varekova at fedoraproject.org
Wed Apr 6 09:12:10 UTC 2011 

commit 957d1732f6a25cdc5ccbf3eb69990593ece3ead2
Author: Ivana Hutarova Varekova <varekova at redhat.com>
Date:   Wed Apr 6 12:27:12 2011 +0200

    - Resolves: #678603
      zlib from minizip allowed NULL pointer parameter of function unzGetCurrentFileInfo

 minizip-null.patch |   12 ++++++++++++
 zlib.spec          |    8 +++++++-
 2 files changed, 19 insertions(+), 1 deletions(-)
---
diff --git a/minizip-null.patch b/minizip-null.patch
new file mode 100644
index 0000000..bffe207
--- /dev/null
+++ b/minizip-null.patch
@@ -0,0 +1,12 @@
+diff -up zlib-1.2.5/contrib/minizip/unzip.c.pom zlib-1.2.5/contrib/minizip/unzip.c
+--- zlib-1.2.5/contrib/minizip/unzip.c.pom	2010-02-15 12:59:40.000000000 +0100
++++ zlib-1.2.5/contrib/minizip/unzip.c	2011-04-06 12:06:04.000000000 +0200
+@@ -1145,7 +1145,7 @@ extern int ZEXPORT unzGetCurrentFileInfo
+                                                 szFileName,fileNameBufferSize,
+                                                 extraField,extraFieldBufferSize,
+                                                 szComment,commentBufferSize);
+-    if (err==UNZ_OK)
++    if (pfile_info && err==UNZ_OK)
+     {
+         pfile_info->version = file_info64.version;
+         pfile_info->version_needed = file_info64.version_needed;
diff --git a/zlib.spec b/zlib.spec
index a14d11d..637f9ba 100644
--- a/zlib.spec
+++ b/zlib.spec
@@ -1,12 +1,13 @@
 Summary: The zlib compression and decompression library
 Name: zlib
 Version: 1.2.5
-Release: 3%{?dist}
+Release: 4%{?dist}
 Group: System Environment/Libraries
 Source: http://www.zlib.net/zlib-%{version}.tar.bz2
 Patch3: zlib-1.2.4-autotools.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=591317
 Patch4: zlib-1.2.5-gentoo.patch
+Patch5: minizip-null.patch
 URL: http://www.gzip.org/zlib/
 # /contrib/dotzlib/ have Boost license
 License: zlib and Boost
@@ -60,6 +61,7 @@ developing applications which use minizip.
 %setup -q
 %patch3 -p1 -b .atools
 %patch4 -p1 -b .g
+%patch5 -p1 -b .null
 # patch cannot create an empty dir
 mkdir contrib/minizip/m4
 cp minigzip.c contrib/minizip
@@ -139,6 +141,10 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_libdir}/pkgconfig/minizip.pc
 
 %changelog
+* Wed Apr  6 2011 Ivana Hutarova Varekova <varekova at redhat.com> - 1.2.5-4
+- Resolves: #678603
+  zlib from minizip allowed NULL pointer parameter of function unzGetCurrentFileInfo 
+
 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.5-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

More information about the scm-commits mailing list