[unzip/f21] re-patch CVE-2014-9636 - original patch was incorrect (#1184986)

pstodulk pstodulk at fedoraproject.org
Wed Feb 11 15:40:40 UTC 2015 

commit d2ca9d56e7869eea3024e063c987f00ca1c716f2
Author: Petr Stodulka <pstodulk at redhat.com>
Date:   Wed Feb 11 16:39:55 2015 +0100

    re-patch CVE-2014-9636 - original patch was incorrect (#1184986)

 unzip-6.0-cve-2014-8140.patch |    2 +-
 unzip-6.0-overflow.patch      |    2 +-
 unzip.spec                    |    5 ++++-
 3 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/unzip-6.0-cve-2014-8140.patch b/unzip-6.0-cve-2014-8140.patch
index 148cca6..b9eba92 100644
--- a/unzip-6.0-cve-2014-8140.patch
+++ b/unzip-6.0-cve-2014-8140.patch
@@ -22,4 +22,4 @@ index c741b5f..e4a4c7b 100644
 +        return IZ_EF_TRUNC;             /* no/bad compressed data! */
  
      method = makeword(eb + (EB_HEADSIZE + compr_offset));
-     if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
+     if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
diff --git a/unzip-6.0-overflow.patch b/unzip-6.0-overflow.patch
index dd7ca60..228c283 100644
--- a/unzip-6.0-overflow.patch
+++ b/unzip-6.0-overflow.patch
@@ -15,7 +15,7 @@ index a0a4929..9ef80b3 100644
          return IZ_EF_TRUNC;               /* no compressed data! */
  
 +    method = makeword(eb + (EB_HEADSIZE + compr_offset));
-+    if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
++    if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
 +        return PK_ERR;            /* compressed & uncompressed
 +                                   * should match in STORED
 +                                   * method */
diff --git a/unzip.spec b/unzip.spec
index d651ec6..fa108f8 100644
--- a/unzip.spec
+++ b/unzip.spec
@@ -1,7 +1,7 @@
 Summary: A utility for unpacking zip files
 Name: unzip
 Version: 6.0
-Release: 19%{?dist}
+Release: 20%{?dist}
 License: BSD
 Group: Applications/Archiving
 Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@@ -87,6 +87,9 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
 %{_mandir}/*/*
 
 %changelog
+* Tue Feb 10 2015 Petr Stodulka <pstodulk at redhat.com> - 6.0-20
+- re-patch CVE-2014-9636 - original patch was incorrect (#1184986)
+
 * Tue Feb 10 2015 Petr Stodulka <pstodulk at redhat.com> - 6.0-19
 - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread
   (#1174844)

More information about the scm-commits mailing list