jcapik pushed to unzip (f22). "re-patch CVE-2014-9636 - original patch was incorrect (#1184986)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Mon Jun 15 15:44:53 UTC 2015
From df221ec2aca0a4c225e2c462b3a2dc7cd7a4be29 Mon Sep 17 00:00:00 2001
From: Petr Stodulka <pstodulk at redhat.com>
Date: Wed, 11 Feb 2015 16:23:27 +0100
Subject: re-patch CVE-2014-9636 - original patch was incorrect (#1184986)
diff --git a/unzip-6.0-cve-2014-8140.patch b/unzip-6.0-cve-2014-8140.patch
index 148cca6..b9eba92 100644
--- a/unzip-6.0-cve-2014-8140.patch
+++ b/unzip-6.0-cve-2014-8140.patch
@@ -22,4 +22,4 @@ index c741b5f..e4a4c7b 100644
+ return IZ_EF_TRUNC; /* no/bad compressed data! */
method = makeword(eb + (EB_HEADSIZE + compr_offset));
- if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
+ if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
diff --git a/unzip-6.0-overflow.patch b/unzip-6.0-overflow.patch
index dd7ca60..228c283 100644
--- a/unzip-6.0-overflow.patch
+++ b/unzip-6.0-overflow.patch
@@ -15,7 +15,7 @@ index a0a4929..9ef80b3 100644
return IZ_EF_TRUNC; /* no compressed data! */
+ method = makeword(eb + (EB_HEADSIZE + compr_offset));
-+ if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
++ if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
+ return PK_ERR; /* compressed & uncompressed
+ * should match in STORED
+ * method */
diff --git a/unzip.spec b/unzip.spec
index bf2a6b4..7cc0525 100644
--- a/unzip.spec
+++ b/unzip.spec
@@ -1,7 +1,7 @@
Summary: A utility for unpacking zip files
Name: unzip
Version: 6.0
-Release: 19%{?dist}
+Release: 20%{?dist}
License: BSD
Group: Applications/Archiving
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@@ -87,6 +87,9 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
%{_mandir}/*/*
%changelog
+* Wed Feb 11 2015 Petr Stodulka <pstodulk at redhat.com> - 6.0-20
+- re-patch CVE-2014-9636 - original patch was incorrect (#1184986)
+
* Tue Feb 10 2015 Petr Stodulka <pstodulk at redhat.com> - 6.0-19
- Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread
(#1174844)
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/unzip.git/commit/?h=f22&id=df221ec2aca0a4c225e2c462b3a2dc7cd7a4be29
More information about the scm-commits
mailing list