From 2ee90c9b5cc4e48e4481f40f08153d1a335b701f Mon Sep 17 00:00:00 2001 From: Karel Klíč Date: Nov 30 2009 11:16:00 +0000 Subject: Fixed a buffer overflow. Debuginfo packages are no longer empty. Resolves: #532380 #540220 --- diff --git a/unzip-6.0-attribs-overflow.patch b/unzip-6.0-attribs-overflow.patch new file mode 100644 index 0000000..3122325 --- /dev/null +++ b/unzip-6.0-attribs-overflow.patch @@ -0,0 +1,12 @@ +diff -up unzip60/zipinfo.c.attribs-overflow unzip60/zipinfo.c +--- unzip60/zipinfo.c.attribs-overflow 2009-11-30 09:55:39.000000000 +0100 ++++ unzip60/zipinfo.c 2009-11-30 09:56:42.844263244 +0100 +@@ -1881,7 +1881,7 @@ static int zi_short(__G) /* return PK- + #endif + int k, error, error_in_archive=PK_COOL; + unsigned hostnum, hostver, methid, methnum, xattr; +- char *p, workspace[12], attribs[16]; ++ char *p, workspace[12], attribs[17]; + char methbuf[5]; + static ZCONST char dtype[5]="NXFS"; /* normal, maximum, fast, superfast */ + static ZCONST char Far os[NUM_HOSTS+1][4] = { diff --git a/unzip-6.0-nostrip.patch b/unzip-6.0-nostrip.patch new file mode 100644 index 0000000..71c263f --- /dev/null +++ b/unzip-6.0-nostrip.patch @@ -0,0 +1,12 @@ +diff -up unzip60/unix/configure.nostrip unzip60/unix/configure +--- unzip60/unix/configure.nostrip 2009-11-30 10:18:09.000000000 +0100 ++++ unzip60/unix/configure 2009-11-30 10:21:08.354264213 +0100 +@@ -17,7 +17,7 @@ CFLAGSR=${CFLAGS} + IZ_BZIP2=${3} + CFLAGS="${CFLAGS} -I. -DUNIX" + LFLAGS1="" +-LFLAGS2="-s" ++LFLAGS2="" + LN="ln -s" + + CFLAGS_OPT='' diff --git a/unzip.spec b/unzip.spec index df7e773..73cf912 100644 --- a/unzip.spec +++ b/unzip.spec @@ -1,7 +1,7 @@ Summary: A utility for unpacking zip files Name: unzip Version: 6.0 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD Group: Applications/Archiving Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz @@ -12,6 +12,12 @@ Patch1: unzip-6.0-bzip2-configure.patch Patch2: unzip-6.0-exec-shield.patch # Upstream plans to do similar thing. Patch3: unzip-6.0-close.patch +# Details in rhbz#532380. +# Reported to upstream: http://www.info-zip.org/board/board.pl?m-1259575993/ +Patch4: unzip-6.0-attribs-overflow.patch +# Not sent to upstream, as it's Fedora/RHEL specific. +# Modify the configure script not to request the strip of binaries. +Patch5: unzip-6.0-nostrip.patch URL: http://www.info-zip.org/UnZip.html BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -33,13 +39,15 @@ a zip archive. %patch1 -p1 -b .bzip2-configure %patch2 -p1 -b .exec-shield %patch3 -p1 -b .close +%patch4 -p1 -b .attribs-overflow +%patch5 -p1 -b .nostrip %build -make -f unix/Makefile "CF_NOOPT=-I. -DUNIX $RPM_OPT_FLAGS" generic_gcc %{?_smp_mflags} +make -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS" generic_gcc %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT -make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{_mandir}/man1 INSTALL="cp -p" install LF2="" +make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{_mandir}/man1 INSTALL="cp -p" install %clean rm -rf $RPM_BUILD_ROOT @@ -51,6 +59,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/*/* %changelog +* Mon Nov 30 2009 Karel Klic - 6.0-2 +- Fixed a buffer overflow (rhbz#532380, unzip-6.0-attribs-overflow.patch) +- Generate debuginfos (rhbz#540220, unzip-6.0-nostrip.patch) + * Mon Nov 16 2009 Karel Klic - 6.0-1 - New upstream version - Compiled using `make generic_gcc` (includes asm)