diff --git a/SOURCES/zip-3.0-zipnote-fclose.patch b/SOURCES/zip-3.0-zipnote-fclose.patch new file mode 100644 index 0000000..14c0663 --- /dev/null +++ b/SOURCES/zip-3.0-zipnote-fclose.patch @@ -0,0 +1,26 @@ +From 4872f7a731926173be9a56b01e60e162731738dd Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 16 Sep 2015 13:00:01 +0200 +Subject: [PATCH] fix memory corruption in zipnote caused by invalid fclose() + +Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628594 +--- + zipnote.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/zipnote.c b/zipnote.c +index 5e02cb6..996f012 100644 +--- a/zipnote.c ++++ b/zipnote.c +@@ -661,7 +661,7 @@ char **argv; /* command line tokens */ + if ((r = zipcopy(z)) != ZE_OK) + ziperr(r, "was copying an entry"); + } +- fclose(x); ++ fclose(in_file); + + /* Write central directory and end of central directory with new comments */ + if ((c = zftello(y)) == (zoff_t)-1) /* get start of central */ +-- +2.4.6 + diff --git a/SPECS/zip.spec b/SPECS/zip.spec index adcd9f6..9e4db94 100644 --- a/SPECS/zip.spec +++ b/SPECS/zip.spec @@ -1,7 +1,7 @@ Summary: A file compression and packaging utility compatible with PKZIP Name: zip Version: 3.0 -Release: 10%{?dist} +Release: 11%{?dist} License: BSD Group: Applications/Archiving Source: http://downloads.sourceforge.net/infozip/zip30.tar.gz @@ -14,6 +14,7 @@ Patch2: zip-3.0-currdir.patch # Not upstreamed. Patch3: zip-3.0-time.patch Patch4: man.patch +Patch5: zip-3.0-zipnote-fclose.patch BuildRequires: bzip2-devel %description @@ -31,6 +32,7 @@ program. %patch2 -p1 -b .currdir %patch3 -p1 -b .time %patch4 -p1 -b .man +%patch5 -p1 %build make -f unix/Makefile prefix=%{_prefix} "CFLAGS_NOOPT=-I. -DUNIX $RPM_OPT_FLAGS" generic_gcc %{?_smp_mflags} @@ -57,6 +59,10 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} \ %{_mandir}/man1/zipsplit.1* %changelog +* Fri Apr 15 2016 Petr Stodulka - 3.0-11 +- fix memory corruption in zipnote caused by invalid fclose() + Resolves: #1259674 + * Fri Jan 24 2014 Daniel Mach - 3.0-10 - Mass rebuild 2014-01-24