diff --git a/SOURCES/zip-3.0-zipnote-fclose.patch b/SOURCES/zip-3.0-zipnote-fclose.patch
new file mode 100644
index 0000000..14c0663
--- /dev/null
+++ b/SOURCES/zip-3.0-zipnote-fclose.patch
@@ -0,0 +1,26 @@
+From 4872f7a731926173be9a56b01e60e162731738dd Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 16 Sep 2015 13:00:01 +0200
+Subject: [PATCH] fix memory corruption in zipnote caused by invalid fclose()
+
+Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628594
+---
+ zipnote.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/zipnote.c b/zipnote.c
+index 5e02cb6..996f012 100644
+--- a/zipnote.c
++++ b/zipnote.c
+@@ -661,7 +661,7 @@ char **argv; /* command line tokens */
+ if ((r = zipcopy(z)) != ZE_OK)
+ ziperr(r, "was copying an entry");
+ }
+- fclose(x);
++ fclose(in_file);
+
+ /* Write central directory and end of central directory with new comments */
+ if ((c = zftello(y)) == (zoff_t)-1) /* get start of central */
+--
+2.4.6
+
diff --git a/SPECS/zip.spec b/SPECS/zip.spec
index adcd9f6..9e4db94 100644
--- a/SPECS/zip.spec
+++ b/SPECS/zip.spec
@@ -1,7 +1,7 @@
Summary: A file compression and packaging utility compatible with PKZIP
Name: zip
Version: 3.0
-Release: 10%{?dist}
+Release: 11%{?dist}
License: BSD
Group: Applications/Archiving
Source: http://downloads.sourceforge.net/infozip/zip30.tar.gz
@@ -14,6 +14,7 @@ Patch2: zip-3.0-currdir.patch
# Not upstreamed.
Patch3: zip-3.0-time.patch
Patch4: man.patch
+Patch5: zip-3.0-zipnote-fclose.patch
BuildRequires: bzip2-devel
%description
@@ -31,6 +32,7 @@ program.
%patch2 -p1 -b .currdir
%patch3 -p1 -b .time
%patch4 -p1 -b .man
+%patch5 -p1
%build
make -f unix/Makefile prefix=%{_prefix} "CFLAGS_NOOPT=-I. -DUNIX $RPM_OPT_FLAGS" generic_gcc %{?_smp_mflags}
@@ -57,6 +59,10 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} \
%{_mandir}/man1/zipsplit.1*
%changelog
+* Fri Apr 15 2016 Petr Stodulka <pstodulk@redhat.com> - 3.0-11
+- fix memory corruption in zipnote caused by invalid fclose()
+ Resolves: #1259674
+
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 3.0-10
- Mass rebuild 2014-01-24