Fixed a buffer overflow. Debuginfo packages are no longer empty. Resolves:

#532380 #540220
This commit is contained in:
Karel Klíč 2009-11-30 11:16:00 +00:00
parent a3e42ab6c3
commit 2ee90c9b5c
3 changed files with 39 additions and 3 deletions

View File

@ -0,0 +1,12 @@
diff -up unzip60/zipinfo.c.attribs-overflow unzip60/zipinfo.c
--- unzip60/zipinfo.c.attribs-overflow 2009-11-30 09:55:39.000000000 +0100
+++ unzip60/zipinfo.c 2009-11-30 09:56:42.844263244 +0100
@@ -1881,7 +1881,7 @@ static int zi_short(__G) /* return PK-
#endif
int k, error, error_in_archive=PK_COOL;
unsigned hostnum, hostver, methid, methnum, xattr;
- char *p, workspace[12], attribs[16];
+ char *p, workspace[12], attribs[17];
char methbuf[5];
static ZCONST char dtype[5]="NXFS"; /* normal, maximum, fast, superfast */
static ZCONST char Far os[NUM_HOSTS+1][4] = {

12
unzip-6.0-nostrip.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up unzip60/unix/configure.nostrip unzip60/unix/configure
--- unzip60/unix/configure.nostrip 2009-11-30 10:18:09.000000000 +0100
+++ unzip60/unix/configure 2009-11-30 10:21:08.354264213 +0100
@@ -17,7 +17,7 @@ CFLAGSR=${CFLAGS}
IZ_BZIP2=${3}
CFLAGS="${CFLAGS} -I. -DUNIX"
LFLAGS1=""
-LFLAGS2="-s"
+LFLAGS2=""
LN="ln -s"
CFLAGS_OPT=''

View File

@ -1,7 +1,7 @@
Summary: A utility for unpacking zip files
Name: unzip
Version: 6.0
Release: 1%{?dist}
Release: 2%{?dist}
License: BSD
Group: Applications/Archiving
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@ -12,6 +12,12 @@ Patch1: unzip-6.0-bzip2-configure.patch
Patch2: unzip-6.0-exec-shield.patch
# Upstream plans to do similar thing.
Patch3: unzip-6.0-close.patch
# Details in rhbz#532380.
# Reported to upstream: http://www.info-zip.org/board/board.pl?m-1259575993/
Patch4: unzip-6.0-attribs-overflow.patch
# Not sent to upstream, as it's Fedora/RHEL specific.
# Modify the configure script not to request the strip of binaries.
Patch5: unzip-6.0-nostrip.patch
URL: http://www.info-zip.org/UnZip.html
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -33,13 +39,15 @@ a zip archive.
%patch1 -p1 -b .bzip2-configure
%patch2 -p1 -b .exec-shield
%patch3 -p1 -b .close
%patch4 -p1 -b .attribs-overflow
%patch5 -p1 -b .nostrip
%build
make -f unix/Makefile "CF_NOOPT=-I. -DUNIX $RPM_OPT_FLAGS" generic_gcc %{?_smp_mflags}
make -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS" generic_gcc %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{_mandir}/man1 INSTALL="cp -p" install LF2=""
make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{_mandir}/man1 INSTALL="cp -p" install
%clean
rm -rf $RPM_BUILD_ROOT
@ -51,6 +59,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/*/*
%changelog
* Mon Nov 30 2009 Karel Klic <kklic@redhat.com> - 6.0-2
- Fixed a buffer overflow (rhbz#532380, unzip-6.0-attribs-overflow.patch)
- Generate debuginfos (rhbz#540220, unzip-6.0-nostrip.patch)
* Mon Nov 16 2009 Karel Klic <kklic@redhat.com> - 6.0-1
- New upstream version
- Compiled using `make generic_gcc` (includes asm)