Fixed a buffer overflow. Debuginfo packages are no longer empty. Resolves:

#532380 #540220
2009-11-30 11:16:00 +00:00 · 2009-11-30 11:16:00 +00:00 · 2ee90c9b5c
commit 2ee90c9b5c
parent a3e42ab6c3
3 changed files with 39 additions and 3 deletions
--- a/unzip-6.0-attribs-overflow.patch
+++ b/unzip-6.0-attribs-overflow.patch
@ -0,0 +1,12 @@
+diff -up unzip60/zipinfo.c.attribs-overflow unzip60/zipinfo.c
+--- unzip60/zipinfo.c.attribs-overflow	2009-11-30 09:55:39.000000000 +0100
+++ unzip60/zipinfo.c	2009-11-30 09:56:42.844263244 +0100
+@@ -1881,7 +1881,7 @@ static int zi_short(__G)   /* return PK-
+ #endif
+     int         k, error, error_in_archive=PK_COOL;
+     unsigned    hostnum, hostver, methid, methnum, xattr;
+-    char        *p, workspace[12], attribs[16];
+    char        *p, workspace[12], attribs[17];
+     char        methbuf[5];
+     static ZCONST char dtype[5]="NXFS"; /* normal, maximum, fast, superfast */
+     static ZCONST char Far os[NUM_HOSTS+1][4] = {
--- a/unzip-6.0-nostrip.patch
+++ b/unzip-6.0-nostrip.patch
@ -0,0 +1,12 @@
+diff -up unzip60/unix/configure.nostrip unzip60/unix/configure
+--- unzip60/unix/configure.nostrip	2009-11-30 10:18:09.000000000 +0100
+++ unzip60/unix/configure	2009-11-30 10:21:08.354264213 +0100
+@@ -17,7 +17,7 @@ CFLAGSR=${CFLAGS}
+ IZ_BZIP2=${3}
+ CFLAGS="${CFLAGS} -I. -DUNIX"
+ LFLAGS1=""
+-LFLAGS2="-s"
+LFLAGS2=""
+ LN="ln -s"
+ 
+ CFLAGS_OPT=''
--- a/unzip.spec
+++ b/unzip.spec
@ -1,7 +1,7 @@
 Summary: A utility for unpacking zip files
 Name: unzip
 Version: 6.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: BSD
 Group: Applications/Archiving
 Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@ -12,6 +12,12 @@ Patch1: unzip-6.0-bzip2-configure.patch
 Patch2: unzip-6.0-exec-shield.patch
 # Upstream plans to do similar thing.
 Patch3: unzip-6.0-close.patch
+# Details in rhbz#532380.
+# Reported to upstream: http://www.info-zip.org/board/board.pl?m-1259575993/
+Patch4: unzip-6.0-attribs-overflow.patch
+# Not sent to upstream, as it's Fedora/RHEL specific.
+# Modify the configure script not to request the strip of binaries.
+Patch5: unzip-6.0-nostrip.patch

 URL: http://www.info-zip.org/UnZip.html
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -33,13 +39,15 @@ a zip archive.
 %patch1 -p1 -b .bzip2-configure
 %patch2 -p1 -b .exec-shield
 %patch3 -p1 -b .close
+%patch4 -p1 -b .attribs-overflow
+%patch5 -p1 -b .nostrip

 %build
-make -f unix/Makefile "CF_NOOPT=-I. -DUNIX $RPM_OPT_FLAGS" generic_gcc %{?_smp_mflags}
+make -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS" generic_gcc %{?_smp_mflags}

 %install
 rm -rf $RPM_BUILD_ROOT
-make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{_mandir}/man1 INSTALL="cp -p" install LF2="" 
+make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{_mandir}/man1 INSTALL="cp -p" install

 %clean
 rm -rf $RPM_BUILD_ROOT
@ -51,6 +59,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/*/*

 %changelog
+* Mon Nov 30 2009 Karel Klic <kklic@redhat.com> - 6.0-2
+- Fixed a buffer overflow (rhbz#532380, unzip-6.0-attribs-overflow.patch)
+- Generate debuginfos (rhbz#540220, unzip-6.0-nostrip.patch)
+
 * Mon Nov 16 2009 Karel Klic <kklic@redhat.com> - 6.0-1
 - New upstream version
 - Compiled using `make generic_gcc` (includes asm)