diff --git a/unzip-6.0-cve-2014-8140.patch b/unzip-6.0-cve-2014-8140.patch index 148cca6..b9eba92 100644 --- a/unzip-6.0-cve-2014-8140.patch +++ b/unzip-6.0-cve-2014-8140.patch @@ -22,4 +22,4 @@ index c741b5f..e4a4c7b 100644 + return IZ_EF_TRUNC; /* no/bad compressed data! */ method = makeword(eb + (EB_HEADSIZE + compr_offset)); - if ((method == STORED) && (eb_size - compr_offset != eb_ucsize)) + if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize)) diff --git a/unzip-6.0-overflow.patch b/unzip-6.0-overflow.patch index dd7ca60..228c283 100644 --- a/unzip-6.0-overflow.patch +++ b/unzip-6.0-overflow.patch @@ -15,7 +15,7 @@ index a0a4929..9ef80b3 100644 return IZ_EF_TRUNC; /* no compressed data! */ + method = makeword(eb + (EB_HEADSIZE + compr_offset)); -+ if ((method == STORED) && (eb_size - compr_offset != eb_ucsize)) ++ if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize)) + return PK_ERR; /* compressed & uncompressed + * should match in STORED + * method */ diff --git a/unzip.spec b/unzip.spec index d651ec6..fa108f8 100644 --- a/unzip.spec +++ b/unzip.spec @@ -1,7 +1,7 @@ Summary: A utility for unpacking zip files Name: unzip Version: 6.0 -Release: 19%{?dist} +Release: 20%{?dist} License: BSD Group: Applications/Archiving Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz @@ -87,6 +87,9 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{ %{_mandir}/*/* %changelog +* Tue Feb 10 2015 Petr Stodulka - 6.0-20 +- re-patch CVE-2014-9636 - original patch was incorrect (#1184986) + * Tue Feb 10 2015 Petr Stodulka - 6.0-19 - Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)