- security fix: CVE-2005-4667

author psz <psz@pld-linux.org>

Fri, 17 Feb 2006 23:33:49 +0000 (23:33 +0000)

committer cvs2git <feedback@pld-linux.org>

Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
author psz <psz@pld-linux.org>
Fri, 17 Feb 2006 23:33:49 +0000 (23:33 +0000)
committer cvs2git <feedback@pld-linux.org>
Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
diff --git a/unzip-cve-2005-4667.patch b/unzip-cve-2005-4667.patch

new file mode 100644 (file)

index 0000000..1a0225c
--- /dev/null
+++ b/unzip-cve-2005-4667.patch
@@ -0,0 +1,24 @@
+--- unzip-5.52.orig/unzpriv.h  2006-02-18 00:17:52.000000000 +0100
++++ unzip-5.52/unzpriv.h       2006-02-18 00:01:42.000000000 +0100
+@@ -2274,17 +2274,18 @@
+  *               (char *)(sprintf sprf_arg, (buf))) == EOF)
+  */
+ #ifndef Info   /* may already have been defined for redirection */
++#  define wsizesnprintf(buf, ...) snprintf (buf, WSIZE-1, __VA_ARGS__)
+ #  ifdef FUNZIP
+ #    define Info(buf,flag,sprf_arg) \
+-     fprintf((flag)&1? stderr : stdout, (char *)(sprintf sprf_arg, (buf)))
++     fputs((char *)(wsizesnprintf sprf_arg, (buf)), (flag)&1? stderr : stdout)
+ #  else
+ #    ifdef INT_SPRINTF  /* optimized version for "int sprintf()" flavour */
+ #      define Info(buf,flag,sprf_arg) \
+-       (*G.message)((zvoid *)&G, (uch *)(buf), (ulg)sprintf sprf_arg, (flag))
++       (*G.message)((zvoid *)&G, (uch *)(buf), (ulg)wsizesnprintf sprf_arg, (flag))
+ #    else          /* generic version, does not use sprintf() return value */
+ #      define Info(buf,flag,sprf_arg) \
+        (*G.message)((zvoid *)&G, (uch *)(buf), \
+-                     (ulg)(sprintf sprf_arg, strlen((char *)(buf))), (flag))
++                     (ulg)(wsizesnprintf sprf_arg, strlen((char *)(buf))), (flag))
+ #    endif
+ #  endif
+ #endif /* !Info */
diff --git a/unzip.spec b/unzip.spec

index 9067c31bab5d1f3d581feb2d99c7c75913f11697..c2f0308103074b2c02e00260f2b03afe07d90332 100644 (file)
--- a/unzip.spec
+++ b/unzip.spec
@@ -10,7 +10,7 @@ Summary(tr):  pkzip ve benzeri programlar
  Summary(uk):   òÏÚÐÁËÏ×Õ×ÁÞ ÆÁÊÌ¦× .zip
  Name:          unzip
  Version:       5.52
-Release:       2
+Release:       3
  License:       distributable
  Group:         Applications/Archiving
  Source0:       ftp://ftp.info-zip.org/pub/infozip/src/%{name}552.tar.gz
@@ -20,6 +20,7 @@ Source1:      http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-ma
  # Source1-md5: d7f8b0b09f6e8d89591b4dc25e335764
  Patch0:                %{name}-opt.patch
  Patch1:                %{name}-CAN-2005-2475.patch
+Patch2:                %{name}-cve-2005-4667.patch
  URL:           http://www.info-zip.org/
  BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
  
@@ -93,6 +94,7 @@ PKZIP 
  %setup -q
  %patch0 -p1
  %patch1 -p1
+%patch2 -p1
  
  rm -f Makefile
  ln -sf unix/Makefile Makefile
author	psz <psz@pld-linux.org>
	Fri, 17 Feb 2006 23:33:49 +0000 (23:33 +0000)
committer	cvs2git <feedback@pld-linux.org>
	Sun, 24 Jun 2012 12:13:13 +0000 (12:13 +0000)
unzip-cve-2005-4667.patch	[new file with mode: 0644]	patch \| blob
unzip.spec		patch \| blob \| blame \| history