fix_for_CVE-2016-3189

Change-Id: Ief58275858e8ec817a790c0154bf0e68766ff52d

diff --git a/packaging/fix_for_CVE-2016-3189.patch b/packaging/fix_for_CVE-2016-3189.patch
new file mode 100644 (file)
index 0000000..5c82525
--- /dev/null
+++ b/packaging/fix_for_CVE-2016-3189.patch
@@ -0,0 +1,12 @@
+diff --git a/bzip2/bzip2recover.c b/bzip2/bzip2recover.c
+index 1d3f5d2..1ec1383 100644
+--- a/bzip2/bzip2recover.c
++++ b/bzip2/bzip2recover.c
+@@ -465,6 +465,7 @@ Int32 main ( Int32 argc, Char** argv )
+             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+             bsPutUInt32 ( bsWr, blockCRC );
+             bsClose ( bsWr );
++            outFile = NULL;
+          }
+          if (wrBlock >= rbCtr) break;
+          wrBlock++;

diff --git a/packaging/unzip.spec b/packaging/unzip.spec
index 7c3aca9..86282c2 100644 (file)
--- a/packaging/unzip.spec
+++ b/packaging/unzip.spec
@@ -7,6 +7,7 @@ Url:            http://www.info-zip.org/pub/infozip/UnZip.html
 Group:          Applications/Archiving
 Source:         unzip%{version}.tar.gz
 Source1:        0001-d-option-is-able-to-accept-root-directory.patch
+Source2:        fix_for_CVE-2016-3189.patch
 Source1001:    unzip.manifest
 
 %description
@@ -24,6 +25,7 @@ a zip archive.
 %setup -q -n %{name}%{version}
 cp %{SOURCE1001} .
 %{__patch} -p1 < %{SOURCE1}
+%{__patch} -p1 < %{SOURCE2}
 ln -s unix/Makefile Makefile
 
 %build