From fe80a56ddfff58f0caead08bb10f98ccd63043f1 Mon Sep 17 00:00:00 2001
From: DongHun Kwak <dh0128.kwak@samsung.com>
Date: Tue, 14 May 2024 14:00:43 +0900
Subject: [PATCH] fix_for_CVE-2016-3189

Change-Id: Ief58275858e8ec817a790c0154bf0e68766ff52d
---
 packaging/fix_for_CVE-2016-3189.patch | 12 ++++++++++++
 packaging/unzip.spec                  |  2 ++
 2 files changed, 14 insertions(+)
 create mode 100644 packaging/fix_for_CVE-2016-3189.patch

diff --git a/packaging/fix_for_CVE-2016-3189.patch b/packaging/fix_for_CVE-2016-3189.patch
new file mode 100644
index 0000000..5c82525
--- /dev/null
+++ b/packaging/fix_for_CVE-2016-3189.patch
@@ -0,0 +1,12 @@
+diff --git a/bzip2/bzip2recover.c b/bzip2/bzip2recover.c
+index 1d3f5d2..1ec1383 100644
+--- a/bzip2/bzip2recover.c
++++ b/bzip2/bzip2recover.c
+@@ -465,6 +465,7 @@ Int32 main ( Int32 argc, Char** argv )
+             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+             bsPutUInt32 ( bsWr, blockCRC );
+             bsClose ( bsWr );
++            outFile = NULL;
+          }
+          if (wrBlock >= rbCtr) break;
+          wrBlock++;
diff --git a/packaging/unzip.spec b/packaging/unzip.spec
index 7c3aca9..86282c2 100644
--- a/packaging/unzip.spec
+++ b/packaging/unzip.spec
@@ -7,6 +7,7 @@ Url:            http://www.info-zip.org/pub/infozip/UnZip.html
 Group:          Applications/Archiving
 Source:         unzip%{version}.tar.gz
 Source1:        0001-d-option-is-able-to-accept-root-directory.patch
+Source2:        fix_for_CVE-2016-3189.patch
 Source1001: 	unzip.manifest
 
 %description
@@ -24,6 +25,7 @@ a zip archive.
 %setup -q -n %{name}%{version}
 cp %{SOURCE1001} .
 %{__patch} -p1 < %{SOURCE1}
+%{__patch} -p1 < %{SOURCE2}
 ln -s unix/Makefile Makefile
 
 %build
-- 
2.7.4