From e6cccc653b866fa7ec59880f3f0a7bf51f3b623c Mon Sep 17 00:00:00 2001
From: Petr Stodulka <pstodulk@redhat.com>
Date: Jan 26 2015 08:39:49 +0000
Subject: security fix CVE-2014-9636  (#1184986)


---

diff --git a/unzip-6.0-overflow.patch b/unzip-6.0-overflow.patch
new file mode 100644
index 0000000..dd7ca60
--- /dev/null
+++ b/unzip-6.0-overflow.patch
@@ -0,0 +1,25 @@
+diff --git a/extract.c b/extract.c
+index a0a4929..9ef80b3 100644
+--- a/extract.c
++++ b/extract.c
+@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
+     ulg eb_ucsize;
+     uch *eb_ucptr;
+     int r;
++    ush method;
+ 
+     if (compr_offset < 4)                /* field is not compressed: */
+         return PK_OK;                    /* do nothing and signal OK */
+@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
+          eb_size <= (compr_offset + EB_CMPRHEADLEN)))
+         return IZ_EF_TRUNC;               /* no compressed data! */
+ 
++    method = makeword(eb + (EB_HEADSIZE + compr_offset));
++    if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
++        return PK_ERR;            /* compressed & uncompressed
++                                   * should match in STORED
++                                   * method */
++
+     if (
+ #ifdef INT_16BIT
+         (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
diff --git a/unzip.spec b/unzip.spec
index ce77655..d416a25 100644
--- a/unzip.spec
+++ b/unzip.spec
@@ -1,7 +1,7 @@
 Summary: A utility for unpacking zip files
 Name: unzip
 Version: 6.0
-Release: 17%{?dist}
+Release: 18%{?dist}
 License: BSD
 Group: Applications/Archiving
 Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@@ -31,6 +31,7 @@ Patch9: unzip-6.0-caseinsensitive.patch
 Patch10: unzip-6.0-format-secure.patch
 Patch11: unzip-6.0-valgrind.patch
 Patch12: unzip-6.0-x-option.patch
+Patch13: unzip-6.0-overflow.patch
 URL: http://www.info-zip.org/UnZip.html
 BuildRequires:  bzip2-devel
 
@@ -59,6 +60,7 @@ a zip archive.
 %patch10 -p1 -b .format-secure
 %patch11 -p1 -b .valgrind
 %patch12 -p1 -b .x-option
+%patch13 -p1 -b .overflow
 
 %build
 # IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
@@ -77,6 +79,9 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
 %{_mandir}/*/*
 
 %changelog
+* Mon Jan 26 2015 Petr Stodulka <pstodulk@redhat.com> - 6.0-18
+- Fix security bug - CVE-2014-9636
+
 * Thu Nov 27 2014 Petr Stodulka<pstodulk@redhat.com> - 6.0-17
 - Fix unitialized reads (#558738)
 - Fix fix broken -X option - never worked before. Added -DIZ_HAVE_UXUIDGID