diff --git a/SPECS/gzip/CVE-2026-41992.patch b/SPECS/gzip/CVE-2026-41992.patch new file mode 100644 index 00000000000..5a7bb03b53d --- /dev/null +++ b/SPECS/gzip/CVE-2026-41992.patch @@ -0,0 +1,38 @@ +From 4825c596b4de61648dfd41de9182d0fc2521193f Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Wed, 15 Apr 2026 12:00:17 -0700 +Subject: [PATCH] =?UTF-8?q?gzip:=20don=E2=80=99t=20mishandle=20.lzh=20afte?= + =?UTF-8?q?r=20.Z?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Problem reported by MichaƂ Majchrowicz. +* unlzh.c (read_c_len): Clear left and right when n == 0. + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://cgit.git.savannah.gnu.org/cgit/gzip.git/patch/?id=63dbf6b3b9e6e781df1a6a64e609b10e23969681 +--- + unlzh.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/unlzh.c b/unlzh.c +index 25c05e3..d74c5fe 100644 +--- a/unlzh.c ++++ b/unlzh.c +@@ -239,6 +239,12 @@ read_c_len () + c = getbits(CBIT); + for (i = 0; i < NC; i++) c_len[i] = 0; + for (i = 0; i < 4096; i++) c_table[i] = c; ++ ++ /* Needed in case LEFT and RIGHT are reused from a previous ++ LZW decompression. It may be overkill to clear all of both ++ arrays, but nobody has had time to analyze this carefully. */ ++ memzero(left, (2 * NC - 1) * sizeof *left); ++ memzero(right, (2 * NC - 1) * sizeof *left); + } else { + i = 0; + while (i < n) { +-- +2.45.4 + diff --git a/SPECS/gzip/gzip.spec b/SPECS/gzip/gzip.spec index d546bdd614d..753e63a8b1b 100644 --- a/SPECS/gzip/gzip.spec +++ b/SPECS/gzip/gzip.spec @@ -1,13 +1,14 @@ Summary: Programs for compressing and decompressing files Name: gzip Version: 1.13 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv3+ Vendor: Microsoft Corporation Distribution: Azure Linux Group: Applications/File URL: https://www.gnu.org/software/gzip Source0: https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz +Patch0: CVE-2026-41992.patch %if 0%{?with_check} BuildRequires: less %endif @@ -17,7 +18,7 @@ The Gzip package contains programs for compressing and decompressing files. %prep -%setup -q +%autosetup -p1 %build %configure --disable-silent-rules @@ -42,6 +43,9 @@ make %{?_smp_mflags} check %{_mandir}/*/* %changelog +* Mon Jun 29 2026 Azure Linux Security Servicing Account - 1.13-2 +- Patch for CVE-2026-41992 + * Mon Oct 16 2023 CBL-Mariner Servicing Account - 1.13-1 - Auto-upgrade to 1.13 - Azure Linux 3.0 - package upgrades @@ -66,7 +70,7 @@ make %{?_smp_mflags} check * Sat May 09 2020 Nick Samson - 1.9-4 - Added %%license line automatically -* Fri Mar 03 2020 Jon Slobodzian - 1.9-3 +* Tue Mar 03 2020 Jon Slobodzian - 1.9-3 - Fixed reference URL. Verified license. * Tue Sep 03 2019 Mateusz Malisz - 1.9-2 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index e3b6816b9c3..c54227f1cc2 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -65,7 +65,7 @@ gawk-5.2.2-1.azl3.aarch64.rpm findutils-4.9.0-1.azl3.aarch64.rpm findutils-lang-4.9.0-1.azl3.aarch64.rpm gettext-0.22-1.azl3.aarch64.rpm -gzip-1.13-1.azl3.aarch64.rpm +gzip-1.13-2.azl3.aarch64.rpm make-4.4.1-2.azl3.aarch64.rpm patch-2.7.6-9.azl3.aarch64.rpm libcap-ng-0.8.4-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 4237d966647..0a6fbced0c2 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -65,7 +65,7 @@ gawk-5.2.2-1.azl3.x86_64.rpm findutils-4.9.0-1.azl3.x86_64.rpm findutils-lang-4.9.0-1.azl3.x86_64.rpm gettext-0.22-1.azl3.x86_64.rpm -gzip-1.13-1.azl3.x86_64.rpm +gzip-1.13-2.azl3.x86_64.rpm make-4.4.1-2.azl3.x86_64.rpm patch-2.7.6-9.azl3.x86_64.rpm libcap-ng-0.8.4-1.azl3.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 0a2f16d10d1..e40fa9ad7b4 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -152,8 +152,8 @@ grep-3.11-2.azl3.aarch64.rpm grep-debuginfo-3.11-2.azl3.aarch64.rpm grep-lang-3.11-2.azl3.aarch64.rpm gtk-doc-1.33.2-1.azl3.noarch.rpm -gzip-1.13-1.azl3.aarch64.rpm -gzip-debuginfo-1.13-1.azl3.aarch64.rpm +gzip-1.13-2.azl3.aarch64.rpm +gzip-debuginfo-1.13-2.azl3.aarch64.rpm intltool-0.51.0-7.azl3.noarch.rpm itstool-2.0.7-1.azl3.noarch.rpm kbd-2.2.0-2.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index f051cc8f281..330e5e134b3 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -159,8 +159,8 @@ grep-3.11-2.azl3.x86_64.rpm grep-debuginfo-3.11-2.azl3.x86_64.rpm grep-lang-3.11-2.azl3.x86_64.rpm gtk-doc-1.33.2-1.azl3.noarch.rpm -gzip-1.13-1.azl3.x86_64.rpm -gzip-debuginfo-1.13-1.azl3.x86_64.rpm +gzip-1.13-2.azl3.x86_64.rpm +gzip-debuginfo-1.13-2.azl3.x86_64.rpm intltool-0.51.0-7.azl3.noarch.rpm itstool-2.0.7-1.azl3.noarch.rpm kbd-2.2.0-2.azl3.x86_64.rpm