[AutoPR- Security] Patch gzip for CVE-2026-41992 [MEDIUM]

SPECS/gzip/CVE-2026-41992.patch

@@ -0,0 +1,38 @@
+From 4825c596b4de61648dfd41de9182d0fc2521193f Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Wed, 15 Apr 2026 12:00:17 -0700
+Subject: [PATCH] =?UTF-8?q?gzip:=20don=E2=80=99t=20mishandle=20.lzh=20afte?=
+ =?UTF-8?q?r=20.Z?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Problem reported by Michał Majchrowicz.
+* unlzh.c (read_c_len): Clear left and right when n == 0.
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://cgit.git.savannah.gnu.org/cgit/gzip.git/patch/?id=63dbf6b3b9e6e781df1a6a64e609b10e23969681
+---
+ unlzh.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/unlzh.c b/unlzh.c
+index 25c05e3..d74c5fe 100644
+--- a/unlzh.c
++++ b/unlzh.c
+@@ -239,6 +239,12 @@ read_c_len ()
+         c = getbits(CBIT);
+         for (i = 0; i < NC; i++) c_len[i] = 0;
+         for (i = 0; i < 4096; i++) c_table[i] = c;
++
++        /* Needed in case LEFT and RIGHT are reused from a previous
++           LZW decompression.  It may be overkill to clear all of both
++           arrays, but nobody has had time to analyze this carefully.  */
++        memzero(left, (2 * NC - 1) * sizeof *left);
++        memzero(right, (2 * NC - 1) * sizeof *left);
+     } else {
+         i = 0;
+         while (i < n) {
+-- 
+2.45.4
+

SPECS/gzip/gzip.spec

@@ -1,13 +1,14 @@
 Summary:        Programs for compressing and decompressing files
 Name:           gzip
 Version:        1.13
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv3+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Applications/File
 URL:            https://www.gnu.org/software/gzip
 Source0:        https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz
+Patch0:         CVE-2026-41992.patch
 %if 0%{?with_check}
 BuildRequires:  less
 %endif
@@ -17,7 +18,7 @@ The Gzip package contains programs for compressing and
 decompressing files.
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 %configure --disable-silent-rules
@@ -42,6 +43,9 @@ make %{?_smp_mflags} check
 %{_mandir}/*/*
 
 %changelog
+* Mon Jun 29 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.13-2
+- Patch for CVE-2026-41992
+
 * Mon Oct 16 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.13-1
 - Auto-upgrade to 1.13 - Azure Linux 3.0 - package upgrades
 
@@ -66,7 +70,7 @@ make %{?_smp_mflags} check
 * Sat May 09 2020 Nick Samson <nisamson@microsoft.com> - 1.9-4
 - Added %%license line automatically
 
-* Fri Mar 03 2020 Jon Slobodzian <joslobo@microsoft.com> - 1.9-3
+* Tue Mar 03 2020 Jon Slobodzian <joslobo@microsoft.com> - 1.9-3
 - Fixed reference URL. Verified license.
 
 * Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> - 1.9-2

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -65,7 +65,7 @@ gawk-5.2.2-1.azl3.aarch64.rpm
 findutils-4.9.0-1.azl3.aarch64.rpm
 findutils-lang-4.9.0-1.azl3.aarch64.rpm
 gettext-0.22-1.azl3.aarch64.rpm
-gzip-1.13-1.azl3.aarch64.rpm
+gzip-1.13-2.azl3.aarch64.rpm
 make-4.4.1-2.azl3.aarch64.rpm
 patch-2.7.6-9.azl3.aarch64.rpm
 libcap-ng-0.8.4-1.azl3.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -65,7 +65,7 @@ gawk-5.2.2-1.azl3.x86_64.rpm
 findutils-4.9.0-1.azl3.x86_64.rpm
 findutils-lang-4.9.0-1.azl3.x86_64.rpm
 gettext-0.22-1.azl3.x86_64.rpm
-gzip-1.13-1.azl3.x86_64.rpm
+gzip-1.13-2.azl3.x86_64.rpm
 make-4.4.1-2.azl3.x86_64.rpm
 patch-2.7.6-9.azl3.x86_64.rpm
 libcap-ng-0.8.4-1.azl3.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -152,8 +152,8 @@ grep-3.11-2.azl3.aarch64.rpm
 grep-debuginfo-3.11-2.azl3.aarch64.rpm
 grep-lang-3.11-2.azl3.aarch64.rpm
 gtk-doc-1.33.2-1.azl3.noarch.rpm
-gzip-1.13-1.azl3.aarch64.rpm
-gzip-debuginfo-1.13-1.azl3.aarch64.rpm
+gzip-1.13-2.azl3.aarch64.rpm
+gzip-debuginfo-1.13-2.azl3.aarch64.rpm
 intltool-0.51.0-7.azl3.noarch.rpm
 itstool-2.0.7-1.azl3.noarch.rpm
 kbd-2.2.0-2.azl3.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -159,8 +159,8 @@ grep-3.11-2.azl3.x86_64.rpm
 grep-debuginfo-3.11-2.azl3.x86_64.rpm
 grep-lang-3.11-2.azl3.x86_64.rpm
 gtk-doc-1.33.2-1.azl3.noarch.rpm
-gzip-1.13-1.azl3.x86_64.rpm
-gzip-debuginfo-1.13-1.azl3.x86_64.rpm
+gzip-1.13-2.azl3.x86_64.rpm
+gzip-debuginfo-1.13-2.azl3.x86_64.rpm
 intltool-0.51.0-7.azl3.noarch.rpm
 itstool-2.0.7-1.azl3.noarch.rpm
 kbd-2.2.0-2.azl3.x86_64.rpm