diff options
author | agc <agc> | 2004-10-19 13:33:40 +0000 |
---|---|---|
committer | agc <agc> | 2004-10-19 13:33:40 +0000 |
commit | 161ec9699bf55faf0ec6129c4410a7411587bda4 (patch) | |
tree | 88c4c274f09e1f04fd1aaad5470667d890427bed | |
parent | f6fbdcccfe9813f58f33ac3a8f1abadc64ca14e6 (diff) | |
download | pkgsrc-161ec9699bf55faf0ec6129c4410a7411587bda4.tar.gz |
Pullup ticket 120 - requested by Todd Vierling
security fix for gzip
Modified Files:
pkgsrc/mk: bsd.pkg.mk
Log Message:
Automatic inclusion of gzip-base needs a version number in the BUILD_DEPENDS.
Modified Files:
pkgsrc/mk: bsd.pkg.mk
Log Message:
Bump gzip-base to 1.2.4b for security fix.
Modified Files:
pkgsrc/archivers/gzip: Makefile
pkgsrc/archivers/gzip-base: Makefile distinfo
Added Files:
pkgsrc/archivers/gzip-base/patches: patch-ab
Log Message:
Update gzip to 1.2.4b, fixing a filename buffer overflow.
-rw-r--r-- | archivers/gzip-base/patches/patch-ab | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/archivers/gzip-base/patches/patch-ab b/archivers/gzip-base/patches/patch-ab new file mode 100644 index 00000000000..ed1c1564c1f --- /dev/null +++ b/archivers/gzip-base/patches/patch-ab @@ -0,0 +1,22 @@ +$NetBSD: patch-ab,v 1.1.2.2 2004/10/19 13:33:41 agc Exp $ + +From http://www.gzip.org/gzip-1.2.4b.patch - security fix for filenames +over 1020 caharacters long. + +--- gzip.c Thu Aug 19 15:39:43 1993 ++++ gzip.c Tue Jan 8 21:44:18 2002 +@@ -1005,7 +1005,14 @@ + #ifdef NO_MULTIPLE_DOTS + char *dot; /* pointer to ifname extension, or NULL */ + #endif ++ int max_suffix_len = (z_len > 3 ? z_len : 3); + ++ /* Leave enough room in ifname or ofname for suffix: */ ++ if (strlen(iname) >= sizeof(ifname) - max_suffix_len) { ++ strncpy(ifname, iname, sizeof(ifname) - 1); ++ /* last byte of ifname is already zero and never overwritten */ ++ error("file name too long"); ++ } + strcpy(ifname, iname); + + /* If input file exists, return OK. */ |