diff options
| author | tv <tv> | 2004-10-12 18:28:28 +0000 |
|---|---|---|
| committer | tv <tv> | 2004-10-12 18:28:28 +0000 |
| commit | 92e23471ff1bd08d97a2f25b5f22cc3beed2ee70 (patch) | |
| tree | f1fba9f4d69cf894afd43cc9221a7671651a5153 /archivers/gzip-base | |
| parent | 09e671b3ad25ab64c7f7c89da4b9bb0826c5f4fd (diff) | |
| download | pkgsrc-92e23471ff1bd08d97a2f25b5f22cc3beed2ee70.tar.gz | |
Update gzip to 1.2.4b, fixing a filename buffer overflow.
Diffstat (limited to 'archivers/gzip-base')
| -rw-r--r-- | archivers/gzip-base/Makefile | 5 | ||||
| -rw-r--r-- | archivers/gzip-base/distinfo | 3 | ||||
| -rw-r--r-- | archivers/gzip-base/patches/patch-ab | 22 |
3 files changed, 26 insertions, 4 deletions
diff --git a/archivers/gzip-base/Makefile b/archivers/gzip-base/Makefile index a725f16a16f..32d04b6422a 100644 --- a/archivers/gzip-base/Makefile +++ b/archivers/gzip-base/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.16 2004/07/02 21:06:35 minskim Exp $ +# $NetBSD: Makefile,v 1.17 2004/10/12 18:28:28 tv Exp $ # DISTNAME= gzip-1.2.4a -PKGNAME= ${DISTNAME:S/gzip-/gzip-base-/} -PKGREVISION= 1 +PKGNAME= ${DISTNAME:S/gzip-/gzip-base-/:S/a$/b/} SVR4_PKGNAME= gzipb CATEGORIES= archivers MASTER_SITES= ${MASTER_SITE_GNU:=gzip/} diff --git a/archivers/gzip-base/distinfo b/archivers/gzip-base/distinfo index 8d31efc64a7..6df08ff7bf8 100644 --- a/archivers/gzip-base/distinfo +++ b/archivers/gzip-base/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.3 2004/05/07 21:41:43 reed Exp $ +$NetBSD: distinfo,v 1.4 2004/10/12 18:28:28 tv Exp $ SHA1 (gzip-1.2.4a.shar) = 1e1e513f48be32ecfe24c06b609329963d5a5288 Size (gzip-1.2.4a.shar) = 832431 bytes SHA1 (patch-aa) = 449d3eb975b9ddc634ba0b3a245381f3f3e1f5e1 +SHA1 (patch-ab) = e198a1d9a90a8b626b178ef7b5beabc729c6367d diff --git a/archivers/gzip-base/patches/patch-ab b/archivers/gzip-base/patches/patch-ab new file mode 100644 index 00000000000..a903b99910b --- /dev/null +++ b/archivers/gzip-base/patches/patch-ab @@ -0,0 +1,22 @@ +$NetBSD: patch-ab,v 1.1 2004/10/12 18:28:29 tv Exp $ + +From http://www.gzip.org/gzip-1.2.4b.patch - security fix for filenames +over 1020 caharacters long. + +--- gzip.c Thu Aug 19 15:39:43 1993 ++++ gzip.c Tue Jan 8 21:44:18 2002 +@@ -1005,7 +1005,14 @@ + #ifdef NO_MULTIPLE_DOTS + char *dot; /* pointer to ifname extension, or NULL */ + #endif ++ int max_suffix_len = (z_len > 3 ? z_len : 3); + ++ /* Leave enough room in ifname or ofname for suffix: */ ++ if (strlen(iname) >= sizeof(ifname) - max_suffix_len) { ++ strncpy(ifname, iname, sizeof(ifname) - 1); ++ /* last byte of ifname is already zero and never overwritten */ ++ error("file name too long"); ++ } + strcpy(ifname, iname); + + /* If input file exists, return OK. */ |