summaryrefslogtreecommitdiff
path: root/archivers/gzip-base
diff options
context:
space:
mode:
authortv <tv@pkgsrc.org>2004-10-12 18:28:28 +0000
committertv <tv@pkgsrc.org>2004-10-12 18:28:28 +0000
commitce45b2dc10c183d6e18574571c58dcf4f822a1f3 (patch)
treef1fba9f4d69cf894afd43cc9221a7671651a5153 /archivers/gzip-base
parentbf950238728d566e55644279a83751689805af80 (diff)
downloadpkgsrc-ce45b2dc10c183d6e18574571c58dcf4f822a1f3.tar.gz
Update gzip to 1.2.4b, fixing a filename buffer overflow.
Diffstat (limited to 'archivers/gzip-base')
-rw-r--r--archivers/gzip-base/Makefile5
-rw-r--r--archivers/gzip-base/distinfo3
-rw-r--r--archivers/gzip-base/patches/patch-ab22
3 files changed, 26 insertions, 4 deletions
diff --git a/archivers/gzip-base/Makefile b/archivers/gzip-base/Makefile
index a725f16a16f..32d04b6422a 100644
--- a/archivers/gzip-base/Makefile
+++ b/archivers/gzip-base/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.16 2004/07/02 21:06:35 minskim Exp $
+# $NetBSD: Makefile,v 1.17 2004/10/12 18:28:28 tv Exp $
#
DISTNAME= gzip-1.2.4a
-PKGNAME= ${DISTNAME:S/gzip-/gzip-base-/}
-PKGREVISION= 1
+PKGNAME= ${DISTNAME:S/gzip-/gzip-base-/:S/a$/b/}
SVR4_PKGNAME= gzipb
CATEGORIES= archivers
MASTER_SITES= ${MASTER_SITE_GNU:=gzip/}
diff --git a/archivers/gzip-base/distinfo b/archivers/gzip-base/distinfo
index 8d31efc64a7..6df08ff7bf8 100644
--- a/archivers/gzip-base/distinfo
+++ b/archivers/gzip-base/distinfo
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.3 2004/05/07 21:41:43 reed Exp $
+$NetBSD: distinfo,v 1.4 2004/10/12 18:28:28 tv Exp $
SHA1 (gzip-1.2.4a.shar) = 1e1e513f48be32ecfe24c06b609329963d5a5288
Size (gzip-1.2.4a.shar) = 832431 bytes
SHA1 (patch-aa) = 449d3eb975b9ddc634ba0b3a245381f3f3e1f5e1
+SHA1 (patch-ab) = e198a1d9a90a8b626b178ef7b5beabc729c6367d
diff --git a/archivers/gzip-base/patches/patch-ab b/archivers/gzip-base/patches/patch-ab
new file mode 100644
index 00000000000..a903b99910b
--- /dev/null
+++ b/archivers/gzip-base/patches/patch-ab
@@ -0,0 +1,22 @@
+$NetBSD: patch-ab,v 1.1 2004/10/12 18:28:29 tv Exp $
+
+From http://www.gzip.org/gzip-1.2.4b.patch - security fix for filenames
+over 1020 caharacters long.
+
+--- gzip.c Thu Aug 19 15:39:43 1993
++++ gzip.c Tue Jan 8 21:44:18 2002
+@@ -1005,7 +1005,14 @@
+ #ifdef NO_MULTIPLE_DOTS
+ char *dot; /* pointer to ifname extension, or NULL */
+ #endif
++ int max_suffix_len = (z_len > 3 ? z_len : 3);
+
++ /* Leave enough room in ifname or ofname for suffix: */
++ if (strlen(iname) >= sizeof(ifname) - max_suffix_len) {
++ strncpy(ifname, iname, sizeof(ifname) - 1);
++ /* last byte of ifname is already zero and never overwritten */
++ error("file name too long");
++ }
+ strcpy(ifname, iname);
+
+ /* If input file exists, return OK. */