Add patches for CVE-2009-2624 and CVE-2010-0001.

Bump PKGREVISION.
author: taca <taca@pkgsrc.org> 2010-02-02 14:42:43 +0000
committer: taca <taca@pkgsrc.org> 2010-02-02 14:42:43 +0000
commit: 52b1a3831633af81e1edb0ca7e37b22302cc89c4 (patch)
tree: cfbfb5434de6c7d019cb8d6b37a94f7b56b54202 /archivers
parent: 1fdde222eff57aca3535beb6520e5a10c55bafe8 (diff)
download: pkgsrc-52b1a3831633af81e1edb0ca7e37b22302cc89c4.tar.gz
4 files changed, 46 insertions, 3 deletions
diff --git a/archivers/gzip/Makefile b/archivers/gzip/Makefile
index 53e7f09a615..d8b9730900b 100644
--- a/archivers/gzip/Makefile
+++ b/archivers/gzip/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.22 2008/09/07 08:02:27 dholland Exp $
+# $NetBSD: Makefile,v 1.23 2010/02/02 14:42:43 taca Exp $
 #
 
 DISTNAME=	gzip-1.3.12
-PKGREVISION=	2
+PKGREVISION=	3
 SVR4_PKGNAME=	gzip
 CATEGORIES=	archivers
 MASTER_SITES=	${MASTER_SITE_GNU:=gzip/}
@@ -11,6 +11,7 @@ EXTRACT_SUFX=	.tar
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://www.gnu.org/software/gzip/gzip.html
 COMMENT=	Compress or expand files
+LICENSE=	gnu-gpl-v2
 
 PKG_INSTALLATION_TYPES=	overwrite pkgviews
 PKG_DESTDIR_SUPPORT=	user-destdir
diff --git a/archivers/gzip/distinfo b/archivers/gzip/distinfo
index 204ddd8f1f6..78bcf07a3a7 100644
--- a/archivers/gzip/distinfo
+++ b/archivers/gzip/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.3 2008/09/07 08:02:27 dholland Exp $
+$NetBSD: distinfo,v 1.4 2010/02/02 14:42:43 taca Exp $
 
 SHA1 (gzip-1.3.12.tar) = 330eb5f1b3dfab13a491352cb00b6573e5b55a5f
 RMD160 (gzip-1.3.12.tar) = 6845dfba2a275f4de488c3fb97e64405838a5005
@@ -9,3 +9,5 @@ SHA1 (patch-ac) = 8ef4b7105ca9b201079f5cf8799642e12184fda4
 SHA1 (patch-ad) = 082ced7d4a89a49b750525cc71bbf9a9abfc5b9e
 SHA1 (patch-ae) = a1d245c5cf055e9bd35fb7e810d5183a71cbfc74
 SHA1 (patch-af) = 28639dbe11ed8ce81bd1c29248b53af6cea55b88
+SHA1 (patch-ag) = 6b499fe28525643bfd5e5ece73fcd221eb9f964f
+SHA1 (patch-ah) = 0f92048912c2e682ba28d93bf5f309774d337790
diff --git a/archivers/gzip/patches/patch-ag b/archivers/gzip/patches/patch-ag
new file mode 100644
index 00000000000..03f98715bba
--- /dev/null
+++ b/archivers/gzip/patches/patch-ag
@@ -0,0 +1,24 @@
+$NetBSD: patch-ag,v 1.1 2010/02/02 14:42:43 taca Exp $
+
+Fix for CVE-2009-2624.
+
+--- inflate.c.orig	2006-12-20 23:30:17.000000000 +0000
++++ inflate.c
+@@ -335,13 +335,15 @@ int *m;                 /* maximum looku
+   } while (--i);
+   if (c[0] == n)                /* null input--all zero length codes */
+   {
+-    q = (struct huft *) malloc (2 * sizeof *q);
++    q = (struct huft *) malloc (3 * sizeof *q);
+     if (!q)
+       return 3;
+-    hufts += 2;
++    hufts += 3;
+     q[0].v.t = (struct huft *) NULL;
+     q[1].e = 99;    /* invalid code marker */
+     q[1].b = 1;
++    q[2].e = 99;    /* invalid code marker */
++    q[2].b = 1;
+     *t = q + 1;
+     *m = 1;
+     return 0;
diff --git a/archivers/gzip/patches/patch-ah b/archivers/gzip/patches/patch-ah
new file mode 100644
index 00000000000..4673d11e765
--- /dev/null
+++ b/archivers/gzip/patches/patch-ah
@@ -0,0 +1,16 @@
+$NetBSD: patch-ah,v 1.1 2010/02/02 14:42:43 taca Exp $
+
+Fix for CVE-2010-0001.
+
+--- unlzw.c.orig	2006-12-11 18:54:39.000000000 +0000
++++ unlzw.c
+@@ -248,7 +248,8 @@ int unlzw(in, out)
+ 	int  o;
+ 
+     resetbuf:
+-	e = insize-(o = (posbits>>3));
++	o = posbits >> 3;
++	e = o <= insize ? insize - o : 0;
+ 
+ 	for (i = 0 ; i < e ; ++i) {
+ 	    inbuf[i] = inbuf[i+o];
author	taca <taca@pkgsrc.org>	2010-02-02 14:42:43 +0000
committer	taca <taca@pkgsrc.org>	2010-02-02 14:42:43 +0000
commit	52b1a3831633af81e1edb0ca7e37b22302cc89c4 (patch)
tree	cfbfb5434de6c7d019cb8d6b37a94f7b56b54202 /archivers
parent	1fdde222eff57aca3535beb6520e5a10c55bafe8 (diff)
download	pkgsrc-52b1a3831633af81e1edb0ca7e37b22302cc89c4.tar.gz