From 2a69900baa77bd1e57753b0a5935db4d4d7753b7 Mon Sep 17 00:00:00 2001 From: salo Date: Thu, 9 Jun 2005 22:31:18 +0000 Subject: Pullup ticket 546 - requested by Adrian Portelli security fix for gzip-base Revisions pulled up: - pkgsrc/archivers/gzip-base/Makefile 1.19 - pkgsrc/archivers/gzip-base/distinfo 1.6 - pkgsrc/archivers/gzip-base/patches/patch-ab 1.2 Module Name: pkgsrc Committed By: adrianp Date: Thu Jun 9 20:23:26 UTC 2005 Modified Files: pkgsrc/archivers/gzip-base: Makefile distinfo pkgsrc/archivers/gzip-base/patches: patch-ab Log Message: - Patches to address CAN-2005-1228 and CAN-2005-0988 based on FreeBSD SA and Gentoo/Debian patches. --- archivers/gzip-base/Makefile | 3 +- archivers/gzip-base/distinfo | 4 +-- archivers/gzip-base/patches/patch-ab | 68 ++++++++++++++++++++++++++++++++---- 3 files changed, 66 insertions(+), 9 deletions(-) (limited to 'archivers') diff --git a/archivers/gzip-base/Makefile b/archivers/gzip-base/Makefile index 32d04b6422a..615c07efb61 100644 --- a/archivers/gzip-base/Makefile +++ b/archivers/gzip-base/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.17 2004/10/12 18:28:28 tv Exp $ +# $NetBSD: Makefile,v 1.17.4.1 2005/06/09 22:31:18 salo Exp $ # DISTNAME= gzip-1.2.4a +PKGREVISION= 1 PKGNAME= ${DISTNAME:S/gzip-/gzip-base-/:S/a$/b/} SVR4_PKGNAME= gzipb CATEGORIES= archivers diff --git a/archivers/gzip-base/distinfo b/archivers/gzip-base/distinfo index dc358181301..fbd999f4fef 100644 --- a/archivers/gzip-base/distinfo +++ b/archivers/gzip-base/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.5 2005/02/23 14:45:23 agc Exp $ +$NetBSD: distinfo,v 1.5.2.1 2005/06/09 22:31:18 salo Exp $ SHA1 (gzip-1.2.4a.shar) = 1e1e513f48be32ecfe24c06b609329963d5a5288 RMD160 (gzip-1.2.4a.shar) = 529397e68b2ed7f39b3a4d3201fd73d10a9c1ebc Size (gzip-1.2.4a.shar) = 832431 bytes SHA1 (patch-aa) = 449d3eb975b9ddc634ba0b3a245381f3f3e1f5e1 -SHA1 (patch-ab) = e198a1d9a90a8b626b178ef7b5beabc729c6367d +SHA1 (patch-ab) = e8c7e210c1e7e443230ba20266c0232f29002a4b diff --git a/archivers/gzip-base/patches/patch-ab b/archivers/gzip-base/patches/patch-ab index a903b99910b..22b53e9b3de 100644 --- a/archivers/gzip-base/patches/patch-ab +++ b/archivers/gzip-base/patches/patch-ab @@ -1,11 +1,35 @@ -$NetBSD: patch-ab,v 1.1 2004/10/12 18:28:29 tv Exp $ +$NetBSD: patch-ab,v 1.1.6.1 2005/06/09 22:31:18 salo Exp $ -From http://www.gzip.org/gzip-1.2.4b.patch - security fix for filenames -over 1020 caharacters long. +# CAN-2005-1228 and CAN-2005-0988 ---- gzip.c Thu Aug 19 15:39:43 1993 -+++ gzip.c Tue Jan 8 21:44:18 2002 -@@ -1005,7 +1005,14 @@ +--- gzip.c.orig 1993-08-19 09:39:00.000000000 +0100 ++++ gzip.c +@@ -824,8 +824,11 @@ local void treat_file(iname) + } + + close(ifd); +- if (!to_stdout && close(ofd)) { +- write_error(); ++ if (!to_stdout) { ++ /* Copy modes, times, ownership, and remove the input file */ ++ copy_stat(&istat); ++ if (close(ofd)) ++ write_error(); + } + if (method == -1) { + if (!to_stdout) unlink (ofname); +@@ -845,10 +848,6 @@ local void treat_file(iname) + } + fprintf(stderr, "\n"); + } +- /* Copy modes, times, ownership, and remove the input file */ +- if (!to_stdout) { +- copy_stat(&istat); +- } + } + + /* ======================================================================== +@@ -1005,7 +1004,14 @@ local int get_istat(iname, sbuf) #ifdef NO_MULTIPLE_DOTS char *dot; /* pointer to ifname extension, or NULL */ #endif @@ -20,3 +44,35 @@ over 1020 caharacters long. strcpy(ifname, iname); /* If input file exists, return OK. */ +@@ -1244,6 +1250,7 @@ local int get_method(in) + /* Copy the base name. Keep a directory prefix intact. */ + char *p = basename(ofname); + char *base = p; ++ char *base2; + for (;;) { + *p = (char)get_char(); + if (*p++ == '\0') break; +@@ -1251,6 +1258,8 @@ local int get_method(in) + error("corrupted input -- file name too large"); + } + } ++ base2 = basename (base); ++ strcpy(base, base2); + /* If necessary, adapt the name to local OS conventions: */ + if (!list) { + MAKE_LEGAL_NAME(base); +@@ -1624,12 +1633,12 @@ local void copy_stat(ifstat) + reset_times(ofname, ifstat); + #endif + /* Copy the protection modes */ +- if (chmod(ofname, ifstat->st_mode & 07777)) { ++ if (fchmod(ofd, ifstat->st_mode & 07777)) { + WARN((stderr, "%s: ", progname)); + if (!quiet) perror(ofname); + } + #ifndef NO_CHOWN +- chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ ++ (void) fchown(ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ + #endif + remove_ofname = 0; + /* It's now safe to remove the input file: */ -- cgit v1.2.3