From ee098803d6c7ae05887b98128f0384805129c948 Mon Sep 17 00:00:00 2001 From: tron Date: Thu, 4 Aug 2005 14:20:35 +0000 Subject: Add patch to fix the security problem described in SA16309. --- archivers/unzip/Makefile | 4 +-- archivers/unzip/distinfo | 9 +++--- archivers/unzip/patches/patch-ac | 64 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 71 insertions(+), 6 deletions(-) create mode 100644 archivers/unzip/patches/patch-ac (limited to 'archivers') diff --git a/archivers/unzip/Makefile b/archivers/unzip/Makefile index 012d5e90d5a..f80d6694198 100644 --- a/archivers/unzip/Makefile +++ b/archivers/unzip/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.55 2005/05/22 20:07:37 jlam Exp $ +# $NetBSD: Makefile,v 1.56 2005/08/04 14:20:35 tron Exp $ DISTNAME= unzip552 PKGNAME= unzip-5.52 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= archivers MASTER_SITES= ftp://ftp.info-zip.org/pub/infozip/src/ diff --git a/archivers/unzip/distinfo b/archivers/unzip/distinfo index 8411b95ea03..57ae30fbe7b 100644 --- a/archivers/unzip/distinfo +++ b/archivers/unzip/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.13 2005/03/01 07:45:28 salo Exp $ +$NetBSD: distinfo,v 1.14 2005/08/04 14:20:35 tron Exp $ -SHA1 (unzip-5.52nb1/unzip552.tar.gz) = 1831bd59b9e607a69052f83b263384895e2d4a19 -RMD160 (unzip-5.52nb1/unzip552.tar.gz) = b749b0923bc4cceaa6f937aef688e9713a84328c -Size (unzip-5.52nb1/unzip552.tar.gz) = 1140291 bytes +SHA1 (unzip-5.52nb2/unzip552.tar.gz) = 1831bd59b9e607a69052f83b263384895e2d4a19 +RMD160 (unzip-5.52nb2/unzip552.tar.gz) = b749b0923bc4cceaa6f937aef688e9713a84328c +Size (unzip-5.52nb2/unzip552.tar.gz) = 1140291 bytes SHA1 (patch-aa) = de66b7b5c45904167e8596ce5235d957c2df4d2a SHA1 (patch-ab) = dd426fdf4b774bd73f4ee46da470ffa3c2cf6513 +SHA1 (patch-ac) = ada9059d9b3384396bbf6437f55fa40f2f6c0c73 diff --git a/archivers/unzip/patches/patch-ac b/archivers/unzip/patches/patch-ac new file mode 100644 index 00000000000..062be0cbd3e --- /dev/null +++ b/archivers/unzip/patches/patch-ac @@ -0,0 +1,64 @@ +$NetBSD: patch-ac,v 1.1 2005/08/04 14:20:35 tron Exp $ + +--- unix/unix.c.orig 2005-02-26 19:43:42.000000000 +0000 ++++ unix/unix.c 2005-08-04 15:15:17.000000000 +0100 +@@ -1042,8 +1042,6 @@ + ush z_uidgid[2]; + int have_uidgid_flg; + +- fclose(G.outfile); +- + /*--------------------------------------------------------------------------- + If symbolic links are supported, allocate storage for a symlink control + structure, put the uncompressed "data" and other required info in it, and +@@ -1059,6 +1057,8 @@ + strlen(G.filename); + slinkentry *slnk_entry; + ++ fclose(G.outfile); ++ + if ((unsigned)slnk_entrysize < ucsize) { + Info(slide, 0x201, ((char *)slide, + "warning: symbolic link (%s) failed: mem alloc overflow\n", +@@ -1107,6 +1107,11 @@ + } + #endif /* SYMLINKS */ + ++#ifndef NO_CHMOD ++ if (fchmod(fileno(G.outfile), filtattr(__G__ G.pInfo->file_attr))) ++ perror("chmod (file attributes) error"); ++#endif ++ + #ifdef QLZIP + if (G.extra_field) { + static void qlfix OF((__GPRO__ uch *ef_ptr, unsigned ef_len)); +@@ -1120,7 +1125,7 @@ + /* if -X option was specified and we have UID/GID info, restore it */ + if (have_uidgid_flg) { + TTrace((stderr, "close_outfile: restoring Unix UID/GID info\n")); +- if (chown(G.filename, (uid_t)z_uidgid[0], (gid_t)z_uidgid[1])) ++ if (fchown(fileno(G.outfile), (uid_t)z_uidgid[0], (gid_t)z_uidgid[1])) + { + if (uO.qflag) + Info(slide, 0x201, ((char *)slide, +@@ -1133,6 +1138,8 @@ + } + } + ++ fclose(G.outfile); ++ + /* set the file's access and modification times */ + if (utime(G.filename, &(zt.t2))) { + #ifdef AOS_VS +@@ -1156,11 +1163,6 @@ + zipfile. + ---------------------------------------------------------------------------*/ + +-#ifndef NO_CHMOD +- if (chmod(G.filename, filtattr(__G__ G.pInfo->file_attr))) +- perror("chmod (file attributes) error"); +-#endif +- + } /* end function close_outfile() */ + + #endif /* !MTS */ -- cgit v1.2.3