[CVS] OpenPKG: openpkg-src/gzip/ gzip.patch gzip.spec

Sun, 24 Jul 2005 10:20:27 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Matthias Kurz
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   24-Jul-2005 19:20:26
  Branch: HEAD                             Handle: 2005072418202600

  Modified files:
    openpkg-src/gzip        gzip.patch gzip.spec

  Log:
    Changed security fix for OpenPKG-SA-2005.009-gzip.html. The previous
    version caused gzip to always put the results in the current directory.

  Summary:
    Revision    Changes     Path
    1.4         +19 -17     openpkg-src/gzip/gzip.patch
    1.37        +1  -1      openpkg-src/gzip/gzip.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/gzip/gzip.patch
  ============================================================================
  $ cvs diff -u -r1.3 -r1.4 gzip.patch
  --- openpkg-src/gzip/gzip.patch       11 Jun 2005 08:06:42 -0000      1.3
  +++ openpkg-src/gzip/gzip.patch       24 Jul 2005 17:20:26 -0000      1.4
  @@ -23,21 +23,23 @@
    #ifndef MAXSEG_64K
        DECLARE(ush, tab_prefix, 1L<<BITS);
    #else
  -@@ -915,6 +946,7 @@
  - {
  -     struct stat     ostat; /* stat for ofname */
  -     int flags = O_WRONLY | O_CREAT | O_EXCL | O_BINARY;
  -+    char *baseout;
  +Index: gzip.c
  +--- gzip.c.orig      2002-09-28 09:38:43.000000000 +0200
  ++++ gzip.c   2005-07-24 18:20:41.621179000 +0200
  +@@ -1225,6 +1225,7 @@
  +     char magic[2]; /* magic header */
  +     int imagic1;   /* like magic[1], but can represent EOF */
  +     ulg stamp;     /* time stamp */
  ++    char *base2;
    
  -     if (ascii && decompress) {
  -     flags &= ~O_BINARY; /* force ascii text mode */
  -@@ -927,6 +959,9 @@
  -     }
  -     /* Create the output file */
  -     remove_ofname = 1;
  -+    baseout = base_name(ofname);
  -+    strncpy(ofname, baseout, sizeof(ofname));
  -+    ofname[sizeof(ofname) - 1] = '\0';
  -     ofd = OPEN(ofname, flags, RW_USER);
  -     if (ofd == -1) {
  -         progerror(ofname);
  +     /* If --force and --stdout, zcat == cat, so do not complain about
  +      * premature end of file: use try_byte instead of get_byte.
  +@@ -1324,6 +1325,8 @@
  +                     error("corrupted input -- file name too large");
  +                 }
  +             }
  ++                base2 = base_name (base);
  ++                strcpy(base, base2);
  +                 /* If necessary, adapt the name to local OS conventions: */
  +                 if (!list) {
  +                    MAKE_LEGAL_NAME(base);
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/gzip/gzip.spec
  ============================================================================
  $ cvs diff -u -r1.36 -r1.37 gzip.spec
  --- openpkg-src/gzip/gzip.spec        11 Jun 2005 08:06:42 -0000      1.36
  +++ openpkg-src/gzip/gzip.spec        24 Jul 2005 17:20:26 -0000      1.37
  @@ -33,7 +33,7 @@
   Group:        Compression
   License:      GPL
   Version:      1.3.5
  -Release:      20050611
  +Release:      20050724
   
   #   list of sources
   Source0:      ftp://alpha.gnu.org/gnu/gzip/gzip-%{version}.tar.gz
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [email protected]

Reply via email to