OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Matthias Kurz
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 24-Jul-2005 20:10:51
Branch: HEAD Handle: 2005072419105100
Modified files:
openpkg-src/openpkg HISTORY gzip.c openpkg.spec
Log:
Changed security fix for OpenPKG-SA-2005.009-gzip.html. The previous
version caused gzip to always put the results in the current directory.
Summary:
Revision Changes Path
1.277 +1 -0 openpkg-src/openpkg/HISTORY
1.3 +18 -25 openpkg-src/openpkg/gzip.c
1.434 +1 -1 openpkg-src/openpkg/openpkg.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openpkg/HISTORY
============================================================================
$ cvs diff -u -r1.276 -r1.277 HISTORY
--- openpkg-src/openpkg/HISTORY 22 Jul 2005 06:36:11 -0000 1.276
+++ openpkg-src/openpkg/HISTORY 24 Jul 2005 18:10:51 -0000 1.277
@@ -2,6 +2,7 @@
2005
====
+20050624 "better" patch for GNU gzip, OpenPKG-SA-2005.009 (CAN-2005-1228)
20050722 Upgraded to Zlib 1.2.3
20050706 Fixed zlib security issue (OpenPKG-SA-2005.013, CAN-2005-2096)
20050706 upgrade to latest version 20050606 of GNU config.* scripts
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openpkg/gzip.c
============================================================================
$ cvs diff -u -r1.2 -r1.3 gzip.c
--- openpkg-src/openpkg/gzip.c 10 Jun 2005 15:25:22 -0000 1.2
+++ openpkg-src/openpkg/gzip.c 24 Jul 2005 18:10:51 -0000 1.3
@@ -6,27 +6,21 @@
* where patch(1) is not available, such as the bootstrap phase
* of an OpenPKG installation.
*
- * Michael Schloh von Bennewitz <[EMAIL PROTECTED]>
- *
* Patch taken from Debian:
- *
http://bugs.debian.org/cgi-bin/bugreport.cgi/gzip.dirtraversal.patch?bug=305255&msg=3&att=2
- *
- * Index: gzip.c
- * diff -Nau gzip.c.orig gzip.c
- * --- gzip.c.orig 2002-09-28 09:38:43 +0200
- * +++ gzip.c 2005-06-09 13:42:12 +0200
- * @@ -927,6 +927,10 @@
- * }
- * ** Create the output file **
- * remove_ofname = 1;
- * + char *baseout;
- * + baseout = base_name(ofname);
- * + strncpy(ofname, baseout, sizeof(ofname));
- * + ofname[sizeof(ofname) - 1] = '\0';
- * ofd = OPEN(ofname, flags, RW_USER);
- * if (ofd == -1) {
- * progerror(ofname);
+ *
http://bugs.debian.org/cgi-bin/bugreport.cgi/gzip.dirtraversal_better.patch?bug=305255&msg=12&att=1
*
+ * --- gzip.c.old 2005-04-28 01:45:23.405819616 +0200
+ * +++ gzip.c 2005-04-28 02:10:35.386963544 +0200
+ * @@ -1330,6 +1330,8 @@ local int get_method(in)
+ * error("corrupted input -- file name too large");
+ * }
+ * }
+ * + char *base2 = base_name (base);
+ * + strcpy(base, base2);
+ * / * If necessary, adapt the name to local OS
conventions:* /
+ * if (!list) {
+ * MAKE_LEGAL_NAME(base);
+ *
*/
/* gzip (GNU zip) -- compress files with zip algorithm and 'compress'
interface
@@ -69,7 +63,7 @@
*/
#ifdef RCSID
-static char rcsid[] = "$Id: gzip.c,v 1.2 2005/06/10 15:25:22 rse Exp $";
+static char rcsid[] = "$Id: gzip.c,v 1.3 2005/07/24 18:10:51 mk Exp $";
#endif
#include <config.h>
@@ -236,7 +230,7 @@
DECLARE(uch, inbuf, INBUFSIZ +INBUF_EXTRA);
DECLARE(uch, outbuf, OUTBUFSIZ+OUTBUF_EXTRA);
DECLARE(ush, d_buf, DIST_BUFSIZE);
-DECLARE(uch, window, 2L*WSIZE);
+DECLARE(uch, window, 2L*WSIZE + 4096); /* enlarge to avoid crashs due to
peeking beyond the buffer end */
#ifndef MAXSEG_64K
DECLARE(ush, tab_prefix, 1L<<BITS);
#else
@@ -946,7 +940,6 @@
{
struct stat ostat; /* stat for ofname */
int flags = O_WRONLY | O_CREAT | O_EXCL | O_BINARY;
- char *baseout;
if (ascii && decompress) {
flags &= ~O_BINARY; /* force ascii text mode */
@@ -959,9 +952,6 @@
}
/* Create the output file */
remove_ofname = 1;
- baseout = base_name(ofname);
- strncpy(ofname, baseout, sizeof(ofname));
- ofname[sizeof(ofname) - 1] = '\0';
ofd = OPEN(ofname, flags, RW_USER);
if (ofd == -1) {
progerror(ofname);
@@ -1260,6 +1250,7 @@
char magic[2]; /* magic header */
int imagic1; /* like magic[1], but can represent EOF */
ulg stamp; /* time stamp */
+ char *base2;
/* If --force and --stdout, zcat == cat, so do not complain about
* premature end of file: use try_byte instead of get_byte.
@@ -1359,6 +1350,8 @@
error("corrupted input -- file name too large");
}
}
+ base2 = base_name (base);
+ strcpy(base, base2);
/* If necessary, adapt the name to local OS conventions: */
if (!list) {
MAKE_LEGAL_NAME(base);
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openpkg/openpkg.spec
============================================================================
$ cvs diff -u -r1.433 -r1.434 openpkg.spec
--- openpkg-src/openpkg/openpkg.spec 22 Jul 2005 18:20:23 -0000 1.433
+++ openpkg-src/openpkg/openpkg.spec 24 Jul 2005 18:10:51 -0000 1.434
@@ -38,7 +38,7 @@
# o any cc(1)
# the package version/release
-%define V_openpkg 20050722
+%define V_openpkg 20050724
# the used software versions
%define V_rpm 4.2.1
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
