OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 26-Jul-2005 17:36:54
Branch: OPENPKG_2_4_SOLID Handle: 2005072616365400
Modified files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/gzip gzip.patch gzip.spec
Log:
MFC:
Changed security fix for OpenPKG-SA-2005.009-gzip.html. The previous
version caused gzip to always put the results in the current directory.
Summary:
Revision Changes Path
1.3.2.1 +19 -17 openpkg-src/gzip/gzip.patch
1.36.2.2 +1 -1 openpkg-src/gzip/gzip.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/gzip/gzip.patch
============================================================================
$ cvs diff -u -r1.3 -r1.3.2.1 gzip.patch
--- openpkg-src/gzip/gzip.patch 11 Jun 2005 08:06:42 -0000 1.3
+++ openpkg-src/gzip/gzip.patch 26 Jul 2005 15:36:54 -0000 1.3.2.1
@@ -23,21 +23,23 @@
#ifndef MAXSEG_64K
DECLARE(ush, tab_prefix, 1L<<BITS);
#else
-@@ -915,6 +946,7 @@
- {
- struct stat ostat; /* stat for ofname */
- int flags = O_WRONLY | O_CREAT | O_EXCL | O_BINARY;
-+ char *baseout;
+Index: gzip.c
+--- gzip.c.orig 2002-09-28 09:38:43.000000000 +0200
++++ gzip.c 2005-07-24 18:20:41.621179000 +0200
+@@ -1225,6 +1225,7 @@
+ char magic[2]; /* magic header */
+ int imagic1; /* like magic[1], but can represent EOF */
+ ulg stamp; /* time stamp */
++ char *base2;
- if (ascii && decompress) {
- flags &= ~O_BINARY; /* force ascii text mode */
-@@ -927,6 +959,9 @@
- }
- /* Create the output file */
- remove_ofname = 1;
-+ baseout = base_name(ofname);
-+ strncpy(ofname, baseout, sizeof(ofname));
-+ ofname[sizeof(ofname) - 1] = '\0';
- ofd = OPEN(ofname, flags, RW_USER);
- if (ofd == -1) {
- progerror(ofname);
+ /* If --force and --stdout, zcat == cat, so do not complain about
+ * premature end of file: use try_byte instead of get_byte.
+@@ -1324,6 +1325,8 @@
+ error("corrupted input -- file name too large");
+ }
+ }
++ base2 = base_name (base);
++ strcpy(base, base2);
+ /* If necessary, adapt the name to local OS conventions: */
+ if (!list) {
+ MAKE_LEGAL_NAME(base);
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/gzip/gzip.spec
============================================================================
$ cvs diff -u -r1.36.2.1 -r1.36.2.2 gzip.spec
--- openpkg-src/gzip/gzip.spec 15 Jun 2005 18:59:33 -0000 1.36.2.1
+++ openpkg-src/gzip/gzip.spec 26 Jul 2005 15:36:54 -0000 1.36.2.2
@@ -33,7 +33,7 @@
Group: Compression
License: GPL
Version: 1.3.5
-Release: 2.4.0
+Release: 2.4.1
# list of sources
Source0: ftp://alpha.gnu.org/gnu/gzip/gzip-%{version}.tar.gz
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
