Author: robert
Date: 2006-08-20 20:15:11 -0600 (Sun, 20 Aug 2006)
New Revision: 1652
Added:
trunk/gzip/gzip-1.3.5-hardened_tmp-1.patch
Log:
Added gzip-1.3.5-hardened_tmp-1.patch
Added: trunk/gzip/gzip-1.3.5-hardened_tmp-1.patch
===================================================================
--- trunk/gzip/gzip-1.3.5-hardened_tmp-1.patch (rev 0)
+++ trunk/gzip/gzip-1.3.5-hardened_tmp-1.patch 2006-08-21 02:15:11 UTC (rev
1652)
@@ -0,0 +1,183 @@
+Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes)
+Date: 2006-08-20
+Initial Package Version: 1.3.5
+Upstream Status: Not submitted - Mktemp would need to be added to configure
+Origin: Openwall Owl Linux - gzip-1.3.5-openbsd-owl-alt-tmp.diff
+Description: This patch modifies Gzip to create temporary files in a
+paranoid way, including use of the Mktemp package.
+
+diff -Naur gzip-1.3.5.orig/gzexe.in gzip-1.3.5/gzexe.in
+--- gzip-1.3.5.orig/gzexe.in 2002-09-28 06:18:11.000000000 +0000
++++ gzip-1.3.5/gzexe.in 2006-08-21 00:58:25.000000000 +0000
+@@ -42,9 +42,6 @@
+ exit 1
+ fi
+
+-tmp=gz$$
+-trap "rm -f $tmp; exit 1" 1 2 3 5 10 13 15
+-
+ decomp=0
+ res=0
+ test "$x" = "ungzexe" && decomp=1
+@@ -53,12 +50,10 @@
+ shift
+ fi
+
+-echo hi > zfoo1$$
+-echo hi > zfoo2$$
+-if test -z "`(${CPMOD-cpmod} zfoo1$$ zfoo2$$) 2>&1`"; then
+- cpmod=${CPMOD-cpmod}
++cpmod=
++if type ${CPMOD:-cpmod} 2>/dev/null; then
++ cpmod=${CPMOD:-cpmod}
+ fi
+-rm -f zfoo[12]$$
+
+ tail=""
+ IFS="${IFS= }"; saveifs="$IFS"; IFS="${IFS}:"
+@@ -99,9 +94,14 @@
+ continue
+ fi
+ case "`basename $i`" in
+- gzip | tail | sed | chmod | ln | sleep | rm)
++ bash | chmod | gzip | ln | mktemp | rm | sed | sh | tail)
+ echo "${x}: $i would depend on itself"; continue ;;
+ esac
++
++ tmp=`mktemp -t gzexe.XXXXXXXXXX` || exit 1
++ trap 'rc=$?; trap - EXIT; test -z "$tmp" || rm -f -- "$tmp"; exit $rc' \
++ EXIT HUP INT QUIT PIPE TERM
++
+ if test -z "$cpmod"; then
+ cp -p "$i" $tmp 2>/dev/null || cp "$i" $tmp
+ if test -w $tmp 2>/dev/null; then
+@@ -112,31 +112,23 @@
+ fi
+ fi
+ if test $decomp -eq 0; then
+- sed 1q $0 > $tmp
++ sed 1q "$0" > $tmp
+ sed "s|^if tail|if $tail|" >> $tmp <<'EOF'
+-skip=22
+-set -C
+-umask=`umask`
+-umask 77
+-if tail +$skip "$0" | "BINDIR"/gzip -cd > /tmp/gztmp$$; then
+- umask $umask
+- /bin/chmod 700 /tmp/gztmp$$
+- prog="`echo $0 | /bin/sed 's|^.*/||'`"
+- if /bin/ln /tmp/gztmp$$ "/tmp/$prog" 2>/dev/null; then
+- trap '/bin/rm -f /tmp/gztmp$$ "/tmp/$prog"; exit $res' 0
+- (/bin/sleep 5; /bin/rm -f /tmp/gztmp$$ "/tmp/$prog") 2>/dev/null &
+- /tmp/"$prog" ${1+"$@"}; res=$?
+- else
+- trap '/bin/rm -f /tmp/gztmp$$; exit $res' 0
+- (/bin/sleep 5; /bin/rm -f /tmp/gztmp$$) 2>/dev/null &
+- /tmp/gztmp$$ ${1+"$@"}; res=$?
+- fi
++skip=14
++tmpdir=`/bin/mktemp -dt gzexe.XXXXXXXXXX` || exit 1
++prog="${tmpdir}/${0##*/}"
++if tail +$skip "$0" | "BINDIR"/gzip -cd > "$prog"; then
++ /bin/chmod 700 "$prog"
++ trap '/bin/rm -rf -- "$tmpdir"; exit $res' EXIT
++ "$prog" ${1+"$@"}; res=$?
+ else
+- echo Cannot decompress $0; exit 1
++ echo "Cannot decompress $0"
++ /bin/rm -rf "$tmpdir"
++ exit 1
+ fi; exit $res
+ EOF
+ gzip -cv9 "$i" >> $tmp || {
+- /bin/rm -f $tmp
++ rm -f $tmp
+ echo ${x}: compression not possible for $i, file unchanged.
+ res=1
+ continue
+@@ -152,6 +144,7 @@
+ :
+ else
+ echo ${x}: $i probably not in gzexe format, file unchanged.
++ rm -f $tmp
+ res=1
+ continue
+ fi
+@@ -176,4 +169,5 @@
+ chmod u-w $i 2>/dev/null
+ fi
+ done
++tmp=
+ exit $res
+diff -Naur gzip-1.3.5.orig/zdiff.in gzip-1.3.5/zdiff.in
+--- gzip-1.3.5.orig/zdiff.in 2002-09-26 08:33:24.000000000 +0000
++++ gzip-1.3.5/zdiff.in 2006-08-21 00:52:45.000000000 +0000
+@@ -46,13 +46,13 @@
+ case "$2" in
+ *[-.]gz* | *[-.][zZ] | *.t[ga]z)
+ F=`echo "$2" | sed 's|.*/||;s|[-.][zZtga]*||'`
+- set -C
+- trap 'rm -f /tmp/"$F".$$; exit 2' HUP INT PIPE TERM 0
+- gzip -cdfq "$2" > /tmp/"$F".$$ || exit
+- gzip -cdfq "$1" | $comp $OPTIONS - /tmp/"$F".$$
++ TF=`/bin/mktemp -t "$F".XXXXXXXXXX` || exit 1
++ trap 'trap - EXIT; rm -f "$TF"; exit 2' EXIT HUP INT
PIPE TERM
++ gzip -cdfq "$2" > "$TF" || exit
++ gzip -cdfq "$1" | $comp $OPTIONS - "$TF"
+ STAT="$?"
+- /bin/rm -f /tmp/"$F".$$ || STAT=2
+- trap - HUP INT PIPE TERM 0
++ rm -f "$TF" || STAT=2
++ trap - EXIT HUP INT PIPE TERM
+ exit $STAT;;
+
+ *) gzip -cdfq "$1" | $comp $OPTIONS - "$2";;
+diff -Naur gzip-1.3.5.orig/znew.in gzip-1.3.5/znew.in
+--- gzip-1.3.5.orig/znew.in 2002-09-27 06:17:09.000000000 +0000
++++ gzip-1.3.5/znew.in 2006-08-21 00:52:45.000000000 +0000
+@@ -14,29 +14,29 @@
+ # block is the disk block size (best guess, need not be exact)
+
+ warn="(does not preserve modes and timestamp)"
+-tmp=/tmp/zfoo.$$
+-set -C
+-echo hi > $tmp.1
+-echo hi > $tmp.2
+-if test -z "`(${CPMOD-cpmod} $tmp.1 $tmp.2) 2>&1`"; then
+- cpmod=${CPMOD-cpmod}
++cpmod=
++cpmodarg=
++if type ${CPMOD:-cpmod} 2>/dev/null; then
++ cpmod=${CPMOD:-cpmod}
+ warn=""
+ fi
+
+-if test -z "$cpmod" && ${TOUCH-touch} -r $tmp.1 $tmp.2 2>/dev/null; then
+- cpmod="${TOUCH-touch}"
++if test -z "$cpmod"; then
++ cpmod=touch
+ cpmodarg="-r"
+ warn="(does not preserve file modes)"
+ fi
+
+-# check if GZIP env. variable uses -S or --suffix
+-gzip -q $tmp.1
+-ext=`echo $tmp.1* | sed "s|$tmp.1||"`
+-rm -f $tmp.[12]*
+-if test -z "$ext"; then
+- echo znew: error determining gzip extension
+- exit 1
+-fi
++case "$GZIP" in
++ *-S*) ext=`echo "$GZIP" | sed 's/^.*-S[[:space:]]*\([^[:space:]]*\).*$/\1/'`
++ ;;
++ *--suffix=*) ext=`echo "$GZIP" | sed
's/^.*--suffix=\([^[:space:]]*\).*$/\1/'`
++ ;;
++ *--suffix*) ext=`echo "$GZIP" | sed
's/^.*--suffix[[:space:]][[:space:]]*\([^[:space:]]*\).*$/\1/'`
++ ;;
++ *) ext='.gz'
++ ;;
++esac
+ if test "$ext" = ".Z"; then
+ echo znew: cannot use .Z as gzip extension.
+ exit 1
--
http://linuxfromscratch.org/mailman/listinfo/patches
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
