[pkgsrc/pkgsrc-2005Q2]: pkgsrc/archivers/unzip Pullup ticket 654 - requested ...

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/624cc4ffa13f
branches:  pkgsrc-2005Q2
changeset: 495940:624cc4ffa13f
user:      salo <salo%pkgsrc.org@localhost>
date:      Thu Aug 04 15:22:01 2005 +0000

description:
Pullup ticket 654 - requested by Matthias Scheler
security fix for unzip

Revisions pulled up:
- pkgsrc/archivers/unzip/Makefile               1.56
- pkgsrc/archivers/unzip/distinfo               1.14
- pkgsrc/archivers/unzip/patches/patch-ac       1.1

   Module Name:         pkgsrc
   Committed By:        tron
   Date:                Thu Aug  4 14:20:35 UTC 2005

   Modified Files:
        pkgsrc/archivers/unzip: Makefile distinfo
   Added Files:
        pkgsrc/archivers/unzip/patches: patch-ac

   Log Message:
   Add patch to fix the security problem described in SA16309.

diffstat:

 archivers/unzip/Makefile         |   4 +-
 archivers/unzip/distinfo         |   9 +++--
 archivers/unzip/patches/patch-ac |  64 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 71 insertions(+), 6 deletions(-)

diffs (98 lines):

diff -r 756c35666844 -r 624cc4ffa13f archivers/unzip/Makefile
--- a/archivers/unzip/Makefile  Thu Aug 04 15:15:51 2005 +0000
+++ b/archivers/unzip/Makefile  Thu Aug 04 15:22:01 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.55 2005/05/22 20:07:37 jlam Exp $
+# $NetBSD: Makefile,v 1.55.2.1 2005/08/04 15:22:01 salo Exp $
 
 DISTNAME=      unzip552
 PKGNAME=       unzip-5.52
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    archivers
 MASTER_SITES=  ftp://ftp.info-zip.org/pub/infozip/src/
 
diff -r 756c35666844 -r 624cc4ffa13f archivers/unzip/distinfo
--- a/archivers/unzip/distinfo  Thu Aug 04 15:15:51 2005 +0000
+++ b/archivers/unzip/distinfo  Thu Aug 04 15:22:01 2005 +0000
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.13 2005/03/01 07:45:28 salo Exp $
+$NetBSD: distinfo,v 1.13.4.1 2005/08/04 15:22:01 salo Exp $
 
-SHA1 (unzip-5.52nb1/unzip552.tar.gz) = 1831bd59b9e607a69052f83b263384895e2d4a19
-RMD160 (unzip-5.52nb1/unzip552.tar.gz) = b749b0923bc4cceaa6f937aef688e9713a84328c
-Size (unzip-5.52nb1/unzip552.tar.gz) = 1140291 bytes
+SHA1 (unzip-5.52nb2/unzip552.tar.gz) = 1831bd59b9e607a69052f83b263384895e2d4a19
+RMD160 (unzip-5.52nb2/unzip552.tar.gz) = b749b0923bc4cceaa6f937aef688e9713a84328c
+Size (unzip-5.52nb2/unzip552.tar.gz) = 1140291 bytes
 SHA1 (patch-aa) = de66b7b5c45904167e8596ce5235d957c2df4d2a
 SHA1 (patch-ab) = dd426fdf4b774bd73f4ee46da470ffa3c2cf6513
+SHA1 (patch-ac) = ada9059d9b3384396bbf6437f55fa40f2f6c0c73
diff -r 756c35666844 -r 624cc4ffa13f archivers/unzip/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/unzip/patches/patch-ac  Thu Aug 04 15:22:01 2005 +0000
@@ -0,0 +1,64 @@
+$NetBSD: patch-ac,v 1.1.2.2 2005/08/04 15:22:02 salo Exp $
+
+--- unix/unix.c.orig   2005-02-26 19:43:42.000000000 +0000
++++ unix/unix.c        2005-08-04 15:15:17.000000000 +0100
+@@ -1042,8 +1042,6 @@
+     ush z_uidgid[2];
+     int have_uidgid_flg;
+ 
+-    fclose(G.outfile);
+-
+ /*---------------------------------------------------------------------------
+     If symbolic links are supported, allocate storage for a symlink control
+     structure, put the uncompressed "data" and other required info in it, and
+@@ -1059,6 +1057,8 @@
+                                 strlen(G.filename);
+         slinkentry *slnk_entry;
+ 
++        fclose(G.outfile);
++
+         if ((unsigned)slnk_entrysize < ucsize) {
+             Info(slide, 0x201, ((char *)slide,
+               "warning:  symbolic link (%s) failed: mem alloc overflow\n",
+@@ -1107,6 +1107,11 @@
+     }
+ #endif /* SYMLINKS */
+ 
++#ifndef NO_CHMOD
++    if (fchmod(fileno(G.outfile), filtattr(__G__ G.pInfo->file_attr)))
++        perror("chmod (file attributes) error");
++#endif
++
+ #ifdef QLZIP
+     if (G.extra_field) {
+         static void qlfix OF((__GPRO__ uch *ef_ptr, unsigned ef_len));
+@@ -1120,7 +1125,7 @@
+     /* if -X option was specified and we have UID/GID info, restore it */
+     if (have_uidgid_flg) {
+         TTrace((stderr, "close_outfile:  restoring Unix UID/GID info\n"));
+-        if (chown(G.filename, (uid_t)z_uidgid[0], (gid_t)z_uidgid[1]))
++        if (fchown(fileno(G.outfile), (uid_t)z_uidgid[0], (gid_t)z_uidgid[1]))
+         {
+             if (uO.qflag)
+                 Info(slide, 0x201, ((char *)slide,
+@@ -1133,6 +1138,8 @@
+         }
+     }
+ 
++    fclose(G.outfile);
++
+     /* set the file's access and modification times */
+     if (utime(G.filename, &(zt.t2))) {
+ #ifdef AOS_VS
+@@ -1156,11 +1163,6 @@
+     zipfile.
+   ---------------------------------------------------------------------------*/
+ 
+-#ifndef NO_CHMOD
+-    if (chmod(G.filename, filtattr(__G__ G.pInfo->file_attr)))
+-        perror("chmod (file attributes) error");
+-#endif
+-
+ } /* end function close_outfile() */
+ 
+ #endif /* !MTS */