[pkgsrc/pkgsrc-2005Q1]: pkgsrc/archivers/gzip-base Pullup ticket 546 - reques...

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/5a09b4e773c9
branches:  pkgsrc-2005Q1
changeset: 491108:5a09b4e773c9
user:      salo <salo%pkgsrc.org@localhost>
date:      Thu Jun 09 22:31:18 2005 +0000

description:
Pullup ticket 546 - requested by Adrian Portelli
security fix for gzip-base

Revisions pulled up:
- pkgsrc/archivers/gzip-base/Makefile           1.19
- pkgsrc/archivers/gzip-base/distinfo           1.6
- pkgsrc/archivers/gzip-base/patches/patch-ab   1.2

   Module Name:         pkgsrc
   Committed By:        adrianp
   Date:                Thu Jun  9 20:23:26 UTC 2005

   Modified Files:
        pkgsrc/archivers/gzip-base: Makefile distinfo
        pkgsrc/archivers/gzip-base/patches: patch-ab

   Log Message:
   - Patches to address CAN-2005-1228 and CAN-2005-0988 based on FreeBSD SA
     and Gentoo/Debian patches.

diffstat:

 archivers/gzip-base/Makefile         |   3 +-
 archivers/gzip-base/distinfo         |   4 +-
 archivers/gzip-base/patches/patch-ab |  70 ++++++++++++++++++++++++++++++++---
 3 files changed, 67 insertions(+), 10 deletions(-)

diffs (108 lines):

diff -r 378c5df16fbd -r 5a09b4e773c9 archivers/gzip-base/Makefile
--- a/archivers/gzip-base/Makefile      Thu Jun 09 20:06:01 2005 +0000
+++ b/archivers/gzip-base/Makefile      Thu Jun 09 22:31:18 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.17 2004/10/12 18:28:28 tv Exp $
+# $NetBSD: Makefile,v 1.17.4.1 2005/06/09 22:31:18 salo Exp $
 #
 
 DISTNAME=      gzip-1.2.4a
+PKGREVISION=   1
 PKGNAME=       ${DISTNAME:S/gzip-/gzip-base-/:S/a$/b/}
 SVR4_PKGNAME=  gzipb
 CATEGORIES=    archivers
diff -r 378c5df16fbd -r 5a09b4e773c9 archivers/gzip-base/distinfo
--- a/archivers/gzip-base/distinfo      Thu Jun 09 20:06:01 2005 +0000
+++ b/archivers/gzip-base/distinfo      Thu Jun 09 22:31:18 2005 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.5 2005/02/23 14:45:23 agc Exp $
+$NetBSD: distinfo,v 1.5.2.1 2005/06/09 22:31:18 salo Exp $
 
 SHA1 (gzip-1.2.4a.shar) = 1e1e513f48be32ecfe24c06b609329963d5a5288
 RMD160 (gzip-1.2.4a.shar) = 529397e68b2ed7f39b3a4d3201fd73d10a9c1ebc
 Size (gzip-1.2.4a.shar) = 832431 bytes
 SHA1 (patch-aa) = 449d3eb975b9ddc634ba0b3a245381f3f3e1f5e1
-SHA1 (patch-ab) = e198a1d9a90a8b626b178ef7b5beabc729c6367d
+SHA1 (patch-ab) = e8c7e210c1e7e443230ba20266c0232f29002a4b
diff -r 378c5df16fbd -r 5a09b4e773c9 archivers/gzip-base/patches/patch-ab
--- a/archivers/gzip-base/patches/patch-ab      Thu Jun 09 20:06:01 2005 +0000
+++ b/archivers/gzip-base/patches/patch-ab      Thu Jun 09 22:31:18 2005 +0000
@@ -1,11 +1,35 @@
-$NetBSD: patch-ab,v 1.1 2004/10/12 18:28:29 tv Exp $
+$NetBSD: patch-ab,v 1.1.6.1 2005/06/09 22:31:18 salo Exp $
+
+# CAN-2005-1228 and CAN-2005-0988
 
-From http://www.gzip.org/gzip-1.2.4b.patch - security fix for filenames
-over 1020 caharacters long.
-
---- gzip.c     Thu Aug 19 15:39:43 1993
-+++ gzip.c     Tue Jan  8 21:44:18 2002
-@@ -1005,7 +1005,14 @@
+--- gzip.c.orig        1993-08-19 09:39:00.000000000 +0100
++++ gzip.c
+@@ -824,8 +824,11 @@ local void treat_file(iname)
+     }
+ 
+     close(ifd);
+-    if (!to_stdout && close(ofd)) {
+-      write_error();
++    if (!to_stdout) {
++        /* Copy modes, times, ownership, and remove the input file */
++        copy_stat(&istat);
++        if (close(ofd))
++          write_error();
+     }
+     if (method == -1) {
+       if (!to_stdout) unlink (ofname);
+@@ -845,10 +848,6 @@ local void treat_file(iname)
+       }
+       fprintf(stderr, "\n");
+     }
+-    /* Copy modes, times, ownership, and remove the input file */
+-    if (!to_stdout) {
+-      copy_stat(&istat);
+-    }
+ }
+ 
+ /* ========================================================================
+@@ -1005,7 +1004,14 @@ local int get_istat(iname, sbuf)
  #ifdef NO_MULTIPLE_DOTS
      char *dot; /* pointer to ifname extension, or NULL */
  #endif
@@ -20,3 +44,35 @@
      strcpy(ifname, iname);
  
      /* If input file exists, return OK. */
+@@ -1244,6 +1250,7 @@ local int get_method(in)
+               /* Copy the base name. Keep a directory prefix intact. */
+                 char *p = basename(ofname);
+                 char *base = p;
++              char *base2;
+               for (;;) {
+                   *p = (char)get_char();
+                   if (*p++ == '\0') break;
+@@ -1251,6 +1258,8 @@ local int get_method(in)
+                       error("corrupted input -- file name too large");
+                   }
+               }
++              base2 = basename (base);
++              strcpy(base, base2);
+                 /* If necessary, adapt the name to local OS conventions: */
+                 if (!list) {
+                    MAKE_LEGAL_NAME(base);
+@@ -1624,12 +1633,12 @@ local void copy_stat(ifstat)
+     reset_times(ofname, ifstat);
+ #endif
+     /* Copy the protection modes */
+-    if (chmod(ofname, ifstat->st_mode & 07777)) {
++    if (fchmod(ofd, ifstat->st_mode & 07777)) {
+       WARN((stderr, "%s: ", progname));
+       if (!quiet) perror(ofname);
+     }
+ #ifndef NO_CHOWN
+-    chown(ofname, ifstat->st_uid, ifstat->st_gid);  /* Copy ownership */
++    (void) fchown(ofd, ifstat->st_uid, ifstat->st_gid);  /* Copy ownership */
+ #endif
+     remove_ofname = 0;
+     /* It's now safe to remove the input file: */