Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-7]: src Pull up following revision(s) (requested by mrg in ticket...
details: https://anonhg.NetBSD.org/src/rev/49df4a808054
branches: netbsd-7
changeset: 799038:49df4a808054
user: snj <snj%NetBSD.org@localhost>
date: Sat Feb 28 07:59:22 2015 +0000
description:
Pull up following revision(s) (requested by mrg in ticket #557):
external/zlib/pigz/dist/pigz.c: revision 1.2
usr.bin/gzip/gzip.1: revision 1.24
usr.bin/gzip/gzip.c: revision 1.107
merge https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f:
When decompressing with -N or -NT, strip any path from header name.
This uses the path of the compressed file combined with the name
from the header as the name of the decompressed output file. Any
path information in the header name is stripped. This avoids a
possible vulnerability where absolute or descending paths are put
in the gzip header.
--
do not use directory paths present in gzip files with the -N flag,
similar to the problem reported in pigz.
diffstat:
external/zlib/pigz/dist/pigz.c | 37 +++++++++++++++++++++++--------------
usr.bin/gzip/gzip.1 | 6 +++---
usr.bin/gzip/gzip.c | 21 +++++++++++++++------
3 files changed, 41 insertions(+), 23 deletions(-)
diffs (143 lines):
diff -r 07209715b3f8 -r 49df4a808054 external/zlib/pigz/dist/pigz.c
--- a/external/zlib/pigz/dist/pigz.c Fri Feb 27 19:41:34 2015 +0000
+++ b/external/zlib/pigz/dist/pigz.c Sat Feb 28 07:59:22 2015 +0000
@@ -3502,26 +3502,35 @@
" (use -f to force)");
}
else {
- char *to, *repl;
-
- /* use header name for output when decompressing with -N */
- to = g.inf;
- if (g.decode && (g.headis & 1) != 0 && g.hname != NULL) {
- to = g.hname;
- len = strlen(g.hname);
+ char *to = g.inf, *sufx = "";
+ size_t pre = 0;
+
+ /* select parts of the output file name */
+ if (g.decode) {
+ /* for -dN or -dNT, use the path from the input file and the name
+ from the header, stripping any path in the header name */
+ if ((g.headis & 1) != 0 && g.hname != NULL) {
+ pre = justname(g.inf) - g.inf;
+ to = justname(g.hname);
+ len = strlen(to);
+ }
+ /* for -d or -dNn, replace abbreviated suffixes */
+ else if (strcmp(to + len, ".tgz") == 0)
+ sufx = ".tar";
}
-
- /* replace .tgx with .tar when decoding */
- repl = g.decode && strcmp(to + len, ".tgz") ? "" : ".tar";
+ else
+ /* add appropriate suffix when compressing */
+ sufx = g.sufx;
/* create output file and open to write */
- g.outf = MALLOC(len + (g.decode ? strlen(repl) : strlen(g.sufx)) + 1);
+ g.outf = MALLOC(pre + len + strlen(sufx) + 1);
if (g.outf == NULL)
bail("not enough memory", "");
- memcpy(g.outf, to, len);
- strcpy(g.outf + len, g.decode ? repl : g.sufx);
+ memcpy(g.outf, g.inf, pre);
+ memcpy(g.outf + pre, to, len);
+ strcpy(g.outf + pre + len, sufx);
g.outd = open(g.outf, O_CREAT | O_TRUNC | O_WRONLY |
- (g.force ? 0 : O_EXCL), 0600);
+ (g.force ? 0 : O_EXCL), 0600);
/* if exists and not -f, give user a chance to overwrite */
if (g.outd < 0 && errno == EEXIST && isatty(0) && g.verbosity) {
diff -r 07209715b3f8 -r 49df4a808054 usr.bin/gzip/gzip.1
--- a/usr.bin/gzip/gzip.1 Fri Feb 27 19:41:34 2015 +0000
+++ b/usr.bin/gzip/gzip.1 Sat Feb 28 07:59:22 2015 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: gzip.1,v 1.23 2014/03/18 18:20:45 riastradh Exp $
+.\" $NetBSD: gzip.1,v 1.23.4.1 2015/02/28 07:59:22 snj Exp $
.\"
.\" Copyright (c) 1997, 2003, 2004 Matthew R. Green
.\" All rights reserved.
@@ -24,7 +24,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd June 18, 2011
+.Dd January 13, 2015
.Dt GZIP 1
.Os
.Sh NAME
@@ -191,7 +191,7 @@
This manual documents
.Nx
.Nm
-version 20040427.
+version 20150113.
.Sh AUTHORS
This implementation of
.Nm
diff -r 07209715b3f8 -r 49df4a808054 usr.bin/gzip/gzip.c
--- a/usr.bin/gzip/gzip.c Fri Feb 27 19:41:34 2015 +0000
+++ b/usr.bin/gzip/gzip.c Sat Feb 28 07:59:22 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: gzip.c,v 1.105 2011/08/30 23:06:00 joerg Exp $ */
+/* $NetBSD: gzip.c,v 1.105.20.1 2015/02/28 07:59:22 snj Exp $ */
/*
* Copyright (c) 1997, 1998, 2003, 2004, 2006 Matthew R. Green
@@ -30,7 +30,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 1997, 1998, 2003, 2004, 2006\
Matthew R. Green. All rights reserved.");
-__RCSID("$NetBSD: gzip.c,v 1.105 2011/08/30 23:06:00 joerg Exp $");
+__RCSID("$NetBSD: gzip.c,v 1.105.20.1 2015/02/28 07:59:22 snj Exp $");
#endif /* not lint */
/*
@@ -160,7 +160,7 @@
#define NUM_SUFFIXES (sizeof suffixes / sizeof suffixes[0])
#define SUFFIX_MAXLEN 30
-static const char gzip_version[] = "NetBSD gzip 20101018";
+static const char gzip_version[] = "NetBSD gzip 20150113";
static int cflag; /* stdout mode */
static int dflag; /* decompress mode */
@@ -1311,7 +1311,7 @@
#ifndef SMALL
ssize_t rv;
time_t timestamp = 0;
- unsigned char name[PATH_MAX + 1];
+ char name[PATH_MAX + 1];
#endif
/* gather the old name info */
@@ -1372,15 +1372,24 @@
goto lose;
}
if (name[0] != 0) {
+ char *dp, *nf;
+
+ /* strip saved directory name */
+ nf = strrchr(name, '/');
+ if (nf == NULL)
+ nf = name;
+ else
+ nf++;
+
/* preserve original directory name */
- char *dp = strrchr(file, '/');
+ dp = strrchr(file, '/');
if (dp == NULL)
dp = file;
else
dp++;
snprintf(outfile, outsize, "%.*s%.*s",
(int) (dp - file),
- file, (int) rbytes, name);
+ file, (int) rbytes, nf);
}
}
}
Home |
Main Index |
Thread Index |
Old Index