Your message dated Thu, 21 Dec 2006 02:32:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#403970: fixed in gzip 1.3.9-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: gzip
Version: 1.3.5-10sarge2

Yiorgos Adamopoulos <[EMAIL PROTECTED]> writes:

> Hi!  I tried to gunzip
> http://www.vitanuova.com/dist/4e/20060303/inferno.tgz using version
> 1.3.5 (I work on an Ubuntu 6.06 LTS) and got:
>
> [EMAIL PROTECTED]:~/tmp$ gunzip inferno.tgz
>
> gunzip: inferno.tgz: invalid compressed data--format violated

Thanks very much for reporting that.  Do you happen to know what
program generated that .tgz file?

Anyway, this is clearly a regression in gzip, regardless of whether
the stream has a valid format, so I installed the following patch into
gzip.  I am CC'ing this to the Debian bug address and to Thomas Biege.

2006-12-20  Paul Eggert  <[EMAIL PROTECTED]>

        * inflate.c (huft_build): Fix regression that caused gzip to
        refuse to uncompress null input (all zero length codes).  Problem
        reported by Yiorgos Adamopoulos.  This regression was caused by
        the security patch installed 2006-11-20, which in turn came from
        Debian, which in turn apparently came from Thomas Biege of SuSe.

Index: inflate.c
===================================================================
RCS file: /cvsroot/gzip/gzip/inflate.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -p -u -r1.5 -r1.6
--- inflate.c   27 Nov 2006 00:51:37 -0000      1.5
+++ inflate.c   20 Dec 2006 23:30:17 -0000      1.6
@@ -116,7 +116,7 @@
  */
 
 #ifdef RCSID
-static char rcsid[] = "$Id: inflate.c,v 1.5 2006/11/27 00:51:37 eggert Exp $";
+static char rcsid[] = "$Id: inflate.c,v 1.6 2006/12/20 23:30:17 eggert Exp $";
 #endif
 
 #include <config.h>
@@ -335,9 +335,16 @@ int *m;                 /* maximum looku
   } while (--i);
   if (c[0] == n)                /* null input--all zero length codes */
   {
-    *t = (struct huft *)NULL;
-    *m = 0;
-    return 2;
+    q = (struct huft *) malloc (2 * sizeof *q);
+    if (!q)
+      return 3;
+    hufts += 2;
+    q[0].v.t = (struct huft *) NULL;
+    q[1].e = 99;    /* invalid code marker */
+    q[1].b = 1;
+    *t = q + 1;
+    *m = 1;
+    return 0;
   }
 
 


--- End Message ---
--- Begin Message ---
Source: gzip
Source-Version: 1.3.9-1

We believe that the bug you reported is fixed in the latest version of
gzip, which is due to be installed in the Debian FTP archive:

gzip_1.3.9-1.diff.gz
  to pool/main/g/gzip/gzip_1.3.9-1.diff.gz
gzip_1.3.9-1.dsc
  to pool/main/g/gzip/gzip_1.3.9-1.dsc
gzip_1.3.9-1_i386.deb
  to pool/main/g/gzip/gzip_1.3.9-1_i386.deb
gzip_1.3.9.orig.tar.gz
  to pool/main/g/gzip/gzip_1.3.9.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bdale Garbee <[EMAIL PROTECTED]> (supplier of updated gzip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 20 Dec 2006 19:16:36 -0700
Source: gzip
Binary: gzip
Architecture: source i386
Version: 1.3.9-1
Distribution: unstable
Urgency: low
Maintainer: Bdale Garbee <[EMAIL PROTECTED]>
Changed-By: Bdale Garbee <[EMAIL PROTECTED]>
Description: 
 gzip       - The GNU compression utility
Closes: 366660 395450 403308 403970
Changes: 
 gzip (1.3.9-1) unstable; urgency=low
 .
   * new upstream version, closes: #366660, #403308
   * clean up a few gratuitous differences from new upstream, leaving
     only the rsyncable patch and tweaks like zmore always using more
   * fix spelling error in documentation, closes: #395450
   * upstream patch for regression uncompressing null input, closes: #403970
Files: 
 4697a1050e8fc124bd231c4e83acd033 550 utils required gzip_1.3.9-1.dsc
 7cf923b24b718c418e85a283b2260e14 420737 utils required gzip_1.3.9.orig.tar.gz
 92d34edb5de9ec29e77a9da643d035f3 11385 utils required gzip_1.3.9-1.diff.gz
 18436d784b9014c02708246fae1a163e 75716 utils required gzip_1.3.9-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFie8NZKfAp/LPAagRAlBLAJ9YzYvXLq3UQIWw0p5soDHUH07BfQCghmFJ
XKCd9SSUex7PhoFwc7d2S5c=
=E99x
-----END PGP SIGNATURE-----


--- End Message ---

Reply via email to