[CVS] OpenPKG: openpkg-src/gzip/ gzip.patch gzip.spec

[Ralf S. Engelschall]

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   11-Jun-2005 10:06:42
  Branch: HEAD                             Handle: 2005061109064200

  Modified files:
    openpkg-src/gzip        gzip.patch gzip.spec

  Log:
    apply security fix (OpenPKG-SA-2005.009)

  Summary:
    Revision    Changes     Path
    1.3         +22 -3      openpkg-src/gzip/gzip.patch
    1.36        +1  -1      openpkg-src/gzip/gzip.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/gzip/gzip.patch
  ============================================================================
  $ cvs diff -u -r1.2 -r1.3 gzip.patch
  --- openpkg-src/gzip/gzip.patch       7 Oct 2003 09:27:51 -0000       1.2
  +++ openpkg-src/gzip/gzip.patch       11 Jun 2005 08:06:42 -0000      1.3
  @@ -11,9 +11,10 @@
    if test -z "`(${CPMOD-cpmod} $tmp.1 $tmp.2) 2>&1`"; then
      cpmod=${CPMOD-cpmod}
      warn=""
  ---- gzip.c.orig      Thu Jan 30 21:19:36 2003
  -+++ gzip.c   Thu Jan 30 21:09:52 2003
  -@@ -198,7 +198,7 @@
  +Index: gzip.c
  +--- gzip.c.orig      2005-06-11 10:02:57 +0200
  ++++ gzip.c   2005-06-11 10:03:02 +0200
  +@@ -205,7 +236,7 @@
    DECLARE(uch, inbuf,  INBUFSIZ +INBUF_EXTRA);
    DECLARE(uch, outbuf, OUTBUFSIZ+OUTBUF_EXTRA);
    DECLARE(ush, d_buf,  DIST_BUFSIZE);
  @@ -22,3 +23,21 @@
    #ifndef MAXSEG_64K
        DECLARE(ush, tab_prefix, 1L<<BITS);
    #else
  +@@ -915,6 +946,7 @@
  + {
  +     struct stat     ostat; /* stat for ofname */
  +     int flags = O_WRONLY | O_CREAT | O_EXCL | O_BINARY;
  ++    char *baseout;
  + 
  +     if (ascii && decompress) {
  +     flags &= ~O_BINARY; /* force ascii text mode */
  +@@ -927,6 +959,9 @@
  +     }
  +     /* Create the output file */
  +     remove_ofname = 1;
  ++    baseout = base_name(ofname);
  ++    strncpy(ofname, baseout, sizeof(ofname));
  ++    ofname[sizeof(ofname) - 1] = '\0';
  +     ofd = OPEN(ofname, flags, RW_USER);
  +     if (ofd == -1) {
  +         progerror(ofname);
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/gzip/gzip.spec
  ============================================================================
  $ cvs diff -u -r1.35 -r1.36 gzip.spec
  --- openpkg-src/gzip/gzip.spec        24 Mar 2005 11:19:00 -0000      1.35
  +++ openpkg-src/gzip/gzip.spec        11 Jun 2005 08:06:42 -0000      1.36
  @@ -33,7 +33,7 @@
   Group:        Compression
   License:      GPL
   Version:      1.3.5
  -Release:      20040207
  +Release:      20050611
   
   #   list of sources
   Source0:      ftp://alpha.gnu.org/gnu/gzip/gzip-%{version}.tar.gz
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org