OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 10-Jul-2003 12:04:46
Branch: OPENPKG_1_2_SOLID HEAD Handle: 2003071011044302
Added files: (Branch: OPENPKG_1_2_SOLID)
openpkg-src/infozip infozip.patch
Modified files:
openpkg-web news.txt
Modified files: (Branch: OPENPKG_1_2_SOLID)
openpkg-src/infozip infozip.spec
Log:
MFS: SA-2003.033-infozip; CAN-2003-0282
Summary:
Revision Changes Path
1.3.4.1 +98 -0 openpkg-src/infozip/infozip.patch
1.22.2.1.2.2+4 -2 openpkg-src/infozip/infozip.spec
1.5503 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/infozip/infozip.patch
============================================================================
$ cvs diff -u -r0 -r1.3.4.1 infozip.patch
--- /dev/null 2003-07-10 12:04:45.000000000 +0200
+++ infozip.patch 2003-07-10 12:04:45.000000000 +0200
@@ -0,0 +1,98 @@
+--- zip-2.3/unix/configure 1999-04-27 21:49:05.000000000 +0200
++++ zip-2.3/unix/configure 2003-03-06 21:46:09.399540000 +0100
+@@ -38,7 +38,7 @@
+ echo "int foo() { return 0;}" > conftest.c
+ $CC -c conftest.c >/dev/null 2>/dev/null
+ echo Check if compiler generates underlines
+- nm conftest.o | grep "(^|[^_])foo" >/dev/null 2>/dev/null
++ nm conftest.o | grep "[^_]foo" >/dev/null 2>/dev/null
+ [ $? -eq 0 ] && CPP="${CPP} -DNO_UNDERLINE"
+ if eval "$CPP crc_i386.S > _crc_i386.s 2>/dev/null"; then
+ if eval "$CC -c _crc_i386.s >/dev/null 2>/dev/null" && [ -f _crc_i386.o ]
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0282
+ Directory traversal vulnerability in UnZip 5.50 allows attackers to
+ overwrite arbitrary files via invalid characters between two . (dot)
+ characters, which are filtered and result in a ".." sequence.
+
+--- unzip-5.50/unix/unix.c.orig 2002-01-21 17:54:42.000000000 -0500
++++ unzip-5.50/unix/unix.c 2003-06-11 18:35:38.000000000 -0400
+@@ -421,7 +421,8 @@
+ */
+ {
+ char pathcomp[FILNAMSIZ]; /* path-component buffer */
+- char *pp, *cp=(char *)NULL; /* character pointers */
++ char *pp, *cp=(char *)NULL, /* character pointers */
++ *dp=(char *)NULL;
+ char *lastsemi=(char *)NULL; /* pointer to last semi-colon in pathcomp */
+ #ifdef ACORN_FTYPE_NFS
+ char *lastcomma=(char *)NULL; /* pointer to last comma in pathcomp */
+@@ -429,6 +430,7 @@
+ #endif
+ int quote = FALSE; /* flags */
+ int killed_ddot = FALSE; /* is set when skipping "../" pathcomp */
++ int snarf_ddot = FALSE; /* Is set while scanning for "../" */
+ int error = MPN_OK;
+ register unsigned workch; /* hold the character being tested */
+
+@@ -467,6 +469,9 @@
+ while ((workch = (uch)*cp++) != 0) {
+
+ if (quote) { /* if character quoted, */
++ if ((pp == pathcomp) && (workch == '.'))
++ /* Oh no you don't... */
++ goto ddot_hack;
+ *pp++ = (char)workch; /* include it literally */
+ quote = FALSE;
+ } else
+@@ -481,15 +486,44 @@
+ break;
+
+ case '.':
+- if (pp == pathcomp) { /* nothing appended yet... */
++ if (pp == pathcomp) {
++ddot_hack:
++ /* nothing appended yet... */
+ if (*cp == '/') { /* don't bother appending "./" to */
+ ++cp; /* the path: skip behind the '/' */
+ break;
+- } else if (!uO.ddotflag && *cp == '.' && cp[1] == '/') {
+- /* "../" dir traversal detected */
+- cp += 2; /* skip over behind the '/' */
+- killed_ddot = TRUE; /* set "show message" flag */
+- break;
++ } else if (!uO.ddotflag) {
++
++ /*
++ * SECURITY: Skip past control characters if the user
++ * didn't OK use of absolute pathnames. lhh - this is
++ * a very quick, ugly, inefficient fix.
++ */
++ dp = cp;
++ do {
++ workch = (uch)(*dp);
++ if (workch == '/' && snarf_ddot) {
++ /* "../" dir traversal detected */
++ cp = dp + 1; /* skip past the '/' */
++ killed_ddot = TRUE; /* set "show msg" flag */
++ break;
++ } else if (workch == '.' && !snarf_ddot) {
++ snarf_ddot = TRUE;
++ } else if (isprint(workch) ||
++ ((workch > 127) && (workch <= 254))) {
++ /*
++ * Since we found a printable, non-ctrl char,
++ * we can stop looking for '../', the amount
++ * in ../!
++ */
++ break;
++ }
++
++ dp++;
++ } while (*dp != 0);
++
++ if (killed_ddot)
++ break;
+ }
+ }
+ *pp++ = '.';
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/infozip/infozip.spec
============================================================================
$ cvs diff -u -r1.22.2.1.2.1 -r1.22.2.1.2.2 infozip.spec
--- openpkg-src/infozip/infozip.spec 18 Jan 2003 17:20:11 -0000 1.22.2.1.2.1
+++ openpkg-src/infozip/infozip.spec 10 Jul 2003 10:04:45 -0000 1.22.2.1.2.2
@@ -1,8 +1,8 @@
##
## infozip.spec -- OpenPKG RPM Specification
-## Copyright (c) 2000-2003 Cable & Wireless Deutschland GmbH
## Copyright (c) 2000-2003 The OpenPKG Project <http://www.openpkg.org/>
## Copyright (c) 2000-2003 Ralf S. Engelschall <[EMAIL PROTECTED]>
+## Copyright (c) 2000-2003 Cable & Wireless <http://www.cw.com/>
##
## Permission to use, copy, modify, and distribute this software for
## any purpose with or without fee is hereby granted, provided that
@@ -38,11 +38,12 @@
Group: Archiver
License: BSD
Version: 1.2.0
-Release: 1.2.0
+Release: 1.2.1
# list of sources
Source0: ftp://ftp.info-zip.org/pub/infozip/src/zip%{V_zip_real}.tar.gz
Source1: ftp://ftp.info-zip.org/pub/infozip/src/unzip%{V_unzip_real}.tar.gz
+Patch0: infozip.patch
# build information
Prefix: %{l_prefix}
@@ -60,6 +61,7 @@
%prep
%setup0 -q -c
%setup1 -q -T -D -a 1
+ %patch0 -p0
%build
( cd zip-%{V_zip_here}
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.5502 -r1.5503 news.txt
--- openpkg-web/news.txt 10 Jul 2003 09:58:28 -0000 1.5502
+++ openpkg-web/news.txt 10 Jul 2003 10:04:43 -0000 1.5503
@@ -1,3 +1,4 @@
+10-Jul-2003: Upgraded package: P<infozip-1.2.0-1.2.1>
10-Jul-2003: Upgraded package: P<infozip-1.20030710-1.20030710>
10-Jul-2003: Upgraded package: P<gnet-1.1.9-20030710>
10-Jul-2003: Upgraded package: P<ipaudit-0.95-20030710>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
