Author: qboosh Date: Wed Nov 29 23:41:54 2006 GMT Module: SOURCES Tag: HEAD ---- Log message: - updated for 1.3.6
---- Files affected: SOURCES: gzip-CVE-2006-433x.patch (1.1 -> 1.2) , gzip-info.patch (1.3 -> 1.4) , gzip-mktemp.patch (1.5 -> 1.6) , gzip-rsyncable.patch (1.2 -> 1.3) , gzip-stderr.patch (1.2 -> 1.3) ---- Diffs: ================================================================ Index: SOURCES/gzip-CVE-2006-433x.patch diff -u SOURCES/gzip-CVE-2006-433x.patch:1.1 SOURCES/gzip-CVE-2006-433x.patch:1.2 --- SOURCES/gzip-CVE-2006-433x.patch:1.1 Mon Sep 25 20:53:52 2006 +++ SOURCES/gzip-CVE-2006-433x.patch Thu Nov 30 00:41:48 2006 @@ -11,27 +11,16 @@ #define get_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(0)) #define try_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(1)) ---- gzip-1.3.5/inflate.c -+++ gzip-1.3.5/inflate.c -@@ -337,7 +337,7 @@ - { - *t = (struct huft *)NULL; - *m = 0; -- return 0; -+ return 2; - } - - ---- gzip-1.3.5/unlzh.c -+++ gzip-1.3.5/unlzh.c -@@ -149,13 +149,17 @@ +--- gzip-1.3.6/unlzh.c.orig 2006-11-20 09:40:34.000000000 +0100 ++++ gzip-1.3.6/unlzh.c 2006-11-30 00:34:20.798025500 +0100 +@@ -145,13 +145,17 @@ unsigned i, k, len, ch, jutbits, avail, nextcode, mask; for (i = 1; i <= 16; i++) count[i] = 0; - for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++; + for (i = 0; i < (unsigned)nchar; i++) { + if (bitlen[i] > 16) -+ error("Bad table (case a)\n"); ++ gzip_error("Bad table (case a)\n"); + else count[bitlen[i]]++; + } @@ -39,13 +28,13 @@ for (i = 1; i <= 16; i++) start[i + 1] = start[i] + (count[i] << (16 - i)); - if ((start[17] & 0xffff) != 0) -- error("Bad table\n"); +- gzip_error ("Bad table\n"); + if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */ -+ error("Bad table (case b)\n"); ++ gzip_error("Bad table (case b)\n"); jutbits = 16 - tablebits; for (i = 1; i <= (unsigned)tablebits; i++) { -@@ -169,15 +173,15 @@ +@@ -165,15 +169,15 @@ i = start[tablebits + 1] >> jutbits; if (i != 0) { @@ -62,9 +51,9 @@ - nextcode = start[len] + weight[len]; + nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE); if (len <= (unsigned)tablebits) { - for (i = start[len]; i < nextcode; i++) table[i] = ch; - } else { -@@ -218,7 +222,7 @@ + if ((unsigned) 1 << tablebits < nextcode) + gzip_error ("Bad table\n"); +@@ -216,7 +220,7 @@ for (i = 0; i < 256; i++) pt_table[i] = c; } else { i = 0; ================================================================ Index: SOURCES/gzip-info.patch diff -u SOURCES/gzip-info.patch:1.3 SOURCES/gzip-info.patch:1.4 --- SOURCES/gzip-info.patch:1.3 Sun Jan 19 02:39:41 2003 +++ SOURCES/gzip-info.patch Thu Nov 30 00:41:49 2006 @@ -1,5 +1,5 @@ ---- gzip-1.3.5/gzip.texi.orig Mon Sep 30 08:57:29 2002 -+++ gzip-1.3.5/gzip.texi Sat Jan 18 23:41:52 2003 +--- gzip-1.3.6/doc/gzip.texi.orig Mon Sep 30 08:57:29 2002 ++++ gzip-1.3.6/doc/gzip.texi Sat Jan 18 23:41:52 2003 @@ -31,16 +31,9 @@ @end quotation @end copying ================================================================ Index: SOURCES/gzip-mktemp.patch diff -u SOURCES/gzip-mktemp.patch:1.5 SOURCES/gzip-mktemp.patch:1.6 --- SOURCES/gzip-mktemp.patch:1.5 Sun Jan 19 02:39:41 2003 +++ SOURCES/gzip-mktemp.patch Thu Nov 30 00:41:49 2006 @@ -1,35 +1,19 @@ -diff -ur gzip-1.3.5.orig/gzexe.in gzip-1.3.5/gzexe.in ---- gzip-1.3.5.orig/gzexe.in Fri Sep 18 02:43:06 1998 -+++ gzip-1.3.5/gzexe.in Sat Jun 9 16:05:41 2001 -@@ -91,21 +91,21 @@ - sed 1q $0 > $tmp - sed "s|^if tail|if $tail|" >> $tmp <<'EOF' - skip=22 +--- gzip-1.3.6/gzexe.in.orig 2006-11-20 09:40:33.000000000 +0100 ++++ gzip-1.3.6/gzexe.in 2006-11-29 23:50:44.730531500 +0100 +@@ -132,12 +132,12 @@ + (sed 1q $0 && + sed "s|^if tail|if $tail|" <<'EOF' && + skip=26 -set -C ++ umask=`umask` umask 77 --if tail +$skip "$0" | "BINDIR"/gzip -cd > /tmp/gztmp$$; then -+tmpfile=`mktemp ${TMPDIR:-/tmp}/gz$$.XXXXXX` || { echo 'cannot create temporary file' >&2; exit 1; } -+if tail +$skip "$0" | "/bin"/gzip -cd > $tmpfile; then +-if (tempfile --version) >/dev/null 2>&1 +-then gztmp=`tempfile -p gztmp` || exit +-else gztmp=/tmp/gztmp$$ ++if (mktemp -V) >/dev/null 2>&1 ++then gztmp=`mktemp ${TMPDIR:-/tmp}/gztmp$$.XXXXXX` || exit ++else { echo 'cannot create temporary file' >&2; exit 1; } + fi + if tail +$skip "$0" | "BINDIR"/gzip -cd > "$gztmp"; then umask $umask -- /bin/chmod 700 /tmp/gztmp$$ -+ /bin/chmod 700 $tmpfile - prog="`echo $0 | /bin/sed 's|^.*/||'`" -- if /bin/ln /tmp/gztmp$$ "/tmp/$prog" 2>/dev/null; then -- trap '/bin/rm -f /tmp/gztmp$$ "/tmp/$prog"; exit $res' 0 -- (/bin/sleep 5; /bin/rm -f /tmp/gztmp$$ "/tmp/$prog") 2>/dev/null & -- /tmp/"$prog" ${1+"$@"}; res=$? -+ if /bin/ln $tmpfile "${TMPDIR:-/tmp}/$prog" 2>/dev/null; then -+ trap '/bin/rm -f $tmpfile "${TMPDIR:-/tmp}/$prog"; exit $res' 0 -+ (/bin/sleep 5; /bin/rm -f $tmpfile "${TMPDIR:-/tmp}/$prog") 2>/dev/null & -+ ${TMPDIR:-/tmp}/"$prog" ${1+"$@"}; res=$? - else -- trap '/bin/rm -f /tmp/gztmp$$; exit $res' 0 -- (/bin/sleep 5; /bin/rm -f /tmp/gztmp$$) 2>/dev/null & -- /tmp/gztmp$$ ${1+"$@"}; res=$? -+ trap '/bin/rm -f ${TMPDIR:-/tmp}/$tmpfile; exit $res' 0 -+ (/bin/sleep 5; /bin/rm -f $tmpfile) 2>/dev/null & -+ $tmpfile ${1+"$@"}; res=$? - fi - else - echo Cannot decompress $0; exit 1 ================================================================ Index: SOURCES/gzip-rsyncable.patch diff -u SOURCES/gzip-rsyncable.patch:1.2 SOURCES/gzip-rsyncable.patch:1.3 --- SOURCES/gzip-rsyncable.patch:1.2 Tue Jun 13 23:03:50 2006 +++ SOURCES/gzip-rsyncable.patch Thu Nov 30 00:41:49 2006 @@ -4,9 +4,9 @@ tried out in the default gzip for Debian Sarge, and may go into the upstream gzip at somepoint in the not-too-distant future. ---- gzip-1.3.5/deflate.c 1999-10-07 23:46:28 -0700 -+++ rsyncable/deflate.c 2005-02-05 09:40:33 -0800 -@@ -122,6 +122,14 @@ +--- gzip-1.3.6/deflate.c.orig 2006-11-30 00:13:22.863409500 +0100 ++++ gzip-1.3.6/deflate.c 2006-11-30 00:14:14.346627000 +0100 +@@ -135,6 +135,14 @@ #endif /* Matches of length 3 are discarded if their distance exceeds TOO_FAR */ @@ -21,7 +21,7 @@ /* =========================================================================== * Local data used by the "longest match" routines. */ -@@ -203,6 +211,8 @@ +@@ -216,6 +224,8 @@ unsigned near good_match; /* Use a faster search when the previous match is longer than this */ @@ -30,7 +30,7 @@ /* Values for max_lazy_match, good_match and max_chain_length, depending on * the desired pack level (0..9). The values given below have been tuned to -@@ -301,6 +311,10 @@ +@@ -314,6 +324,10 @@ #endif /* prev will be initialized on the fly */ @@ -41,7 +41,7 @@ /* Set the default configuration parameters: */ max_lazy_match = configuration_table[pack_level].max_lazy; -@@ -537,6 +551,8 @@ +@@ -550,6 +564,8 @@ memcpy((char*)window, (char*)window+WSIZE, (unsigned)WSIZE); match_start -= WSIZE; strstart -= WSIZE; /* we now have strstart >= MAX_DIST: */ @@ -50,7 +50,7 @@ block_start -= (long) WSIZE; -@@ -564,13 +580,46 @@ +@@ -577,13 +593,46 @@ } } @@ -98,7 +98,7 @@ /* =========================================================================== * Processes a new input file and return its compressed length. This -@@ -581,7 +630,7 @@ +@@ -594,7 +643,7 @@ local off_t deflate_fast() { IPos hash_head; /* head of the hash chain */ @@ -107,7 +107,7 @@ unsigned match_length = 0; /* length of best match */ prev_length = MIN_MATCH-1; -@@ -610,6 +659,7 @@ +@@ -624,6 +673,7 @@ lookahead -= match_length; @@ -115,13 +115,13 @@ /* Insert new strings in the hash table only if the match length * is not too large. This saves time but degrades compression. */ -@@ -638,9 +688,14 @@ +@@ -652,9 +702,14 @@ /* No match, output a literal byte */ Tracevv((stderr,"%c",window[strstart])); flush = ct_tally (0, window[strstart]); + RSYNC_ROLL(strstart, 1); lookahead--; - strstart++; + strstart++; } + if (rsync && strstart > rsync_chunk_end) { + rsync_chunk_end = 0xFFFFFFFFUL; @@ -130,7 +130,7 @@ if (flush) FLUSH_BLOCK(0), block_start = strstart; /* Make sure that we always have enough lookahead, except -@@ -713,6 +768,7 @@ +@@ -728,6 +783,7 @@ */ lookahead -= prev_length-1; prev_length -= 2; @@ -138,7 +138,7 @@ do { strstart++; INSERT_STRING(strstart, hash_head); -@@ -725,24 +781,39 @@ +@@ -740,24 +796,39 @@ match_available = 0; match_length = MIN_MATCH-1; strstart++; @@ -182,9 +182,9 @@ strstart++; lookahead--; } ---- gzip-1.3.5/gzip.c 2002-09-28 00:38:43 -0700 -+++ rsyncable/gzip.c 2005-02-05 09:40:33 -0800 -@@ -256,6 +256,7 @@ +--- gzip-1.3.6/gzip.c.orig 2006-11-20 09:40:33.000000000 +0100 ++++ gzip-1.3.6/gzip.c 2006-11-30 00:15:31.387441750 +0100 +@@ -218,6 +218,7 @@ unsigned insize; /* valid bytes in inbuf */ unsigned inptr; /* index of next byte to be processed in inbuf */ unsigned outcnt; /* bytes in output buffer */ @@ -192,7 +192,7 @@ struct option longopts[] = { -@@ -285,6 +286,7 @@ +@@ -247,6 +248,7 @@ {"best", 0, 0, '9'}, /* compress better */ {"lzw", 0, 0, 'Z'}, /* make output compatible with old compress */ {"bits", 1, 0, 'b'}, /* max number of bits per code (implies -Z) */ @@ -200,21 +200,21 @@ { 0, 0, 0, 0 } }; -@@ -365,6 +367,7 @@ - " -Z --lzw produce output compatible with old compress", - " -b --bits maxbits max number of bits per code (implies -Z)", +@@ -329,6 +331,7 @@ + " -Z, --lzw produce output compatible with old compress", + " -b, --bits=BITS max number of bits per code (implies -Z)", #endif -+ " --rsyncable Make rsync-friendly archive", - " file... files to (de)compress. If none given, use standard input.", - "Report bugs to <[EMAIL PROTECTED]>.", - 0}; -@@ -543,6 +546,9 @@ - #else - recursive = 1; break; ++ " --rsyncable make rsync-friendly archive", + "", + "With no FILE, or when FILE is -, read standard input.", + "", +@@ -469,6 +472,9 @@ + recursive = 1; #endif + break; + case 'R': -+ rsync = 1; break; -+ ++ rsync = 1; ++ break; case 'S': #ifdef NO_MULTIPLE_DOTS if (*optarg == '.') optarg++; @@ -237,8 +237,8 @@ /* in bits.c */ void bi_init OF((file_t zipfile)); ---- gzip-1.3.5/gzip.texi 2002-09-29 23:57:29 -0700 -+++ rsyncable/gzip.texi 2005-02-05 09:40:33 -0800 +--- gzip-1.3.6/doc/gzip.texi 2002-09-29 23:57:29 -0700 ++++ rsyncable/doc/gzip.texi 2005-02-05 09:40:33 -0800 @@ -334,6 +334,14 @@ into the directory and compress all the files it finds there (or decompress them in the case of @code{gunzip}). ================================================================ Index: SOURCES/gzip-stderr.patch diff -u SOURCES/gzip-stderr.patch:1.2 SOURCES/gzip-stderr.patch:1.3 --- SOURCES/gzip-stderr.patch:1.2 Sun Jan 19 02:39:41 2003 +++ SOURCES/gzip-stderr.patch Thu Nov 30 00:41:49 2006 @@ -1,95 +1,65 @@ ---- gzip-1.3/gzexe.in.orig Thu Nov 9 15:08:50 2000 -+++ gzip-1.3/gzexe.in Thu Nov 9 15:09:09 2000 -@@ -15,9 +15,9 @@ +--- gzip-1.3.6/gzexe.in.orig 2006-11-29 23:51:33.485578500 +0100 ++++ gzip-1.3.6/gzexe.in 2006-11-29 23:52:24.632775000 +0100 +@@ -51,7 +51,7 @@ - x=`basename $0` + PATH="BINDIR:$PATH" if test $# = 0; then -- echo compress executables. original file foo is renamed to foo~ -- echo usage: ${x} [-d] files... -- echo " -d decompress the executables" -+ echo compress executables. original file foo is renamed to foo~ 1>&2 -+ echo usage: ${x} [-d] files... 1>&2 -+ echo " -d decompress the executables" 1>&2 +- echo "$usage" ++ echo "$usage" >&2 exit 1 fi ---- gzip-1.3/zdiff.in.orig Thu Nov 9 15:08:50 2000 -+++ gzip-1.3/zdiff.in Thu Nov 9 15:09:29 2000 -@@ -32,7 +32,7 @@ - esac - done - if test -z "$FILES"; then -- echo "Usage: $prog [${comp}_options] file [file]" -+ echo "Usage: $prog [${comp}_options] file [file]" 1>&2 - exit 2 - fi - set $FILES -@@ -64,6 +64,6 @@ +--- gzip-1.3.6/zdiff.in.orig 2006-11-20 09:40:34.000000000 +0100 ++++ gzip-1.3.6/zdiff.in 2006-11-29 23:54:17.383821500 +0100 +@@ -77,6 +77,6 @@ esac;; esac else -- echo "Usage: $prog [${comp}_options] file [file]" -+ echo "Usage: $prog [${comp}_options] file [file]" 1>&2 +- echo "$usage" ++ echo "$usage" >&2 exit 2 fi ---- gzip-1.3/zforce.in.orig Thu Nov 9 15:08:50 2000 -+++ gzip-1.3/zforce.in Thu Nov 9 15:09:47 2000 -@@ -9,8 +9,8 @@ - PATH="BINDIR:$PATH"; export PATH - x=`basename $0` +--- gzip-1.3.6/zforce.in.orig 2006-11-20 09:40:34.000000000 +0100 ++++ gzip-1.3.6/zforce.in 2006-11-29 23:54:45.833599500 +0100 +@@ -41,7 +41,7 @@ + Report bugs to <[EMAIL PROTECTED]>." + if test $# = 0; then -- echo "force a '.gz' extension on all gzip files" -- echo usage: $x files... -+ echo "force a '.gz' extension on all gzip files" 1>&2 -+ echo usage: $x files... 1>&2 +- echo "$usage" ++ echo "$usage" >&2 exit 1 fi ---- gzip-1.3.5/zgrep.in.orig Thu Nov 9 15:08:50 2000 -+++ gzip-1.3.5/zgrep.in Thu Nov 9 15:12:21 2000 -@@ -31,8 +31,8 @@ +--- gzip-1.3.6/zgrep.in.orig 2006-11-20 09:40:34.000000000 +0100 ++++ gzip-1.3.6/zgrep.in 2006-11-29 23:55:01.078552250 +0100 +@@ -97,7 +97,7 @@ done if test -z "$pat"; then -- echo "grep through gzip files" -- echo "usage: $prog [grep_options] pattern [files]" -+ echo "grep through gzip files" 1>&2 -+ echo "usage: $prog [grep_options] pattern [files]" 1>&2 +- echo "$usage" ++ echo "$usage" >&2 exit 2 fi ---- gzip-1.3.5/zmore.in.orig Thu Nov 9 15:08:50 2000 -+++ gzip-1.3.5/zmore.in Thu Nov 9 15:13:49 2000 -@@ -23,7 +23,8 @@ +--- gzip-1.3.6/zmore.in.orig 2006-11-20 09:40:34.000000000 +0100 ++++ gzip-1.3.6/zmore.in 2006-11-29 23:55:22.423886250 +0100 +@@ -54,7 +54,7 @@ if test $# = 0; then if test -t 0; then -- echo usage: ${ZMORE_PROGRAM_NAME-zmore} files... -+ echo usage: ${ZMORE_PROGRAM_NAME-zmore} files... 1>&2 -+ exit 1 +- echo "$usage" ++ echo "$usage" >&2 else gzip -cdfq | eval ${PAGER-more} fi ---- gzip-1.3/znew.in.orig Thu Nov 9 15:08:50 2000 -+++ gzip-1.3/znew.in Thu Nov 9 15:14:20 2000 -@@ -51,13 +51,13 @@ +--- gzip-1.3.6/znew.in.orig 2006-11-20 09:40:34.000000000 +0100 ++++ gzip-1.3.6/znew.in 2006-11-29 23:55:43.157182000 +0100 +@@ -94,7 +94,7 @@ done if test $# -eq 0; then -- echo "recompress .Z files into $ext (gzip) files" -- echo usage: `echo $0 | sed 's,^.*/,,'` "[-tv9KP]" file.Z... -- echo " -t tests the new files before deleting originals" -- echo " -v be verbose" -- echo " -9 use the slowest compression method (optimal compression)" -- echo " -K keep a .Z file when it is smaller than the $ext file" -- echo " -P use pipes for the conversion $warn" -+ echo "recompress .Z files into $ext (gzip) files" 1>&2 -+ echo usage: `echo $0 | sed 's,^.*/,,'` "[-tv9KP]" file.Z... 1>&2 -+ echo " -t tests the new files before deleting originals" 1>&2 -+ echo " -v be verbose" 1>&2 -+ echo " -9 use the slowest compression method (optimal compression)" 1>&2 -+ echo " -K keep a .Z file when it is smaller than the $ext file" 1>&2 -+ echo " -P use pipes for the conversion $warn" 1>&2 +- echo "$usage" ++ echo "$usage" >&2 exit 1 fi ================================================================ ---- CVS-web: http://cvs.pld-linux.org/SOURCES/gzip-CVE-2006-433x.patch?r1=1.1&r2=1.2&f=u http://cvs.pld-linux.org/SOURCES/gzip-info.patch?r1=1.3&r2=1.4&f=u http://cvs.pld-linux.org/SOURCES/gzip-mktemp.patch?r1=1.5&r2=1.6&f=u http://cvs.pld-linux.org/SOURCES/gzip-rsyncable.patch?r1=1.2&r2=1.3&f=u http://cvs.pld-linux.org/SOURCES/gzip-stderr.patch?r1=1.2&r2=1.3&f=u _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit