Module Name: src
Committed By: snj
Date: Sat Feb 28 07:59:22 UTC 2015
Modified Files:
src/external/zlib/pigz/dist [netbsd-7]: pigz.c
src/usr.bin/gzip [netbsd-7]: gzip.1 gzip.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #557):
external/zlib/pigz/dist/pigz.c: revision 1.2
usr.bin/gzip/gzip.1: revision 1.24
usr.bin/gzip/gzip.c: revision 1.107
merge
https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f:
When decompressing with -N or -NT, strip any path from header name.
This uses the path of the compressed file combined with the name
from the header as the name of the decompressed output file. Any
path information in the header name is stripped. This avoids a
possible vulnerability where absolute or descending paths are put
in the gzip header.
--
do not use directory paths present in gzip files with the -N flag,
similar to the problem reported in pigz.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 src/external/zlib/pigz/dist/pigz.c
cvs rdiff -u -r1.23 -r1.23.4.1 src/usr.bin/gzip/gzip.1
cvs rdiff -u -r1.105 -r1.105.20.1 src/usr.bin/gzip/gzip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/zlib/pigz/dist/pigz.c
diff -u src/external/zlib/pigz/dist/pigz.c:1.1.1.2 src/external/zlib/pigz/dist/pigz.c:1.1.1.2.2.1
--- src/external/zlib/pigz/dist/pigz.c:1.1.1.2 Sun Jun 15 17:37:21 2014
+++ src/external/zlib/pigz/dist/pigz.c Sat Feb 28 07:59:22 2015
@@ -3502,26 +3502,35 @@ local void process(char *path)
" (use -f to force)");
}
else {
- char *to, *repl;
+ char *to = g.inf, *sufx = "";
+ size_t pre = 0;
- /* use header name for output when decompressing with -N */
- to = g.inf;
- if (g.decode && (g.headis & 1) != 0 && g.hname != NULL) {
- to = g.hname;
- len = strlen(g.hname);
+ /* select parts of the output file name */
+ if (g.decode) {
+ /* for -dN or -dNT, use the path from the input file and the name
+ from the header, stripping any path in the header name */
+ if ((g.headis & 1) != 0 && g.hname != NULL) {
+ pre = justname(g.inf) - g.inf;
+ to = justname(g.hname);
+ len = strlen(to);
+ }
+ /* for -d or -dNn, replace abbreviated suffixes */
+ else if (strcmp(to + len, ".tgz") == 0)
+ sufx = ".tar";
}
-
- /* replace .tgx with .tar when decoding */
- repl = g.decode && strcmp(to + len, ".tgz") ? "" : ".tar";
+ else
+ /* add appropriate suffix when compressing */
+ sufx = g.sufx;
/* create output file and open to write */
- g.outf = MALLOC(len + (g.decode ? strlen(repl) : strlen(g.sufx)) + 1);
+ g.outf = MALLOC(pre + len + strlen(sufx) + 1);
if (g.outf == NULL)
bail("not enough memory", "");
- memcpy(g.outf, to, len);
- strcpy(g.outf + len, g.decode ? repl : g.sufx);
+ memcpy(g.outf, g.inf, pre);
+ memcpy(g.outf + pre, to, len);
+ strcpy(g.outf + pre + len, sufx);
g.outd = open(g.outf, O_CREAT | O_TRUNC | O_WRONLY |
- (g.force ? 0 : O_EXCL), 0600);
+ (g.force ? 0 : O_EXCL), 0600);
/* if exists and not -f, give user a chance to overwrite */
if (g.outd < 0 && errno == EEXIST && isatty(0) && g.verbosity) {
Index: src/usr.bin/gzip/gzip.1
diff -u src/usr.bin/gzip/gzip.1:1.23 src/usr.bin/gzip/gzip.1:1.23.4.1
--- src/usr.bin/gzip/gzip.1:1.23 Tue Mar 18 18:20:45 2014
+++ src/usr.bin/gzip/gzip.1 Sat Feb 28 07:59:22 2015
@@ -1,4 +1,4 @@
-.\" $NetBSD: gzip.1,v 1.23 2014/03/18 18:20:45 riastradh Exp $
+.\" $NetBSD: gzip.1,v 1.23.4.1 2015/02/28 07:59:22 snj Exp $
.\"
.\" Copyright (c) 1997, 2003, 2004 Matthew R. Green
.\" All rights reserved.
@@ -24,7 +24,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd June 18, 2011
+.Dd January 13, 2015
.Dt GZIP 1
.Os
.Sh NAME
@@ -191,7 +191,7 @@ program for
This manual documents
.Nx
.Nm
-version 20040427.
+version 20150113.
.Sh AUTHORS
This implementation of
.Nm
Index: src/usr.bin/gzip/gzip.c
diff -u src/usr.bin/gzip/gzip.c:1.105 src/usr.bin/gzip/gzip.c:1.105.20.1
--- src/usr.bin/gzip/gzip.c:1.105 Tue Aug 30 23:06:00 2011
+++ src/usr.bin/gzip/gzip.c Sat Feb 28 07:59:22 2015
@@ -1,4 +1,4 @@
-/* $NetBSD: gzip.c,v 1.105 2011/08/30 23:06:00 joerg Exp $ */
+/* $NetBSD: gzip.c,v 1.105.20.1 2015/02/28 07:59:22 snj Exp $ */
/*
* Copyright (c) 1997, 1998, 2003, 2004, 2006 Matthew R. Green
@@ -30,7 +30,7 @@
#ifndef lint
__COPYRIGHT("@(#) Copyright (c) 1997, 1998, 2003, 2004, 2006\
Matthew R. Green. All rights reserved.");
-__RCSID("$NetBSD: gzip.c,v 1.105 2011/08/30 23:06:00 joerg Exp $");
+__RCSID("$NetBSD: gzip.c,v 1.105.20.1 2015/02/28 07:59:22 snj Exp $");
#endif /* not lint */
/*
@@ -160,7 +160,7 @@ static suffixes_t suffixes[] = {
#define NUM_SUFFIXES (sizeof suffixes / sizeof suffixes[0])
#define SUFFIX_MAXLEN 30
-static const char gzip_version[] = "NetBSD gzip 20101018";
+static const char gzip_version[] = "NetBSD gzip 20150113";
static int cflag; /* stdout mode */
static int dflag; /* decompress mode */
@@ -1311,7 +1311,7 @@ file_uncompress(char *file, char *outfil
#ifndef SMALL
ssize_t rv;
time_t timestamp = 0;
- unsigned char name[PATH_MAX + 1];
+ char name[PATH_MAX + 1];
#endif
/* gather the old name info */
@@ -1372,15 +1372,24 @@ file_uncompress(char *file, char *outfil
goto lose;
}
if (name[0] != 0) {
+ char *dp, *nf;
+
+ /* strip saved directory name */
+ nf = strrchr(name, '/');
+ if (nf == NULL)
+ nf = name;
+ else
+ nf++;
+
/* preserve original directory name */
- char *dp = strrchr(file, '/');
+ dp = strrchr(file, '/');
if (dp == NULL)
dp = file;
else
dp++;
snprintf(outfile, outsize, "%.*s%.*s",
(int) (dp - file),
- file, (int) rbytes, name);
+ file, (int) rbytes, nf);
}
}
}
