From 8cdc6a4eccf94656f158f0792dcd55494fba760c108c716552c05dd888e8655f Mon Sep 17 00:00:00 2001
From: Pavol Rusnak <prusnak@opensuse.org>
Date: Sun, 19 Sep 2010 18:10:36 +0000
Subject: [PATCH] Accepting request 48470 from home:vuntz:branches:Base:System

OBS-URL: https://build.opensuse.org/request/show/48470
OBS-URL: https://build.opensuse.org/package/show/Base:System/gzip?expand=0&rev=12
---
 gzip-1.3.13.tar.gz      |  3 ---
 gzip-1.4.tar.gz         |  3 +++
 gzip-CVE-2010-0001.diff | 16 ----------------
 gzip.changes            | 20 ++++++++++++++++++++
 gzip.spec               | 32 ++++++++++----------------------
 zdiff.diff              | 15 +++------------
 zgrep.diff              |  5 ++++-
 7 files changed, 40 insertions(+), 54 deletions(-)
 delete mode 100644 gzip-1.3.13.tar.gz
 create mode 100644 gzip-1.4.tar.gz
 delete mode 100644 gzip-CVE-2010-0001.diff

diff --git a/gzip-1.3.13.tar.gz b/gzip-1.3.13.tar.gz
deleted file mode 100644
index e69b8cb..0000000
--- a/gzip-1.3.13.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1d06ff9f5c523651bed3dcde6e6aa8118eee48b22534a157a2588705fa517ca3
-size 813865
diff --git a/gzip-1.4.tar.gz b/gzip-1.4.tar.gz
new file mode 100644
index 0000000..0fb6645
--- /dev/null
+++ b/gzip-1.4.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d166cfd3da380da1bd535633e8890bfb5664f9e68870a611d1dc01a3e9f711ee
+size 907411
diff --git a/gzip-CVE-2010-0001.diff b/gzip-CVE-2010-0001.diff
deleted file mode 100644
index c2c6ee9..0000000
--- a/gzip-CVE-2010-0001.diff
+++ /dev/null
@@ -1,16 +0,0 @@
-* unlzw.c (unlzw): Avoid integer overflow.
-Aki Helin reported the segfault along with an input to trigger the bug.
-Index: gzip-1.3.13/unlzw.c
-===================================================================
---- gzip-1.3.13.orig/unlzw.c
-+++ gzip-1.3.13/unlzw.c
-@@ -244,7 +244,8 @@ int unlzw(in, out)
- 	int  o;
- 
-     resetbuf:
--	e = insize-(o = (posbits>>3));
-+        o = posbits >> 3;
-+        e = o <= insize ? insize - o : 0;
- 
- 	for (i = 0 ; i < e ; ++i) {
- 	    inbuf[i] = inbuf[i+o];
diff --git a/gzip.changes b/gzip.changes
index d9b2293..fd63d5d 100644
--- a/gzip.changes
+++ b/gzip.changes
@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Sun Sep 19 09:48:02 CEST 2010 - vuntz@opensuse.org
+
+- Update to version 1.4:
+  + gzip -d could segfault and/or clobber the stack, possibly
+    leading to arbitrary code execution. This affects x86_64 but
+    not 32-bit systems. This fixes CVE-2010-0001. See also
+    rh#554418.
+  + gzip -d would fail with a CRC error for some valid inputs.
+    So far, the only valid input known to exhibit this failure was
+    compressed "from FAT filesystem (MS-DOS, OS/2, NT)".  In
+    addition, to trigger the failure, your memcpy implementation
+    must copy in the "reverse" order.
+- Drop gzip-CVE-2010-0001.diff: fixed upstream.
+- Remove AutoReqProv: it's default now.
+- Use %configure, %makeinstall, and %{_bindir}.
+- Update zdiff.diff: some of the patch is upstream now. It's
+  unclear to me if the rest is still needed :/ So leaving it.
+- Rebase zgrep.diff.
+
 -------------------------------------------------------------------
 Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
 
diff --git a/gzip.spec b/gzip.spec
index acede47..b4958b4 100644
--- a/gzip.spec
+++ b/gzip.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package gzip (Version 1.3.13)
+# spec file for package gzip (Version 1.4)
 #
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -21,10 +21,9 @@ Name:           gzip
 Url:            http://www.gzip.org/
 License:        GPLv2+
 Group:          Productivity/Archiving/Compression
-AutoReqProv:    on
 PreReq:         %{install_info_prereq}
-Version:        1.3.13
-Release:        2
+Version:        1.4
+Release:        1
 Summary:        GNU Zip Compression Utilities
 Source:         %{name}-%{version}.tar.gz
 Patch:          zgrep.diff
@@ -33,9 +32,6 @@ Patch2:         zmore.diff
 Patch3:         non-exec-stack.diff
 Patch4:         http://rsync.samba.org/ftp/unpacked/rsync/patches/gzip-rsyncable.diff
 Patch6:         zdiff.diff
-#CVE-2010-0001 integer overflow could lead to array index error in  archives, compressed with
-#the (LZW) compression algorithm
-Patch8:         gzip-CVE-2010-0001.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -44,12 +40,6 @@ Whenever possible, each file is replaced by one with the extension .gz,
 while keeping the same ownership modes and access and modification
 times.
 
-
-
-Authors:
---------
-    Jean-loup Gailly	<gzip@prep.ai.mit.edu>
-
 %prep
 %setup -q
 %patch
@@ -58,13 +48,11 @@ Authors:
 %patch3
 %patch4 -p1
 %patch6
-%patch8 -p1
 
 %build
 CFLAGS="$RPM_OPT_FLAGS -fomit-frame-pointer \
 -W -Wall -Wno-unused-parameter -Wstrict-prototypes -Wpointer-arith"
-./configure CFLAGS="$CFLAGS" \
-  --prefix=%{_prefix} --infodir=%{_infodir} --mandir=%{_mandir}
+%configure
 profile_gzip()
 {
   tmpfile=$(mktemp)
@@ -94,18 +82,18 @@ for i in 1 2 3 4 5 6 7 8 9; do
 done
 
 %install
-make DESTDIR=$RPM_BUILD_ROOT install
+%makeinstall
 mkdir -p $RPM_BUILD_ROOT/bin
-mv $RPM_BUILD_ROOT/usr/bin/{gzip,gunzip,zcat} $RPM_BUILD_ROOT/bin
-sed -i 's:/usr/bin:/bin:' $RPM_BUILD_ROOT/bin/{gunzip,zcat}
-ln -sf /bin/gzip /bin/gunzip /bin/zcat $RPM_BUILD_ROOT/usr/bin
-ln -sf zmore $RPM_BUILD_ROOT/usr/bin/zless
+mv $RPM_BUILD_ROOT%{_bindir}/{gzip,gunzip,zcat} $RPM_BUILD_ROOT/bin
+sed -i 's:%{_bindir}:/bin:' $RPM_BUILD_ROOT/bin/{gunzip,zcat}
+ln -sf /bin/gzip /bin/gunzip /bin/zcat $RPM_BUILD_ROOT%{_bindir}
+ln -sf zmore $RPM_BUILD_ROOT%{_bindir}/zless
 ln -sf zmore.1 $RPM_BUILD_ROOT%{_mandir}/man1/zless.1
 
 %files
 %defattr(-, root, root)
 /bin/*
-/usr/bin/*
+%{_bindir}/*
 %doc README AUTHORS ChangeLog TODO NEWS THANKS
 %doc %{_infodir}/*.gz
 %doc %{_mandir}/man*/*.gz
diff --git a/zdiff.diff b/zdiff.diff
index 8bf145c..b76ae2c 100644
--- a/zdiff.diff
+++ b/zdiff.diff
@@ -2,25 +2,16 @@ Index: zdiff.in
 ===================================================================
 --- zdiff.in.orig
 +++ zdiff.in
-@@ -105,15 +105,17 @@ elif test $# -eq 2; then
+@@ -105,9 +105,9 @@ elif test $# -eq 2; then
  				5<&0
  		    then
  			gzip_status=$(
 -			  exec 4>&1
 -			  (gzip -cdfq -- "$1" 4>&-; echo $? >&4) 3>&- |
 -			    ( (gzip -cdfq -- "$2" 4>&-; echo $? >&4) 3>&- 5<&- </dev/null |
--			       eval "$cmp" /dev/fd/5 -) 5<&0
 +			  exec 4>&1 6<&0
 +			  (gzip -cdfq -- "$1" 4>&-; echo $? >&4) 3>&- 6<&- |
 +			    ( (gzip -cdfq -- "$2" 4>&- 0<&6 6<&-; echo $? >&4) 3>&- 5<&- </dev/null |
-+			       eval "$cmp" /dev/fd/5 - >&3) 5<&0
+ 			       eval "$cmp" /dev/fd/5 - >&3) 5<&0
  			)
-+			cmp_status=$?
- 			case $gzip_status in
- 			  *[1-9]*) gzip_status=1;;
- 			  *) gzip_status=0;;
- 			esac
-+			(exit $cmp_status)
- 		    else
- 			F=`expr "/$2" : '.*/\(.*\)[-.][zZtga]*$'` || F=$prog
- 			tmp=
+ 			cmp_status=$?
diff --git a/zgrep.diff b/zgrep.diff
index f1dc90a..4fe44fc 100644
--- a/zgrep.diff
+++ b/zgrep.diff
@@ -2,7 +2,7 @@ Index: zgrep.in
 ===================================================================
 --- zgrep.in.orig
 +++ zgrep.in
-@@ -148,10 +148,18 @@ res=0
+@@ -176,13 +176,21 @@ res=0
  
  for i
  do
@@ -17,6 +17,9 @@ Index: zgrep.in
    # Fail if gzip or grep (or sed) fails.
    gzip_status=$(
      exec 5>&1
+     if test $pat_on_stdin -eq 1; then
+       eval "exec $pat_fd<&0"
+     fi
 -    (gzip -cdfq -- "$i" 5>&-; echo $? >&5) 3>&- |
 +    ($uncompress -cdfq -- "$i" 5>&-; echo $? >&5) 3>&- |
      if test $files_with_matches -eq 1; then