rpm/gzip
SHA256
1
0
Fork 0
forked from pool/gzip
Code Pull Requests Activity

Accepting request 48514 from Base:System

Browse Source 
Copy from Base:System/gzip based on submit request 48514 from user prusnak

OBS-URL: https://build.opensuse.org/request/show/48514
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gzip?expand=0&rev=18
This commit is contained in:
OBS User autobuild 2010-09-20 13:14:21 +00:00 committed by Git OBS Bridge
commit 02a500029f
7 changed files with 40 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gzip-1.3.13.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1d06ff9f5c523651bed3dcde6e6aa8118eee48b22534a157a2588705fa517ca3
size 813865

3
gzip-1.4.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d166cfd3da380da1bd535633e8890bfb5664f9e68870a611d1dc01a3e9f711ee
size 907411

16
gzip-CVE-2010-0001.diff
View File

@ -1,16 +0,0 @@
* unlzw.c (unlzw): Avoid integer overflow.
Aki Helin reported the segfault along with an input to trigger the bug.
Index: gzip-1.3.13/unlzw.c
===================================================================
--- gzip-1.3.13.orig/unlzw.c
+++ gzip-1.3.13/unlzw.c
@@ -244,7 +244,8 @@ int unlzw(in, out)
int o;
resetbuf:
- e = insize-(o = (posbits>>3));
+ o = posbits >> 3;
+ e = o <= insize ? insize - o : 0;
for (i = 0 ; i < e ; ++i) {
inbuf[i] = inbuf[i+o];

20
gzip.changes
View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Sun Sep 19 09:48:02 CEST 2010 - vuntz@opensuse.org
- Update to version 1.4:
+ gzip -d could segfault and/or clobber the stack, possibly
leading to arbitrary code execution. This affects x86_64 but
not 32-bit systems. This fixes CVE-2010-0001. See also
rh#554418.
+ gzip -d would fail with a CRC error for some valid inputs.
So far, the only valid input known to exhibit this failure was
compressed "from FAT filesystem (MS-DOS, OS/2, NT)". In
addition, to trigger the failure, your memcpy implementation
must copy in the "reverse" order.
- Drop gzip-CVE-2010-0001.diff: fixed upstream.
- Remove AutoReqProv: it's default now.
- Use %configure, %makeinstall, and %{_bindir}.
- Update zdiff.diff: some of the patch is upstream now. It's
unclear to me if the rest is still needed :/ So leaving it.
- Rebase zgrep.diff.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de

32
gzip.spec
View File

@ -1,5 +1,5 @@
# #
# spec file for package gzip (Version 1.3.13) # spec file for package gzip (Version 1.4)
# #
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
@ -21,10 +21,9 @@ Name: gzip
Url: http://www.gzip.org/ Url: http://www.gzip.org/
License: GPLv2+ License: GPLv2+
Group: Productivity/Archiving/Compression Group: Productivity/Archiving/Compression
AutoReqProv: on
PreReq: %{install_info_prereq} PreReq: %{install_info_prereq}
Version: 1.3.13 Version: 1.4
Release: 2 Release: 1
Summary: GNU Zip Compression Utilities Summary: GNU Zip Compression Utilities
Source: %{name}-%{version}.tar.gz Source: %{name}-%{version}.tar.gz
Patch: zgrep.diff Patch: zgrep.diff
@ -33,9 +32,6 @@ Patch2: zmore.diff
Patch3: non-exec-stack.diff Patch3: non-exec-stack.diff
Patch4: http://rsync.samba.org/ftp/unpacked/rsync/patches/gzip-rsyncable.diff Patch4: http://rsync.samba.org/ftp/unpacked/rsync/patches/gzip-rsyncable.diff
Patch6: zdiff.diff Patch6: zdiff.diff
#CVE-2010-0001 integer overflow could lead to array index error in archives, compressed with
#the (LZW) compression algorithm
Patch8: gzip-CVE-2010-0001.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description %description
@ -44,12 +40,6 @@ Whenever possible, each file is replaced by one with the extension .gz,
while keeping the same ownership modes and access and modification while keeping the same ownership modes and access and modification
times. times.
Authors:
--------
Jean-loup Gailly <gzip@prep.ai.mit.edu>
%prep %prep
%setup -q %setup -q
%patch %patch
@ -58,13 +48,11 @@ Authors:
%patch3 %patch3
%patch4 -p1 %patch4 -p1
%patch6 %patch6
%patch8 -p1
%build %build
CFLAGS="$RPM_OPT_FLAGS -fomit-frame-pointer \ CFLAGS="$RPM_OPT_FLAGS -fomit-frame-pointer \
-W -Wall -Wno-unused-parameter -Wstrict-prototypes -Wpointer-arith" -W -Wall -Wno-unused-parameter -Wstrict-prototypes -Wpointer-arith"
./configure CFLAGS="$CFLAGS" \ %configure
--prefix=%{_prefix} --infodir=%{_infodir} --mandir=%{_mandir}
profile_gzip() profile_gzip()
{ {
tmpfile=$(mktemp) tmpfile=$(mktemp)
@ -94,18 +82,18 @@ for i in 1 2 3 4 5 6 7 8 9; do
done done
%install %install
make DESTDIR=$RPM_BUILD_ROOT install %makeinstall
mkdir -p $RPM_BUILD_ROOT/bin mkdir -p $RPM_BUILD_ROOT/bin
mv $RPM_BUILD_ROOT/usr/bin/{gzip,gunzip,zcat} $RPM_BUILD_ROOT/bin mv $RPM_BUILD_ROOT%{_bindir}/{gzip,gunzip,zcat} $RPM_BUILD_ROOT/bin
sed -i 's:/usr/bin:/bin:' $RPM_BUILD_ROOT/bin/{gunzip,zcat} sed -i 's:%{_bindir}:/bin:' $RPM_BUILD_ROOT/bin/{gunzip,zcat}
ln -sf /bin/gzip /bin/gunzip /bin/zcat $RPM_BUILD_ROOT/usr/bin ln -sf /bin/gzip /bin/gunzip /bin/zcat $RPM_BUILD_ROOT%{_bindir}
ln -sf zmore $RPM_BUILD_ROOT/usr/bin/zless ln -sf zmore $RPM_BUILD_ROOT%{_bindir}/zless
ln -sf zmore.1 $RPM_BUILD_ROOT%{_mandir}/man1/zless.1 ln -sf zmore.1 $RPM_BUILD_ROOT%{_mandir}/man1/zless.1
%files %files
%defattr(-, root, root) %defattr(-, root, root)
/bin/* /bin/*
/usr/bin/* %{_bindir}/*
%doc README AUTHORS ChangeLog TODO NEWS THANKS %doc README AUTHORS ChangeLog TODO NEWS THANKS
%doc %{_infodir}/*.gz %doc %{_infodir}/*.gz
%doc %{_mandir}/man*/*.gz %doc %{_mandir}/man*/*.gz

15
zdiff.diff
View File

@ -2,25 +2,16 @@ Index: zdiff.in
=================================================================== ===================================================================
--- zdiff.in.orig --- zdiff.in.orig
+++ zdiff.in +++ zdiff.in
@@ -105,15 +105,17 @@ elif test $# -eq 2; then @@ -105,9 +105,9 @@ elif test $# -eq 2; then
5<&0 5<&0
then then
gzip_status=$( gzip_status=$(
- exec 4>&1 - exec 4>&1
- (gzip -cdfq -- "$1" 4>&-; echo $? >&4) 3>&- | - (gzip -cdfq -- "$1" 4>&-; echo $? >&4) 3>&- |
- ( (gzip -cdfq -- "$2" 4>&-; echo $? >&4) 3>&- 5<&- </dev/null | - ( (gzip -cdfq -- "$2" 4>&-; echo $? >&4) 3>&- 5<&- </dev/null |
- eval "$cmp" /dev/fd/5 -) 5<&0
+ exec 4>&1 6<&0 + exec 4>&1 6<&0
+ (gzip -cdfq -- "$1" 4>&-; echo $? >&4) 3>&- 6<&- | + (gzip -cdfq -- "$1" 4>&-; echo $? >&4) 3>&- 6<&- |
+ ( (gzip -cdfq -- "$2" 4>&- 0<&6 6<&-; echo $? >&4) 3>&- 5<&- </dev/null | + ( (gzip -cdfq -- "$2" 4>&- 0<&6 6<&-; echo $? >&4) 3>&- 5<&- </dev/null |
+ eval "$cmp" /dev/fd/5 - >&3) 5<&0 eval "$cmp" /dev/fd/5 - >&3) 5<&0
) )
+ cmp_status=$? cmp_status=$?
case $gzip_status in
*[1-9]*) gzip_status=1;;
*) gzip_status=0;;
esac
+ (exit $cmp_status)
else
F=`expr "/$2" : '.*/\(.*\)[-.][zZtga]*$'` || F=$prog
tmp=

5
zgrep.diff
View File

@ -2,7 +2,7 @@ Index: zgrep.in
=================================================================== ===================================================================
--- zgrep.in.orig --- zgrep.in.orig
+++ zgrep.in +++ zgrep.in
@@ -148,10 +148,18 @@ res=0 @@ -176,13 +176,21 @@ res=0
for i for i
do do
@ -17,6 +17,9 @@ Index: zgrep.in
# Fail if gzip or grep (or sed) fails. # Fail if gzip or grep (or sed) fails.
gzip_status=$( gzip_status=$(
exec 5>&1 exec 5>&1
if test $pat_on_stdin -eq 1; then
eval "exec $pat_fd<&0"
fi
- (gzip -cdfq -- "$i" 5>&-; echo $? >&5) 3>&- | - (gzip -cdfq -- "$i" 5>&-; echo $? >&5) 3>&- |
+ ($uncompress -cdfq -- "$i" 5>&-; echo $? >&5) 3>&- | + ($uncompress -cdfq -- "$i" 5>&-; echo $? >&5) 3>&- |
if test $files_with_matches -eq 1; then if test $files_with_matches -eq 1; then