From c7c6ba1ff6e9c31d54edf6a0f01b54f63cd1100f77bbd3a4643d152b74279682 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 29 Jan 2010 14:00:15 +0000 Subject: [PATCH] Accepting request 30400 from Base:System Copy from Base:System/gzip based on submit request 30400 from user mseben OBS-URL: https://build.opensuse.org/request/show/30400 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gzip?expand=0&rev=13 --- futimens.diff | 38 ----------------------- gzip-1.3.12.tar.gz | 3 -- gzip-1.3.13.tar.gz | 3 ++ gzip-CVE-2010-0001.diff | 16 ++++++++++ gzip-rsyncable.diff | 68 +++++++++++++++++++++++------------------ gzip.changes | 24 +++++++++++++++ gzip.spec | 14 +++++---- non-exec-stack.diff | 6 ++-- tempfile.diff | 8 +++-- zdiff.diff | 6 ++-- zgrep.diff | 6 ++-- zmore.diff | 8 +++-- 12 files changed, 112 insertions(+), 88 deletions(-) delete mode 100644 futimens.diff delete mode 100644 gzip-1.3.12.tar.gz create mode 100644 gzip-1.3.13.tar.gz create mode 100644 gzip-CVE-2010-0001.diff diff --git a/futimens.diff b/futimens.diff deleted file mode 100644 index 5304448..0000000 --- a/futimens.diff +++ /dev/null @@ -1,38 +0,0 @@ ---- gzip.c -+++ gzip.c -@@ -1639,7 +1639,7 @@ - } - } - -- if (futimens (ofd, ofname, timespec) != 0) -+ if (gl_futimens (ofd, ofname, timespec) != 0) - { - int e = errno; - WARN ((stderr, "%s: ", program_name)); ---- lib/utimens.c -+++ lib/utimens.c -@@ -75,8 +75,8 @@ - Return 0 on success, -1 (setting errno) on failure. */ - - int --futimens (int fd ATTRIBUTE_UNUSED, -- char const *file, struct timespec const timespec[2]) -+gl_futimens (int fd ATTRIBUTE_UNUSED, -+ char const *file, struct timespec const timespec[2]) - { - /* Some Linux-based NFS clients are buggy, and mishandle time stamps - of files in NFS file systems in some cases. We have no -@@ -185,5 +185,5 @@ - int - utimens (char const *file, struct timespec const timespec[2]) - { -- return futimens (-1, file, timespec); -+ return gl_futimens (-1, file, timespec); - } ---- lib/utimens.h -+++ lib/utimens.h -@@ -1,3 +1,3 @@ - #include --int futimens (int, char const *, struct timespec const [2]); -+int gl_futimens (int, char const *, struct timespec const [2]); - int utimens (char const *, struct timespec const [2]); diff --git a/gzip-1.3.12.tar.gz b/gzip-1.3.12.tar.gz deleted file mode 100644 index 4875850..0000000 --- a/gzip-1.3.12.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3f565be05f7f3d1aff117c030eb7c738300510b7d098cedea796ca8e4cd587af -size 462169 diff --git a/gzip-1.3.13.tar.gz b/gzip-1.3.13.tar.gz new file mode 100644 index 0000000..e69b8cb --- /dev/null +++ b/gzip-1.3.13.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1d06ff9f5c523651bed3dcde6e6aa8118eee48b22534a157a2588705fa517ca3 +size 813865 diff --git a/gzip-CVE-2010-0001.diff b/gzip-CVE-2010-0001.diff new file mode 100644 index 0000000..c2c6ee9 --- /dev/null +++ b/gzip-CVE-2010-0001.diff @@ -0,0 +1,16 @@ +* unlzw.c (unlzw): Avoid integer overflow. +Aki Helin reported the segfault along with an input to trigger the bug. +Index: gzip-1.3.13/unlzw.c +=================================================================== +--- gzip-1.3.13.orig/unlzw.c ++++ gzip-1.3.13/unlzw.c +@@ -244,7 +244,8 @@ int unlzw(in, out) + int o; + + resetbuf: +- e = insize-(o = (posbits>>3)); ++ o = posbits >> 3; ++ e = o <= insize ? insize - o : 0; + + for (i = 0 ; i < e ; ++i) { + inbuf[i] = inbuf[i+o]; diff --git a/gzip-rsyncable.diff b/gzip-rsyncable.diff index 7c2b76a..f7b0ff1 100644 --- a/gzip-rsyncable.diff +++ b/gzip-rsyncable.diff @@ -5,9 +5,11 @@ tried out in the default gzip for Debian Sarge, and may go into the upstream gzip at somepoint in the not-too-distant future. ================================================================================ ---- gzip-1.3.12/deflate.c -+++ gzip-1.3.12/deflate.c -@@ -135,6 +135,14 @@ static char rcsid[] = "$Id: deflate.c,v +Index: gzip-1.3.13/deflate.c +=================================================================== +--- gzip-1.3.13.orig/deflate.c ++++ gzip-1.3.13/deflate.c +@@ -131,6 +131,14 @@ #endif /* Matches of length 3 are discarded if their distance exceeds TOO_FAR */ @@ -22,7 +24,7 @@ upstream gzip at somepoint in the not-too-distant future. /* =========================================================================== * Local data used by the "longest match" routines. */ -@@ -216,6 +224,8 @@ local int compr_level; +@@ -212,6 +220,8 @@ local int compr_level; unsigned near good_match; /* Use a faster search when the previous match is longer than this */ @@ -31,7 +33,7 @@ upstream gzip at somepoint in the not-too-distant future. /* Values for max_lazy_match, good_match and max_chain_length, depending on * the desired pack level (0..9). The values given below have been tuned to -@@ -314,6 +324,10 @@ void lm_init (pack_level, flags) +@@ -310,6 +320,10 @@ void lm_init (pack_level, flags) #endif /* prev will be initialized on the fly */ @@ -42,7 +44,7 @@ upstream gzip at somepoint in the not-too-distant future. /* Set the default configuration parameters: */ max_lazy_match = configuration_table[pack_level].max_lazy; -@@ -550,6 +564,8 @@ local void fill_window() +@@ -546,6 +560,8 @@ local void fill_window() memcpy((char*)window, (char*)window+WSIZE, (unsigned)WSIZE); match_start -= WSIZE; strstart -= WSIZE; /* we now have strstart >= MAX_DIST: */ @@ -51,7 +53,7 @@ upstream gzip at somepoint in the not-too-distant future. block_start -= (long) WSIZE; -@@ -577,13 +593,46 @@ local void fill_window() +@@ -573,13 +589,46 @@ local void fill_window() } } @@ -99,7 +101,7 @@ upstream gzip at somepoint in the not-too-distant future. /* =========================================================================== * Processes a new input file and return its compressed length. This -@@ -594,7 +643,7 @@ local void fill_window() +@@ -590,7 +639,7 @@ local void fill_window() local off_t deflate_fast() { IPos hash_head; /* head of the hash chain */ @@ -108,7 +110,7 @@ upstream gzip at somepoint in the not-too-distant future. unsigned match_length = 0; /* length of best match */ prev_length = MIN_MATCH-1; -@@ -624,6 +673,7 @@ local off_t deflate_fast() +@@ -620,6 +669,7 @@ local off_t deflate_fast() lookahead -= match_length; @@ -116,7 +118,7 @@ upstream gzip at somepoint in the not-too-distant future. /* Insert new strings in the hash table only if the match length * is not too large. This saves time but degrades compression. */ -@@ -652,9 +702,14 @@ local off_t deflate_fast() +@@ -648,9 +698,14 @@ local off_t deflate_fast() /* No match, output a literal byte */ Tracevv((stderr,"%c",window[strstart])); flush = ct_tally (0, window[strstart]); @@ -131,7 +133,7 @@ upstream gzip at somepoint in the not-too-distant future. if (flush) FLUSH_BLOCK(0), block_start = strstart; /* Make sure that we always have enough lookahead, except -@@ -728,6 +783,7 @@ off_t deflate() +@@ -724,6 +779,7 @@ off_t deflate() */ lookahead -= prev_length-1; prev_length -= 2; @@ -139,7 +141,7 @@ upstream gzip at somepoint in the not-too-distant future. do { strstart++; INSERT_STRING(strstart, hash_head); -@@ -740,24 +796,39 @@ off_t deflate() +@@ -736,24 +792,39 @@ off_t deflate() match_available = 0; match_length = MIN_MATCH-1; strstart++; @@ -183,9 +185,11 @@ upstream gzip at somepoint in the not-too-distant future. strstart++; lookahead--; } ---- gzip-1.3.12/doc/gzip.texi -+++ gzip-1.3.12/doc/gzip.texi -@@ -350,6 +350,14 @@ specified on the command line are direct +Index: gzip-1.3.13/doc/gzip.texi +=================================================================== +--- gzip-1.3.13.orig/doc/gzip.texi ++++ gzip-1.3.13/doc/gzip.texi +@@ -353,6 +353,14 @@ specified on the command line are direct into the directory and compress all the files it finds there (or decompress them in the case of @command{gunzip}). @@ -200,17 +204,19 @@ upstream gzip at somepoint in the not-too-distant future. @item --suffix @var{suf} @itemx -S @var{suf} Use suffix @var{suf} instead of @samp{.gz}. Any suffix can be ---- gzip-1.3.12/gzip.c -+++ gzip-1.3.12/gzip.c -@@ -231,6 +231,7 @@ int ofd; /* output fil +Index: gzip-1.3.13/gzip.c +=================================================================== +--- gzip-1.3.13.orig/gzip.c ++++ gzip-1.3.13/gzip.c +@@ -229,6 +229,7 @@ int ofd; /* output fil unsigned insize; /* valid bytes in inbuf */ unsigned inptr; /* index of next byte to be processed in inbuf */ unsigned outcnt; /* bytes in output buffer */ +int rsync = 0; /* make ryncable chunks */ - struct option longopts[] = - { -@@ -260,6 +261,7 @@ struct option longopts[] = + static int handled_sig[] = + { +@@ -282,6 +283,7 @@ struct option longopts[] = {"best", 0, 0, '9'}, /* compress better */ {"lzw", 0, 0, 'Z'}, /* make output compatible with old compress */ {"bits", 1, 0, 'b'}, /* max number of bits per code (implies -Z) */ @@ -218,7 +224,7 @@ upstream gzip at somepoint in the not-too-distant future. { 0, 0, 0, 0 } }; -@@ -341,6 +343,7 @@ local void help() +@@ -363,6 +365,7 @@ local void help() " -Z, --lzw produce output compatible with old compress", " -b, --bits=BITS max number of bits per code (implies -Z)", #endif @@ -226,7 +232,7 @@ upstream gzip at somepoint in the not-too-distant future. "", "With no FILE, or when FILE is -, read standard input.", "", -@@ -469,6 +472,9 @@ int main (argc, argv) +@@ -493,6 +496,9 @@ int main (argc, argv) recursive = 1; #endif break; @@ -236,8 +242,10 @@ upstream gzip at somepoint in the not-too-distant future. case 'S': #ifdef NO_MULTIPLE_DOTS if (*optarg == '.') optarg++; ---- gzip-1.3.12/gzip.h -+++ gzip-1.3.12/gzip.h +Index: gzip-1.3.13/gzip.h +=================================================================== +--- gzip-1.3.13.orig/gzip.h ++++ gzip-1.3.13/gzip.h @@ -158,6 +158,7 @@ EXTERN(uch, window); /* Sliding extern unsigned insize; /* valid bytes in inbuf */ extern unsigned inptr; /* index of next byte to be processed in inbuf */ @@ -255,8 +263,10 @@ upstream gzip at somepoint in the not-too-distant future. /* in bits.c */ void bi_init OF((file_t zipfile)); ---- gzip-1.3.12/trees.c -+++ gzip-1.3.12/trees.c +Index: gzip-1.3.13/trees.c +=================================================================== +--- gzip-1.3.13.orig/trees.c ++++ gzip-1.3.13/trees.c @@ -59,12 +59,13 @@ * void ct_tally (int dist, int lc); * Save the match info and tally the frequency counts. @@ -275,7 +285,7 @@ upstream gzip at somepoint in the not-too-distant future. #include #include -@@ -860,9 +861,10 @@ local void send_all_trees(lcodes, dcodes +@@ -856,9 +857,10 @@ local void send_all_trees(lcodes, dcodes * trees or store, and output the encoded block to the zip file. This function * returns the total compressed length for the file so far. */ @@ -287,7 +297,7 @@ upstream gzip at somepoint in the not-too-distant future. int eof; /* true if this is the last block for a file */ { ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */ -@@ -955,6 +957,10 @@ off_t flush_block(buf, stored_len, eof) +@@ -951,6 +953,10 @@ off_t flush_block(buf, stored_len, eof) Assert (input_len == bytes_in, "bad input size"); bi_windup(); compressed_len += 7; /* align on byte boundary */ diff --git a/gzip.changes b/gzip.changes index 94819b8..faaf66f 100644 --- a/gzip.changes +++ b/gzip.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Tue Jan 19 15:26:41 UTC 2010 - mseben@novell.com + +- updated to 1.3.13 + - gzip interprets an argument of "-" as indicating stdin, but when + "-" is not the first name on the command line, it doesn't work. + - remove useless if-before-free tests + - remove useless casts to avoid "make syntax-check" failures + - avoid spurious warnings from clang + - avoid a leak on a error path + - don't misinterpret a failing test as successful + - avoid creating an undersized buffer for the hufts table + A malformed input file can cause gzip to crash with a segmentation + violation or hang in an endless loop. + - avoid silent data loss e.g., on NFS, due to unchecked close of stdout + - build require automake-1.11 and produce xz-compressed tarballs, too +- deprecated futimens.diff and CVE-2009-2624.diff + +------------------------------------------------------------------- +Thu Jan 14 17:17:49 UTC 2010 - mseben@novell.com + +- added gzip-CVE-2009-2624.diff and gzip-CVE-2010-0001.diff : fix + possible denial of service and arbitrary code execution + ------------------------------------------------------------------- Sun Dec 6 18:57:34 CET 2009 - jengelh@medozas.de diff --git a/gzip.spec b/gzip.spec index 6f86daf..0e214be 100644 --- a/gzip.spec +++ b/gzip.spec @@ -1,5 +1,5 @@ # -# spec file for package gzip (Version 1.3.12) +# spec file for package gzip (Version 1.3.13) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -23,8 +23,8 @@ License: GPLv2+ Group: Productivity/Archiving/Compression AutoReqProv: on PreReq: %{install_info_prereq} -Version: 1.3.12 -Release: 100 +Version: 1.3.13 +Release: 1 Summary: GNU Zip Compression Utilities Source: %{name}-%{version}.tar.gz Patch: zgrep.diff @@ -32,8 +32,10 @@ Patch1: tempfile.diff Patch2: zmore.diff Patch3: non-exec-stack.diff Patch4: http://rsync.samba.org/ftp/unpacked/rsync/patches/gzip-rsyncable.diff -Patch5: futimens.diff Patch6: zdiff.diff +#CVE-2010-0001 integer overflow could lead to array index error in archives, compressed with +#the (LZW) compression algorithm +Patch8: gzip-CVE-2010-0001.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -55,8 +57,8 @@ Authors: %patch2 %patch3 %patch4 -p1 -%patch5 %patch6 +%patch8 -p1 %build CFLAGS="$RPM_OPT_FLAGS -fomit-frame-pointer \ @@ -104,7 +106,7 @@ ln -sf zmore.1 $RPM_BUILD_ROOT%{_mandir}/man1/zless.1 %defattr(-, root, root) /bin/* /usr/bin/* -%doc README README-alpha AUTHORS ChangeLog TODO NEWS THANKS +%doc README AUTHORS ChangeLog TODO NEWS THANKS %doc %{_infodir}/*.gz %doc %{_mandir}/man*/*.gz diff --git a/non-exec-stack.diff b/non-exec-stack.diff index 40923fc..ea1f516 100644 --- a/non-exec-stack.diff +++ b/non-exec-stack.diff @@ -1,6 +1,8 @@ ---- lib/match.c +Index: lib/match.c +=================================================================== +--- lib/match.c.orig +++ lib/match.c -@@ -770,3 +770,4 @@ +@@ -770,3 +770,4 @@ match_init: # endif /* __ia64__ */ #endif /* mc68000 || mc68020 */ #endif /* i386 || _I386 */ diff --git a/tempfile.diff b/tempfile.diff index 83bc2e9..913ba94 100644 --- a/tempfile.diff +++ b/tempfile.diff @@ -1,6 +1,8 @@ ---- znew.in +Index: znew.in +=================================================================== +--- znew.in.orig +++ znew.in -@@ -55,8 +55,9 @@ +@@ -59,8 +59,9 @@ block=1024 # block is the disk block size (best guess, need not be exact) warn="(does not preserve modes and timestamp)" @@ -12,7 +14,7 @@ echo hi > $tmp || exit if test -z "`(${CPMOD-cpmod} $tmp $tmp) 2>&1`"; then cpmod=${CPMOD-cpmod} -@@ -72,7 +73,8 @@ +@@ -76,7 +77,8 @@ fi # check if GZIP env. variable uses -S or --suffix gzip -q $tmp ext=`echo $tmp* | sed "s|$tmp||"` diff --git a/zdiff.diff b/zdiff.diff index f9b778e..8bf145c 100644 --- a/zdiff.diff +++ b/zdiff.diff @@ -1,6 +1,8 @@ ---- zdiff.in +Index: zdiff.in +=================================================================== +--- zdiff.in.orig +++ zdiff.in -@@ -101,15 +101,17 @@ elif test $# -eq 2; then +@@ -105,15 +105,17 @@ elif test $# -eq 2; then 5<&0 then gzip_status=$( diff --git a/zgrep.diff b/zgrep.diff index a08156b..f1dc90a 100644 --- a/zgrep.diff +++ b/zgrep.diff @@ -1,6 +1,8 @@ ---- zgrep.in +Index: zgrep.in +=================================================================== +--- zgrep.in.orig +++ zgrep.in -@@ -149,10 +149,18 @@ +@@ -148,10 +148,18 @@ res=0 for i do diff --git a/zmore.diff b/zmore.diff index 27ac465..02a3d09 100644 --- a/zmore.diff +++ b/zmore.diff @@ -1,6 +1,8 @@ ---- zmore.in +Index: zmore.in +=================================================================== +--- zmore.in.orig +++ zmore.in -@@ -52,11 +52,33 @@ +@@ -55,11 +55,33 @@ else trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15 fi @@ -35,7 +37,7 @@ fi else FIRST=1 -@@ -80,7 +102,7 @@ +@@ -83,7 +105,7 @@ else fi if test "$ANS" != 's'; then echo "------> $FILE <------"