pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2004Q3]: pkgsrc/archivers/gzip-base/patches Pullup ticket 120 ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b4ee9d3fd222
branches: pkgsrc-2004Q3
changeset: 480717:b4ee9d3fd222
user: agc <agc%pkgsrc.org@localhost>
date: Tue Oct 19 13:33:40 2004 +0000
description:
Pullup ticket 120 - requested by Todd Vierling
security fix for gzip
Modified Files:
pkgsrc/mk: bsd.pkg.mk
Log Message:
Automatic inclusion of gzip-base needs a version number in the BUILD_DEPENDS.
Modified Files:
pkgsrc/mk: bsd.pkg.mk
Log Message:
Bump gzip-base to 1.2.4b for security fix.
Modified Files:
pkgsrc/archivers/gzip: Makefile
pkgsrc/archivers/gzip-base: Makefile distinfo
Added Files:
pkgsrc/archivers/gzip-base/patches: patch-ab
Log Message:
Update gzip to 1.2.4b, fixing a filename buffer overflow.
diffstat:
archivers/gzip-base/patches/patch-ab | 22 ++++++++++++++++++++++
1 files changed, 22 insertions(+), 0 deletions(-)
diffs (26 lines):
diff -r ce22ec290a89 -r b4ee9d3fd222 archivers/gzip-base/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/gzip-base/patches/patch-ab Tue Oct 19 13:33:40 2004 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ab,v 1.1.2.2 2004/10/19 13:33:41 agc Exp $
+
+From http://www.gzip.org/gzip-1.2.4b.patch - security fix for filenames
+over 1020 caharacters long.
+
+--- gzip.c Thu Aug 19 15:39:43 1993
++++ gzip.c Tue Jan 8 21:44:18 2002
+@@ -1005,7 +1005,14 @@
+ #ifdef NO_MULTIPLE_DOTS
+ char *dot; /* pointer to ifname extension, or NULL */
+ #endif
++ int max_suffix_len = (z_len > 3 ? z_len : 3);
+
++ /* Leave enough room in ifname or ofname for suffix: */
++ if (strlen(iname) >= sizeof(ifname) - max_suffix_len) {
++ strncpy(ifname, iname, sizeof(ifname) - 1);
++ /* last byte of ifname is already zero and never overwritten */
++ error("file name too long");
++ }
+ strcpy(ifname, iname);
+
+ /* If input file exists, return OK. */
Home |
Main Index |
Thread Index |
Old Index