pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2004Q3]: pkgsrc/archivers/gzip-base/patches Pullup ticket 120 ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/b4ee9d3fd222
branches:  pkgsrc-2004Q3
changeset: 480717:b4ee9d3fd222
user:      agc <agc%pkgsrc.org@localhost>
date:      Tue Oct 19 13:33:40 2004 +0000

description:
Pullup ticket 120 - requested by Todd Vierling
security fix for gzip

        Modified Files:
                pkgsrc/mk: bsd.pkg.mk

        Log Message:
        Automatic inclusion of gzip-base needs a version number in the BUILD_DEPENDS.

        Modified Files:
                pkgsrc/mk: bsd.pkg.mk

        Log Message:
        Bump gzip-base to 1.2.4b for security fix.

        Modified Files:
                pkgsrc/archivers/gzip: Makefile
                pkgsrc/archivers/gzip-base: Makefile distinfo
        Added Files:
                pkgsrc/archivers/gzip-base/patches: patch-ab

        Log Message:
        Update gzip to 1.2.4b, fixing a filename buffer overflow.

diffstat:

 archivers/gzip-base/patches/patch-ab |  22 ++++++++++++++++++++++
 1 files changed, 22 insertions(+), 0 deletions(-)

diffs (26 lines):

diff -r ce22ec290a89 -r b4ee9d3fd222 archivers/gzip-base/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/gzip-base/patches/patch-ab      Tue Oct 19 13:33:40 2004 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ab,v 1.1.2.2 2004/10/19 13:33:41 agc Exp $
+
+From http://www.gzip.org/gzip-1.2.4b.patch - security fix for filenames
+over 1020 caharacters long.
+
+--- gzip.c     Thu Aug 19 15:39:43 1993
++++ gzip.c     Tue Jan  8 21:44:18 2002
+@@ -1005,7 +1005,14 @@
+ #ifdef NO_MULTIPLE_DOTS
+     char *dot; /* pointer to ifname extension, or NULL */
+ #endif
++    int max_suffix_len = (z_len > 3 ? z_len : 3);
+ 
++    /* Leave enough room in ifname or ofname for suffix: */
++    if (strlen(iname) >= sizeof(ifname) - max_suffix_len) {
++        strncpy(ifname, iname, sizeof(ifname) - 1);
++      /* last byte of ifname is already zero and never overwritten */
++        error("file name too long");
++    }
+     strcpy(ifname, iname);
+ 
+     /* If input file exists, return OK. */



Home | Main Index | Thread Index | Old Index