[pkgsrc/trunk]: pkgsrc/archivers Update gzip to 1.2.4b, fixing a filename buf...

[tv <tv%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/360250d15f36
branches:  trunk
changeset: 481791:360250d15f36
user:      tv <tv%pkgsrc.org@localhost>
date:      Tue Oct 12 18:28:28 2004 +0000

description:
Update gzip to 1.2.4b, fixing a filename buffer overflow.

diffstat:

 archivers/gzip-base/Makefile         |   5 ++---
 archivers/gzip-base/distinfo         |   3 ++-
 archivers/gzip-base/patches/patch-ab |  22 ++++++++++++++++++++++
 archivers/gzip/Makefile              |   9 ++++-----
 4 files changed, 30 insertions(+), 9 deletions(-)

diffs (77 lines):

diff -r ffcd115f41dd -r 360250d15f36 archivers/gzip-base/Makefile
--- a/archivers/gzip-base/Makefile      Tue Oct 12 17:32:46 2004 +0000
+++ b/archivers/gzip-base/Makefile      Tue Oct 12 18:28:28 2004 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.16 2004/07/02 21:06:35 minskim Exp $
+# $NetBSD: Makefile,v 1.17 2004/10/12 18:28:28 tv Exp $
 #
 
 DISTNAME=      gzip-1.2.4a
-PKGNAME=       ${DISTNAME:S/gzip-/gzip-base-/}
-PKGREVISION=   1
+PKGNAME=       ${DISTNAME:S/gzip-/gzip-base-/:S/a$/b/}
 SVR4_PKGNAME=  gzipb
 CATEGORIES=    archivers
 MASTER_SITES=   ${MASTER_SITE_GNU:=gzip/}
diff -r ffcd115f41dd -r 360250d15f36 archivers/gzip-base/distinfo
--- a/archivers/gzip-base/distinfo      Tue Oct 12 17:32:46 2004 +0000
+++ b/archivers/gzip-base/distinfo      Tue Oct 12 18:28:28 2004 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.3 2004/05/07 21:41:43 reed Exp $
+$NetBSD: distinfo,v 1.4 2004/10/12 18:28:28 tv Exp $
 
 SHA1 (gzip-1.2.4a.shar) = 1e1e513f48be32ecfe24c06b609329963d5a5288
 Size (gzip-1.2.4a.shar) = 832431 bytes
 SHA1 (patch-aa) = 449d3eb975b9ddc634ba0b3a245381f3f3e1f5e1
+SHA1 (patch-ab) = e198a1d9a90a8b626b178ef7b5beabc729c6367d
diff -r ffcd115f41dd -r 360250d15f36 archivers/gzip-base/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/archivers/gzip-base/patches/patch-ab      Tue Oct 12 18:28:28 2004 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ab,v 1.1 2004/10/12 18:28:29 tv Exp $
+
+From http://www.gzip.org/gzip-1.2.4b.patch - security fix for filenames
+over 1020 caharacters long.
+
+--- gzip.c     Thu Aug 19 15:39:43 1993
++++ gzip.c     Tue Jan  8 21:44:18 2002
+@@ -1005,7 +1005,14 @@
+ #ifdef NO_MULTIPLE_DOTS
+     char *dot; /* pointer to ifname extension, or NULL */
+ #endif
++    int max_suffix_len = (z_len > 3 ? z_len : 3);
+ 
++    /* Leave enough room in ifname or ofname for suffix: */
++    if (strlen(iname) >= sizeof(ifname) - max_suffix_len) {
++        strncpy(ifname, iname, sizeof(ifname) - 1);
++      /* last byte of ifname is already zero and never overwritten */
++        error("file name too long");
++    }
+     strcpy(ifname, iname);
+ 
+     /* If input file exists, return OK. */
diff -r ffcd115f41dd -r 360250d15f36 archivers/gzip/Makefile
--- a/archivers/gzip/Makefile   Tue Oct 12 17:32:46 2004 +0000
+++ b/archivers/gzip/Makefile   Tue Oct 12 18:28:28 2004 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.13 2004/07/02 21:06:35 minskim Exp $
+# $NetBSD: Makefile,v 1.14 2004/10/12 18:28:28 tv Exp $
 #
 
-DISTNAME=      gzip-1.2.4a
-PKGREVISION=   1
+DISTNAME=      gzip-1.2.4b
 CATEGORIES=    archivers
 MASTER_SITES=  # empty
 DISTFILES=     # empty
@@ -11,8 +10,8 @@
 HOMEPAGE=      http://www.gnu.org/software/gzip/gzip.html
 COMMENT=       The "meta-package" for the GZIP compression utility
 
-DEPENDS+=      gzip-base-1.2.4anb1:../../archivers/gzip-base
-DEPENDS+=      gzip-info-1.2.4a:../../archivers/gzip-info
+DEPENDS+=      gzip-base-1.2.4b{,nb[0-9]*}:../../archivers/gzip-base
+DEPENDS+=      gzip-info-1.2.4*:../../archivers/gzip-info
 
 PKG_INSTALLATION_TYPES=        overwrite pkgviews