head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.22 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.20 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.18 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.16 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.14 pkgsrc-2009Q4-base:1.3 pkgsrc-2008Q4:1.3.0.12 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.10 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.8 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.6 pkgsrc-2008Q2-base:1.3 pkgsrc-2008Q1:1.3.0.4 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.2 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.2.0.20 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.18 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.16 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.14 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.12 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.10 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.8 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.6 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.4 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.2 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.1.0.6 pkgsrc-2005Q1-base:1.1 pkgsrc-2004Q4:1.1.0.4 pkgsrc-2004Q4-base:1.1 pkgsrc-2004Q3:1.1.0.2; locks; strict; comment @# @; 1.3 date 2007.11.08.19.26.55; author joerg; state dead; branches; next 1.2; 1.2 date 2005.06.09.20.23.26; author adrianp; state Exp; branches; next 1.1; 1.1 date 2004.10.12.18.28.29; author tv; state Exp; branches 1.1.2.1 1.1.6.1; next ; 1.1.2.1 date 2004.10.12.18.28.29; author agc; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2004.10.19.13.33.41; author agc; state Exp; branches; next ; 1.1.6.1 date 2005.06.09.22.31.18; author salo; state Exp; branches; next ; desc @@ 1.3 log @Update gzip to 1.3.12 and merge base and info back into gzip. This includes many security fixes, improvements for files over 4GB, portability improves, zless, etc. @ text @$NetBSD: patch-ab,v 1.2 2005/06/09 20:23:26 adrianp Exp $ # CAN-2005-1228 and CAN-2005-0988 --- gzip.c.orig 1993-08-19 09:39:00.000000000 +0100 +++ gzip.c @@@@ -824,8 +824,11 @@@@ local void treat_file(iname) } close(ifd); - if (!to_stdout && close(ofd)) { - write_error(); + if (!to_stdout) { + /* Copy modes, times, ownership, and remove the input file */ + copy_stat(&istat); + if (close(ofd)) + write_error(); } if (method == -1) { if (!to_stdout) unlink (ofname); @@@@ -845,10 +848,6 @@@@ local void treat_file(iname) } fprintf(stderr, "\n"); } - /* Copy modes, times, ownership, and remove the input file */ - if (!to_stdout) { - copy_stat(&istat); - } } /* ======================================================================== @@@@ -1005,7 +1004,14 @@@@ local int get_istat(iname, sbuf) #ifdef NO_MULTIPLE_DOTS char *dot; /* pointer to ifname extension, or NULL */ #endif + int max_suffix_len = (z_len > 3 ? z_len : 3); + /* Leave enough room in ifname or ofname for suffix: */ + if (strlen(iname) >= sizeof(ifname) - max_suffix_len) { + strncpy(ifname, iname, sizeof(ifname) - 1); + /* last byte of ifname is already zero and never overwritten */ + error("file name too long"); + } strcpy(ifname, iname); /* If input file exists, return OK. */ @@@@ -1244,6 +1250,7 @@@@ local int get_method(in) /* Copy the base name. Keep a directory prefix intact. */ char *p = basename(ofname); char *base = p; + char *base2; for (;;) { *p = (char)get_char(); if (*p++ == '\0') break; @@@@ -1251,6 +1258,8 @@@@ local int get_method(in) error("corrupted input -- file name too large"); } } + base2 = basename (base); + strcpy(base, base2); /* If necessary, adapt the name to local OS conventions: */ if (!list) { MAKE_LEGAL_NAME(base); @@@@ -1624,12 +1633,12 @@@@ local void copy_stat(ifstat) reset_times(ofname, ifstat); #endif /* Copy the protection modes */ - if (chmod(ofname, ifstat->st_mode & 07777)) { + if (fchmod(ofd, ifstat->st_mode & 07777)) { WARN((stderr, "%s: ", progname)); if (!quiet) perror(ofname); } #ifndef NO_CHOWN - chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ + (void) fchown(ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ #endif remove_ofname = 0; /* It's now safe to remove the input file: */ @ 1.2 log @- Patches to address CAN-2005-1228 and CAN-2005-0988 based on FreeBSD SA and Gentoo/Debian patches. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Update gzip to 1.2.4b, fixing a filename buffer overflow. @ text @d3 1 a3 2 From http://www.gzip.org/gzip-1.2.4b.patch - security fix for filenames over 1020 caharacters long. d5 28 a32 3 --- gzip.c Thu Aug 19 15:39:43 1993 +++ gzip.c Tue Jan 8 21:44:18 2002 @@@@ -1005,7 +1005,14 @@@@ d47 32 @ 1.1.2.1 log @file patch-ab was added on branch pkgsrc-2004Q3 on 2004-10-12 18:28:29 +0000 @ text @d1 22 @ 1.1.2.2 log @Pullup ticket 120 - requested by Todd Vierling security fix for gzip Modified Files: pkgsrc/mk: bsd.pkg.mk Log Message: Automatic inclusion of gzip-base needs a version number in the BUILD_DEPENDS. Modified Files: pkgsrc/mk: bsd.pkg.mk Log Message: Bump gzip-base to 1.2.4b for security fix. Modified Files: pkgsrc/archivers/gzip: Makefile pkgsrc/archivers/gzip-base: Makefile distinfo Added Files: pkgsrc/archivers/gzip-base/patches: patch-ab Log Message: Update gzip to 1.2.4b, fixing a filename buffer overflow. @ text @a0 22 $NetBSD: patch-ab,v 1.1.2.1 2004/10/19 13:33:41 agc Exp $ From http://www.gzip.org/gzip-1.2.4b.patch - security fix for filenames over 1020 caharacters long. --- gzip.c Thu Aug 19 15:39:43 1993 +++ gzip.c Tue Jan 8 21:44:18 2002 @@@@ -1005,7 +1005,14 @@@@ #ifdef NO_MULTIPLE_DOTS char *dot; /* pointer to ifname extension, or NULL */ #endif + int max_suffix_len = (z_len > 3 ? z_len : 3); + /* Leave enough room in ifname or ofname for suffix: */ + if (strlen(iname) >= sizeof(ifname) - max_suffix_len) { + strncpy(ifname, iname, sizeof(ifname) - 1); + /* last byte of ifname is already zero and never overwritten */ + error("file name too long"); + } strcpy(ifname, iname); /* If input file exists, return OK. */ @ 1.1.6.1 log @Pullup ticket 546 - requested by Adrian Portelli security fix for gzip-base Revisions pulled up: - pkgsrc/archivers/gzip-base/Makefile 1.19 - pkgsrc/archivers/gzip-base/distinfo 1.6 - pkgsrc/archivers/gzip-base/patches/patch-ab 1.2 Module Name: pkgsrc Committed By: adrianp Date: Thu Jun 9 20:23:26 UTC 2005 Modified Files: pkgsrc/archivers/gzip-base: Makefile distinfo pkgsrc/archivers/gzip-base/patches: patch-ab Log Message: - Patches to address CAN-2005-1228 and CAN-2005-0988 based on FreeBSD SA and Gentoo/Debian patches. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.2 2005/06/09 20:23:26 adrianp Exp $ d3 2 a4 1 # CAN-2005-1228 and CAN-2005-0988 d6 3 a8 28 --- gzip.c.orig 1993-08-19 09:39:00.000000000 +0100 +++ gzip.c @@@@ -824,8 +824,11 @@@@ local void treat_file(iname) } close(ifd); - if (!to_stdout && close(ofd)) { - write_error(); + if (!to_stdout) { + /* Copy modes, times, ownership, and remove the input file */ + copy_stat(&istat); + if (close(ofd)) + write_error(); } if (method == -1) { if (!to_stdout) unlink (ofname); @@@@ -845,10 +848,6 @@@@ local void treat_file(iname) } fprintf(stderr, "\n"); } - /* Copy modes, times, ownership, and remove the input file */ - if (!to_stdout) { - copy_stat(&istat); - } } /* ======================================================================== @@@@ -1005,7 +1004,14 @@@@ local int get_istat(iname, sbuf) a22 32 @@@@ -1244,6 +1250,7 @@@@ local int get_method(in) /* Copy the base name. Keep a directory prefix intact. */ char *p = basename(ofname); char *base = p; + char *base2; for (;;) { *p = (char)get_char(); if (*p++ == '\0') break; @@@@ -1251,6 +1258,8 @@@@ local int get_method(in) error("corrupted input -- file name too large"); } } + base2 = basename (base); + strcpy(base, base2); /* If necessary, adapt the name to local OS conventions: */ if (!list) { MAKE_LEGAL_NAME(base); @@@@ -1624,12 +1633,12 @@@@ local void copy_stat(ifstat) reset_times(ofname, ifstat); #endif /* Copy the protection modes */ - if (chmod(ofname, ifstat->st_mode & 07777)) { + if (fchmod(ofd, ifstat->st_mode & 07777)) { WARN((stderr, "%s: ", progname)); if (!quiet) perror(ofname); } #ifndef NO_CHOWN - chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ + (void) fchown(ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ #endif remove_ofname = 0; /* It's now safe to remove the input file: */ @