head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.2 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.1.0.28 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.26 pkgsrc-2012Q4-base:1.1 pkgsrc-2012Q3:1.1.0.24 pkgsrc-2012Q3-base:1.1 pkgsrc-2012Q2:1.1.0.22 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.20 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.18 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.16 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.14 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.12 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.10 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.8 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.6 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.4 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.2; locks; strict; comment @# @; 1.2 date 2013.06.09.16.55.08; author ryoon; state dead; branches; next 1.1; commitid 0HSPYQ1ISDFREXSw; 1.1 date 2010.02.02.14.42.43; author taca; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2010.02.02.14.42.43; author tron; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2010.02.02.17.15.32; author tron; state Exp; branches; next ; desc @@ 1.2 log @Update to 1.5 Changelog: * Noteworthy changes in release 1.5 (2012-06-17) [stable] ** Bug fixes gzip -d now decodes and checks header CRC16 checksums as specified by the FHCRC section of Internet RFC 1952. "gzip -d -S '' precious.gz" is now rejected immediately. Before, that command would emulate "rm -i precious.gz", but with an easily- misunderstood prompt. I.e., gzip would ask if it's ok to remove the existing file, "precious.gz". If you made the mistake of saying "yes", it would remove that input file before attempting to uncompress it. gzip -cdf now properly handles input consisting of gzip'd data followed by uncompressed data. Before it would output raw compressed input, too. For example, now "(printf x|gzip; echo y)|gzip -dcf" prints "xy\n", while before it would print "xy\n". gzip -rf no longer compresses files more than once (e.g., replacing FOO with FOO.gz.gz) on file systems such as ZFS where a readdir loop that unlinks and creates files can revisit output files. @ text @$NetBSD: patch-ah,v 1.1 2010/02/02 14:42:43 taca Exp $ Fix for CVE-2010-0001. --- unlzw.c.orig 2006-12-11 18:54:39.000000000 +0000 +++ unlzw.c @@@@ -248,7 +248,8 @@@@ int unlzw(in, out) int o; resetbuf: - e = insize-(o = (posbits>>3)); + o = posbits >> 3; + e = o <= insize ? insize - o : 0; for (i = 0 ; i < e ; ++i) { inbuf[i] = inbuf[i+o]; @ 1.1 log @Add patches for CVE-2009-2624 and CVE-2010-0001. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ah was added on branch pkgsrc-2009Q4 on 2010-02-02 17:15:32 +0000 @ text @d1 16 @ 1.1.2.2 log @Pullup ticket #2895 - requested by taca gzip: security patch Revisions pulled up: - archivers/gzip/Makefile 1.23 - archivers/gzip/distinfo 1.4 - archivers/gzip/patches/patch-ag 1.1 - archivers/gzip/patches/patch-ah 1.1 --- Module Name: pkgsrc Committed By: taca Date: Tue Feb 2 14:42:43 UTC 2010 Modified Files: pkgsrc/archivers/gzip: Makefile distinfo Added Files: pkgsrc/archivers/gzip/patches: patch-ag patch-ah Log Message: Add patches for CVE-2009-2624 and CVE-2010-0001. Bump PKGREVISION. @ text @a0 16 $NetBSD: patch-ah,v 1.1 2010/02/02 14:42:43 taca Exp $ Fix for CVE-2010-0001. --- unlzw.c.orig 2006-12-11 18:54:39.000000000 +0000 +++ unlzw.c @@@@ -248,7 +248,8 @@@@ int unlzw(in, out) int o; resetbuf: - e = insize-(o = (posbits>>3)); + o = posbits >> 3; + e = o <= insize ? insize - o : 0; for (i = 0 ; i < e ; ++i) { inbuf[i] = inbuf[i+o]; @