SOURCES: gzip-CVE-2006-433x.patch, gzip-info.patch, gzip-mktemp.pa...
qboosh
qboosh at pld-linux.org
Thu Nov 30 00:41:54 CET 2006
Author: qboosh Date: Wed Nov 29 23:41:54 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- updated for 1.3.6
---- Files affected:
SOURCES:
gzip-CVE-2006-433x.patch (1.1 -> 1.2) , gzip-info.patch (1.3 -> 1.4) , gzip-mktemp.patch (1.5 -> 1.6) , gzip-rsyncable.patch (1.2 -> 1.3) , gzip-stderr.patch (1.2 -> 1.3)
---- Diffs:
================================================================
Index: SOURCES/gzip-CVE-2006-433x.patch
diff -u SOURCES/gzip-CVE-2006-433x.patch:1.1 SOURCES/gzip-CVE-2006-433x.patch:1.2
--- SOURCES/gzip-CVE-2006-433x.patch:1.1 Mon Sep 25 20:53:52 2006
+++ SOURCES/gzip-CVE-2006-433x.patch Thu Nov 30 00:41:48 2006
@@ -11,27 +11,16 @@
#define get_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(0))
#define try_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(1))
---- gzip-1.3.5/inflate.c
-+++ gzip-1.3.5/inflate.c
-@@ -337,7 +337,7 @@
- {
- *t = (struct huft *)NULL;
- *m = 0;
-- return 0;
-+ return 2;
- }
-
-
---- gzip-1.3.5/unlzh.c
-+++ gzip-1.3.5/unlzh.c
-@@ -149,13 +149,17 @@
+--- gzip-1.3.6/unlzh.c.orig 2006-11-20 09:40:34.000000000 +0100
++++ gzip-1.3.6/unlzh.c 2006-11-30 00:34:20.798025500 +0100
+@@ -145,13 +145,17 @@
unsigned i, k, len, ch, jutbits, avail, nextcode, mask;
for (i = 1; i <= 16; i++) count[i] = 0;
- for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++;
+ for (i = 0; i < (unsigned)nchar; i++) {
+ if (bitlen[i] > 16)
-+ error("Bad table (case a)\n");
++ gzip_error("Bad table (case a)\n");
+ else count[bitlen[i]]++;
+ }
@@ -39,13 +28,13 @@
for (i = 1; i <= 16; i++)
start[i + 1] = start[i] + (count[i] << (16 - i));
- if ((start[17] & 0xffff) != 0)
-- error("Bad table\n");
+- gzip_error ("Bad table\n");
+ if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
-+ error("Bad table (case b)\n");
++ gzip_error("Bad table (case b)\n");
jutbits = 16 - tablebits;
for (i = 1; i <= (unsigned)tablebits; i++) {
-@@ -169,15 +173,15 @@
+@@ -165,15 +169,15 @@
i = start[tablebits + 1] >> jutbits;
if (i != 0) {
@@ -62,9 +51,9 @@
- nextcode = start[len] + weight[len];
+ nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE);
if (len <= (unsigned)tablebits) {
- for (i = start[len]; i < nextcode; i++) table[i] = ch;
- } else {
-@@ -218,7 +222,7 @@
+ if ((unsigned) 1 << tablebits < nextcode)
+ gzip_error ("Bad table\n");
+@@ -216,7 +220,7 @@
for (i = 0; i < 256; i++) pt_table[i] = c;
} else {
i = 0;
================================================================
Index: SOURCES/gzip-info.patch
diff -u SOURCES/gzip-info.patch:1.3 SOURCES/gzip-info.patch:1.4
--- SOURCES/gzip-info.patch:1.3 Sun Jan 19 02:39:41 2003
+++ SOURCES/gzip-info.patch Thu Nov 30 00:41:49 2006
@@ -1,5 +1,5 @@
---- gzip-1.3.5/gzip.texi.orig Mon Sep 30 08:57:29 2002
-+++ gzip-1.3.5/gzip.texi Sat Jan 18 23:41:52 2003
+--- gzip-1.3.6/doc/gzip.texi.orig Mon Sep 30 08:57:29 2002
++++ gzip-1.3.6/doc/gzip.texi Sat Jan 18 23:41:52 2003
@@ -31,16 +31,9 @@
@end quotation
@end copying
================================================================
Index: SOURCES/gzip-mktemp.patch
diff -u SOURCES/gzip-mktemp.patch:1.5 SOURCES/gzip-mktemp.patch:1.6
--- SOURCES/gzip-mktemp.patch:1.5 Sun Jan 19 02:39:41 2003
+++ SOURCES/gzip-mktemp.patch Thu Nov 30 00:41:49 2006
@@ -1,35 +1,19 @@
-diff -ur gzip-1.3.5.orig/gzexe.in gzip-1.3.5/gzexe.in
---- gzip-1.3.5.orig/gzexe.in Fri Sep 18 02:43:06 1998
-+++ gzip-1.3.5/gzexe.in Sat Jun 9 16:05:41 2001
-@@ -91,21 +91,21 @@
- sed 1q $0 > $tmp
- sed "s|^if tail|if $tail|" >> $tmp <<'EOF'
- skip=22
+--- gzip-1.3.6/gzexe.in.orig 2006-11-20 09:40:33.000000000 +0100
++++ gzip-1.3.6/gzexe.in 2006-11-29 23:50:44.730531500 +0100
+@@ -132,12 +132,12 @@
+ (sed 1q $0 &&
+ sed "s|^if tail|if $tail|" <<'EOF' &&
+ skip=26
-set -C
++
umask=`umask`
umask 77
--if tail +$skip "$0" | "BINDIR"/gzip -cd > /tmp/gztmp$$; then
-+tmpfile=`mktemp ${TMPDIR:-/tmp}/gz$$.XXXXXX` || { echo 'cannot create temporary file' >&2; exit 1; }
-+if tail +$skip "$0" | "/bin"/gzip -cd > $tmpfile; then
+-if (tempfile --version) >/dev/null 2>&1
+-then gztmp=`tempfile -p gztmp` || exit
+-else gztmp=/tmp/gztmp$$
++if (mktemp -V) >/dev/null 2>&1
++then gztmp=`mktemp ${TMPDIR:-/tmp}/gztmp$$.XXXXXX` || exit
++else { echo 'cannot create temporary file' >&2; exit 1; }
+ fi
+ if tail +$skip "$0" | "BINDIR"/gzip -cd > "$gztmp"; then
umask $umask
-- /bin/chmod 700 /tmp/gztmp$$
-+ /bin/chmod 700 $tmpfile
- prog="`echo $0 | /bin/sed 's|^.*/||'`"
-- if /bin/ln /tmp/gztmp$$ "/tmp/$prog" 2>/dev/null; then
-- trap '/bin/rm -f /tmp/gztmp$$ "/tmp/$prog"; exit $res' 0
-- (/bin/sleep 5; /bin/rm -f /tmp/gztmp$$ "/tmp/$prog") 2>/dev/null &
-- /tmp/"$prog" ${1+"$@"}; res=$?
-+ if /bin/ln $tmpfile "${TMPDIR:-/tmp}/$prog" 2>/dev/null; then
-+ trap '/bin/rm -f $tmpfile "${TMPDIR:-/tmp}/$prog"; exit $res' 0
-+ (/bin/sleep 5; /bin/rm -f $tmpfile "${TMPDIR:-/tmp}/$prog") 2>/dev/null &
-+ ${TMPDIR:-/tmp}/"$prog" ${1+"$@"}; res=$?
- else
-- trap '/bin/rm -f /tmp/gztmp$$; exit $res' 0
-- (/bin/sleep 5; /bin/rm -f /tmp/gztmp$$) 2>/dev/null &
-- /tmp/gztmp$$ ${1+"$@"}; res=$?
-+ trap '/bin/rm -f ${TMPDIR:-/tmp}/$tmpfile; exit $res' 0
-+ (/bin/sleep 5; /bin/rm -f $tmpfile) 2>/dev/null &
-+ $tmpfile ${1+"$@"}; res=$?
- fi
- else
- echo Cannot decompress $0; exit 1
================================================================
Index: SOURCES/gzip-rsyncable.patch
diff -u SOURCES/gzip-rsyncable.patch:1.2 SOURCES/gzip-rsyncable.patch:1.3
--- SOURCES/gzip-rsyncable.patch:1.2 Tue Jun 13 23:03:50 2006
+++ SOURCES/gzip-rsyncable.patch Thu Nov 30 00:41:49 2006
@@ -4,9 +4,9 @@
tried out in the default gzip for Debian Sarge, and may go into the
upstream gzip at somepoint in the not-too-distant future.
---- gzip-1.3.5/deflate.c 1999-10-07 23:46:28 -0700
-+++ rsyncable/deflate.c 2005-02-05 09:40:33 -0800
-@@ -122,6 +122,14 @@
+--- gzip-1.3.6/deflate.c.orig 2006-11-30 00:13:22.863409500 +0100
++++ gzip-1.3.6/deflate.c 2006-11-30 00:14:14.346627000 +0100
+@@ -135,6 +135,14 @@
#endif
/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */
@@ -21,7 +21,7 @@
/* ===========================================================================
* Local data used by the "longest match" routines.
*/
-@@ -203,6 +211,8 @@
+@@ -216,6 +224,8 @@
unsigned near good_match;
/* Use a faster search when the previous match is longer than this */
@@ -30,7 +30,7 @@
/* Values for max_lazy_match, good_match and max_chain_length, depending on
* the desired pack level (0..9). The values given below have been tuned to
-@@ -301,6 +311,10 @@
+@@ -314,6 +324,10 @@
#endif
/* prev will be initialized on the fly */
@@ -41,7 +41,7 @@
/* Set the default configuration parameters:
*/
max_lazy_match = configuration_table[pack_level].max_lazy;
-@@ -537,6 +551,8 @@
+@@ -550,6 +564,8 @@
memcpy((char*)window, (char*)window+WSIZE, (unsigned)WSIZE);
match_start -= WSIZE;
strstart -= WSIZE; /* we now have strstart >= MAX_DIST: */
@@ -50,7 +50,7 @@
block_start -= (long) WSIZE;
-@@ -564,13 +580,46 @@
+@@ -577,13 +593,46 @@
}
}
@@ -98,7 +98,7 @@
/* ===========================================================================
* Processes a new input file and return its compressed length. This
-@@ -581,7 +630,7 @@
+@@ -594,7 +643,7 @@
local off_t deflate_fast()
{
IPos hash_head; /* head of the hash chain */
@@ -107,7 +107,7 @@
unsigned match_length = 0; /* length of best match */
prev_length = MIN_MATCH-1;
-@@ -610,6 +659,7 @@
+@@ -624,6 +673,7 @@
lookahead -= match_length;
@@ -115,13 +115,13 @@
/* Insert new strings in the hash table only if the match length
* is not too large. This saves time but degrades compression.
*/
-@@ -638,9 +688,14 @@
+@@ -652,9 +702,14 @@
/* No match, output a literal byte */
Tracevv((stderr,"%c",window[strstart]));
flush = ct_tally (0, window[strstart]);
+ RSYNC_ROLL(strstart, 1);
lookahead--;
- strstart++;
+ strstart++;
}
+ if (rsync && strstart > rsync_chunk_end) {
+ rsync_chunk_end = 0xFFFFFFFFUL;
@@ -130,7 +130,7 @@
if (flush) FLUSH_BLOCK(0), block_start = strstart;
/* Make sure that we always have enough lookahead, except
-@@ -713,6 +768,7 @@
+@@ -728,6 +783,7 @@
*/
lookahead -= prev_length-1;
prev_length -= 2;
@@ -138,7 +138,7 @@
do {
strstart++;
INSERT_STRING(strstart, hash_head);
-@@ -725,24 +781,39 @@
+@@ -740,24 +796,39 @@
match_available = 0;
match_length = MIN_MATCH-1;
strstart++;
@@ -182,9 +182,9 @@
strstart++;
lookahead--;
}
---- gzip-1.3.5/gzip.c 2002-09-28 00:38:43 -0700
-+++ rsyncable/gzip.c 2005-02-05 09:40:33 -0800
-@@ -256,6 +256,7 @@
+--- gzip-1.3.6/gzip.c.orig 2006-11-20 09:40:33.000000000 +0100
++++ gzip-1.3.6/gzip.c 2006-11-30 00:15:31.387441750 +0100
+@@ -218,6 +218,7 @@
unsigned insize; /* valid bytes in inbuf */
unsigned inptr; /* index of next byte to be processed in inbuf */
unsigned outcnt; /* bytes in output buffer */
@@ -192,7 +192,7 @@
struct option longopts[] =
{
-@@ -285,6 +286,7 @@
+@@ -247,6 +248,7 @@
{"best", 0, 0, '9'}, /* compress better */
{"lzw", 0, 0, 'Z'}, /* make output compatible with old compress */
{"bits", 1, 0, 'b'}, /* max number of bits per code (implies -Z) */
@@ -200,21 +200,21 @@
{ 0, 0, 0, 0 }
};
-@@ -365,6 +367,7 @@
- " -Z --lzw produce output compatible with old compress",
- " -b --bits maxbits max number of bits per code (implies -Z)",
+@@ -329,6 +331,7 @@
+ " -Z, --lzw produce output compatible with old compress",
+ " -b, --bits=BITS max number of bits per code (implies -Z)",
#endif
-+ " --rsyncable Make rsync-friendly archive",
- " file... files to (de)compress. If none given, use standard input.",
- "Report bugs to <bug-gzip at gnu.org>.",
- 0};
-@@ -543,6 +546,9 @@
- #else
- recursive = 1; break;
++ " --rsyncable make rsync-friendly archive",
+ "",
+ "With no FILE, or when FILE is -, read standard input.",
+ "",
+@@ -469,6 +472,9 @@
+ recursive = 1;
#endif
+ break;
+ case 'R':
-+ rsync = 1; break;
-+
++ rsync = 1;
++ break;
case 'S':
#ifdef NO_MULTIPLE_DOTS
if (*optarg == '.') optarg++;
@@ -237,8 +237,8 @@
/* in bits.c */
void bi_init OF((file_t zipfile));
---- gzip-1.3.5/gzip.texi 2002-09-29 23:57:29 -0700
-+++ rsyncable/gzip.texi 2005-02-05 09:40:33 -0800
+--- gzip-1.3.6/doc/gzip.texi 2002-09-29 23:57:29 -0700
++++ rsyncable/doc/gzip.texi 2005-02-05 09:40:33 -0800
@@ -334,6 +334,14 @@
into the directory and compress all the files it finds there (or
decompress them in the case of @code{gunzip}).
================================================================
Index: SOURCES/gzip-stderr.patch
diff -u SOURCES/gzip-stderr.patch:1.2 SOURCES/gzip-stderr.patch:1.3
--- SOURCES/gzip-stderr.patch:1.2 Sun Jan 19 02:39:41 2003
+++ SOURCES/gzip-stderr.patch Thu Nov 30 00:41:49 2006
@@ -1,95 +1,65 @@
---- gzip-1.3/gzexe.in.orig Thu Nov 9 15:08:50 2000
-+++ gzip-1.3/gzexe.in Thu Nov 9 15:09:09 2000
-@@ -15,9 +15,9 @@
+--- gzip-1.3.6/gzexe.in.orig 2006-11-29 23:51:33.485578500 +0100
++++ gzip-1.3.6/gzexe.in 2006-11-29 23:52:24.632775000 +0100
+@@ -51,7 +51,7 @@
- x=`basename $0`
+ PATH="BINDIR:$PATH"
if test $# = 0; then
-- echo compress executables. original file foo is renamed to foo~
-- echo usage: ${x} [-d] files...
-- echo " -d decompress the executables"
-+ echo compress executables. original file foo is renamed to foo~ 1>&2
-+ echo usage: ${x} [-d] files... 1>&2
-+ echo " -d decompress the executables" 1>&2
+- echo "$usage"
++ echo "$usage" >&2
exit 1
fi
---- gzip-1.3/zdiff.in.orig Thu Nov 9 15:08:50 2000
-+++ gzip-1.3/zdiff.in Thu Nov 9 15:09:29 2000
-@@ -32,7 +32,7 @@
- esac
- done
- if test -z "$FILES"; then
-- echo "Usage: $prog [${comp}_options] file [file]"
-+ echo "Usage: $prog [${comp}_options] file [file]" 1>&2
- exit 2
- fi
- set $FILES
-@@ -64,6 +64,6 @@
+--- gzip-1.3.6/zdiff.in.orig 2006-11-20 09:40:34.000000000 +0100
++++ gzip-1.3.6/zdiff.in 2006-11-29 23:54:17.383821500 +0100
+@@ -77,6 +77,6 @@
esac;;
esac
else
-- echo "Usage: $prog [${comp}_options] file [file]"
-+ echo "Usage: $prog [${comp}_options] file [file]" 1>&2
+- echo "$usage"
++ echo "$usage" >&2
exit 2
fi
---- gzip-1.3/zforce.in.orig Thu Nov 9 15:08:50 2000
-+++ gzip-1.3/zforce.in Thu Nov 9 15:09:47 2000
-@@ -9,8 +9,8 @@
- PATH="BINDIR:$PATH"; export PATH
- x=`basename $0`
+--- gzip-1.3.6/zforce.in.orig 2006-11-20 09:40:34.000000000 +0100
++++ gzip-1.3.6/zforce.in 2006-11-29 23:54:45.833599500 +0100
+@@ -41,7 +41,7 @@
+ Report bugs to <bug-gzip at gnu.org>."
+
if test $# = 0; then
-- echo "force a '.gz' extension on all gzip files"
-- echo usage: $x files...
-+ echo "force a '.gz' extension on all gzip files" 1>&2
-+ echo usage: $x files... 1>&2
+- echo "$usage"
++ echo "$usage" >&2
exit 1
fi
---- gzip-1.3.5/zgrep.in.orig Thu Nov 9 15:08:50 2000
-+++ gzip-1.3.5/zgrep.in Thu Nov 9 15:12:21 2000
-@@ -31,8 +31,8 @@
+--- gzip-1.3.6/zgrep.in.orig 2006-11-20 09:40:34.000000000 +0100
++++ gzip-1.3.6/zgrep.in 2006-11-29 23:55:01.078552250 +0100
+@@ -97,7 +97,7 @@
done
if test -z "$pat"; then
-- echo "grep through gzip files"
-- echo "usage: $prog [grep_options] pattern [files]"
-+ echo "grep through gzip files" 1>&2
-+ echo "usage: $prog [grep_options] pattern [files]" 1>&2
+- echo "$usage"
++ echo "$usage" >&2
exit 2
fi
---- gzip-1.3.5/zmore.in.orig Thu Nov 9 15:08:50 2000
-+++ gzip-1.3.5/zmore.in Thu Nov 9 15:13:49 2000
-@@ -23,7 +23,8 @@
+--- gzip-1.3.6/zmore.in.orig 2006-11-20 09:40:34.000000000 +0100
++++ gzip-1.3.6/zmore.in 2006-11-29 23:55:22.423886250 +0100
+@@ -54,7 +54,7 @@
if test $# = 0; then
if test -t 0; then
-- echo usage: ${ZMORE_PROGRAM_NAME-zmore} files...
-+ echo usage: ${ZMORE_PROGRAM_NAME-zmore} files... 1>&2
-+ exit 1
+- echo "$usage"
++ echo "$usage" >&2
else
gzip -cdfq | eval ${PAGER-more}
fi
---- gzip-1.3/znew.in.orig Thu Nov 9 15:08:50 2000
-+++ gzip-1.3/znew.in Thu Nov 9 15:14:20 2000
-@@ -51,13 +51,13 @@
+--- gzip-1.3.6/znew.in.orig 2006-11-20 09:40:34.000000000 +0100
++++ gzip-1.3.6/znew.in 2006-11-29 23:55:43.157182000 +0100
+@@ -94,7 +94,7 @@
done
if test $# -eq 0; then
-- echo "recompress .Z files into $ext (gzip) files"
-- echo usage: `echo $0 | sed 's,^.*/,,'` "[-tv9KP]" file.Z...
-- echo " -t tests the new files before deleting originals"
-- echo " -v be verbose"
-- echo " -9 use the slowest compression method (optimal compression)"
-- echo " -K keep a .Z file when it is smaller than the $ext file"
-- echo " -P use pipes for the conversion $warn"
-+ echo "recompress .Z files into $ext (gzip) files" 1>&2
-+ echo usage: `echo $0 | sed 's,^.*/,,'` "[-tv9KP]" file.Z... 1>&2
-+ echo " -t tests the new files before deleting originals" 1>&2
-+ echo " -v be verbose" 1>&2
-+ echo " -9 use the slowest compression method (optimal compression)" 1>&2
-+ echo " -K keep a .Z file when it is smaller than the $ext file" 1>&2
-+ echo " -P use pipes for the conversion $warn" 1>&2
+- echo "$usage"
++ echo "$usage" >&2
exit 1
fi
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/gzip-CVE-2006-433x.patch?r1=1.1&r2=1.2&f=u
http://cvs.pld-linux.org/SOURCES/gzip-info.patch?r1=1.3&r2=1.4&f=u
http://cvs.pld-linux.org/SOURCES/gzip-mktemp.patch?r1=1.5&r2=1.6&f=u
http://cvs.pld-linux.org/SOURCES/gzip-rsyncable.patch?r1=1.2&r2=1.3&f=u
http://cvs.pld-linux.org/SOURCES/gzip-stderr.patch?r1=1.2&r2=1.3&f=u
More information about the pld-cvs-commit
mailing list