diff options
| author |   Aron Griffis <agriffis@gentoo.org> | 2004-06-23 23:32:37 +0000 |
|---|---|---|
| committer | Aron Griffis <agriffis@gentoo.org> | 2004-06-23 23:32:37 +0000 |
| commit | 6ac52bf39ab660eb54adf91ebcfd9f78eca7d977 (patch) | |
| tree | d2e2e6726f5b2014fe9ba262668c6052ceb6407e /app-arch/gzip/files | |
| parent | make sure we always use /usr/src/linux and we dont try to install the module ... (diff) | |
| download | gentoo-2-6ac52bf39ab660eb54adf91ebcfd9f78eca7d977.tar.gz gentoo-2-6ac52bf39ab660eb54adf91ebcfd9f78eca7d977.tar.bz2 gentoo-2-6ac52bf39ab660eb54adf91ebcfd9f78eca7d977.zip | |
More security fixes: Use set -C to protect against more tempfile problems in gzexe. Use tail -n in all cases since current GNU version doesn't support tail +number at all.
Diffstat (limited to 'app-arch/gzip/files')
| -rw-r--r-- | app-arch/gzip/files/digest-gzip-1.3.3-r4 (renamed from app-arch/gzip/files/digest-gzip-1.3.3-r3) | 0 | ||||
| -rw-r--r-- | app-arch/gzip/files/digest-gzip-1.3.5-r1 (renamed from app-arch/gzip/files/digest-gzip-1.3.5) | 0 | ||||
| -rw-r--r-- | app-arch/gzip/files/gzip-1.3.3-security.patch | 80 | ||||
| -rw-r--r-- | app-arch/gzip/files/gzip-1.3.5-security.patch | 52 |
4 files changed, 108 insertions, 24 deletions
diff --git a/app-arch/gzip/files/digest-gzip-1.3.3-r3 b/app-arch/gzip/files/digest-gzip-1.3.3-r4 index 8ee90a6f0a0d..8ee90a6f0a0d 100644 --- a/app-arch/gzip/files/digest-gzip-1.3.3-r3 +++ b/app-arch/gzip/files/digest-gzip-1.3.3-r4 diff --git a/app-arch/gzip/files/digest-gzip-1.3.5 b/app-arch/gzip/files/digest-gzip-1.3.5-r1 index 70ca4140d8e2..70ca4140d8e2 100644 --- a/app-arch/gzip/files/digest-gzip-1.3.5 +++ b/app-arch/gzip/files/digest-gzip-1.3.5-r1 diff --git a/app-arch/gzip/files/gzip-1.3.3-security.patch b/app-arch/gzip/files/gzip-1.3.3-security.patch index 460b917f7899..a54b7b0fc6ab 100644 --- a/app-arch/gzip/files/gzip-1.3.3-security.patch +++ b/app-arch/gzip/files/gzip-1.3.3-security.patch @@ -1,8 +1,50 @@ ---- gzip-1.3.2.orig/gzexe.in -+++ gzip-1.3.2/gzexe.in -@@ -90,22 +90,23 @@ +--- gzip-1.3.2.orig/znew.in ++++ gzip-1.3.2/znew.in +@@ -16,8 +16,8 @@ + warn="(does not preserve modes and timestamp)" + tmp=/tmp/zfoo.$$ + set -C +-echo hi > $tmp.1 +-echo hi > $tmp.2 ++echo hi > $tmp.1 || exit 1 ++echo hi > $tmp.2 || exit 1 + if test -z "`(${CPMOD-cpmod} $tmp.1 $tmp.2) 2>&1`"; then + cpmod=${CPMOD-cpmod} + warn="" + +--- gzip-1.3.2.orig/gzexe.in 1998-09-17 20:43:06.000000000 -0400 ++++ gzip-1.3.2/gzexe.in 2004-06-23 18:20:31.840776483 -0400 +@@ -21,8 +21,10 @@ + exit 1 + fi + ++set -C + tmp=gz$$ + trap "rm -f $tmp; exit 1" 1 2 3 5 10 13 15 ++: > $tmp || exit 1 + + decomp=0 + res=0 +@@ -32,8 +34,8 @@ + shift + fi + +-echo hi > zfoo1$$ +-echo hi > zfoo2$$ ++echo hi > zfoo1$$ || exit 1 ++echo hi > zfoo2$$ || exit 1 + if test -z "`(${CPMOD-cpmod} zfoo1$$ zfoo2$$) 2>&1`"; then + cpmod=${CPMOD-cpmod} + fi +@@ -86,26 +88,28 @@ + writable=0 + chmod u+w $tmp 2>/dev/null + fi ++ : >| $tmp # truncate the file, ignoring set -C + fi if test $decomp -eq 0; then - sed 1q $0 > $tmp +- sed 1q $0 > $tmp ++ sed 1q $0 >> $tmp sed "s|^if tail|if $tail|" >> $tmp <<'EOF' -skip=22 +skip=23 @@ -11,7 +53,7 @@ umask 77 -if tail +$skip $0 | "BINDIR"/gzip -cd > /tmp/gztmp$$; then +tmpfile=`tempfile -p gztmp -d /tmp` || exit 1 -+if tail +$skip "$0" | /bin/gzip -cd >> $tmpfile; then ++if tail -n +$skip "$0" | /bin/gzip -cd >> $tmpfile; then umask $umask - /bin/chmod 700 /tmp/gztmp$$ + /bin/chmod 700 $tmpfile @@ -33,17 +75,17 @@ fi else echo Cannot decompress $0; exit 1 ---- gzip-1.3.2.orig/znew.in -+++ gzip-1.3.2/znew.in -@@ -16,8 +16,8 @@ - warn="(does not preserve modes and timestamp)" - tmp=/tmp/zfoo.$$ - set -C --echo hi > $tmp.1 --echo hi > $tmp.2 -+echo hi > $tmp.1 || exit 1 -+echo hi > $tmp.2 || exit 1 - if test -z "`(${CPMOD-cpmod} $tmp.1 $tmp.2) 2>&1`"; then - cpmod=${CPMOD-cpmod} - warn="" - +@@ -120,11 +124,11 @@ + + else + # decompression +- skip=22 ++ skip=23 + if sed -e 1d -e 2q "$i" | grep "^skip=[0-9]*$" >/dev/null; then + eval `sed -e 1d -e 2q "$i"` + fi +- if tail +$skip "$i" | gzip -cd > $tmp; then ++ if tail -n +$skip "$i" | gzip -cd >> $tmp; then + : + else + echo ${x}: $i probably not in gzexe format, file unchanged. diff --git a/app-arch/gzip/files/gzip-1.3.5-security.patch b/app-arch/gzip/files/gzip-1.3.5-security.patch index 08eeea1b21c5..29f611ac231a 100644 --- a/app-arch/gzip/files/gzip-1.3.5-security.patch +++ b/app-arch/gzip/files/gzip-1.3.5-security.patch @@ -1,8 +1,36 @@ ---- gzexe.in.orig 2004-06-23 05:36:22.000000000 -0400 -+++ gzexe.in 2004-06-23 05:53:53.000000000 -0400 -@@ -114,22 +114,23 @@ +--- gzexe.in.orig 2004-06-23 19:17:49.978676668 -0400 ++++ gzexe.in 2004-06-23 19:22:38.651945744 -0400 +@@ -42,8 +42,10 @@ + exit 1 + fi + ++set -C + tmp=gz$$ + trap "rm -f $tmp; exit 1" 1 2 3 5 10 13 15 ++: > $tmp || exit 1 + + decomp=0 + res=0 +@@ -53,8 +55,8 @@ + shift + fi + +-echo hi > zfoo1$$ +-echo hi > zfoo2$$ ++echo hi > zfoo1$$ || exit 1 ++echo hi > zfoo2$$ || exit 1 + if test -z "`(${CPMOD-cpmod} zfoo1$$ zfoo2$$) 2>&1`"; then + cpmod=${CPMOD-cpmod} + fi +@@ -110,26 +112,28 @@ + writable=0 + chmod u+w $tmp 2>/dev/null + fi ++ : >| $tmp # truncate the file, ignoring set -C + fi if test $decomp -eq 0; then - sed 1q $0 > $tmp +- sed 1q $0 > $tmp ++ sed 1q $0 >> $tmp sed "s|^if tail|if $tail|" >> $tmp <<'EOF' -skip=22 +skip=23 @@ -10,7 +38,7 @@ umask=`umask` umask 77 -if tail +$skip "$0" | /bin/gzip -cd > /tmp/gztmp$$; then -+tmpfile=`tempfile -d /tmp -p gztmp` || exit 1 ++tmpfile=`tempfile -p gztmp -d /tmp` || exit 1 +if tail +$skip "$0" | /bin/gzip -cd >> $tmpfile; then umask $umask - /bin/chmod 700 /tmp/gztmp$$ @@ -33,3 +61,17 @@ fi else echo Cannot decompress $0; exit 1 +@@ -144,11 +148,11 @@ + + else + # decompression +- skip=22 ++ skip=23 + if sed -e 1d -e 2q "$i" | grep "^skip=[0-9][0-9]*$" >/dev/null; then + eval `sed -e 1d -e 2q "$i"` + fi +- if tail +$skip "$i" | gzip -cd > $tmp; then ++ if $tail +$skip "$i" | gzip -cd >> $tmp; then + : + else + echo ${x}: $i probably not in gzexe format, file unchanged. |