diff options
author | simon <simon@FreeBSD.org> | 2005-06-23 06:44:41 +0800 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2005-06-23 06:44:41 +0800 |
commit | d32661a2b4b3caa3ae361be37f912b9d62d0ebf7 (patch) | |
tree | 5da774bafdc8aa7f7a66dc9207f6ba2d1c3c9102 /archivers/gzip | |
parent | 9d03c84744cbfc04c9e3c20b356c8ea1ed843a53 (diff) | |
download | freebsd-ports-gnome-d32661a2b4b3caa3ae361be37f912b9d62d0ebf7.tar.gz freebsd-ports-gnome-d32661a2b4b3caa3ae361be37f912b9d62d0ebf7.tar.zst freebsd-ports-gnome-d32661a2b4b3caa3ae361be37f912b9d62d0ebf7.zip |
Fix directory traversal and permission race security vulnerabilities in
gzip, and zgrep improper argument sanitation.
Security: CAN-2005-0758, CAN-2005-0988, CAN-2005-1228
Security: FreeBSD-SA-05:11.gzip
Obtained from: RedHat, Steve Grubb via RedHat, Debian
Approved by: maintainer timeout (4 days; security)
Diffstat (limited to 'archivers/gzip')
-rw-r--r-- | archivers/gzip/Makefile | 2 | ||||
-rw-r--r-- | archivers/gzip/files/patch-gzip.c | 62 | ||||
-rw-r--r-- | archivers/gzip/files/patch-zgrep.in | 29 |
3 files changed, 92 insertions, 1 deletions
diff --git a/archivers/gzip/Makefile b/archivers/gzip/Makefile index 9ada5d066558..aaf15691f16d 100644 --- a/archivers/gzip/Makefile +++ b/archivers/gzip/Makefile @@ -7,7 +7,7 @@ PORTNAME= gzip PORTVERSION= 1.3.5 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= archivers MASTER_SITES= ftp://sunfreeware.risq.qc.ca/SOURCES/ \ ftp://sunsite.cnlab-switch.ch/mirror/solaris-freeware/SOURCES/ \ diff --git a/archivers/gzip/files/patch-gzip.c b/archivers/gzip/files/patch-gzip.c new file mode 100644 index 000000000000..afa8e0d157d3 --- /dev/null +++ b/archivers/gzip/files/patch-gzip.c @@ -0,0 +1,62 @@ +--- gzip.c.orig Sat Sep 28 09:38:43 2002 ++++ gzip.c Sat Jun 18 16:12:37 2005 +@@ -875,8 +875,11 @@ + } + + close(ifd); +- if (!to_stdout && close(ofd)) { +- write_error(); ++ if (!to_stdout) { ++ /* Copy modes, times, ownership, and remove the input file */ ++ copy_stat(&istat); ++ if (close(ofd)) ++ write_error(); + } + if (method == -1) { + if (!to_stdout) xunlink (ofname); +@@ -896,10 +899,6 @@ + } + fprintf(stderr, "\n"); + } +- /* Copy modes, times, ownership, and remove the input file */ +- if (!to_stdout) { +- copy_stat(&istat); +- } + } + + /* ======================================================================== +@@ -1317,6 +1316,7 @@ + /* Copy the base name. Keep a directory prefix intact. */ + char *p = base_name (ofname); + char *base = p; ++ char *base2; + for (;;) { + *p = (char)get_char(); + if (*p++ == '\0') break; +@@ -1324,6 +1324,8 @@ + error("corrupted input -- file name too large"); + } + } ++ base2 = basename (base); ++ strcpy(base, base2); + /* If necessary, adapt the name to local OS conventions: */ + if (!list) { + MAKE_LEGAL_NAME(base); +@@ -1725,7 +1727,7 @@ + reset_times(ofname, ifstat); + #endif + /* Copy the protection modes */ +- if (chmod(ofname, ifstat->st_mode & 07777)) { ++ if (fchmod(ofd, ifstat->st_mode & 07777)) { + int e = errno; + WARN((stderr, "%s: ", progname)); + if (!quiet) { +@@ -1734,7 +1736,7 @@ + } + } + #ifndef NO_CHOWN +- chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ ++ (void) fchown(ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */ + #endif + remove_ofname = 0; + /* It's now safe to remove the input file: */ diff --git a/archivers/gzip/files/patch-zgrep.in b/archivers/gzip/files/patch-zgrep.in new file mode 100644 index 000000000000..3d1039b6ebd4 --- /dev/null +++ b/archivers/gzip/files/patch-zgrep.in @@ -0,0 +1,29 @@ +--- zgrep.in ++++ zgrep.in +@@ -24,7 +24,7 @@ + + PATH="BINDIR:$PATH"; export PATH + +-prog=`echo $0 | sed 's|.*/||'` ++prog=`echo "$0" | sed 's|.*/||'` + case "$prog" in + *egrep) grep=${EGREP-egrep -a} ;; + *fgrep) grep=${FGREP-fgrep -a} ;; +@@ -112,12 +112,15 @@ + fi + $uncompress -cdfq "$i" | + if test $files_with_matches -eq 1; then +- $grep $opt "$pat" > /dev/null && echo $i ++ $grep $opt "$pat" > /dev/null && printf "%s\n" "$i" + elif test $files_without_matches -eq 1; then +- $grep $opt "$pat" > /dev/null || echo $i ++ $grep $opt "$pat" > /dev/null || printf "%s\n" "$i" + elif test $with_filename -eq 0 && { test $# -eq 1 || test $no_filename -eq 1; }; then + $grep $opt "$pat" + else ++ i=${i//\\/\\\\} ++ i=${i//|/\\|} ++ i=${i//&/\\&} + if test $with_filename -eq 1; then + sed_script="s|^[^:]*:|${i}:|" + else |