aboutsummaryrefslogtreecommitdiffstats
path: root/archivers/gzip
diff options
context:
space:
mode:
authorsimon <simon@FreeBSD.org>2005-06-23 06:44:41 +0800
committersimon <simon@FreeBSD.org>2005-06-23 06:44:41 +0800
commitd32661a2b4b3caa3ae361be37f912b9d62d0ebf7 (patch)
tree5da774bafdc8aa7f7a66dc9207f6ba2d1c3c9102 /archivers/gzip
parent9d03c84744cbfc04c9e3c20b356c8ea1ed843a53 (diff)
downloadfreebsd-ports-gnome-d32661a2b4b3caa3ae361be37f912b9d62d0ebf7.tar.gz
freebsd-ports-gnome-d32661a2b4b3caa3ae361be37f912b9d62d0ebf7.tar.zst
freebsd-ports-gnome-d32661a2b4b3caa3ae361be37f912b9d62d0ebf7.zip
Fix directory traversal and permission race security vulnerabilities in
gzip, and zgrep improper argument sanitation. Security: CAN-2005-0758, CAN-2005-0988, CAN-2005-1228 Security: FreeBSD-SA-05:11.gzip Obtained from: RedHat, Steve Grubb via RedHat, Debian Approved by: maintainer timeout (4 days; security)
Diffstat (limited to 'archivers/gzip')
-rw-r--r--archivers/gzip/Makefile2
-rw-r--r--archivers/gzip/files/patch-gzip.c62
-rw-r--r--archivers/gzip/files/patch-zgrep.in29
3 files changed, 92 insertions, 1 deletions
diff --git a/archivers/gzip/Makefile b/archivers/gzip/Makefile
index 9ada5d066558..aaf15691f16d 100644
--- a/archivers/gzip/Makefile
+++ b/archivers/gzip/Makefile
@@ -7,7 +7,7 @@
PORTNAME= gzip
PORTVERSION= 1.3.5
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= archivers
MASTER_SITES= ftp://sunfreeware.risq.qc.ca/SOURCES/ \
ftp://sunsite.cnlab-switch.ch/mirror/solaris-freeware/SOURCES/ \
diff --git a/archivers/gzip/files/patch-gzip.c b/archivers/gzip/files/patch-gzip.c
new file mode 100644
index 000000000000..afa8e0d157d3
--- /dev/null
+++ b/archivers/gzip/files/patch-gzip.c
@@ -0,0 +1,62 @@
+--- gzip.c.orig Sat Sep 28 09:38:43 2002
++++ gzip.c Sat Jun 18 16:12:37 2005
+@@ -875,8 +875,11 @@
+ }
+
+ close(ifd);
+- if (!to_stdout && close(ofd)) {
+- write_error();
++ if (!to_stdout) {
++ /* Copy modes, times, ownership, and remove the input file */
++ copy_stat(&istat);
++ if (close(ofd))
++ write_error();
+ }
+ if (method == -1) {
+ if (!to_stdout) xunlink (ofname);
+@@ -896,10 +899,6 @@
+ }
+ fprintf(stderr, "\n");
+ }
+- /* Copy modes, times, ownership, and remove the input file */
+- if (!to_stdout) {
+- copy_stat(&istat);
+- }
+ }
+
+ /* ========================================================================
+@@ -1317,6 +1316,7 @@
+ /* Copy the base name. Keep a directory prefix intact. */
+ char *p = base_name (ofname);
+ char *base = p;
++ char *base2;
+ for (;;) {
+ *p = (char)get_char();
+ if (*p++ == '\0') break;
+@@ -1324,6 +1324,8 @@
+ error("corrupted input -- file name too large");
+ }
+ }
++ base2 = basename (base);
++ strcpy(base, base2);
+ /* If necessary, adapt the name to local OS conventions: */
+ if (!list) {
+ MAKE_LEGAL_NAME(base);
+@@ -1725,7 +1727,7 @@
+ reset_times(ofname, ifstat);
+ #endif
+ /* Copy the protection modes */
+- if (chmod(ofname, ifstat->st_mode & 07777)) {
++ if (fchmod(ofd, ifstat->st_mode & 07777)) {
+ int e = errno;
+ WARN((stderr, "%s: ", progname));
+ if (!quiet) {
+@@ -1734,7 +1736,7 @@
+ }
+ }
+ #ifndef NO_CHOWN
+- chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
++ (void) fchown(ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
+ #endif
+ remove_ofname = 0;
+ /* It's now safe to remove the input file: */
diff --git a/archivers/gzip/files/patch-zgrep.in b/archivers/gzip/files/patch-zgrep.in
new file mode 100644
index 000000000000..3d1039b6ebd4
--- /dev/null
+++ b/archivers/gzip/files/patch-zgrep.in
@@ -0,0 +1,29 @@
+--- zgrep.in
++++ zgrep.in
+@@ -24,7 +24,7 @@
+
+ PATH="BINDIR:$PATH"; export PATH
+
+-prog=`echo $0 | sed 's|.*/||'`
++prog=`echo "$0" | sed 's|.*/||'`
+ case "$prog" in
+ *egrep) grep=${EGREP-egrep -a} ;;
+ *fgrep) grep=${FGREP-fgrep -a} ;;
+@@ -112,12 +112,15 @@
+ fi
+ $uncompress -cdfq "$i" |
+ if test $files_with_matches -eq 1; then
+- $grep $opt "$pat" > /dev/null && echo $i
++ $grep $opt "$pat" > /dev/null && printf "%s\n" "$i"
+ elif test $files_without_matches -eq 1; then
+- $grep $opt "$pat" > /dev/null || echo $i
++ $grep $opt "$pat" > /dev/null || printf "%s\n" "$i"
+ elif test $with_filename -eq 0 && { test $# -eq 1 || test $no_filename -eq 1; }; then
+ $grep $opt "$pat"
+ else
++ i=${i//\\/\\\\}
++ i=${i//|/\\|}
++ i=${i//&/\\&}
+ if test $with_filename -eq 1; then
+ sed_script="s|^[^:]*:|${i}:|"
+ else