- Update to 1.3.12

- Fix security issues [1]

Obtained from:	SA-06:21.gzip [1]
Security:	11a84092-8f9f-11db-ab33-000e0c2e438a,
		SA-06:21.gzip

4 files changed, 198 insertions, 4 deletions

diff --git a/archivers/gzip/Makefile b/archivers/gzip/Makefile
index 8aea2d4c02f4..905e79f35ccd 100644
--- a/archivers/gzip/Makefile
+++ b/archivers/gzip/Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	gzip
-PORTVERSION=	1.3.9
+PORTVERSION=	1.3.12
 CATEGORIES=	archivers
 MASTER_SITES=	${MASTER_SITE_GNU}
 MASTER_SITE_SUBDIR=	${PORTNAME}
diff --git a/archivers/gzip/distinfo b/archivers/gzip/distinfo
index 3b1124ea1140..5f06a0fac7a5 100644
--- a/archivers/gzip/distinfo
+++ b/archivers/gzip/distinfo
@@ -1,3 +1,3 @@
-MD5 (gzip-1.3.9.tar.gz) = 7cf923b24b718c418e85a283b2260e14
-SHA256 (gzip-1.3.9.tar.gz) = a6fdbe5ce21f5e4ce219375c29e842da517e61a56900a678cf258b4fdd603e72
-SIZE (gzip-1.3.9.tar.gz) = 420737
+MD5 (gzip-1.3.12.tar.gz) = b5bac2d21840ae077e0217bc5e4845b1
+SHA256 (gzip-1.3.12.tar.gz) = 3f565be05f7f3d1aff117c030eb7c738300510b7d098cedea796ca8e4cd587af
+SIZE (gzip-1.3.12.tar.gz) = 462169
diff --git a/archivers/gzip/files/patch-FreeBSD-SA-06-21.gzip b/archivers/gzip/files/patch-FreeBSD-SA-06-21.gzip
new file mode 100644
index 000000000000..c754c98074be
--- /dev/null
+++ b/archivers/gzip/files/patch-FreeBSD-SA-06-21.gzip
@@ -0,0 +1,193 @@
+--- gzip.h.orig	Tue Jun  5 16:51:48 2007
++++ gzip.h	Tue Jun  5 16:52:40 2007
+@@ -223,6 +223,8 @@
+ extern int to_stdout;      /* output to stdout (-c) */
+ extern int save_orig_name; /* set if original name must be saved */
+ 
++#define MIN(a,b) ((a) <= (b) ? (a) : (b))
++
+ #define get_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(0))
+ #define try_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(1))
+ 
+--- inflate.c.orig	Tue Jun  5 16:41:18 2007
++++ inflate.c	Tue Jun  5 16:42:31 2007
+@@ -335,16 +335,9 @@
+   } while (--i);
+   if (c[0] == n)                /* null input--all zero length codes */
+   {
+-    q = (struct huft *) malloc (2 * sizeof *q);
+-    if (!q)
+-      return 3;
+-    hufts += 2;
+-    q[0].v.t = (struct huft *) NULL;
+-    q[1].e = 99;    /* invalid code marker */
+-    q[1].b = 1;
+-    *t = q + 1;
+-    *m = 1;
+-    return 0;
++    *t = (struct huft *)NULL;
++    *m = 0;
++    return 2;  
+   }
+ 
+ 
+--- unlzh.c.orig	Tue Jun  5 16:42:54 2007
++++ unlzh.c	Tue Jun  5 16:50:29 2007
+@@ -145,13 +145,17 @@
+     unsigned i, k, len, ch, jutbits, avail, nextcode, mask;
+ 
+     for (i = 1; i <= 16; i++) count[i] = 0;
+-    for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++;
++    for (i = 0; i < (unsigned)nchar; i++) {
++	if (bitlen[i] > 16)
++	gzip_error("Bad table (case a)\n");
++	else count[bitlen[i]]++;
++    }
+ 
+     start[1] = 0;
+     for (i = 1; i <= 16; i++)
+ 	start[i + 1] = start[i] + (count[i] << (16 - i));
+-    if ((start[17] & 0xffff) != 0)
+-      gzip_error ("Bad table\n");
++    if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
++	gzip_error("Bad table (case b)\n");
+ 
+     jutbits = 16 - tablebits;
+     for (i = 1; i <= (unsigned)tablebits; i++) {
+@@ -165,15 +169,15 @@
+ 
+     i = start[tablebits + 1] >> jutbits;
+     if (i != 0) {
+-	k = 1 << tablebits;
+-	while (i != k) table[i++] = 0;
++	k = MIN(1 << tablebits, DIST_BUFSIZE);
++	while (i < k) table[i++] = 0;
+     }
+ 
+     avail = nchar;
+     mask = (unsigned) 1 << (15 - tablebits);
+     for (ch = 0; ch < (unsigned)nchar; ch++) {
+ 	if ((len = bitlen[ch]) == 0) continue;
+-	nextcode = start[len] + weight[len];
++	nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE);
+ 	if (len <= (unsigned)tablebits) {
+ 	    if ((unsigned) 1 << tablebits < nextcode)
+ 	      gzip_error ("Bad table\n");
+@@ -216,7 +220,7 @@
+ 	for (i = 0; i < 256; i++) pt_table[i] = c;
+     } else {
+ 	i = 0;
+-	while (i < n) {
++	while (i < MIN(n,NPT)) {
+ 	    c = bitbuf >> (BITBUFSIZ - 3);
+ 	    if (c == 7) {
+ 		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3);
+@@ -228,7 +232,7 @@
+ 	    pt_len[i++] = c;
+ 	    if (i == i_special) {
+ 		c = getbits(2);
+-		while (--c >= 0) pt_len[i++] = 0;
++		while (--c >= 0 && i < NPT) pt_len[i++] = 0;
+ 	    }
+ 	}
+ 	while (i < nn) pt_len[i++] = 0;
+@@ -248,7 +252,7 @@
+ 	for (i = 0; i < 4096; i++) c_table[i] = c;
+     } else {
+ 	i = 0;
+-	while (i < n) {
++	while (i < MIN(n,NC)) {
+ 	    c = pt_table[bitbuf >> (BITBUFSIZ - 8)];
+ 	    if (c >= NT) {
+ 		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8);
+@@ -256,14 +260,14 @@
+ 		    if (bitbuf & mask) c = right[c];
+ 		    else               c = left [c];
+ 		    mask >>= 1;
+-		} while (c >= NT);
++		} while (c >= NT && (mask || c != left[c]));
+ 	    }
+ 	    fillbuf((int) pt_len[c]);
+ 	    if (c <= 2) {
+ 		if      (c == 0) c = 1;
+ 		else if (c == 1) c = getbits(4) + 3;
+ 		else             c = getbits(CBIT) + 20;
+-		while (--c >= 0) c_len[i++] = 0;
++		while (--c >= 0 && i < NC) c_len[i++] = 0;
+ 	    } else c_len[i++] = c - 2;
+ 	}
+ 	while (i < NC) c_len[i++] = 0;
+@@ -292,7 +296,7 @@
+ 	    if (bitbuf & mask) j = right[j];
+ 	    else               j = left [j];
+ 	    mask >>= 1;
+-	} while (j >= NC);
++	} while (j >= NC && (mask || j != left[j]));
+     }
+     fillbuf((int) c_len[j]);
+     return j;
+@@ -309,7 +313,7 @@
+ 	    if (bitbuf & mask) j = right[j];
+ 	    else               j = left [j];
+ 	    mask >>= 1;
+-	} while (j >= NP);
++	} while (j >= NP && (mask || j != left[j]));
+     }
+     fillbuf((int) pt_len[j]);
+     if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1));
+@@ -356,7 +360,7 @@
+     while (--j >= 0) {
+ 	buffer[r] = buffer[i];
+ 	i = (i + 1) & (DICSIZ - 1);
+-	if (++r == count) return r;
++	if (++r >= count) return r;
+     }
+     for ( ; ; ) {
+ 	c = decode_c();
+@@ -366,14 +370,14 @@
+ 	}
+ 	if (c <= UCHAR_MAX) {
+ 	    buffer[r] = c;
+-	    if (++r == count) return r;
++	    if (++r >= count) return r;
+ 	} else {
+ 	    j = c - (UCHAR_MAX + 1 - THRESHOLD);
+ 	    i = (r - decode_p() - 1) & (DICSIZ - 1);
+ 	    while (--j >= 0) {
+ 		buffer[r] = buffer[i];
+ 		i = (i + 1) & (DICSIZ - 1);
+-		if (++r == count) return r;
++		if (++r >= count) return r;
+ 	    }
+ 	}
+     }
+--- unpack.c.orig	Tue Jun  5 16:50:39 2007
++++ unpack.c	Tue Jun  5 16:51:36 2007
+@@ -26,9 +26,6 @@
+ #include "gzip.h"
+ #include "crypt.h"
+ 
+-#define MIN(a,b) ((a) <= (b) ? (a) : (b))
+-/* The arguments must not have side effects. */
+-
+ #define MAX_BITLEN 25
+ /* Maximum length of Huffman codes. (Minor modifications to the code
+  * would be needed to support 32 bits codes, but pack never generates
+@@ -150,7 +147,7 @@
+ 	/* Remember where the literals of this length start in literal[] : */
+ 	lit_base[len] = base;
+ 	/* And read the literals: */
+-	for (n = leaves[len]; n > 0; n--) {
++	for (n = leaves[len]; n > 0 && base < LITERALS; n--) {
+ 	    literal[base++] = (uch)get_byte();
+ 	}
+     }
+@@ -186,7 +183,7 @@
+     prefixp = &prefix_len[1<<peek_bits];
+     for (len = 1; len <= peek_bits; len++) {
+ 	int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */
+-	while (prefixes--) *--prefixp = (uch)len;
++	while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len;
+     }
+     /* The length of all other codes is unknown: */
+     while (prefixp > prefix_len) *--prefixp = 0;
diff --git a/archivers/gzip/pkg-plist b/archivers/gzip/pkg-plist
index 0f1b294d7446..9ab8d09e234e 100644
--- a/archivers/gzip/pkg-plist
+++ b/archivers/gzip/pkg-plist
@@ -2,6 +2,7 @@
 bin/gunzip
 bin/gzexe
 bin/gzip
+bin/uncompress
 bin/zcat
 bin/zcmp
 bin/zdiff