OpenPKG Specs: gzip/gzip.patch@f4a0b439d0fb (annotated)

gzip/gzip.patch@f4a0b439d0fb (annotated)

gzip/gzip.patch

Fri, 15 Oct 2010 19:06:09 +0200

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Fri, 15 Oct 2010 19:06:09 +0200
changeset 263: f4a0b439d0fb
permissions: -rw-r--r--

Correct shared library and plugin link logic, as well as informal text.
Update file server URL, update build resource estimations, correct RPATH
logic, allow for qmake(1) static to shared library changes via CONFIG
argument, correct documentation broken title and index links, correct
shared library install path, install only one set of (correct) plugins,
install the designer shared library (as required by QtCreator), announce
features related to shared linking using qmake(1), and correclty
substitute hard coded paths in prl and la library files.

 Security Fix
 Index: gzip.c
 --- gzip.c.orig	2009-09-26 20:56:02 +0200
 +++ gzip.c	2009-10-07 07:59:53 +0200
@@ -168,7 +168,7 @@
  DECLARE(uch, inbuf,  INBUFSIZ +INBUF_EXTRA);
  DECLARE(uch, outbuf, OUTBUFSIZ+OUTBUF_EXTRA);
  DECLARE(ush, d_buf,  DIST_BUFSIZE);
 -DECLARE(uch, window, 2L*WSIZE);
 +DECLARE(uch, window, 2L*WSIZE + 4096); /* enlarge to avoid crashs due to peeking beyond the buffer end */
  #ifndef MAXSEG_64K
      DECLARE(ush, tab_prefix, 1L<<BITS);
  #else
 -----------------------------------------------------------------------------
 Security Fixes
 - OOB write        (CVE-2006-4335)
 - Buffer underflow (CVE-2006-4336)
 - Buffer overflow  (CVE-2006-4337)
 - Infinite loop    (CVE-2006-4338)
 Index: gzip.h
 --- gzip.h.orig	2009-09-26 20:43:28 +0200
 +++ gzip.h	2009-10-07 07:59:53 +0200
@@ -223,6 +223,8 @@
  extern int to_stdout;      /* output to stdout (-c) */
  extern int save_orig_name; /* set if original name must be saved */
 +#define MIN(a,b) ((a) <= (b) ? (a) : (b))
 +
  #define get_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(0))
  #define try_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(1))
 Index: unlzh.c
 --- unlzh.c.orig	2009-09-26 20:20:40 +0200
 +++ unlzh.c	2009-10-07 07:59:53 +0200
@@ -141,12 +141,17 @@
      unsigned i, k, len, ch, jutbits, avail, nextcode, mask;
      for (i = 1; i <= 16; i++) count[i] = 0;
 -    for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++;
 +    for (i = 0; i < (unsigned)nchar; i++) {
 +        if (bitlen[i] > 16)
 +            error("Bad table\n");
 +        else
 +            count[bitlen[i]]++;
 +    }
      start[1] = 0;
      for (i = 1; i <= 16; i++)
  	start[i + 1] = start[i] + (count[i] << (16 - i));
 -    if ((start[17] & 0xffff) != 0)
 +    if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
        gzip_error ("Bad table\n");
      jutbits = 16 - tablebits;
@@ -161,15 +166,15 @@
      i = start[tablebits + 1] >> jutbits;
      if (i != 0) {
 -	k = 1 << tablebits;
 -	while (i != k) table[i++] = 0;
 +	k = MIN(1 << tablebits, DIST_BUFSIZE);
 +	while (i < k) table[i++] = 0;
      }
      avail = nchar;
      mask = (unsigned) 1 << (15 - tablebits);
      for (ch = 0; ch < (unsigned)nchar; ch++) {
  	if ((len = bitlen[ch]) == 0) continue;
 -	nextcode = start[len] + weight[len];
 +	nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE);
  	if (len <= (unsigned)tablebits) {
  	    if ((unsigned) 1 << tablebits < nextcode)
  	      gzip_error ("Bad table\n");
@@ -212,7 +217,7 @@
  	for (i = 0; i < 256; i++) pt_table[i] = c;
      } else {
  	i = 0;
 -	while (i < n) {
 +	while (i < MIN(n,NPT)) {
  	    c = bitbuf >> (BITBUFSIZ - 3);
  	    if (c == 7) {
  		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3);
@@ -224,7 +229,7 @@
  	    pt_len[i++] = c;
  	    if (i == i_special) {
  		c = getbits(2);
 -		while (--c >= 0) pt_len[i++] = 0;
 +		while (--c >= 0 && i < NPT) pt_len[i++] = 0;
  	    }
  	}
  	while (i < nn) pt_len[i++] = 0;
@@ -244,7 +249,7 @@
  	for (i = 0; i < 4096; i++) c_table[i] = c;
      } else {
  	i = 0;
 -	while (i < n) {
 +	while (i < MIN(n,NC)) {
  	    c = pt_table[bitbuf >> (BITBUFSIZ - 8)];
  	    if (c >= NT) {
  		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8);
@@ -252,14 +257,14 @@
  		    if (bitbuf & mask) c = right[c];
  		    else               c = left [c];
  		    mask >>= 1;
 -		} while (c >= NT);
 +		} while (c >= NT && (mask || c != left[c]));
  	    }
  	    fillbuf((int) pt_len[c]);
  	    if (c <= 2) {
  		if      (c == 0) c = 1;
  		else if (c == 1) c = getbits(4) + 3;
  		else             c = getbits(CBIT) + 20;
 -		while (--c >= 0) c_len[i++] = 0;
 +		while (--c >= 0 && i < NC) c_len[i++] = 0;
  	    } else c_len[i++] = c - 2;
  	}
  	while (i < NC) c_len[i++] = 0;
@@ -288,7 +293,7 @@
  	    if (bitbuf & mask) j = right[j];
  	    else               j = left [j];
  	    mask >>= 1;
 -	} while (j >= NC);
 +	} while (j >= NC && (mask || j != left[j]));
      }
      fillbuf((int) c_len[j]);
      return j;
@@ -305,7 +310,7 @@
  	    if (bitbuf & mask) j = right[j];
  	    else               j = left [j];
  	    mask >>= 1;
 -	} while (j >= NP);
 +	} while (j >= NP && (mask || j != left[j]));
      }
      fillbuf((int) pt_len[j]);
      if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1));
@@ -352,7 +357,7 @@
      while (--j >= 0) {
  	buffer[r] = buffer[i];
  	i = (i + 1) & (DICSIZ - 1);
 -	if (++r == count) return r;
 +	if (++r >= count) return r;
      }
      for ( ; ; ) {
  	c = decode_c();
@@ -362,14 +367,14 @@
  	}
  	if (c <= UCHAR_MAX) {
  	    buffer[r] = c;
 -	    if (++r == count) return r;
 +	    if (++r >= count) return r;
  	} else {
  	    j = c - (UCHAR_MAX + 1 - THRESHOLD);
  	    i = (r - decode_p() - 1) & (DICSIZ - 1);
  	    while (--j >= 0) {
  		buffer[r] = buffer[i];
  		i = (i + 1) & (DICSIZ - 1);
 -		if (++r == count) return r;
 +		if (++r >= count) return r;
  	    }
  	}
      }
 Index: unpack.c
 --- unpack.c.orig	2009-09-26 20:43:28 +0200
 +++ unpack.c	2009-10-07 07:59:53 +0200
@@ -22,7 +22,6 @@
  #include "gzip.h"
  #include "crypt.h"
 -#define MIN(a,b) ((a) <= (b) ? (a) : (b))
  /* The arguments must not have side effects. */
  #define MAX_BITLEN 25
@@ -146,7 +145,7 @@
  	/* Remember where the literals of this length start in literal[] : */
  	lit_base[len] = base;
  	/* And read the literals: */
 -	for (n = leaves[len]; n > 0; n--) {
 +	for (n = leaves[len]; n > 0 && base < LITERALS; n--) {
  	    literal[base++] = (uch)get_byte();
  	}
      }
@@ -182,7 +181,7 @@
      prefixp = &prefix_len[1<<peek_bits];
      for (len = 1; len <= peek_bits; len++) {
  	int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */
 -	while (prefixes--) *--prefixp = (uch)len;
 +	while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len;
      }
      /* The length of all other codes is unknown: */
      while (prefixp > prefix_len) *--prefixp = 0;

OpenPKG Specs / annotate

gzip/gzip.patch@f4a0b439d0fb (annotated)

gzip/gzip.patch