# HG changeset patch # User Michael Schloh von Bennewitz # Date 1257798085 -3600 # Node ID b2ced78b5db3c02075bb5d412062273f410d7062 # Parent 073c5bb92328af7d0a2909408bae81eae8cb04c4 Import package vendor original specs for necessary manipulations. diff -r 073c5bb92328 -r b2ced78b5db3 gzip/gzip.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/gzip/gzip.patch Mon Nov 09 21:21:25 2009 +0100 @@ -0,0 +1,194 @@ +Security Fix + +Index: gzip.c +--- gzip.c.orig 2009-09-26 20:56:02 +0200 ++++ gzip.c 2009-10-07 07:59:53 +0200 +@@ -168,7 +168,7 @@ + DECLARE(uch, inbuf, INBUFSIZ +INBUF_EXTRA); + DECLARE(uch, outbuf, OUTBUFSIZ+OUTBUF_EXTRA); + DECLARE(ush, d_buf, DIST_BUFSIZE); +-DECLARE(uch, window, 2L*WSIZE); ++DECLARE(uch, window, 2L*WSIZE + 4096); /* enlarge to avoid crashs due to peeking beyond the buffer end */ + #ifndef MAXSEG_64K + DECLARE(ush, tab_prefix, 1L< 16) ++ error("Bad table\n"); ++ else ++ count[bitlen[i]]++; ++ } + + start[1] = 0; + for (i = 1; i <= 16; i++) + start[i + 1] = start[i] + (count[i] << (16 - i)); +- if ((start[17] & 0xffff) != 0) ++ if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */ + gzip_error ("Bad table\n"); + + jutbits = 16 - tablebits; +@@ -161,15 +166,15 @@ + + i = start[tablebits + 1] >> jutbits; + if (i != 0) { +- k = 1 << tablebits; +- while (i != k) table[i++] = 0; ++ k = MIN(1 << tablebits, DIST_BUFSIZE); ++ while (i < k) table[i++] = 0; + } + + avail = nchar; + mask = (unsigned) 1 << (15 - tablebits); + for (ch = 0; ch < (unsigned)nchar; ch++) { + if ((len = bitlen[ch]) == 0) continue; +- nextcode = start[len] + weight[len]; ++ nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE); + if (len <= (unsigned)tablebits) { + if ((unsigned) 1 << tablebits < nextcode) + gzip_error ("Bad table\n"); +@@ -212,7 +217,7 @@ + for (i = 0; i < 256; i++) pt_table[i] = c; + } else { + i = 0; +- while (i < n) { ++ while (i < MIN(n,NPT)) { + c = bitbuf >> (BITBUFSIZ - 3); + if (c == 7) { + mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3); +@@ -224,7 +229,7 @@ + pt_len[i++] = c; + if (i == i_special) { + c = getbits(2); +- while (--c >= 0) pt_len[i++] = 0; ++ while (--c >= 0 && i < NPT) pt_len[i++] = 0; + } + } + while (i < nn) pt_len[i++] = 0; +@@ -244,7 +249,7 @@ + for (i = 0; i < 4096; i++) c_table[i] = c; + } else { + i = 0; +- while (i < n) { ++ while (i < MIN(n,NC)) { + c = pt_table[bitbuf >> (BITBUFSIZ - 8)]; + if (c >= NT) { + mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8); +@@ -252,14 +257,14 @@ + if (bitbuf & mask) c = right[c]; + else c = left [c]; + mask >>= 1; +- } while (c >= NT); ++ } while (c >= NT && (mask || c != left[c])); + } + fillbuf((int) pt_len[c]); + if (c <= 2) { + if (c == 0) c = 1; + else if (c == 1) c = getbits(4) + 3; + else c = getbits(CBIT) + 20; +- while (--c >= 0) c_len[i++] = 0; ++ while (--c >= 0 && i < NC) c_len[i++] = 0; + } else c_len[i++] = c - 2; + } + while (i < NC) c_len[i++] = 0; +@@ -288,7 +293,7 @@ + if (bitbuf & mask) j = right[j]; + else j = left [j]; + mask >>= 1; +- } while (j >= NC); ++ } while (j >= NC && (mask || j != left[j])); + } + fillbuf((int) c_len[j]); + return j; +@@ -305,7 +310,7 @@ + if (bitbuf & mask) j = right[j]; + else j = left [j]; + mask >>= 1; +- } while (j >= NP); ++ } while (j >= NP && (mask || j != left[j])); + } + fillbuf((int) pt_len[j]); + if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1)); +@@ -352,7 +357,7 @@ + while (--j >= 0) { + buffer[r] = buffer[i]; + i = (i + 1) & (DICSIZ - 1); +- if (++r == count) return r; ++ if (++r >= count) return r; + } + for ( ; ; ) { + c = decode_c(); +@@ -362,14 +367,14 @@ + } + if (c <= UCHAR_MAX) { + buffer[r] = c; +- if (++r == count) return r; ++ if (++r >= count) return r; + } else { + j = c - (UCHAR_MAX + 1 - THRESHOLD); + i = (r - decode_p() - 1) & (DICSIZ - 1); + while (--j >= 0) { + buffer[r] = buffer[i]; + i = (i + 1) & (DICSIZ - 1); +- if (++r == count) return r; ++ if (++r >= count) return r; + } + } + } +Index: unpack.c +--- unpack.c.orig 2009-09-26 20:43:28 +0200 ++++ unpack.c 2009-10-07 07:59:53 +0200 +@@ -22,7 +22,6 @@ + #include "gzip.h" + #include "crypt.h" + +-#define MIN(a,b) ((a) <= (b) ? (a) : (b)) + /* The arguments must not have side effects. */ + + #define MAX_BITLEN 25 +@@ -146,7 +145,7 @@ + /* Remember where the literals of this length start in literal[] : */ + lit_base[len] = base; + /* And read the literals: */ +- for (n = leaves[len]; n > 0; n--) { ++ for (n = leaves[len]; n > 0 && base < LITERALS; n--) { + literal[base++] = (uch)get_byte(); + } + } +@@ -182,7 +181,7 @@ + prefixp = &prefix_len[1< prefix_len) *--prefixp = (uch)len; + } + /* The length of all other codes is unknown: */ + while (prefixp > prefix_len) *--prefixp = 0; diff -r 073c5bb92328 -r b2ced78b5db3 gzip/gzip.spec --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/gzip/gzip.spec Mon Nov 09 21:21:25 2009 +0100 @@ -0,0 +1,102 @@ +## +## gzip.spec -- OpenPKG RPM Package Specification +## Copyright (c) 2000-2009 OpenPKG Foundation e.V. +## +## Permission to use, copy, modify, and distribute this software for +## any purpose with or without fee is hereby granted, provided that +## the above copyright notice and this permission notice appear in all +## copies. +## +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR +## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +## SUCH DAMAGE. +## + +# package information +Name: gzip +Summary: De-/Compression with GZIP Algorithm +URL: http://www.gzip.org/ +Vendor: Jean-loup Gailly, Mark Adler +Packager: OpenPKG Foundation e.V. +Distribution: OpenPKG Community +Class: CORE +Group: Compression +License: GPL +Version: 1.3.13 +Release: 20091007 + +# list of sources +Source0: ftp://ftp.gnu.org/gnu/gzip/gzip-%{version}.tar.gz +Patch0: gzip.patch + +# build information +Prefix: %{l_prefix} +BuildRoot: %{l_buildroot} +BuildPreReq: OpenPKG, openpkg >= 20040130 +PreReq: OpenPKG, openpkg >= 20040130 +AutoReq: no +AutoReqProv: no + +%description + GNU zip (gzip) is a compression utility designed to be a replacement + for the traditional Unix utility compress(1). Its main advantages + over compress(1) are much better compression and freedom from + patented algorithms. gzip produces files with a .gz extension. + gunzip can decompress files created by gzip, compress and pack. The + detection of the input format is automatic. The format of the .gz + files generated by gzip is described in RFCs (Request For Comments) + 1951 and 1952. + +%track + prog gzip = { + version = %{version} + url = ftp://ftp.gnu.org/gnu/gzip/ + regex = gzip-(__VER__)\.tar(\.gz)? + } + +%prep + %setup -q + %patch -p0 + +%build + # configure package + echo "ac_cv_path_shell=%{l_bash}" >config.cache + %{l_shtool} subst -e 's/futimens/gzip_&/' gzip.c lib/utimens.[ch] + CC="%{l_cc}" \ + CFLAGS="%{l_cflags -O}" \ + GREP="grep" \ + ./configure \ + --cache-file=./config.cache \ + --prefix=%{l_prefix} \ + --datarootdir=%{l_prefix} + + # build package + %{l_make} %{l_mflags -O} + +%install + rm -rf $RPM_BUILD_ROOT + + # install package + %{l_make} %{l_mflags} install AM_MAKEFLAGS="DESTDIR=$RPM_BUILD_ROOT" + + # strip down installation + rm -f $RPM_BUILD_ROOT%{l_prefix}/info/dir + strip $RPM_BUILD_ROOT%{l_prefix}/bin/* 2>/dev/null || true + + # determine installation files + %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT %{l_files_std} + +%files -f files + +%clean + rm -rf $RPM_BUILD_ROOT +