changeset
Import package vendor original specs for necessary manipulations.
Mon, 09 Nov 2009 21:21:25 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 09 Nov 2009 21:21:25 +0100
- changeset 241
- b2ced78b5db3
- parent 240
- 073c5bb92328
- child 242
- 7d777a650a23
Import package vendor original specs for necessary manipulations.
| gzip/gzip.patch | file | annotate | diff | comparison | revisions | |
| gzip/gzip.spec | file | annotate | diff | comparison | revisions |
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/gzip/gzip.patch Mon Nov 09 21:21:25 2009 +0100 1.3 @@ -0,0 +1,194 @@ 1.4 +Security Fix 1.5 + 1.6 +Index: gzip.c 1.7 +--- gzip.c.orig 2009-09-26 20:56:02 +0200 1.8 ++++ gzip.c 2009-10-07 07:59:53 +0200 1.9 +@@ -168,7 +168,7 @@ 1.10 + DECLARE(uch, inbuf, INBUFSIZ +INBUF_EXTRA); 1.11 + DECLARE(uch, outbuf, OUTBUFSIZ+OUTBUF_EXTRA); 1.12 + DECLARE(ush, d_buf, DIST_BUFSIZE); 1.13 +-DECLARE(uch, window, 2L*WSIZE); 1.14 ++DECLARE(uch, window, 2L*WSIZE + 4096); /* enlarge to avoid crashs due to peeking beyond the buffer end */ 1.15 + #ifndef MAXSEG_64K 1.16 + DECLARE(ush, tab_prefix, 1L<<BITS); 1.17 + #else 1.18 + 1.19 +----------------------------------------------------------------------------- 1.20 + 1.21 +Security Fixes 1.22 +- OOB write (CVE-2006-4335) 1.23 +- Buffer underflow (CVE-2006-4336) 1.24 +- Buffer overflow (CVE-2006-4337) 1.25 +- Infinite loop (CVE-2006-4338) 1.26 + 1.27 +Index: gzip.h 1.28 +--- gzip.h.orig 2009-09-26 20:43:28 +0200 1.29 ++++ gzip.h 2009-10-07 07:59:53 +0200 1.30 +@@ -223,6 +223,8 @@ 1.31 + extern int to_stdout; /* output to stdout (-c) */ 1.32 + extern int save_orig_name; /* set if original name must be saved */ 1.33 + 1.34 ++#define MIN(a,b) ((a) <= (b) ? (a) : (b)) 1.35 ++ 1.36 + #define get_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(0)) 1.37 + #define try_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(1)) 1.38 + 1.39 +Index: unlzh.c 1.40 +--- unlzh.c.orig 2009-09-26 20:20:40 +0200 1.41 ++++ unlzh.c 2009-10-07 07:59:53 +0200 1.42 +@@ -141,12 +141,17 @@ 1.43 + unsigned i, k, len, ch, jutbits, avail, nextcode, mask; 1.44 + 1.45 + for (i = 1; i <= 16; i++) count[i] = 0; 1.46 +- for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++; 1.47 ++ for (i = 0; i < (unsigned)nchar; i++) { 1.48 ++ if (bitlen[i] > 16) 1.49 ++ error("Bad table\n"); 1.50 ++ else 1.51 ++ count[bitlen[i]]++; 1.52 ++ } 1.53 + 1.54 + start[1] = 0; 1.55 + for (i = 1; i <= 16; i++) 1.56 + start[i + 1] = start[i] + (count[i] << (16 - i)); 1.57 +- if ((start[17] & 0xffff) != 0) 1.58 ++ if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */ 1.59 + gzip_error ("Bad table\n"); 1.60 + 1.61 + jutbits = 16 - tablebits; 1.62 +@@ -161,15 +166,15 @@ 1.63 + 1.64 + i = start[tablebits + 1] >> jutbits; 1.65 + if (i != 0) { 1.66 +- k = 1 << tablebits; 1.67 +- while (i != k) table[i++] = 0; 1.68 ++ k = MIN(1 << tablebits, DIST_BUFSIZE); 1.69 ++ while (i < k) table[i++] = 0; 1.70 + } 1.71 + 1.72 + avail = nchar; 1.73 + mask = (unsigned) 1 << (15 - tablebits); 1.74 + for (ch = 0; ch < (unsigned)nchar; ch++) { 1.75 + if ((len = bitlen[ch]) == 0) continue; 1.76 +- nextcode = start[len] + weight[len]; 1.77 ++ nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE); 1.78 + if (len <= (unsigned)tablebits) { 1.79 + if ((unsigned) 1 << tablebits < nextcode) 1.80 + gzip_error ("Bad table\n"); 1.81 +@@ -212,7 +217,7 @@ 1.82 + for (i = 0; i < 256; i++) pt_table[i] = c; 1.83 + } else { 1.84 + i = 0; 1.85 +- while (i < n) { 1.86 ++ while (i < MIN(n,NPT)) { 1.87 + c = bitbuf >> (BITBUFSIZ - 3); 1.88 + if (c == 7) { 1.89 + mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3); 1.90 +@@ -224,7 +229,7 @@ 1.91 + pt_len[i++] = c; 1.92 + if (i == i_special) { 1.93 + c = getbits(2); 1.94 +- while (--c >= 0) pt_len[i++] = 0; 1.95 ++ while (--c >= 0 && i < NPT) pt_len[i++] = 0; 1.96 + } 1.97 + } 1.98 + while (i < nn) pt_len[i++] = 0; 1.99 +@@ -244,7 +249,7 @@ 1.100 + for (i = 0; i < 4096; i++) c_table[i] = c; 1.101 + } else { 1.102 + i = 0; 1.103 +- while (i < n) { 1.104 ++ while (i < MIN(n,NC)) { 1.105 + c = pt_table[bitbuf >> (BITBUFSIZ - 8)]; 1.106 + if (c >= NT) { 1.107 + mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8); 1.108 +@@ -252,14 +257,14 @@ 1.109 + if (bitbuf & mask) c = right[c]; 1.110 + else c = left [c]; 1.111 + mask >>= 1; 1.112 +- } while (c >= NT); 1.113 ++ } while (c >= NT && (mask || c != left[c])); 1.114 + } 1.115 + fillbuf((int) pt_len[c]); 1.116 + if (c <= 2) { 1.117 + if (c == 0) c = 1; 1.118 + else if (c == 1) c = getbits(4) + 3; 1.119 + else c = getbits(CBIT) + 20; 1.120 +- while (--c >= 0) c_len[i++] = 0; 1.121 ++ while (--c >= 0 && i < NC) c_len[i++] = 0; 1.122 + } else c_len[i++] = c - 2; 1.123 + } 1.124 + while (i < NC) c_len[i++] = 0; 1.125 +@@ -288,7 +293,7 @@ 1.126 + if (bitbuf & mask) j = right[j]; 1.127 + else j = left [j]; 1.128 + mask >>= 1; 1.129 +- } while (j >= NC); 1.130 ++ } while (j >= NC && (mask || j != left[j])); 1.131 + } 1.132 + fillbuf((int) c_len[j]); 1.133 + return j; 1.134 +@@ -305,7 +310,7 @@ 1.135 + if (bitbuf & mask) j = right[j]; 1.136 + else j = left [j]; 1.137 + mask >>= 1; 1.138 +- } while (j >= NP); 1.139 ++ } while (j >= NP && (mask || j != left[j])); 1.140 + } 1.141 + fillbuf((int) pt_len[j]); 1.142 + if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1)); 1.143 +@@ -352,7 +357,7 @@ 1.144 + while (--j >= 0) { 1.145 + buffer[r] = buffer[i]; 1.146 + i = (i + 1) & (DICSIZ - 1); 1.147 +- if (++r == count) return r; 1.148 ++ if (++r >= count) return r; 1.149 + } 1.150 + for ( ; ; ) { 1.151 + c = decode_c(); 1.152 +@@ -362,14 +367,14 @@ 1.153 + } 1.154 + if (c <= UCHAR_MAX) { 1.155 + buffer[r] = c; 1.156 +- if (++r == count) return r; 1.157 ++ if (++r >= count) return r; 1.158 + } else { 1.159 + j = c - (UCHAR_MAX + 1 - THRESHOLD); 1.160 + i = (r - decode_p() - 1) & (DICSIZ - 1); 1.161 + while (--j >= 0) { 1.162 + buffer[r] = buffer[i]; 1.163 + i = (i + 1) & (DICSIZ - 1); 1.164 +- if (++r == count) return r; 1.165 ++ if (++r >= count) return r; 1.166 + } 1.167 + } 1.168 + } 1.169 +Index: unpack.c 1.170 +--- unpack.c.orig 2009-09-26 20:43:28 +0200 1.171 ++++ unpack.c 2009-10-07 07:59:53 +0200 1.172 +@@ -22,7 +22,6 @@ 1.173 + #include "gzip.h" 1.174 + #include "crypt.h" 1.175 + 1.176 +-#define MIN(a,b) ((a) <= (b) ? (a) : (b)) 1.177 + /* The arguments must not have side effects. */ 1.178 + 1.179 + #define MAX_BITLEN 25 1.180 +@@ -146,7 +145,7 @@ 1.181 + /* Remember where the literals of this length start in literal[] : */ 1.182 + lit_base[len] = base; 1.183 + /* And read the literals: */ 1.184 +- for (n = leaves[len]; n > 0; n--) { 1.185 ++ for (n = leaves[len]; n > 0 && base < LITERALS; n--) { 1.186 + literal[base++] = (uch)get_byte(); 1.187 + } 1.188 + } 1.189 +@@ -182,7 +181,7 @@ 1.190 + prefixp = &prefix_len[1<<peek_bits]; 1.191 + for (len = 1; len <= peek_bits; len++) { 1.192 + int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */ 1.193 +- while (prefixes--) *--prefixp = (uch)len; 1.194 ++ while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len; 1.195 + } 1.196 + /* The length of all other codes is unknown: */ 1.197 + while (prefixp > prefix_len) *--prefixp = 0;
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/gzip/gzip.spec Mon Nov 09 21:21:25 2009 +0100 2.3 @@ -0,0 +1,102 @@ 2.4 +## 2.5 +## gzip.spec -- OpenPKG RPM Package Specification 2.6 +## Copyright (c) 2000-2009 OpenPKG Foundation e.V. <http://openpkg.net/> 2.7 +## 2.8 +## Permission to use, copy, modify, and distribute this software for 2.9 +## any purpose with or without fee is hereby granted, provided that 2.10 +## the above copyright notice and this permission notice appear in all 2.11 +## copies. 2.12 +## 2.13 +## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 2.14 +## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 2.15 +## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 2.16 +## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR 2.17 +## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 2.18 +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 2.19 +## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 2.20 +## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 2.21 +## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 2.22 +## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 2.23 +## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2.24 +## SUCH DAMAGE. 2.25 +## 2.26 + 2.27 +# package information 2.28 +Name: gzip 2.29 +Summary: De-/Compression with GZIP Algorithm 2.30 +URL: http://www.gzip.org/ 2.31 +Vendor: Jean-loup Gailly, Mark Adler 2.32 +Packager: OpenPKG Foundation e.V. 2.33 +Distribution: OpenPKG Community 2.34 +Class: CORE 2.35 +Group: Compression 2.36 +License: GPL 2.37 +Version: 1.3.13 2.38 +Release: 20091007 2.39 + 2.40 +# list of sources 2.41 +Source0: ftp://ftp.gnu.org/gnu/gzip/gzip-%{version}.tar.gz 2.42 +Patch0: gzip.patch 2.43 + 2.44 +# build information 2.45 +Prefix: %{l_prefix} 2.46 +BuildRoot: %{l_buildroot} 2.47 +BuildPreReq: OpenPKG, openpkg >= 20040130 2.48 +PreReq: OpenPKG, openpkg >= 20040130 2.49 +AutoReq: no 2.50 +AutoReqProv: no 2.51 + 2.52 +%description 2.53 + GNU zip (gzip) is a compression utility designed to be a replacement 2.54 + for the traditional Unix utility compress(1). Its main advantages 2.55 + over compress(1) are much better compression and freedom from 2.56 + patented algorithms. gzip produces files with a .gz extension. 2.57 + gunzip can decompress files created by gzip, compress and pack. The 2.58 + detection of the input format is automatic. The format of the .gz 2.59 + files generated by gzip is described in RFCs (Request For Comments) 2.60 + 1951 and 1952. 2.61 + 2.62 +%track 2.63 + prog gzip = { 2.64 + version = %{version} 2.65 + url = ftp://ftp.gnu.org/gnu/gzip/ 2.66 + regex = gzip-(__VER__)\.tar(\.gz)? 2.67 + } 2.68 + 2.69 +%prep 2.70 + %setup -q 2.71 + %patch -p0 2.72 + 2.73 +%build 2.74 + # configure package 2.75 + echo "ac_cv_path_shell=%{l_bash}" >config.cache 2.76 + %{l_shtool} subst -e 's/futimens/gzip_&/' gzip.c lib/utimens.[ch] 2.77 + CC="%{l_cc}" \ 2.78 + CFLAGS="%{l_cflags -O}" \ 2.79 + GREP="grep" \ 2.80 + ./configure \ 2.81 + --cache-file=./config.cache \ 2.82 + --prefix=%{l_prefix} \ 2.83 + --datarootdir=%{l_prefix} 2.84 + 2.85 + # build package 2.86 + %{l_make} %{l_mflags -O} 2.87 + 2.88 +%install 2.89 + rm -rf $RPM_BUILD_ROOT 2.90 + 2.91 + # install package 2.92 + %{l_make} %{l_mflags} install AM_MAKEFLAGS="DESTDIR=$RPM_BUILD_ROOT" 2.93 + 2.94 + # strip down installation 2.95 + rm -f $RPM_BUILD_ROOT%{l_prefix}/info/dir 2.96 + strip $RPM_BUILD_ROOT%{l_prefix}/bin/* 2>/dev/null || true 2.97 + 2.98 + # determine installation files 2.99 + %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT %{l_files_std} 2.100 + 2.101 +%files -f files 2.102 + 2.103 +%clean 2.104 + rm -rf $RPM_BUILD_ROOT 2.105 +
