changeset
Remove package as similar upstream changes render local maintenance redundant.
Tue, 28 Aug 2012 18:54:50 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Tue, 28 Aug 2012 18:54:50 +0200
- changeset 619
- c1ab501b4751
- parent 618
- ad6720734733
- child 620
- 7a6617235946
Remove package as similar upstream changes render local maintenance redundant.
| gzip/gzip.patch | file | annotate | diff | comparison | revisions | |
| gzip/gzip.spec | file | annotate | diff | comparison | revisions |
1.1 --- a/gzip/gzip.patch Tue Aug 28 18:54:40 2012 +0200 1.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 1.3 @@ -1,194 +0,0 @@ 1.4 -Security Fix 1.5 - 1.6 -Index: gzip.c 1.7 ---- gzip.c.orig 2009-09-26 20:56:02 +0200 1.8 -+++ gzip.c 2009-10-07 07:59:53 +0200 1.9 -@@ -168,7 +168,7 @@ 1.10 - DECLARE(uch, inbuf, INBUFSIZ +INBUF_EXTRA); 1.11 - DECLARE(uch, outbuf, OUTBUFSIZ+OUTBUF_EXTRA); 1.12 - DECLARE(ush, d_buf, DIST_BUFSIZE); 1.13 --DECLARE(uch, window, 2L*WSIZE); 1.14 -+DECLARE(uch, window, 2L*WSIZE + 4096); /* enlarge to avoid crashs due to peeking beyond the buffer end */ 1.15 - #ifndef MAXSEG_64K 1.16 - DECLARE(ush, tab_prefix, 1L<<BITS); 1.17 - #else 1.18 - 1.19 ------------------------------------------------------------------------------ 1.20 - 1.21 -Security Fixes 1.22 -- OOB write (CVE-2006-4335) 1.23 -- Buffer underflow (CVE-2006-4336) 1.24 -- Buffer overflow (CVE-2006-4337) 1.25 -- Infinite loop (CVE-2006-4338) 1.26 - 1.27 -Index: gzip.h 1.28 ---- gzip.h.orig 2009-09-26 20:43:28 +0200 1.29 -+++ gzip.h 2009-10-07 07:59:53 +0200 1.30 -@@ -223,6 +223,8 @@ 1.31 - extern int to_stdout; /* output to stdout (-c) */ 1.32 - extern int save_orig_name; /* set if original name must be saved */ 1.33 - 1.34 -+#define MIN(a,b) ((a) <= (b) ? (a) : (b)) 1.35 -+ 1.36 - #define get_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(0)) 1.37 - #define try_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(1)) 1.38 - 1.39 -Index: unlzh.c 1.40 ---- unlzh.c.orig 2009-09-26 20:20:40 +0200 1.41 -+++ unlzh.c 2009-10-07 07:59:53 +0200 1.42 -@@ -141,12 +141,17 @@ 1.43 - unsigned i, k, len, ch, jutbits, avail, nextcode, mask; 1.44 - 1.45 - for (i = 1; i <= 16; i++) count[i] = 0; 1.46 -- for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++; 1.47 -+ for (i = 0; i < (unsigned)nchar; i++) { 1.48 -+ if (bitlen[i] > 16) 1.49 -+ error("Bad table\n"); 1.50 -+ else 1.51 -+ count[bitlen[i]]++; 1.52 -+ } 1.53 - 1.54 - start[1] = 0; 1.55 - for (i = 1; i <= 16; i++) 1.56 - start[i + 1] = start[i] + (count[i] << (16 - i)); 1.57 -- if ((start[17] & 0xffff) != 0) 1.58 -+ if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */ 1.59 - gzip_error ("Bad table\n"); 1.60 - 1.61 - jutbits = 16 - tablebits; 1.62 -@@ -161,15 +166,15 @@ 1.63 - 1.64 - i = start[tablebits + 1] >> jutbits; 1.65 - if (i != 0) { 1.66 -- k = 1 << tablebits; 1.67 -- while (i != k) table[i++] = 0; 1.68 -+ k = MIN(1 << tablebits, DIST_BUFSIZE); 1.69 -+ while (i < k) table[i++] = 0; 1.70 - } 1.71 - 1.72 - avail = nchar; 1.73 - mask = (unsigned) 1 << (15 - tablebits); 1.74 - for (ch = 0; ch < (unsigned)nchar; ch++) { 1.75 - if ((len = bitlen[ch]) == 0) continue; 1.76 -- nextcode = start[len] + weight[len]; 1.77 -+ nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE); 1.78 - if (len <= (unsigned)tablebits) { 1.79 - if ((unsigned) 1 << tablebits < nextcode) 1.80 - gzip_error ("Bad table\n"); 1.81 -@@ -212,7 +217,7 @@ 1.82 - for (i = 0; i < 256; i++) pt_table[i] = c; 1.83 - } else { 1.84 - i = 0; 1.85 -- while (i < n) { 1.86 -+ while (i < MIN(n,NPT)) { 1.87 - c = bitbuf >> (BITBUFSIZ - 3); 1.88 - if (c == 7) { 1.89 - mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3); 1.90 -@@ -224,7 +229,7 @@ 1.91 - pt_len[i++] = c; 1.92 - if (i == i_special) { 1.93 - c = getbits(2); 1.94 -- while (--c >= 0) pt_len[i++] = 0; 1.95 -+ while (--c >= 0 && i < NPT) pt_len[i++] = 0; 1.96 - } 1.97 - } 1.98 - while (i < nn) pt_len[i++] = 0; 1.99 -@@ -244,7 +249,7 @@ 1.100 - for (i = 0; i < 4096; i++) c_table[i] = c; 1.101 - } else { 1.102 - i = 0; 1.103 -- while (i < n) { 1.104 -+ while (i < MIN(n,NC)) { 1.105 - c = pt_table[bitbuf >> (BITBUFSIZ - 8)]; 1.106 - if (c >= NT) { 1.107 - mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8); 1.108 -@@ -252,14 +257,14 @@ 1.109 - if (bitbuf & mask) c = right[c]; 1.110 - else c = left [c]; 1.111 - mask >>= 1; 1.112 -- } while (c >= NT); 1.113 -+ } while (c >= NT && (mask || c != left[c])); 1.114 - } 1.115 - fillbuf((int) pt_len[c]); 1.116 - if (c <= 2) { 1.117 - if (c == 0) c = 1; 1.118 - else if (c == 1) c = getbits(4) + 3; 1.119 - else c = getbits(CBIT) + 20; 1.120 -- while (--c >= 0) c_len[i++] = 0; 1.121 -+ while (--c >= 0 && i < NC) c_len[i++] = 0; 1.122 - } else c_len[i++] = c - 2; 1.123 - } 1.124 - while (i < NC) c_len[i++] = 0; 1.125 -@@ -288,7 +293,7 @@ 1.126 - if (bitbuf & mask) j = right[j]; 1.127 - else j = left [j]; 1.128 - mask >>= 1; 1.129 -- } while (j >= NC); 1.130 -+ } while (j >= NC && (mask || j != left[j])); 1.131 - } 1.132 - fillbuf((int) c_len[j]); 1.133 - return j; 1.134 -@@ -305,7 +310,7 @@ 1.135 - if (bitbuf & mask) j = right[j]; 1.136 - else j = left [j]; 1.137 - mask >>= 1; 1.138 -- } while (j >= NP); 1.139 -+ } while (j >= NP && (mask || j != left[j])); 1.140 - } 1.141 - fillbuf((int) pt_len[j]); 1.142 - if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1)); 1.143 -@@ -352,7 +357,7 @@ 1.144 - while (--j >= 0) { 1.145 - buffer[r] = buffer[i]; 1.146 - i = (i + 1) & (DICSIZ - 1); 1.147 -- if (++r == count) return r; 1.148 -+ if (++r >= count) return r; 1.149 - } 1.150 - for ( ; ; ) { 1.151 - c = decode_c(); 1.152 -@@ -362,14 +367,14 @@ 1.153 - } 1.154 - if (c <= UCHAR_MAX) { 1.155 - buffer[r] = c; 1.156 -- if (++r == count) return r; 1.157 -+ if (++r >= count) return r; 1.158 - } else { 1.159 - j = c - (UCHAR_MAX + 1 - THRESHOLD); 1.160 - i = (r - decode_p() - 1) & (DICSIZ - 1); 1.161 - while (--j >= 0) { 1.162 - buffer[r] = buffer[i]; 1.163 - i = (i + 1) & (DICSIZ - 1); 1.164 -- if (++r == count) return r; 1.165 -+ if (++r >= count) return r; 1.166 - } 1.167 - } 1.168 - } 1.169 -Index: unpack.c 1.170 ---- unpack.c.orig 2009-09-26 20:43:28 +0200 1.171 -+++ unpack.c 2009-10-07 07:59:53 +0200 1.172 -@@ -22,7 +22,6 @@ 1.173 - #include "gzip.h" 1.174 - #include "crypt.h" 1.175 - 1.176 --#define MIN(a,b) ((a) <= (b) ? (a) : (b)) 1.177 - /* The arguments must not have side effects. */ 1.178 - 1.179 - #define MAX_BITLEN 25 1.180 -@@ -146,7 +145,7 @@ 1.181 - /* Remember where the literals of this length start in literal[] : */ 1.182 - lit_base[len] = base; 1.183 - /* And read the literals: */ 1.184 -- for (n = leaves[len]; n > 0; n--) { 1.185 -+ for (n = leaves[len]; n > 0 && base < LITERALS; n--) { 1.186 - literal[base++] = (uch)get_byte(); 1.187 - } 1.188 - } 1.189 -@@ -182,7 +181,7 @@ 1.190 - prefixp = &prefix_len[1<<peek_bits]; 1.191 - for (len = 1; len <= peek_bits; len++) { 1.192 - int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */ 1.193 -- while (prefixes--) *--prefixp = (uch)len; 1.194 -+ while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len; 1.195 - } 1.196 - /* The length of all other codes is unknown: */ 1.197 - while (prefixp > prefix_len) *--prefixp = 0;
2.1 --- a/gzip/gzip.spec Tue Aug 28 18:54:40 2012 +0200 2.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 2.3 @@ -1,101 +0,0 @@ 2.4 -## 2.5 -## gzip.spec -- OpenPKG RPM Package Specification 2.6 -## Copyright (c) 2000-2009 OpenPKG Foundation e.V. <http://openpkg.net/> 2.7 -## 2.8 -## Permission to use, copy, modify, and distribute this software for 2.9 -## any purpose with or without fee is hereby granted, provided that 2.10 -## the above copyright notice and this permission notice appear in all 2.11 -## copies. 2.12 -## 2.13 -## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 2.14 -## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 2.15 -## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 2.16 -## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR 2.17 -## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 2.18 -## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 2.19 -## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 2.20 -## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 2.21 -## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 2.22 -## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 2.23 -## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2.24 -## SUCH DAMAGE. 2.25 -## 2.26 - 2.27 -# package information 2.28 -Name: gzip 2.29 -Summary: De-/Compression with GZIP Algorithm 2.30 -URL: http://www.gzip.org/ 2.31 -Vendor: Jean-loup Gailly, Mark Adler 2.32 -Packager: OpenPKG Foundation e.V. 2.33 -Distribution: OpenPKG Community 2.34 -Class: CORE 2.35 -Group: Compression 2.36 -License: GPL 2.37 -Version: 1.3.13 2.38 -Release: 20091110 2.39 - 2.40 -# list of sources 2.41 -Source0: ftp://ftp.gnu.org/gnu/gzip/gzip-%{version}.tar.gz 2.42 -Patch0: gzip.patch 2.43 - 2.44 -# build information 2.45 -Prefix: %{l_prefix} 2.46 -BuildRoot: %{l_buildroot} 2.47 -BuildPreReq: OpenPKG, openpkg >= 20040130 2.48 -PreReq: OpenPKG, openpkg >= 20040130 2.49 -AutoReq: no 2.50 -AutoReqProv: no 2.51 - 2.52 -%description 2.53 - GNU zip (gzip) is a compression utility designed to be a replacement 2.54 - for the traditional Unix utility compress(1). Its main advantages 2.55 - over compress(1) are much better compression and freedom from 2.56 - patented algorithms. gzip produces files with a .gz extension. 2.57 - gunzip can decompress files created by gzip, compress and pack. The 2.58 - detection of the input format is automatic. The format of the .gz 2.59 - files generated by gzip is described in RFCs (Request For Comments) 2.60 - 1951 and 1952. 2.61 - 2.62 -%track 2.63 - prog gzip = { 2.64 - version = %{version} 2.65 - url = ftp://ftp.gnu.org/gnu/gzip/ 2.66 - regex = gzip-(__VER__)\.tar(\.gz)? 2.67 - } 2.68 - 2.69 -%prep 2.70 - %setup -q 2.71 - %patch -p0 2.72 - 2.73 -%build 2.74 - # configure package 2.75 - echo "ac_cv_path_shell=%{l_bash}" >config.cache 2.76 - CC="%{l_cc}" \ 2.77 - CFLAGS="%{l_cflags -O}" \ 2.78 - GREP="grep" \ 2.79 - ./configure \ 2.80 - --cache-file=./config.cache \ 2.81 - --prefix=%{l_prefix} \ 2.82 - --datarootdir=%{l_prefix} 2.83 - 2.84 - # build package 2.85 - %{l_make} %{l_mflags -O} 2.86 - 2.87 -%install 2.88 - rm -rf $RPM_BUILD_ROOT 2.89 - 2.90 - # install package 2.91 - %{l_make} %{l_mflags} install AM_MAKEFLAGS="DESTDIR=$RPM_BUILD_ROOT" 2.92 - 2.93 - # strip down installation 2.94 - rm -f $RPM_BUILD_ROOT%{l_prefix}/info/dir 2.95 - strip $RPM_BUILD_ROOT%{l_prefix}/bin/* 2>/dev/null || true 2.96 - 2.97 - # determine installation files 2.98 - %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT %{l_files_std} 2.99 - 2.100 -%files -f files 2.101 - 2.102 -%clean 2.103 - rm -rf $RPM_BUILD_ROOT 2.104 -
