diff options
| author |   Aron Griffis <agriffis@gentoo.org> | 2004-06-23 23:32:37 +0000 |
|---|---|---|
| committer | Aron Griffis <agriffis@gentoo.org> | 2004-06-23 23:32:37 +0000 |
| commit | f5943898609ebb39358d19a34b18e074c2b62975 (patch) | |
| tree | e5ceb2ea39a788c3ceeba4b38b1d97dad277aaba /app-arch/gzip | |
| parent | make sure we always use /usr/src/linux and we dont try to install the module ... (diff) | |
| download | historical-f5943898609ebb39358d19a34b18e074c2b62975.tar.gz historical-f5943898609ebb39358d19a34b18e074c2b62975.tar.bz2 historical-f5943898609ebb39358d19a34b18e074c2b62975.zip | |
More security fixes: Use set -C to protect against more tempfile problems in gzexe. Use tail -n in all cases since current GNU version doesn't support tail +number at all.
Diffstat (limited to 'app-arch/gzip')
| -rw-r--r-- | app-arch/gzip/ChangeLog | 12 | ||||
| -rw-r--r-- | app-arch/gzip/Manifest | 14 | ||||
| -rw-r--r-- | app-arch/gzip/files/digest-gzip-1.3.3-r4 (renamed from app-arch/gzip/files/digest-gzip-1.3.3-r3) | 0 | ||||
| -rw-r--r-- | app-arch/gzip/files/digest-gzip-1.3.5-r1 (renamed from app-arch/gzip/files/digest-gzip-1.3.5) | 0 | ||||
| -rw-r--r-- | app-arch/gzip/files/gzip-1.3.3-security.patch | 80 | ||||
| -rw-r--r-- | app-arch/gzip/files/gzip-1.3.5-security.patch | 52 | ||||
| -rw-r--r-- | app-arch/gzip/gzip-1.3.3-r4.ebuild (renamed from app-arch/gzip/gzip-1.3.3-r3.ebuild) | 2 | ||||
| -rw-r--r-- | app-arch/gzip/gzip-1.3.5-r1.ebuild (renamed from app-arch/gzip/gzip-1.3.5.ebuild) | 6 |
8 files changed, 132 insertions, 34 deletions
diff --git a/app-arch/gzip/ChangeLog b/app-arch/gzip/ChangeLog index 9b60aa312704..674432d31a37 100644 --- a/app-arch/gzip/ChangeLog +++ b/app-arch/gzip/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for app-arch/gzip # Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-arch/gzip/ChangeLog,v 1.7 2004/06/23 14:48:59 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-arch/gzip/ChangeLog,v 1.8 2004/06/23 23:32:37 agriffis Exp $ + +*gzip-1.3.3-r3 (23 Jun 2004) + + 23 Jun 2004; Aron Griffis <agriffis@gentoo.org> + files/gzip-1.3.3-security.patch, files/gzip-1.3.5-security.patch, + -gzip-1.3.3-r3.ebuild, +gzip-1.3.3-r4.ebuild, +gzip-1.3.5-r1.ebuild, + -gzip-1.3.5.ebuild: + More security fixes: Use set -C to protect against more tempfile + problems in gzexe. Use tail -n in all cases since current GNU version + doesn't support tail +number at all. *gzip-1.3.5 (23 Jun 2004) diff --git a/app-arch/gzip/Manifest b/app-arch/gzip/Manifest index 581e5fad5902..f3692eb835d9 100644 --- a/app-arch/gzip/Manifest +++ b/app-arch/gzip/Manifest @@ -1,8 +1,8 @@ -MD5 4d0cd1c8e1d0b655345daff91e036b42 gzip-1.3.5.ebuild 2051 -MD5 447d29bdadf43d48f4259418c29c005e gzip-1.3.3-r3.ebuild 1791 -MD5 6583298d47dcf58bde85c9c040079bcd ChangeLog 3550 +MD5 f8e24bc67ad8815a63d5ed50ba012515 gzip-1.3.5-r1.ebuild 2119 +MD5 2a2a153afacc088f02e9c9569e33e273 gzip-1.3.3-r4.ebuild 1791 +MD5 72b6d46d247c5a8b47969bfb8e3deadc ChangeLog 3971 MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164 -MD5 6318a14a58dab7174f3e487cf8558e6c files/gzip-1.3.3-security.patch 1573 -MD5 b007ca73991aa40a1b2d56cfeb9d270f files/digest-gzip-1.3.5 131 -MD5 2034712a3fa0de0258ee8a1598965ac5 files/digest-gzip-1.3.3-r3 62 -MD5 132fdde4ed8a37f34e631b51fb54c2d6 files/gzip-1.3.5-security.patch 1294 +MD5 07e347c680d1ca49a2683aa6cb2b126a files/gzip-1.3.3-security.patch 2521 +MD5 2034712a3fa0de0258ee8a1598965ac5 files/digest-gzip-1.3.3-r4 62 +MD5 b007ca73991aa40a1b2d56cfeb9d270f files/digest-gzip-1.3.5-r1 131 +MD5 9bb1ded151380e60b0769c97b0fd1f5c files/gzip-1.3.5-security.patch 2170 diff --git a/app-arch/gzip/files/digest-gzip-1.3.3-r3 b/app-arch/gzip/files/digest-gzip-1.3.3-r4 index 8ee90a6f0a0d..8ee90a6f0a0d 100644 --- a/app-arch/gzip/files/digest-gzip-1.3.3-r3 +++ b/app-arch/gzip/files/digest-gzip-1.3.3-r4 diff --git a/app-arch/gzip/files/digest-gzip-1.3.5 b/app-arch/gzip/files/digest-gzip-1.3.5-r1 index 70ca4140d8e2..70ca4140d8e2 100644 --- a/app-arch/gzip/files/digest-gzip-1.3.5 +++ b/app-arch/gzip/files/digest-gzip-1.3.5-r1 diff --git a/app-arch/gzip/files/gzip-1.3.3-security.patch b/app-arch/gzip/files/gzip-1.3.3-security.patch index 460b917f7899..a54b7b0fc6ab 100644 --- a/app-arch/gzip/files/gzip-1.3.3-security.patch +++ b/app-arch/gzip/files/gzip-1.3.3-security.patch @@ -1,8 +1,50 @@ ---- gzip-1.3.2.orig/gzexe.in -+++ gzip-1.3.2/gzexe.in -@@ -90,22 +90,23 @@ +--- gzip-1.3.2.orig/znew.in ++++ gzip-1.3.2/znew.in +@@ -16,8 +16,8 @@ + warn="(does not preserve modes and timestamp)" + tmp=/tmp/zfoo.$$ + set -C +-echo hi > $tmp.1 +-echo hi > $tmp.2 ++echo hi > $tmp.1 || exit 1 ++echo hi > $tmp.2 || exit 1 + if test -z "`(${CPMOD-cpmod} $tmp.1 $tmp.2) 2>&1`"; then + cpmod=${CPMOD-cpmod} + warn="" + +--- gzip-1.3.2.orig/gzexe.in 1998-09-17 20:43:06.000000000 -0400 ++++ gzip-1.3.2/gzexe.in 2004-06-23 18:20:31.840776483 -0400 +@@ -21,8 +21,10 @@ + exit 1 + fi + ++set -C + tmp=gz$$ + trap "rm -f $tmp; exit 1" 1 2 3 5 10 13 15 ++: > $tmp || exit 1 + + decomp=0 + res=0 +@@ -32,8 +34,8 @@ + shift + fi + +-echo hi > zfoo1$$ +-echo hi > zfoo2$$ ++echo hi > zfoo1$$ || exit 1 ++echo hi > zfoo2$$ || exit 1 + if test -z "`(${CPMOD-cpmod} zfoo1$$ zfoo2$$) 2>&1`"; then + cpmod=${CPMOD-cpmod} + fi +@@ -86,26 +88,28 @@ + writable=0 + chmod u+w $tmp 2>/dev/null + fi ++ : >| $tmp # truncate the file, ignoring set -C + fi if test $decomp -eq 0; then - sed 1q $0 > $tmp +- sed 1q $0 > $tmp ++ sed 1q $0 >> $tmp sed "s|^if tail|if $tail|" >> $tmp <<'EOF' -skip=22 +skip=23 @@ -11,7 +53,7 @@ umask 77 -if tail +$skip $0 | "BINDIR"/gzip -cd > /tmp/gztmp$$; then +tmpfile=`tempfile -p gztmp -d /tmp` || exit 1 -+if tail +$skip "$0" | /bin/gzip -cd >> $tmpfile; then ++if tail -n +$skip "$0" | /bin/gzip -cd >> $tmpfile; then umask $umask - /bin/chmod 700 /tmp/gztmp$$ + /bin/chmod 700 $tmpfile @@ -33,17 +75,17 @@ fi else echo Cannot decompress $0; exit 1 ---- gzip-1.3.2.orig/znew.in -+++ gzip-1.3.2/znew.in -@@ -16,8 +16,8 @@ - warn="(does not preserve modes and timestamp)" - tmp=/tmp/zfoo.$$ - set -C --echo hi > $tmp.1 --echo hi > $tmp.2 -+echo hi > $tmp.1 || exit 1 -+echo hi > $tmp.2 || exit 1 - if test -z "`(${CPMOD-cpmod} $tmp.1 $tmp.2) 2>&1`"; then - cpmod=${CPMOD-cpmod} - warn="" - +@@ -120,11 +124,11 @@ + + else + # decompression +- skip=22 ++ skip=23 + if sed -e 1d -e 2q "$i" | grep "^skip=[0-9]*$" >/dev/null; then + eval `sed -e 1d -e 2q "$i"` + fi +- if tail +$skip "$i" | gzip -cd > $tmp; then ++ if tail -n +$skip "$i" | gzip -cd >> $tmp; then + : + else + echo ${x}: $i probably not in gzexe format, file unchanged. diff --git a/app-arch/gzip/files/gzip-1.3.5-security.patch b/app-arch/gzip/files/gzip-1.3.5-security.patch index 08eeea1b21c5..29f611ac231a 100644 --- a/app-arch/gzip/files/gzip-1.3.5-security.patch +++ b/app-arch/gzip/files/gzip-1.3.5-security.patch @@ -1,8 +1,36 @@ ---- gzexe.in.orig 2004-06-23 05:36:22.000000000 -0400 -+++ gzexe.in 2004-06-23 05:53:53.000000000 -0400 -@@ -114,22 +114,23 @@ +--- gzexe.in.orig 2004-06-23 19:17:49.978676668 -0400 ++++ gzexe.in 2004-06-23 19:22:38.651945744 -0400 +@@ -42,8 +42,10 @@ + exit 1 + fi + ++set -C + tmp=gz$$ + trap "rm -f $tmp; exit 1" 1 2 3 5 10 13 15 ++: > $tmp || exit 1 + + decomp=0 + res=0 +@@ -53,8 +55,8 @@ + shift + fi + +-echo hi > zfoo1$$ +-echo hi > zfoo2$$ ++echo hi > zfoo1$$ || exit 1 ++echo hi > zfoo2$$ || exit 1 + if test -z "`(${CPMOD-cpmod} zfoo1$$ zfoo2$$) 2>&1`"; then + cpmod=${CPMOD-cpmod} + fi +@@ -110,26 +112,28 @@ + writable=0 + chmod u+w $tmp 2>/dev/null + fi ++ : >| $tmp # truncate the file, ignoring set -C + fi if test $decomp -eq 0; then - sed 1q $0 > $tmp +- sed 1q $0 > $tmp ++ sed 1q $0 >> $tmp sed "s|^if tail|if $tail|" >> $tmp <<'EOF' -skip=22 +skip=23 @@ -10,7 +38,7 @@ umask=`umask` umask 77 -if tail +$skip "$0" | /bin/gzip -cd > /tmp/gztmp$$; then -+tmpfile=`tempfile -d /tmp -p gztmp` || exit 1 ++tmpfile=`tempfile -p gztmp -d /tmp` || exit 1 +if tail +$skip "$0" | /bin/gzip -cd >> $tmpfile; then umask $umask - /bin/chmod 700 /tmp/gztmp$$ @@ -33,3 +61,17 @@ fi else echo Cannot decompress $0; exit 1 +@@ -144,11 +148,11 @@ + + else + # decompression +- skip=22 ++ skip=23 + if sed -e 1d -e 2q "$i" | grep "^skip=[0-9][0-9]*$" >/dev/null; then + eval `sed -e 1d -e 2q "$i"` + fi +- if tail +$skip "$i" | gzip -cd > $tmp; then ++ if $tail +$skip "$i" | gzip -cd >> $tmp; then + : + else + echo ${x}: $i probably not in gzexe format, file unchanged. diff --git a/app-arch/gzip/gzip-1.3.3-r3.ebuild b/app-arch/gzip/gzip-1.3.3-r4.ebuild index 77ac2c9bb127..a837992018f3 100644 --- a/app-arch/gzip/gzip-1.3.3-r3.ebuild +++ b/app-arch/gzip/gzip-1.3.3-r4.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-arch/gzip/gzip-1.3.3-r3.ebuild,v 1.1 2004/06/23 14:48:59 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-arch/gzip/gzip-1.3.3-r4.ebuild,v 1.1 2004/06/23 23:32:37 agriffis Exp $ inherit eutils flag-o-matic diff --git a/app-arch/gzip/gzip-1.3.5.ebuild b/app-arch/gzip/gzip-1.3.5-r1.ebuild index 394bb13a1eff..46862a6ee061 100644 --- a/app-arch/gzip/gzip-1.3.5.ebuild +++ b/app-arch/gzip/gzip-1.3.5-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-arch/gzip/gzip-1.3.5.ebuild,v 1.1 2004/06/23 14:48:59 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-arch/gzip/gzip-1.3.5-r1.ebuild,v 1.1 2004/06/23 23:32:37 agriffis Exp $ inherit eutils flag-o-matic @@ -43,6 +43,10 @@ src_install() { install || die cd ${D}/bin + + # XXX temporary + head -n 1 gzexe zforce zgrep zmore znew zcmp + for i in gzexe zforce zgrep zmore znew zcmp do sed -i -e "1d" -e "s:${D}::" ${i} || die |