Pullup ticket #2895 - requested by taca gzip: security patch Revisions pulled up: - archivers/gzip/Makefile 1.23 - archivers/gzip/distinfo 1.4 - archivers/gzip/patches/patch-ag 1.1 - archivers/gzip/patches/patch-ah 1.1 --- Module Name: pkgsrc Committed By: taca Date: Tue Feb 2 14:42:43 UTC 2010 Modified Files: pkgsrc/archivers/gzip: Makefile distinfo Added Files: pkgsrc/archivers/gzip/patches: patch-ag patch-ah Log Message: Add patches for CVE-2009-2624 and CVE-2010-0001. Bump PKGREVISION.diff -r1.22 -r1.22.14.1 pkgsrc/archivers/gzip/Makefile
(tron)
@@ -1,24 +1,25 @@ | @@ -1,24 +1,25 @@ | |||
1 | # $NetBSD: Makefile,v 1.22 2008/09/07 08:02:27 dholland Exp $ | 1 | # $NetBSD: Makefile,v 1.22.14.1 2010/02/02 17:15:32 tron Exp $ | |
2 | # | 2 | # | |
3 | 3 | |||
4 | DISTNAME= gzip-1.3.12 | 4 | DISTNAME= gzip-1.3.12 | |
5 | PKGREVISION= 2 | 5 | PKGREVISION= 3 | |
6 | SVR4_PKGNAME= gzip | 6 | SVR4_PKGNAME= gzip | |
7 | CATEGORIES= archivers | 7 | CATEGORIES= archivers | |
8 | MASTER_SITES= ${MASTER_SITE_GNU:=gzip/} | 8 | MASTER_SITES= ${MASTER_SITE_GNU:=gzip/} | |
9 | EXTRACT_SUFX= .tar | 9 | EXTRACT_SUFX= .tar | |
10 | 10 | |||
11 | MAINTAINER= pkgsrc-users@NetBSD.org | 11 | MAINTAINER= pkgsrc-users@NetBSD.org | |
12 | HOMEPAGE= http://www.gnu.org/software/gzip/gzip.html | 12 | HOMEPAGE= http://www.gnu.org/software/gzip/gzip.html | |
13 | COMMENT= Compress or expand files | 13 | COMMENT= Compress or expand files | |
14 | LICENSE= gnu-gpl-v2 | |||
14 | 15 | |||
15 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 16 | PKG_INSTALLATION_TYPES= overwrite pkgviews | |
16 | PKG_DESTDIR_SUPPORT= user-destdir | 17 | PKG_DESTDIR_SUPPORT= user-destdir | |
17 | 18 | |||
18 | CONFLICTS+= gzip-base-[0-9]* gzip-info-[0-9]* | 19 | CONFLICTS+= gzip-base-[0-9]* gzip-info-[0-9]* | |
19 | 20 | |||
20 | GNU_CONFIGURE= YES | 21 | GNU_CONFIGURE= YES | |
21 | MAKE_FLAGS+= manlinks=so | 22 | MAKE_FLAGS+= manlinks=so | |
22 | INFO_FILES= yes | 23 | INFO_FILES= yes | |
23 | 24 | |||
24 | .include "../../mk/bsd.pkg.mk" | 25 | .include "../../mk/bsd.pkg.mk" |
@@ -1,11 +1,13 @@ | @@ -1,11 +1,13 @@ | |||
1 | $NetBSD: distinfo,v 1.3 2008/09/07 08:02:27 dholland Exp $ | 1 | $NetBSD: distinfo,v 1.3.14.1 2010/02/02 17:15:32 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (gzip-1.3.12.tar) = 330eb5f1b3dfab13a491352cb00b6573e5b55a5f | 3 | SHA1 (gzip-1.3.12.tar) = 330eb5f1b3dfab13a491352cb00b6573e5b55a5f | |
4 | RMD160 (gzip-1.3.12.tar) = 6845dfba2a275f4de488c3fb97e64405838a5005 | 4 | RMD160 (gzip-1.3.12.tar) = 6845dfba2a275f4de488c3fb97e64405838a5005 | |
5 | Size (gzip-1.3.12.tar) = 1822720 bytes | 5 | Size (gzip-1.3.12.tar) = 1822720 bytes | |
6 | SHA1 (patch-aa) = 77b3cb5c2824f88295eb8c8c7c46c4ca23b776c4 | 6 | SHA1 (patch-aa) = 77b3cb5c2824f88295eb8c8c7c46c4ca23b776c4 | |
7 | SHA1 (patch-ab) = 42309926f601998b97051aadc31ad44413716029 | 7 | SHA1 (patch-ab) = 42309926f601998b97051aadc31ad44413716029 | |
8 | SHA1 (patch-ac) = 8ef4b7105ca9b201079f5cf8799642e12184fda4 | 8 | SHA1 (patch-ac) = 8ef4b7105ca9b201079f5cf8799642e12184fda4 | |
9 | SHA1 (patch-ad) = 082ced7d4a89a49b750525cc71bbf9a9abfc5b9e | 9 | SHA1 (patch-ad) = 082ced7d4a89a49b750525cc71bbf9a9abfc5b9e | |
10 | SHA1 (patch-ae) = a1d245c5cf055e9bd35fb7e810d5183a71cbfc74 | 10 | SHA1 (patch-ae) = a1d245c5cf055e9bd35fb7e810d5183a71cbfc74 | |
11 | SHA1 (patch-af) = 28639dbe11ed8ce81bd1c29248b53af6cea55b88 | 11 | SHA1 (patch-af) = 28639dbe11ed8ce81bd1c29248b53af6cea55b88 | |
12 | SHA1 (patch-ag) = 6b499fe28525643bfd5e5ece73fcd221eb9f964f | |||
13 | SHA1 (patch-ah) = 0f92048912c2e682ba28d93bf5f309774d337790 |
$NetBSD: patch-ag,v 1.1.2.2 2010/02/02 17:15:32 tron Exp $
Fix for CVE-2009-2624.
--- inflate.c.orig 2006-12-20 23:30:17.000000000 +0000
+++ inflate.c
@@ -335,13 +335,15 @@ int *m; /* maximum looku
} while (--i);
if (c[0] == n) /* null input--all zero length codes */
{
- q = (struct huft *) malloc (2 * sizeof *q);
+ q = (struct huft *) malloc (3 * sizeof *q);
if (!q)
return 3;
- hufts += 2;
+ hufts += 3;
q[0].v.t = (struct huft *) NULL;
q[1].e = 99; /* invalid code marker */
q[1].b = 1;
+ q[2].e = 99; /* invalid code marker */
+ q[2].b = 1;
*t = q + 1;
*m = 1;
return 0;
$NetBSD: patch-ah,v 1.1.2.2 2010/02/02 17:15:32 tron Exp $
Fix for CVE-2010-0001.
--- unlzw.c.orig 2006-12-11 18:54:39.000000000 +0000
+++ unlzw.c
@@ -248,7 +248,8 @@ int unlzw(in, out)
int o;
resetbuf:
- e = insize-(o = (posbits>>3));
+ o = posbits >> 3;
+ e = o <= insize ? insize - o : 0;
for (i = 0 ; i < e ; ++i) {
inbuf[i] = inbuf[i+o];