disallow -S '' parameter for gunzip
This commit is contained in:
parent
7f78335cea
commit
508e682e06
42
gzip-1.3.13-noemptysuffix.patch
Normal file
42
gzip-1.3.13-noemptysuffix.patch
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
diff -up gzip-1.3.13/gzip.1.noemptysuffix gzip-1.3.13/gzip.1
|
||||||
|
--- gzip-1.3.13/gzip.1.noemptysuffix 2009-09-26 20:43:28.000000000 +0200
|
||||||
|
+++ gzip-1.3.13/gzip.1 2010-02-22 14:29:54.828770607 +0100
|
||||||
|
@@ -291,15 +291,14 @@ will descend into the directory and comp
|
||||||
|
).
|
||||||
|
.TP
|
||||||
|
.B \-S .suf --suffix .suf
|
||||||
|
-Use suffix .suf instead of .gz. Any suffix can be given, but suffixes
|
||||||
|
+When compressing, use suffix .suf instead of .gz.
|
||||||
|
+Any non-empty suffix can be given, but suffixes
|
||||||
|
other than .z and .gz should be avoided to avoid confusion when files
|
||||||
|
-are transferred to other systems. A null suffix forces gunzip to try
|
||||||
|
-decompression on all given files regardless of suffix, as in:
|
||||||
|
+are transferred to other systems.
|
||||||
|
|
||||||
|
- gunzip -S "" * (*.* for MSDOS)
|
||||||
|
+When decompressing, add .suf to the beginning of the list of
|
||||||
|
+suffixes to try, when deriving an output file name from an input file name.
|
||||||
|
|
||||||
|
-Previous versions of gzip used
|
||||||
|
-the .z suffix. This was changed to avoid a conflict with
|
||||||
|
.IR pack "(1)".
|
||||||
|
.TP
|
||||||
|
.B \-t --test
|
||||||
|
diff -up gzip-1.3.13/gzip.c.noemptysuffix gzip-1.3.13/gzip.c
|
||||||
|
--- gzip-1.3.13/gzip.c.noemptysuffix 2010-02-22 14:29:54.000000000 +0100
|
||||||
|
+++ gzip-1.3.13/gzip.c 2010-02-22 14:34:33.480895239 +0100
|
||||||
|
@@ -547,11 +547,11 @@ int main (argc, argv)
|
||||||
|
program_name);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
- if ((z_len == 0 && !decompress) || z_len > MAX_SUFFIX) {
|
||||||
|
- fprintf(stderr, "%s: incorrect suffix '%s'\n",
|
||||||
|
- program_name, z_suffix);
|
||||||
|
+ if (z_len == 0 || z_len > MAX_SUFFIX) {
|
||||||
|
+ fprintf(stderr, "%s: invalid suffix '%s'\n", program_name, z_suffix);
|
||||||
|
do_exit(ERROR);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
if (do_lzw && !decompress) work = lzw;
|
||||||
|
|
||||||
|
/* Allocate all global buffers (for DYN_ALLOC option) */
|
@ -1,7 +1,7 @@
|
|||||||
Summary: The GNU data compression program
|
Summary: The GNU data compression program
|
||||||
Name: gzip
|
Name: gzip
|
||||||
Version: 1.3.13
|
Version: 1.3.13
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
# info pages are under GFDL license
|
# info pages are under GFDL license
|
||||||
License: GPLv3+ and GFDL
|
License: GPLv3+ and GFDL
|
||||||
Group: Applications/File
|
Group: Applications/File
|
||||||
@ -18,6 +18,9 @@ Patch8: gzip-1.3.5-cve-2006-4337_len.patch
|
|||||||
Patch9: gzip-1.3.12-zdiff.patch
|
Patch9: gzip-1.3.12-zdiff.patch
|
||||||
# Fixed in upstream code.
|
# Fixed in upstream code.
|
||||||
Patch10: gzip-1.3.12-cve-2010-0001.patch
|
Patch10: gzip-1.3.12-cve-2010-0001.patch
|
||||||
|
# Fixed in upstream code.
|
||||||
|
# http://thread.gmane.org/gmane.comp.gnu.gzip.bugs/378
|
||||||
|
Patch11: gzip-1.3.13-noemptysuffix.patch
|
||||||
URL: http://www.gzip.org/
|
URL: http://www.gzip.org/
|
||||||
Requires: /sbin/install-info
|
Requires: /sbin/install-info
|
||||||
Requires: mktemp less
|
Requires: mktemp less
|
||||||
@ -44,6 +47,7 @@ very commonly used data compression program.
|
|||||||
%patch8 -p1 -b .4337l
|
%patch8 -p1 -b .4337l
|
||||||
%patch9 -p1 -b .ret
|
%patch9 -p1 -b .ret
|
||||||
%patch10 -p1 -b .cve-2010-0001
|
%patch10 -p1 -b .cve-2010-0001
|
||||||
|
%patch11 -p1 -b .noemptysuffix
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export DEFS="NO_ASM"
|
export DEFS="NO_ASM"
|
||||||
@ -95,6 +99,9 @@ fi
|
|||||||
%{_infodir}/gzip.info*
|
%{_infodir}/gzip.info*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 22 2010 Karel Klic <kklic@redhat.com> - 1.3.13-3
|
||||||
|
- Added a patch to disallow -S '' parameter (noemptysuffix)
|
||||||
|
|
||||||
* Fri Jan 22 2010 Karel Klic <kklic@redhat.com> - 1.3.13-2
|
* Fri Jan 22 2010 Karel Klic <kklic@redhat.com> - 1.3.13-2
|
||||||
- Fixed CVE-2010-0001 (rhbz#554418)
|
- Fixed CVE-2010-0001 (rhbz#554418)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user