Compare commits
No commits in common. "imports/c9/gzip-1.10-8.el9" and "c8" have entirely different histories.
imports/c9
...
c8
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/gzip-1.10.tar.xz
|
SOURCES/gzip-1.9.tar.xz
|
||||||
|
@ -1 +1 @@
|
|||||||
48d28c77cb8cac38573809fdd1665ecf75f91fa9 SOURCES/gzip-1.10.tar.xz
|
0249ad4c4ca1f144714e8e21b6d0db24651fc122 SOURCES/gzip-1.9.tar.xz
|
||||||
|
43
SOURCES/cve-2022-1271-part1.patch
Normal file
43
SOURCES/cve-2022-1271-part1.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
From dc9740df61e575e8c3148b7bd3c147a81ea00c7c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lasse Collin <lasse.collin@tukaani.org>
|
||||||
|
Date: Mon, 4 Apr 2022 23:52:49 -0700
|
||||||
|
Subject: zgrep: avoid exploit via multi-newline file names
|
||||||
|
|
||||||
|
* zgrep.in: The issue with the old code is that with multiple
|
||||||
|
newlines, the N-command will read the second line of input,
|
||||||
|
then the s-commands will be skipped because it's not the end
|
||||||
|
of the file yet, then a new sed cycle starts and the pattern
|
||||||
|
space is printed and emptied. So only the last line or two get
|
||||||
|
escaped. This patch makes sed read all lines into the pattern
|
||||||
|
space and then do the escaping.
|
||||||
|
|
||||||
|
This vulnerability was discovered by:
|
||||||
|
cleemy desu wayo working with Trend Micro Zero Day Initiative
|
||||||
|
---
|
||||||
|
zgrep.in | 10 +++++++---
|
||||||
|
1 file changed, 7 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/zgrep.in b/zgrep.in
|
||||||
|
index 345dae3..bdf7da2 100644
|
||||||
|
--- a/zgrep.in
|
||||||
|
+++ b/zgrep.in
|
||||||
|
@@ -222,9 +222,13 @@ do
|
||||||
|
'* | *'&'* | *'\'* | *'|'*)
|
||||||
|
i=$(printf '%s\n' "$i" |
|
||||||
|
sed '
|
||||||
|
- $!N
|
||||||
|
- $s/[&\|]/\\&/g
|
||||||
|
- $s/\n/\\n/g
|
||||||
|
+ :start
|
||||||
|
+ $!{
|
||||||
|
+ N
|
||||||
|
+ b start
|
||||||
|
+ }
|
||||||
|
+ s/[&\|]/\\&/g
|
||||||
|
+ s/\n/\\n/g
|
||||||
|
');;
|
||||||
|
esac
|
||||||
|
sed_script="s|^|$i:|"
|
||||||
|
--
|
||||||
|
cgit v1.1
|
||||||
|
|
77
SOURCES/cve-2022-1271-part2.patch
Normal file
77
SOURCES/cve-2022-1271-part2.patch
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
From d74a30d45c6834c8e9f87115197370fe86656d81 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jim Meyering <meyering@fb.com>
|
||||||
|
Date: Mon, 4 Apr 2022 23:52:49 -0700
|
||||||
|
Subject: zgrep: add NEWS and tests for this exploitable bug
|
||||||
|
|
||||||
|
* tests/zgrep-abuse: New file, based on PoC by cleemy desu wayo.
|
||||||
|
* tests/Makefile.am (TESTS): Add it.
|
||||||
|
* NEWS: Mention the exploit.
|
||||||
|
The bug appears to have been present since the beginning.
|
||||||
|
---
|
||||||
|
tests/Makefile.am | 1 +
|
||||||
|
tests/zgrep-abuse | 41 +++++++++++++++++++++++++++++++++++++++++
|
||||||
|
3 files changed, 45 insertions(+)
|
||||||
|
create mode 100755 tests/zgrep-abuse
|
||||||
|
|
||||||
|
diff --git a/tests/Makefile.am b/tests/Makefile.am
|
||||||
|
index d09672e..5f148d6 100644
|
||||||
|
--- a/tests/Makefile.am
|
||||||
|
+++ b/tests/Makefile.am
|
||||||
|
@@ -36,6 +36,7 @@ TESTS = \
|
||||||
|
z-suffix \
|
||||||
|
zdiff \
|
||||||
|
zgrep-f \
|
||||||
|
+ zgrep-abuse \
|
||||||
|
zgrep-context \
|
||||||
|
zgrep-signal \
|
||||||
|
znew-k
|
||||||
|
diff --git a/tests/zgrep-abuse b/tests/zgrep-abuse
|
||||||
|
new file mode 100755
|
||||||
|
index 0000000..3e8a8f9
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/zgrep-abuse
|
||||||
|
@@ -0,0 +1,41 @@
|
||||||
|
+#!/bin/sh
|
||||||
|
+# Show how zgrep applied to a crafted file name may overwrite
|
||||||
|
+# a selected file with chosen content. Fixed in gzip-1.12.
|
||||||
|
+
|
||||||
|
+# Copyright (C) 2022 Free Software Foundation, Inc.
|
||||||
|
+
|
||||||
|
+# This program is free software: you can redistribute it and/or modify
|
||||||
|
+# it under the terms of the GNU General Public License as published by
|
||||||
|
+# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
+# (at your option) any later version.
|
||||||
|
+
|
||||||
|
+# This program is distributed in the hope that it will be useful,
|
||||||
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+# GNU General Public License for more details.
|
||||||
|
+
|
||||||
|
+# You should have received a copy of the GNU General Public License
|
||||||
|
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
+# limit so don't run it by default.
|
||||||
|
+
|
||||||
|
+. "${srcdir=.}/init.sh"; path_prepend_ ..
|
||||||
|
+
|
||||||
|
+: > z || framework_failure_
|
||||||
|
+echo test |gzip > 'z|
|
||||||
|
+p
|
||||||
|
+1s|.*|chosen-content|
|
||||||
|
+1w hacked
|
||||||
|
+etouch .\x2fhacked2
|
||||||
|
+d
|
||||||
|
+#
|
||||||
|
+#' || framework_failure_
|
||||||
|
+
|
||||||
|
+fail=0
|
||||||
|
+
|
||||||
|
+zgrep test z* > /dev/null
|
||||||
|
+
|
||||||
|
+# Before the fix, each of these would be created.
|
||||||
|
+test -f hacked && fail=1
|
||||||
|
+test -f hacked2 && fail=1
|
||||||
|
+
|
||||||
|
+Exit $fail
|
||||||
|
--
|
||||||
|
cgit v1.1
|
||||||
|
|
46
SOURCES/cve-2022-1271-part3.patch
Normal file
46
SOURCES/cve-2022-1271-part3.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
From c99f320d5c0fd98fe88d9cea5407eb7ad9d50e8a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Paul Eggert <eggert@cs.ucla.edu>
|
||||||
|
Date: Mon, 4 Apr 2022 23:52:49 -0700
|
||||||
|
Subject: zgrep: port to POSIX sed
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
* zgrep.in (res): When escaping the file name do not rely on GNU
|
||||||
|
sed’s extension to POSIX with respect to s/.../\n/. Instead, use
|
||||||
|
features that should also work with AIX and/or Solaris sed. This is
|
||||||
|
simpler anyway, and would have prevented the recently-fixed bug.
|
||||||
|
---
|
||||||
|
zgrep.in | 15 ++++-----------
|
||||||
|
1 file changed, 4 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/zgrep.in b/zgrep.in
|
||||||
|
index bdf7da2..6a16dd1 100644
|
||||||
|
--- a/zgrep.in
|
||||||
|
+++ b/zgrep.in
|
||||||
|
@@ -220,18 +220,11 @@ do
|
||||||
|
case $i in
|
||||||
|
(*'
|
||||||
|
'* | *'&'* | *'\'* | *'|'*)
|
||||||
|
- i=$(printf '%s\n' "$i" |
|
||||||
|
- sed '
|
||||||
|
- :start
|
||||||
|
- $!{
|
||||||
|
- N
|
||||||
|
- b start
|
||||||
|
- }
|
||||||
|
- s/[&\|]/\\&/g
|
||||||
|
- s/\n/\\n/g
|
||||||
|
- ');;
|
||||||
|
+ icolon=$(printf '%s\n' "$i:" |
|
||||||
|
+ sed -e 's/[&\|]/\\&/g' -e '$!s/$/\\/');;
|
||||||
|
+ (*) icolon="$i:";;
|
||||||
|
esac
|
||||||
|
- sed_script="s|^|$i:|"
|
||||||
|
+ sed_script="s|^|$icolon|"
|
||||||
|
|
||||||
|
# Fail if grep or sed fails.
|
||||||
|
r=$(
|
||||||
|
--
|
||||||
|
cgit v1.1
|
||||||
|
|
@ -830,7 +830,7 @@ index 1bd4c78..ace7e5e 100644
|
|||||||
header_bytes += 2*4;
|
header_bytes += 2*4;
|
||||||
|
|
||||||
@@ -126,7 +137,7 @@ int file_read(buf, size)
|
@@ -126,7 +137,7 @@ int file_read(buf, size)
|
||||||
read_error();
|
return EOF;
|
||||||
}
|
}
|
||||||
|
|
||||||
- crc = updcrc((uch*)buf, len);
|
- crc = updcrc((uch*)buf, len);
|
||||||
|
@ -1015,7 +1015,7 @@ index ace7e5e..0f12d5e 100644
|
|||||||
header_bytes += 2*4;
|
header_bytes += 2*4;
|
||||||
|
|
||||||
@@ -137,7 +135,7 @@ int file_read(buf, size)
|
@@ -137,7 +135,7 @@ int file_read(buf, size)
|
||||||
read_error();
|
return EOF;
|
||||||
}
|
}
|
||||||
|
|
||||||
- updcrc((uch*)buf, len);
|
- updcrc((uch*)buf, len);
|
||||||
|
@ -9,4 +9,4 @@ index 5d8fb77..1b8ab3b 100755
|
|||||||
+grep -v 'Operation-Ending-Supplemental Code' err > k; mv k err || fail=1
|
+grep -v 'Operation-Ending-Supplemental Code' err > k; mv k err || fail=1
|
||||||
compare exp err || fail=1
|
compare exp err || fail=1
|
||||||
|
|
||||||
printf '\037\213\010\000\060\060\060\060\060\060\144\000\000\000' > bug33501 \
|
Exit $fail
|
||||||
|
122
SPECS/gzip.spec
122
SPECS/gzip.spec
@ -1,9 +1,10 @@
|
|||||||
Summary: The GNU data compression program
|
Summary: The GNU data compression program
|
||||||
Name: gzip
|
Name: gzip
|
||||||
Version: 1.10
|
Version: 1.9
|
||||||
Release: 8%{?dist}
|
Release: 13%{?dist}
|
||||||
# info pages are under GFDL license
|
# info pages are under GFDL license
|
||||||
License: GPLv3+ and GFDL
|
License: GPLv3+ and GFDL
|
||||||
|
Group: Applications/File
|
||||||
Source0: http://ftp.gnu.org/gnu/gzip/gzip-%{version}.tar.xz
|
Source0: http://ftp.gnu.org/gnu/gzip/gzip-%{version}.tar.xz
|
||||||
Source1: https://www.gnu.org/licenses/fdl-1.3.txt
|
Source1: https://www.gnu.org/licenses/fdl-1.3.txt
|
||||||
|
|
||||||
@ -14,10 +15,18 @@ Source101: colorzgrep.sh
|
|||||||
Patch1: gnulib.patch
|
Patch1: gnulib.patch
|
||||||
Patch2: gzexe.patch
|
Patch2: gzexe.patch
|
||||||
Patch3: ibm.patch
|
Patch3: ibm.patch
|
||||||
|
# http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=be0c5581e38332b2ffa8a4cf92076cfde02872b4
|
||||||
Patch4: ibm2.patch
|
Patch4: ibm2.patch
|
||||||
Patch5: ibm4.patch
|
# https://lists.gnu.org/archive/html/bug-gzip/2019-06/msg00000.html
|
||||||
Patch6: dfltcc-segfault.patch
|
#Patch5: ibm3.patch
|
||||||
Patch7: ibm5.patch
|
# https://lists.gnu.org/archive/html/bug-gzip/2019-07/msg00000.html
|
||||||
|
Patch6: ibm4.patch
|
||||||
|
Patch7: dfltcc-segfault.patch
|
||||||
|
Patch8: ibm5.patch
|
||||||
|
|
||||||
|
Patch9: cve-2022-1271-part1.patch
|
||||||
|
Patch10: cve-2022-1271-part2.patch
|
||||||
|
Patch11: cve-2022-1271-part3.patch
|
||||||
|
|
||||||
# Fixed in upstream code.
|
# Fixed in upstream code.
|
||||||
# http://thread.gmane.org/gmane.comp.gnu.gzip.bugs/378
|
# http://thread.gmane.org/gmane.comp.gnu.gzip.bugs/378
|
||||||
@ -25,9 +34,9 @@ URL: http://www.gzip.org/
|
|||||||
# Requires should not be added for gzip wrappers (eg. zdiff, zgrep,
|
# Requires should not be added for gzip wrappers (eg. zdiff, zgrep,
|
||||||
# zless) of another tools, because gzip "extends" the tools by its
|
# zless) of another tools, because gzip "extends" the tools by its
|
||||||
# wrappers much more than it "requires" them.
|
# wrappers much more than it "requires" them.
|
||||||
Requires: coreutils
|
Requires: /sbin/install-info
|
||||||
|
Requires: coreutils
|
||||||
BuildRequires: texinfo, gcc, autoconf, automake, less
|
BuildRequires: texinfo, gcc, autoconf, automake, less
|
||||||
BuildRequires: make
|
|
||||||
Conflicts: filesystem < 3
|
Conflicts: filesystem < 3
|
||||||
Provides: /bin/gunzip
|
Provides: /bin/gunzip
|
||||||
Provides: /bin/gzip
|
Provides: /bin/gzip
|
||||||
@ -45,13 +54,17 @@ very commonly used data compression program.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
#%patch1 -p1 -b .gnulib
|
%patch1 -p1 -b .gnulib
|
||||||
%patch2 -p1 -b .gzexe
|
%patch2 -p1 -b .gzexe
|
||||||
%patch3 -p1
|
%patch3 -p1 -b .ibm
|
||||||
%patch4 -p1
|
%patch4 -p1 -b .ibm2
|
||||||
%patch5 -p1
|
#%patch5 -p1 -b .ibm3
|
||||||
%patch6 -p1
|
%patch6 -p1 -b .ibm4
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
|
%patch8 -p1
|
||||||
|
%patch9 -p1
|
||||||
|
%patch10 -p1
|
||||||
|
%patch11 -p1
|
||||||
cp %{SOURCE1} .
|
cp %{SOURCE1} .
|
||||||
autoreconf
|
autoreconf
|
||||||
|
|
||||||
@ -90,7 +103,20 @@ mkdir -p %{buildroot}%{profiledir}
|
|||||||
install -p -m 644 %{SOURCE100} %{buildroot}%{profiledir}
|
install -p -m 644 %{SOURCE100} %{buildroot}%{profiledir}
|
||||||
install -p -m 644 %{SOURCE101} %{buildroot}%{profiledir}
|
install -p -m 644 %{SOURCE101} %{buildroot}%{profiledir}
|
||||||
|
|
||||||
|
%post
|
||||||
|
if [ -f %{_infodir}/gzip.info* ]; then
|
||||||
|
/sbin/install-info %{_infodir}/gzip.info.gz %{_infodir}/dir || :
|
||||||
|
fi
|
||||||
|
|
||||||
|
%preun
|
||||||
|
if [ $1 = 0 ]; then
|
||||||
|
if [ -f %{_infodir}/gzip.info* ]; then
|
||||||
|
/sbin/install-info --delete %{_infodir}/gzip.info.gz %{_infodir}/dir || :
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
%files
|
%files
|
||||||
|
%defattr(-,root,root)
|
||||||
%doc NEWS README AUTHORS ChangeLog THANKS TODO
|
%doc NEWS README AUTHORS ChangeLog THANKS TODO
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
%license COPYING fdl-1.3.txt
|
%license COPYING fdl-1.3.txt
|
||||||
@ -100,58 +126,48 @@ install -p -m 644 %{SOURCE101} %{buildroot}%{profiledir}
|
|||||||
%{profiledir}/*
|
%{profiledir}/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.10-8
|
* Tue Apr 19 2022 Jakub Martisko <jamartis@redhat.com> - 1.9-13
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- fix an arbitrary-file-write vulnerability in zgrep
|
||||||
Related: rhbz#1991688
|
Resolves: CVE-2022-1271
|
||||||
|
|
||||||
* Fri Jul 30 2021 Jakub Martisko <jamartis@redhat.com> - 1.10-7
|
* Thu Jan 07 2021 Jakub Martisko <jamartis@redhat.com> - 1.9-12
|
||||||
- Add the ibm patches dealing with s390x optimizations
|
- Fix a test failure introduced by 1.9-10
|
||||||
Resolves: rhbz#1986357
|
Related: 1883204
|
||||||
|
|
||||||
* Fri Jul 30 2021 Jakub Martisko <jamartis@redhat.com> - 1.10-6
|
* Thu Oct 22 2020 Jakub Martisko <jamartis@redhat.com> - 1.9-11
|
||||||
- Add gating tests
|
- Enable HW optimizations for modes 1-6 on s390x
|
||||||
Resolves: rhbz#1986357
|
Resolves: 1847436
|
||||||
|
|
||||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.10-5
|
* Thu Oct 22 2020 Jakub Martisko <jamartis@redhat.com> - 1.9-10
|
||||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
- Fix a segfault on some s390x machines when compressing multiple files
|
||||||
|
Resolves: 1883204
|
||||||
|
|
||||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.10-4
|
* Mon Jul 15 2019 Jakub Martisko <jamartis@redhat.com> - 1.9-9
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
- Another fix for the s390 patch
|
||||||
|
Related: 1730332
|
||||||
|
|
||||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10-3
|
* Mon May 06 2019 Jakub Martisko <jamartis@redhat.com> - 1.9-8
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
- Apply fixes to the previous patch
|
||||||
|
Resolves: 1659434
|
||||||
|
|
||||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10-2
|
* Mon May 06 2019 Jakub Martisko <jamartis@redhat.com> - 1.9-7
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
- Apply the IBM s390x optimization patch
|
||||||
|
Resolves: 1659434
|
||||||
|
|
||||||
* Fri Aug 09 2019 Jakub Martisko <jamartis@redhat.com> - 1.10-1
|
* Mon May 06 2019 Jakub Martisko <jamartis@redhat.com> - 1.9-6
|
||||||
- Rebase to 1.10
|
- Release bump for gating rebuild
|
||||||
|
Related: 1681027
|
||||||
|
|
||||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9-10
|
* Thu May 02 2019 Jakub Martisko <jamartis@redhat.com> - 1.9-5
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Mar 26 2019 Jakub Martisko <jamartis@redhat.com> - 1.9-9
|
|
||||||
- Fix wrong skip size in gzexe
|
- Fix wrong skip size in gzexe
|
||||||
- Add new test dealing with the ^^ (needs autoreconf)
|
- Add new test dealing with the ^^ (needs autoreconf)
|
||||||
- Enable make check (needs less)
|
- Enable make check (needs less)
|
||||||
Related: 1690825
|
Resolves: 1705413
|
||||||
|
|
||||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9-8
|
* Tue Aug 07 2018 Jakub Martisko <jamartis@redhat.com> - 1.9-4
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
- Fix FTBFS bug (gnulib problems)
|
||||||
|
- more details: https://lists.gnu.org/r/bug-gnulib/2018-03/msg00000.html
|
||||||
* Thu Jul 26 2018 Jakub Martisko <jamartis@redhat.com> - 1.9-7
|
Resolves 1611722
|
||||||
- Fix FTBFS bug (gnulib problems)
|
|
||||||
- more details: https://lists.gnu.org/r/bug-gnulib/2018-03/msg00000.html
|
|
||||||
Resolves 1604303
|
|
||||||
|
|
||||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.9-6
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu Mar 01 2018 Jakub Martisko <jamartis@redhat.com> - 1.9-5
|
|
||||||
- Fix previous commit (gcc was added to requires instead of buildrequires)
|
|
||||||
|
|
||||||
* Thu Mar 01 2018 Jakub Martisko <jamartis@redhat.com> - 1.9-4
|
|
||||||
- Add gcc to buildrequires
|
|
||||||
|
|
||||||
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.9-3
|
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.9-3
|
||||||
- Escape macros in %%changelog
|
- Escape macros in %%changelog
|
||||||
|
Loading…
Reference in New Issue
Block a user