automatic version update by autodist [release 1.6-1mamba;Mon Jun 10 2013]

README.md

@@ -1,2 +1,5 @@
 # gzip
 
+The gzip package contains the popular GNU gzip data compression program.
+Gzipped files have a .gz extension.
+

gzip-1.2.4-zforce.patch

@@ -0,0 +1,11 @@
+--- gzip-1.2.4/zforce.in.sopwith	Thu Feb  3 18:06:30 2000
++++ gzip-1.2.4/zforce.in	Thu Feb  3 18:07:37 2000
+@@ -25,7 +25,7 @@
+   test `expr "$i" : '.*[.-]gz$'` -eq 0 || continue
+   test `expr "$i" : '.*[.]t[ag]z$'` -eq 0 || continue
+ 
+-  if gzip -lv < "$i" 2>/dev/null | grep '^defl' > /dev/null; then
++  if gzip -l < "$i" 2>/dev/null | grep '^compressed' > /dev/null; then
+ 
+     if test `expr "$i" : '^............'` -eq 12; then
+       new=`expr "$i" : '\(.*\)...$`.gz

gzip-1.3.12-can_2004_0970.patch

@@ -0,0 +1,42 @@
+--- gzip-1.3.12/znew.in	2007-03-30 00:38:48.000000000 +0200
++++ gzip-1.3.12-fix/znew.in	2007-04-18 21:44:01.000000000 +0200
+@@ -55,28 +55,24 @@
+ # block is the disk block size (best guess, need not be exact)
+ 
+ warn="(does not preserve modes and timestamp)"
+-tmp=${TMPDIR-/tmp}/zfoo.$$
+-set -C
+-echo hi > $tmp || exit
+-if test -z "`(${CPMOD-cpmod} $tmp $tmp) 2>&1`"; then
+-  cpmod=${CPMOD-cpmod}
++cpmod=
++cpmodarg=
++if type ${CPMOD:-cpmod} 2>/dev/null; then
++  cpmod=${CPMOD:-cpmod}
+   warn=""
+ fi
+ 
+-if test -z "$cpmod" && ${TOUCH-touch} -r $tmp $tmp 2>/dev/null; then
+-  cpmod="${TOUCH-touch}"
++if test -z "$cpmod"; then
++  cpmod="${TOUCH:-touch}"
+   cpmodarg="-r"
+   warn="(does not preserve file modes)"
+ fi
+ 
+-# check if GZIP env. variable uses -S or --suffix
+-gzip -q $tmp
+-ext=`echo $tmp* | sed "s|$tmp||"`
+-rm -f $tmp*
+-if test -z "$ext"; then
+-  echo znew: error determining gzip extension
+-  exit 1
+-fi
++case "$GZIP" in
++  *-S*) ext=`echo "$GZIP" | sed 's/^.*-S[[:space:]]*\([^[:space:]]*\).*$/\1/'`;;
++  *-suffix*) ext=`echo "$GZIP" | sed 's/^.*--suffix=\([^[:space:]]*\).*$/\1/'`;;
++  *) ext='.gz';;
++esac
+ if test "$ext" = ".Z"; then
+   echo znew: cannot use .Z as gzip extension.
+   exit 1

gzip-1.3.12-cve_2006_4335.patch

@@ -0,0 +1,17 @@
+diff -pur gzip-1.3.12/unlzh.c gzip-1.3.12-fix/unlzh.c
+--- gzip-1.3.12/unlzh.c	2007-04-18 23:14:42.000000000 +0200
++++ gzip-1.3.12-fix/unlzh.c	2007-04-18 23:17:34.000000000 +0200
+@@ -145,8 +145,11 @@ local void make_table(nchar, bitlen, tab
+     unsigned i, k, len, ch, jutbits, avail, nextcode, mask;
+ 
+     for (i = 1; i <= 16; i++) count[i] = 0;
+-    for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++;
+-
++    for (i = 0; i < (unsigned)nchar; i++) {
++        if (bitlen[i] > 16)
++          gzip_error("Bad table (case a)\n");
++        else count[bitlen[i]]++;
++    }
+     start[1] = 0;
+     for (i = 1; i <= 16; i++)
+ 	start[i + 1] = start[i] + (count[i] << (16 - i));

gzip-1.3.12-cve_2006_4336.patch

@@ -0,0 +1,21 @@
+diff -ru gzip-1.3.12/unpack.c gzip-1.3.12-fix/unpack.c
+--- gzip-1.3.12/unpack.c	2006-11-20 09:40:34.000000000 +0100
++++ gzip-1.3.12-fix/unpack.c	2007-04-18 22:06:50.000000000 +0200
+@@ -150,7 +150,7 @@
+ 	/* Remember where the literals of this length start in literal[] : */
+ 	lit_base[len] = base;
+ 	/* And read the literals: */
+-	for (n = leaves[len]; n > 0; n--) {
++	for (n = leaves[len]; n > 0 && base < LITERALS; n--) {
+ 	    literal[base++] = (uch)get_byte();
+ 	}
+     }
+@@ -186,7 +186,7 @@
+     prefixp = &prefix_len[1<<peek_bits];
+     for (len = 1; len <= peek_bits; len++) {
+ 	int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */
+-	while (prefixes--) *--prefixp = (uch)len;
++	while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len;
+     }
+     /* The length of all other codes is unknown: */
+     while (prefixp > prefix_len) *--prefixp = 0;

gzip-1.3.12-cve_2006_4337.patch

@@ -0,0 +1,129 @@
+diff -ru gzip-1.3.12/gzip.h gzip-1.3.12-fix/gzip.h
+--- gzip-1.3.12/gzip.h	2007-03-20 06:09:51.000000000 +0100
++++ gzip-1.3.12-fix/gzip.h	2007-04-18 22:16:43.000000000 +0200
+@@ -226,6 +226,8 @@
+ #define get_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(0))
+ #define try_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(1))
+ 
++#define MIN(a,b) ((a) <= (b) ? (a) : (b))
++
+ /* put_byte is used for the compressed output, put_ubyte for the
+  * uncompressed output. However unlzw() uses window for its
+  * suffix table instead of its output buffer, so it does not use put_ubyte
+diff -ru gzip-1.3.12/unlzh.c gzip-1.3.12-fix/unlzh.c
+--- gzip-1.3.12/unlzh.c	2007-04-18 22:08:04.000000000 +0200
++++ gzip-1.3.12-fix/unlzh.c	2007-04-18 22:16:12.000000000 +0200
+@@ -153,8 +153,8 @@
+     start[1] = 0;
+     for (i = 1; i <= 16; i++)
+ 	start[i + 1] = start[i] + (count[i] << (16 - i));
+-    if ((start[17] & 0xffff) != 0)
+-      gzip_error ("Bad table\n");
++    if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
++      gzip_error ("Bad table (case b)\n");
+ 
+     jutbits = 16 - tablebits;
+     for (i = 1; i <= (unsigned)tablebits; i++) {
+@@ -168,15 +168,15 @@
+ 
+     i = start[tablebits + 1] >> jutbits;
+     if (i != 0) {
+-	k = 1 << tablebits;
+-	while (i != k) table[i++] = 0;
++	k = MIN(1 << tablebits, DIST_BUFSIZE);
++	while (i < k) table[i++] = 0;
+     }
+ 
+     avail = nchar;
+     mask = (unsigned) 1 << (15 - tablebits);
+     for (ch = 0; ch < (unsigned)nchar; ch++) {
+ 	if ((len = bitlen[ch]) == 0) continue;
+-	nextcode = start[len] + weight[len];
++	nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE);
+ 	if (len <= (unsigned)tablebits) {
+ 	    if ((unsigned) 1 << tablebits < nextcode)
+ 	      gzip_error ("Bad table\n");
+@@ -196,7 +196,7 @@
+ 	    }
+ 	    *p = ch;
+ 	}
+-	start[len] = nextcode;
++	start[len] = start[len] + weight[len];
+     }
+ }
+ 
+@@ -219,7 +219,7 @@
+ 	for (i = 0; i < 256; i++) pt_table[i] = c;
+     } else {
+ 	i = 0;
+-	while (i < n) {
++	while (i < MIN(n,NPT)) {
+ 	    c = bitbuf >> (BITBUFSIZ - 3);
+ 	    if (c == 7) {
+ 		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3);
+@@ -231,7 +231,7 @@
+ 	    pt_len[i++] = c;
+ 	    if (i == i_special) {
+ 		c = getbits(2);
+-		while (--c >= 0) pt_len[i++] = 0;
++		while (--c >= 0 && i < NPT) pt_len[i++] = 0;
+ 	    }
+ 	}
+ 	while (i < nn) pt_len[i++] = 0;
+@@ -251,7 +251,7 @@
+ 	for (i = 0; i < 4096; i++) c_table[i] = c;
+     } else {
+ 	i = 0;
+-	while (i < n) {
++	while (i < MIN(n,NC)) {
+ 	    c = pt_table[bitbuf >> (BITBUFSIZ - 8)];
+ 	    if (c >= NT) {
+ 		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8);
+@@ -266,7 +266,7 @@
+ 		if      (c == 0) c = 1;
+ 		else if (c == 1) c = getbits(4) + 3;
+ 		else             c = getbits(CBIT) + 20;
+-		while (--c >= 0) c_len[i++] = 0;
++		while (--c >= 0 && i < NC) c_len[i++] = 0;
+ 	    } else c_len[i++] = c - 2;
+ 	}
+ 	while (i < NC) c_len[i++] = 0;
+@@ -359,7 +359,7 @@
+     while (--j >= 0) {
+ 	buffer[r] = buffer[i];
+ 	i = (i + 1) & (DICSIZ - 1);
+-	if (++r == count) return r;
++	if (++r >= count) return r;
+     }
+     for ( ; ; ) {
+ 	c = decode_c();
+@@ -369,14 +369,14 @@
+ 	}
+ 	if (c <= UCHAR_MAX) {
+ 	    buffer[r] = c;
+-	    if (++r == count) return r;
++	    if (++r >= count) return r;
+ 	} else {
+ 	    j = c - (UCHAR_MAX + 1 - THRESHOLD);
+ 	    i = (r - decode_p() - 1) & (DICSIZ - 1);
+ 	    while (--j >= 0) {
+ 		buffer[r] = buffer[i];
+ 		i = (i + 1) & (DICSIZ - 1);
+-		if (++r == count) return r;
++		if (++r >= count) return r;
+ 	    }
+ 	}
+     }
+diff -ru gzip-1.3.12/unpack.c gzip-1.3.12-fix/unpack.c
+--- gzip-1.3.12/unpack.c	2007-04-18 22:08:04.000000000 +0200
++++ gzip-1.3.12-fix/unpack.c	2007-04-18 22:17:06.000000000 +0200
+@@ -26,9 +26,6 @@
+ #include "gzip.h"
+ #include "crypt.h"
+ 
+-#define MIN(a,b) ((a) <= (b) ? (a) : (b))
+-/* The arguments must not have side effects. */
+-
+ #define MAX_BITLEN 25
+ /* Maximum length of Huffman codes. (Minor modifications to the code
+  * would be needed to support 32 bits codes, but pack never generates

gzip-1.3.12-cve_2006_4338.patch

@@ -0,0 +1,30 @@
+diff -ru gzip-1.3.12/unlzh.c gzip-1.3.12-fix/unlzh.c
+--- gzip-1.3.12/unlzh.c	2007-04-18 22:19:06.000000000 +0200
++++ gzip-1.3.12-fix/unlzh.c	2007-04-18 22:20:42.000000000 +0200
+@@ -259,7 +259,7 @@
+ 		    if (bitbuf & mask) c = right[c];
+ 		    else               c = left [c];
+ 		    mask >>= 1;
+-		} while (c >= NT);
++		} while (c >= NT && (mask || c != left[c]));
+ 	    }
+ 	    fillbuf((int) pt_len[c]);
+ 	    if (c <= 2) {
+@@ -295,7 +295,7 @@
+ 	    if (bitbuf & mask) j = right[j];
+ 	    else               j = left [j];
+ 	    mask >>= 1;
+-	} while (j >= NC);
++	} while (j >= NC && (mask || j != left[j]));
+     }
+     fillbuf((int) c_len[j]);
+     return j;
+@@ -312,7 +312,7 @@
+ 	    if (bitbuf & mask) j = right[j];
+ 	    else               j = left [j];
+ 	    mask >>= 1;
+-	} while (j >= NP);
++	} while (j >= NP && (mask || j != left[j]));
+     }
+     fillbuf((int) pt_len[j]);
+     if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1));

gzip-1.3.12-stderr.patch

@@ -0,0 +1,36 @@
+diff -ru gzip-1.3.12/zforce.in gzip-1.3.12-fix/zforce.in
+--- gzip-1.3.12/zforce.in	2007-04-18 21:51:20.000000000 +0200
++++ gzip-1.3.12-fix/zforce.in	2007-04-18 21:54:01.000000000 +0200
+@@ -40,7 +40,7 @@
+ Report bugs to <bug-gzip@gnu.org>."
+ 
+ if test $# = 0; then
+-  echo "$usage"
++  echo "$usage" 1>&2
+   exit 1
+ fi
+ 
+diff -ru gzip-1.3.12/zmore.in gzip-1.3.12-fix/zmore.in
+--- gzip-1.3.12/zmore.in	2007-04-18 21:51:20.000000000 +0200
++++ gzip-1.3.12-fix/zmore.in	2007-04-18 21:56:58.000000000 +0200
+@@ -53,7 +53,7 @@
+ 
+ if test $# = 0; then
+     if test -t 0; then
+-	echo "$usage"
++	echo "$usage" 1>&2
+     else
+ 	gzip -cdfq | eval ${PAGER-more}
+     fi
+diff -ru gzip-1.3.12/znew.in gzip-1.3.12-fix/znew.in
+--- gzip-1.3.12/znew.in	2007-04-18 21:51:20.000000000 +0200
++++ gzip-1.3.12-fix/znew.in	2007-04-18 21:57:19.000000000 +0200
+@@ -89,7 +89,7 @@
+ done
+ 
+ if test $# -eq 0; then
+-  echo "$usage"
++  echo "$usage" 1>&2
+   exit 1
+ fi
+ 

gzip-1.3.12-window-size.patch

@@ -0,0 +1,12 @@
+diff -ru gzip-1.3.12/gzip.c gzip-1.3.12-fix/gzip.c
+--- gzip-1.3.12/gzip.c	2007-03-20 06:09:51.000000000 +0100
++++ gzip-1.3.12-fix/gzip.c	2007-04-18 22:40:11.000000000 +0200
+@@ -170,7 +170,7 @@
+ DECLARE(uch, inbuf,  INBUFSIZ +INBUF_EXTRA);
+ DECLARE(uch, outbuf, OUTBUFSIZ+OUTBUF_EXTRA);
+ DECLARE(ush, d_buf,  DIST_BUFSIZE);
+-DECLARE(uch, window, 2L*WSIZE);
++DECLARE(uch, window, 2L*WSIZE + 4096);
+ #ifndef MAXSEG_64K
+     DECLARE(ush, tab_prefix, 1L<<BITS);
+ #else

gzip-1.3.12-zgreppipe.patch

@@ -0,0 +1,20 @@
+diff -ru gzip-1.3.12/zgrep.in gzip-1.3.12-fix/zgrep.in
+--- gzip-1.3.12/zgrep.in	2007-02-05 21:54:26.000000000 +0100
++++ gzip-1.3.12-fix/zgrep.in	2007-04-18 22:36:42.000000000 +0200
+@@ -141,6 +141,7 @@
+ exec 3>&1
+ res=0
+ 
++trap break SIGPIPE
+ for i
+ do
+   # Fail if gzip or grep (or sed) fails.
+@@ -184,5 +185,8 @@
+   r=$?
+   test "$gzip_status" -eq 0 || test "$gzip_status" -eq 2 || r=2
+   test $res -lt $r && res=$r
++  # SIGPIPE + 128
++  test "$r" -eq 141 && exit $res
+ done
++trap - SIGPIPE
+ exit $res

gzip-1.3.9-addsuffix.patch

@@ -0,0 +1,19 @@
+--- gzip-1.3.9/zmore.in	2006-12-09 05:25:56.000000000 +0100
++++ gzip-1.3.9/zmore.in.addsuffix	2006-12-18 10:36:45.000000000 +0100
+@@ -66,7 +66,7 @@
+ 	--v*) exec echo "$version";;
+ 	esac
+ 
+-	< "$FILE" || continue
++	if test -e $FILE || test -e $FILE.gz; then
+ 	if test $FIRST -eq 0; then
+ 		echo $n1 "--More--(Next file: $FILE)$n2"
+ 		stty $cb -echo 2>/dev/null
+@@ -84,5 +84,7 @@
+ 	if test -t 1; then
+ 		FIRST=0
+ 	fi
++	else < $FILE
++	fi
+     done
+ fi

gzip.spec

@@ -0,0 +1,153 @@
+Name:          gzip
+Version:       1.6
+Release:       1mamba
+Summary:       The GNU data compression program
+Group:         Applications/Archiving
+Vendor:        openmamba
+Distribution:  openmamba
+Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
+URL:           http://www.gzip.org/
+Source:        ftp://ftp.gnu.org/gnu/gzip/gzip-%{version}.tar.gz
+Patch0:        %{name}-1.2.4-zforce.patch
+Patch1:        %{name}-1.3.12-can_2004_0970.patch
+Patch2:        %{name}-1.3.12-zgreppipe.patch
+Patch3:        %{name}-1.3.9-addsuffix.patch
+Patch4:        %{name}-1.3.12-stderr.patch
+Patch5:        %{name}-1.3.12-cve_2006_4335.patch
+Patch6:        %{name}-1.3.12-cve_2006_4336.patch
+Patch7:        %{name}-1.3.12-cve_2006_4337.patch
+Patch8:        %{name}-1.3.12-cve_2006_4338.patch
+Patch9:        %{name}-1.3.12-window-size.patch
+License:       GPL
+Requires(post):%{__install_info}
+BuildRoot:     %{_tmppath}/%{name}-%{version}-root
+
+%description
+The gzip package contains the popular GNU gzip data compression program.
+Gzipped files have a .gz extension.
+
+%prep
+%setup -q
+%patch0 -p1 -b .zforce
+%patch1 -p1 -b .can_2004_0970
+%patch2 -p1 -b .zgreppipe
+#%patch3 -p1 -b .addsuffix
+#%patch4 -p1 -b .stderr
+%patch5 -p1 -b .cve_2006_4335
+#%patch6 -p1 -b .cve_2006_4336
+#%patch7 -p1 -b .cve_2006_4337
+#%patch8 -p1 -b .cve_2006_4337
+%patch9 -p1 -b .window_size
+
+%build
+export DEFS="NO_ASM"
+%configure --bindir=/bin
+%make
+
+%install
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+%makeinstall bindir=/bin
+
+# uncompress is a part of ncompress package
+rm -f %{buildroot}/bin/uncompress
+
+# create symlink needed by some broken rpms
+install -d %{buildroot}%{_bindir}
+ln -sf /bin/gzip %{buildroot}%{_bindir}/gzip
+
+%clean
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+
+%post
+%install_info gzip.info
+exit 0
+
+%preun
+%uninstall_info gzip.info
+exit 0
+
+%files
+%defattr(-,root,root)
+/bin/gunzip
+/bin/gzexe
+/bin/gzip
+/bin/zcat
+/bin/zcmp
+/bin/zdiff
+/bin/zegrep
+/bin/zfgrep
+/bin/zforce
+/bin/zgrep
+/bin/zless
+/bin/zmore
+/bin/znew
+%{_bindir}/gzip
+%{_infodir}/gzip.*
+%{_mandir}/man1/gunzip.*
+%{_mandir}/man1/gzexe.*
+%{_mandir}/man1/gzip.*
+%{_mandir}/man1/zcat.*
+%{_mandir}/man1/zcmp.*
+%{_mandir}/man1/zdiff.*
+%{_mandir}/man1/zforce.*
+%{_mandir}/man1/zgrep.*
+%{_mandir}/man1/zless.*
+%{_mandir}/man1/zmore.*
+%{_mandir}/man1/znew.*
+%doc AUTHORS COPYING NEWS README THANKS TODO
+
+%changelog
+* Mon Jun 10 2013 Automatic Build System <autodist@mambasoft.it> 1.6-1mamba
+- automatic version update by autodist
+
+* Wed Jun 20 2012 Automatic Build System <autodist@mambasoft.it> 1.5-1mamba
+- automatic version update by autodist
+
+* Thu Jan 21 2010 Automatic Build System <autodist@mambasoft.it> 1.4-1mamba
+- automatic update to 1.4 by autodist
+
+* Thu Nov 19 2009 Davide Madrisan <davide.madrisan@gmail.com> 1.3.13-2mamba
+- create the %{_bindir}/gzip symlink to /bin/gzip needed by some broken third-party rpm
+
+* Tue Oct 06 2009 Automatic Build System <autodist@mambasoft.it> 1.3.13-1mamba
+- automatic update to 1.3.13 by autodist
+
+* Wed Apr 18 2007 Davide Madrisan <davide.madrisan@gmail.com> 1.3.12-1mamba
+- update to version 1.3.12 by autospec
+- update patch#2 and patch#4
+- update patch against vulnerability CVE-2004-0970 (partially fixed upstream)
+- security fix against CVE-2006-4335 (buffer overflow)
+- security fix against CVE-2006-4336 (buffer underflow)
+- security fix against CVE-2006-4337 (buffer overflow)
+- security fix against CVE-2006-4338 (infinite loop)
+
+* Mon Dec 18 2006 Davide Madrisan <davide.madrisan@qilinux.it> 1.3.9-1qilnx
+- update to version 1.3.9 by autospec
+- dropped patch #3 (zgrep-sed.patch): fixed upstream
+- updated patches #4,#5
+- dropped patch #7 against CVE-2005-1228: fixed upstream
+- dropped patch against CVE-2005-0988: now gzip uses fchown
+
+* Fri May 06 2005 Davide Madrisan <davide.madrisan@qilinux.it> 1.3.5-1qilnx
+- update to version 1.3.5 by autospec
+- fixed security issues QSA-2005-062 (CAN-2005-0988, CAN-2005-1228)
+
+* Mon Jan 17 2005 Davide Madrisan <davide.madrisan@qilinux.it> 1.2.4a-3qilnx
+- fixed path of gunzip and zcat according to FHS 2.3
+
+* Thu Nov 11 2004 Davide Madrisan <davide.madrisan@qilinux.it> 1.2.4a-2qilnx
+- removed compress and uncompress utilities (provided now by ncompress)
+- %patch1 modified to remove the buildroot directory from the PATH variables
+  in all the gzip scripts; added support for DESTDIR in the Makefile
+- fixed symlinks to manpages
+  (were broken because of a bug in the rpm script `rpm-compress')
+- security fix: QSA-2004-055 (CAN-2004-0970)
+
+* Tue Apr 22 2003 Silvan Calarco <silvan.calarco@mambasoft.it> 1.2.4-4qilnx
+- fixed the gunzip symlink
+
+* Mon Apr 14 2003 Alessandro Ramazzina <alessandro.ramazzina@qinet.it> 1.2.4-3qilnx
+- fixed symlink error
+
+* Mon Apr 07 2003 Alessandro Ramazzina <alessandro.ramazzina@qinet.it> 1.2.4-1qilnx
+- creation of gzip package