From 902e30139f5636288ecafa3ad0dcd903a9b33919 Mon Sep 17 00:00:00 2001 From: Automatic Build System Date: Fri, 5 Jan 2024 23:37:10 +0100 Subject: [PATCH] automatic version update by autodist [release 1.6-1mamba;Mon Jun 10 2013] --- README.md | 3 + gzip-1.2.4-zforce.patch | 11 +++ gzip-1.3.12-can_2004_0970.patch | 42 +++++++++ gzip-1.3.12-cve_2006_4335.patch | 17 ++++ gzip-1.3.12-cve_2006_4336.patch | 21 +++++ gzip-1.3.12-cve_2006_4337.patch | 129 +++++++++++++++++++++++++++ gzip-1.3.12-cve_2006_4338.patch | 30 +++++++ gzip-1.3.12-stderr.patch | 36 ++++++++ gzip-1.3.12-window-size.patch | 12 +++ gzip-1.3.12-zgreppipe.patch | 20 +++++ gzip-1.3.9-addsuffix.patch | 19 ++++ gzip.spec | 153 ++++++++++++++++++++++++++++++++ 12 files changed, 493 insertions(+) create mode 100644 gzip-1.2.4-zforce.patch create mode 100644 gzip-1.3.12-can_2004_0970.patch create mode 100644 gzip-1.3.12-cve_2006_4335.patch create mode 100644 gzip-1.3.12-cve_2006_4336.patch create mode 100644 gzip-1.3.12-cve_2006_4337.patch create mode 100644 gzip-1.3.12-cve_2006_4338.patch create mode 100644 gzip-1.3.12-stderr.patch create mode 100644 gzip-1.3.12-window-size.patch create mode 100644 gzip-1.3.12-zgreppipe.patch create mode 100644 gzip-1.3.9-addsuffix.patch create mode 100644 gzip.spec diff --git a/README.md b/README.md index 2153819..c113a99 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,5 @@ # gzip +The gzip package contains the popular GNU gzip data compression program. +Gzipped files have a .gz extension. + diff --git a/gzip-1.2.4-zforce.patch b/gzip-1.2.4-zforce.patch new file mode 100644 index 0000000..12488b0 --- /dev/null +++ b/gzip-1.2.4-zforce.patch @@ -0,0 +1,11 @@ +--- gzip-1.2.4/zforce.in.sopwith Thu Feb 3 18:06:30 2000 ++++ gzip-1.2.4/zforce.in Thu Feb 3 18:07:37 2000 +@@ -25,7 +25,7 @@ + test `expr "$i" : '.*[.-]gz$'` -eq 0 || continue + test `expr "$i" : '.*[.]t[ag]z$'` -eq 0 || continue + +- if gzip -lv < "$i" 2>/dev/null | grep '^defl' > /dev/null; then ++ if gzip -l < "$i" 2>/dev/null | grep '^compressed' > /dev/null; then + + if test `expr "$i" : '^............'` -eq 12; then + new=`expr "$i" : '\(.*\)...$`.gz diff --git a/gzip-1.3.12-can_2004_0970.patch b/gzip-1.3.12-can_2004_0970.patch new file mode 100644 index 0000000..701c005 --- /dev/null +++ b/gzip-1.3.12-can_2004_0970.patch @@ -0,0 +1,42 @@ +--- gzip-1.3.12/znew.in 2007-03-30 00:38:48.000000000 +0200 ++++ gzip-1.3.12-fix/znew.in 2007-04-18 21:44:01.000000000 +0200 +@@ -55,28 +55,24 @@ + # block is the disk block size (best guess, need not be exact) + + warn="(does not preserve modes and timestamp)" +-tmp=${TMPDIR-/tmp}/zfoo.$$ +-set -C +-echo hi > $tmp || exit +-if test -z "`(${CPMOD-cpmod} $tmp $tmp) 2>&1`"; then +- cpmod=${CPMOD-cpmod} ++cpmod= ++cpmodarg= ++if type ${CPMOD:-cpmod} 2>/dev/null; then ++ cpmod=${CPMOD:-cpmod} + warn="" + fi + +-if test -z "$cpmod" && ${TOUCH-touch} -r $tmp $tmp 2>/dev/null; then +- cpmod="${TOUCH-touch}" ++if test -z "$cpmod"; then ++ cpmod="${TOUCH:-touch}" + cpmodarg="-r" + warn="(does not preserve file modes)" + fi + +-# check if GZIP env. variable uses -S or --suffix +-gzip -q $tmp +-ext=`echo $tmp* | sed "s|$tmp||"` +-rm -f $tmp* +-if test -z "$ext"; then +- echo znew: error determining gzip extension +- exit 1 +-fi ++case "$GZIP" in ++ *-S*) ext=`echo "$GZIP" | sed 's/^.*-S[[:space:]]*\([^[:space:]]*\).*$/\1/'`;; ++ *-suffix*) ext=`echo "$GZIP" | sed 's/^.*--suffix=\([^[:space:]]*\).*$/\1/'`;; ++ *) ext='.gz';; ++esac + if test "$ext" = ".Z"; then + echo znew: cannot use .Z as gzip extension. + exit 1 diff --git a/gzip-1.3.12-cve_2006_4335.patch b/gzip-1.3.12-cve_2006_4335.patch new file mode 100644 index 0000000..70212be --- /dev/null +++ b/gzip-1.3.12-cve_2006_4335.patch @@ -0,0 +1,17 @@ +diff -pur gzip-1.3.12/unlzh.c gzip-1.3.12-fix/unlzh.c +--- gzip-1.3.12/unlzh.c 2007-04-18 23:14:42.000000000 +0200 ++++ gzip-1.3.12-fix/unlzh.c 2007-04-18 23:17:34.000000000 +0200 +@@ -145,8 +145,11 @@ local void make_table(nchar, bitlen, tab + unsigned i, k, len, ch, jutbits, avail, nextcode, mask; + + for (i = 1; i <= 16; i++) count[i] = 0; +- for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++; +- ++ for (i = 0; i < (unsigned)nchar; i++) { ++ if (bitlen[i] > 16) ++ gzip_error("Bad table (case a)\n"); ++ else count[bitlen[i]]++; ++ } + start[1] = 0; + for (i = 1; i <= 16; i++) + start[i + 1] = start[i] + (count[i] << (16 - i)); diff --git a/gzip-1.3.12-cve_2006_4336.patch b/gzip-1.3.12-cve_2006_4336.patch new file mode 100644 index 0000000..37a678a --- /dev/null +++ b/gzip-1.3.12-cve_2006_4336.patch @@ -0,0 +1,21 @@ +diff -ru gzip-1.3.12/unpack.c gzip-1.3.12-fix/unpack.c +--- gzip-1.3.12/unpack.c 2006-11-20 09:40:34.000000000 +0100 ++++ gzip-1.3.12-fix/unpack.c 2007-04-18 22:06:50.000000000 +0200 +@@ -150,7 +150,7 @@ + /* Remember where the literals of this length start in literal[] : */ + lit_base[len] = base; + /* And read the literals: */ +- for (n = leaves[len]; n > 0; n--) { ++ for (n = leaves[len]; n > 0 && base < LITERALS; n--) { + literal[base++] = (uch)get_byte(); + } + } +@@ -186,7 +186,7 @@ + prefixp = &prefix_len[1< prefix_len) *--prefixp = (uch)len; + } + /* The length of all other codes is unknown: */ + while (prefixp > prefix_len) *--prefixp = 0; diff --git a/gzip-1.3.12-cve_2006_4337.patch b/gzip-1.3.12-cve_2006_4337.patch new file mode 100644 index 0000000..0bb4309 --- /dev/null +++ b/gzip-1.3.12-cve_2006_4337.patch @@ -0,0 +1,129 @@ +diff -ru gzip-1.3.12/gzip.h gzip-1.3.12-fix/gzip.h +--- gzip-1.3.12/gzip.h 2007-03-20 06:09:51.000000000 +0100 ++++ gzip-1.3.12-fix/gzip.h 2007-04-18 22:16:43.000000000 +0200 +@@ -226,6 +226,8 @@ + #define get_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(0)) + #define try_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(1)) + ++#define MIN(a,b) ((a) <= (b) ? (a) : (b)) ++ + /* put_byte is used for the compressed output, put_ubyte for the + * uncompressed output. However unlzw() uses window for its + * suffix table instead of its output buffer, so it does not use put_ubyte +diff -ru gzip-1.3.12/unlzh.c gzip-1.3.12-fix/unlzh.c +--- gzip-1.3.12/unlzh.c 2007-04-18 22:08:04.000000000 +0200 ++++ gzip-1.3.12-fix/unlzh.c 2007-04-18 22:16:12.000000000 +0200 +@@ -153,8 +153,8 @@ + start[1] = 0; + for (i = 1; i <= 16; i++) + start[i + 1] = start[i] + (count[i] << (16 - i)); +- if ((start[17] & 0xffff) != 0) +- gzip_error ("Bad table\n"); ++ if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */ ++ gzip_error ("Bad table (case b)\n"); + + jutbits = 16 - tablebits; + for (i = 1; i <= (unsigned)tablebits; i++) { +@@ -168,15 +168,15 @@ + + i = start[tablebits + 1] >> jutbits; + if (i != 0) { +- k = 1 << tablebits; +- while (i != k) table[i++] = 0; ++ k = MIN(1 << tablebits, DIST_BUFSIZE); ++ while (i < k) table[i++] = 0; + } + + avail = nchar; + mask = (unsigned) 1 << (15 - tablebits); + for (ch = 0; ch < (unsigned)nchar; ch++) { + if ((len = bitlen[ch]) == 0) continue; +- nextcode = start[len] + weight[len]; ++ nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE); + if (len <= (unsigned)tablebits) { + if ((unsigned) 1 << tablebits < nextcode) + gzip_error ("Bad table\n"); +@@ -196,7 +196,7 @@ + } + *p = ch; + } +- start[len] = nextcode; ++ start[len] = start[len] + weight[len]; + } + } + +@@ -219,7 +219,7 @@ + for (i = 0; i < 256; i++) pt_table[i] = c; + } else { + i = 0; +- while (i < n) { ++ while (i < MIN(n,NPT)) { + c = bitbuf >> (BITBUFSIZ - 3); + if (c == 7) { + mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3); +@@ -231,7 +231,7 @@ + pt_len[i++] = c; + if (i == i_special) { + c = getbits(2); +- while (--c >= 0) pt_len[i++] = 0; ++ while (--c >= 0 && i < NPT) pt_len[i++] = 0; + } + } + while (i < nn) pt_len[i++] = 0; +@@ -251,7 +251,7 @@ + for (i = 0; i < 4096; i++) c_table[i] = c; + } else { + i = 0; +- while (i < n) { ++ while (i < MIN(n,NC)) { + c = pt_table[bitbuf >> (BITBUFSIZ - 8)]; + if (c >= NT) { + mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8); +@@ -266,7 +266,7 @@ + if (c == 0) c = 1; + else if (c == 1) c = getbits(4) + 3; + else c = getbits(CBIT) + 20; +- while (--c >= 0) c_len[i++] = 0; ++ while (--c >= 0 && i < NC) c_len[i++] = 0; + } else c_len[i++] = c - 2; + } + while (i < NC) c_len[i++] = 0; +@@ -359,7 +359,7 @@ + while (--j >= 0) { + buffer[r] = buffer[i]; + i = (i + 1) & (DICSIZ - 1); +- if (++r == count) return r; ++ if (++r >= count) return r; + } + for ( ; ; ) { + c = decode_c(); +@@ -369,14 +369,14 @@ + } + if (c <= UCHAR_MAX) { + buffer[r] = c; +- if (++r == count) return r; ++ if (++r >= count) return r; + } else { + j = c - (UCHAR_MAX + 1 - THRESHOLD); + i = (r - decode_p() - 1) & (DICSIZ - 1); + while (--j >= 0) { + buffer[r] = buffer[i]; + i = (i + 1) & (DICSIZ - 1); +- if (++r == count) return r; ++ if (++r >= count) return r; + } + } + } +diff -ru gzip-1.3.12/unpack.c gzip-1.3.12-fix/unpack.c +--- gzip-1.3.12/unpack.c 2007-04-18 22:08:04.000000000 +0200 ++++ gzip-1.3.12-fix/unpack.c 2007-04-18 22:17:06.000000000 +0200 +@@ -26,9 +26,6 @@ + #include "gzip.h" + #include "crypt.h" + +-#define MIN(a,b) ((a) <= (b) ? (a) : (b)) +-/* The arguments must not have side effects. */ +- + #define MAX_BITLEN 25 + /* Maximum length of Huffman codes. (Minor modifications to the code + * would be needed to support 32 bits codes, but pack never generates diff --git a/gzip-1.3.12-cve_2006_4338.patch b/gzip-1.3.12-cve_2006_4338.patch new file mode 100644 index 0000000..19bb75c --- /dev/null +++ b/gzip-1.3.12-cve_2006_4338.patch @@ -0,0 +1,30 @@ +diff -ru gzip-1.3.12/unlzh.c gzip-1.3.12-fix/unlzh.c +--- gzip-1.3.12/unlzh.c 2007-04-18 22:19:06.000000000 +0200 ++++ gzip-1.3.12-fix/unlzh.c 2007-04-18 22:20:42.000000000 +0200 +@@ -259,7 +259,7 @@ + if (bitbuf & mask) c = right[c]; + else c = left [c]; + mask >>= 1; +- } while (c >= NT); ++ } while (c >= NT && (mask || c != left[c])); + } + fillbuf((int) pt_len[c]); + if (c <= 2) { +@@ -295,7 +295,7 @@ + if (bitbuf & mask) j = right[j]; + else j = left [j]; + mask >>= 1; +- } while (j >= NC); ++ } while (j >= NC && (mask || j != left[j])); + } + fillbuf((int) c_len[j]); + return j; +@@ -312,7 +312,7 @@ + if (bitbuf & mask) j = right[j]; + else j = left [j]; + mask >>= 1; +- } while (j >= NP); ++ } while (j >= NP && (mask || j != left[j])); + } + fillbuf((int) pt_len[j]); + if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1)); diff --git a/gzip-1.3.12-stderr.patch b/gzip-1.3.12-stderr.patch new file mode 100644 index 0000000..7842a1d --- /dev/null +++ b/gzip-1.3.12-stderr.patch @@ -0,0 +1,36 @@ +diff -ru gzip-1.3.12/zforce.in gzip-1.3.12-fix/zforce.in +--- gzip-1.3.12/zforce.in 2007-04-18 21:51:20.000000000 +0200 ++++ gzip-1.3.12-fix/zforce.in 2007-04-18 21:54:01.000000000 +0200 +@@ -40,7 +40,7 @@ + Report bugs to ." + + if test $# = 0; then +- echo "$usage" ++ echo "$usage" 1>&2 + exit 1 + fi + +diff -ru gzip-1.3.12/zmore.in gzip-1.3.12-fix/zmore.in +--- gzip-1.3.12/zmore.in 2007-04-18 21:51:20.000000000 +0200 ++++ gzip-1.3.12-fix/zmore.in 2007-04-18 21:56:58.000000000 +0200 +@@ -53,7 +53,7 @@ + + if test $# = 0; then + if test -t 0; then +- echo "$usage" ++ echo "$usage" 1>&2 + else + gzip -cdfq | eval ${PAGER-more} + fi +diff -ru gzip-1.3.12/znew.in gzip-1.3.12-fix/znew.in +--- gzip-1.3.12/znew.in 2007-04-18 21:51:20.000000000 +0200 ++++ gzip-1.3.12-fix/znew.in 2007-04-18 21:57:19.000000000 +0200 +@@ -89,7 +89,7 @@ + done + + if test $# -eq 0; then +- echo "$usage" ++ echo "$usage" 1>&2 + exit 1 + fi + diff --git a/gzip-1.3.12-window-size.patch b/gzip-1.3.12-window-size.patch new file mode 100644 index 0000000..025c10b --- /dev/null +++ b/gzip-1.3.12-window-size.patch @@ -0,0 +1,12 @@ +diff -ru gzip-1.3.12/gzip.c gzip-1.3.12-fix/gzip.c +--- gzip-1.3.12/gzip.c 2007-03-20 06:09:51.000000000 +0100 ++++ gzip-1.3.12-fix/gzip.c 2007-04-18 22:40:11.000000000 +0200 +@@ -170,7 +170,7 @@ + DECLARE(uch, inbuf, INBUFSIZ +INBUF_EXTRA); + DECLARE(uch, outbuf, OUTBUFSIZ+OUTBUF_EXTRA); + DECLARE(ush, d_buf, DIST_BUFSIZE); +-DECLARE(uch, window, 2L*WSIZE); ++DECLARE(uch, window, 2L*WSIZE + 4096); + #ifndef MAXSEG_64K + DECLARE(ush, tab_prefix, 1L<&1 + res=0 + ++trap break SIGPIPE + for i + do + # Fail if gzip or grep (or sed) fails. +@@ -184,5 +185,8 @@ + r=$? + test "$gzip_status" -eq 0 || test "$gzip_status" -eq 2 || r=2 + test $res -lt $r && res=$r ++ # SIGPIPE + 128 ++ test "$r" -eq 141 && exit $res + done ++trap - SIGPIPE + exit $res diff --git a/gzip-1.3.9-addsuffix.patch b/gzip-1.3.9-addsuffix.patch new file mode 100644 index 0000000..d452916 --- /dev/null +++ b/gzip-1.3.9-addsuffix.patch @@ -0,0 +1,19 @@ +--- gzip-1.3.9/zmore.in 2006-12-09 05:25:56.000000000 +0100 ++++ gzip-1.3.9/zmore.in.addsuffix 2006-12-18 10:36:45.000000000 +0100 +@@ -66,7 +66,7 @@ + --v*) exec echo "$version";; + esac + +- < "$FILE" || continue ++ if test -e $FILE || test -e $FILE.gz; then + if test $FIRST -eq 0; then + echo $n1 "--More--(Next file: $FILE)$n2" + stty $cb -echo 2>/dev/null +@@ -84,5 +84,7 @@ + if test -t 1; then + FIRST=0 + fi ++ else < $FILE ++ fi + done + fi diff --git a/gzip.spec b/gzip.spec new file mode 100644 index 0000000..a3ee507 --- /dev/null +++ b/gzip.spec @@ -0,0 +1,153 @@ +Name: gzip +Version: 1.6 +Release: 1mamba +Summary: The GNU data compression program +Group: Applications/Archiving +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://www.gzip.org/ +Source: ftp://ftp.gnu.org/gnu/gzip/gzip-%{version}.tar.gz +Patch0: %{name}-1.2.4-zforce.patch +Patch1: %{name}-1.3.12-can_2004_0970.patch +Patch2: %{name}-1.3.12-zgreppipe.patch +Patch3: %{name}-1.3.9-addsuffix.patch +Patch4: %{name}-1.3.12-stderr.patch +Patch5: %{name}-1.3.12-cve_2006_4335.patch +Patch6: %{name}-1.3.12-cve_2006_4336.patch +Patch7: %{name}-1.3.12-cve_2006_4337.patch +Patch8: %{name}-1.3.12-cve_2006_4338.patch +Patch9: %{name}-1.3.12-window-size.patch +License: GPL +Requires(post):%{__install_info} +BuildRoot: %{_tmppath}/%{name}-%{version}-root + +%description +The gzip package contains the popular GNU gzip data compression program. +Gzipped files have a .gz extension. + +%prep +%setup -q +%patch0 -p1 -b .zforce +%patch1 -p1 -b .can_2004_0970 +%patch2 -p1 -b .zgreppipe +#%patch3 -p1 -b .addsuffix +#%patch4 -p1 -b .stderr +%patch5 -p1 -b .cve_2006_4335 +#%patch6 -p1 -b .cve_2006_4336 +#%patch7 -p1 -b .cve_2006_4337 +#%patch8 -p1 -b .cve_2006_4337 +%patch9 -p1 -b .window_size + +%build +export DEFS="NO_ASM" +%configure --bindir=/bin +%make + +%install +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" +%makeinstall bindir=/bin + +# uncompress is a part of ncompress package +rm -f %{buildroot}/bin/uncompress + +# create symlink needed by some broken rpms +install -d %{buildroot}%{_bindir} +ln -sf /bin/gzip %{buildroot}%{_bindir}/gzip + +%clean +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%post +%install_info gzip.info +exit 0 + +%preun +%uninstall_info gzip.info +exit 0 + +%files +%defattr(-,root,root) +/bin/gunzip +/bin/gzexe +/bin/gzip +/bin/zcat +/bin/zcmp +/bin/zdiff +/bin/zegrep +/bin/zfgrep +/bin/zforce +/bin/zgrep +/bin/zless +/bin/zmore +/bin/znew +%{_bindir}/gzip +%{_infodir}/gzip.* +%{_mandir}/man1/gunzip.* +%{_mandir}/man1/gzexe.* +%{_mandir}/man1/gzip.* +%{_mandir}/man1/zcat.* +%{_mandir}/man1/zcmp.* +%{_mandir}/man1/zdiff.* +%{_mandir}/man1/zforce.* +%{_mandir}/man1/zgrep.* +%{_mandir}/man1/zless.* +%{_mandir}/man1/zmore.* +%{_mandir}/man1/znew.* +%doc AUTHORS COPYING NEWS README THANKS TODO + +%changelog +* Mon Jun 10 2013 Automatic Build System 1.6-1mamba +- automatic version update by autodist + +* Wed Jun 20 2012 Automatic Build System 1.5-1mamba +- automatic version update by autodist + +* Thu Jan 21 2010 Automatic Build System 1.4-1mamba +- automatic update to 1.4 by autodist + +* Thu Nov 19 2009 Davide Madrisan 1.3.13-2mamba +- create the %{_bindir}/gzip symlink to /bin/gzip needed by some broken third-party rpm + +* Tue Oct 06 2009 Automatic Build System 1.3.13-1mamba +- automatic update to 1.3.13 by autodist + +* Wed Apr 18 2007 Davide Madrisan 1.3.12-1mamba +- update to version 1.3.12 by autospec +- update patch#2 and patch#4 +- update patch against vulnerability CVE-2004-0970 (partially fixed upstream) +- security fix against CVE-2006-4335 (buffer overflow) +- security fix against CVE-2006-4336 (buffer underflow) +- security fix against CVE-2006-4337 (buffer overflow) +- security fix against CVE-2006-4338 (infinite loop) + +* Mon Dec 18 2006 Davide Madrisan 1.3.9-1qilnx +- update to version 1.3.9 by autospec +- dropped patch #3 (zgrep-sed.patch): fixed upstream +- updated patches #4,#5 +- dropped patch #7 against CVE-2005-1228: fixed upstream +- dropped patch against CVE-2005-0988: now gzip uses fchown + +* Fri May 06 2005 Davide Madrisan 1.3.5-1qilnx +- update to version 1.3.5 by autospec +- fixed security issues QSA-2005-062 (CAN-2005-0988, CAN-2005-1228) + +* Mon Jan 17 2005 Davide Madrisan 1.2.4a-3qilnx +- fixed path of gunzip and zcat according to FHS 2.3 + +* Thu Nov 11 2004 Davide Madrisan 1.2.4a-2qilnx +- removed compress and uncompress utilities (provided now by ncompress) +- %patch1 modified to remove the buildroot directory from the PATH variables + in all the gzip scripts; added support for DESTDIR in the Makefile +- fixed symlinks to manpages + (were broken because of a bug in the rpm script `rpm-compress') +- security fix: QSA-2004-055 (CAN-2004-0970) + +* Tue Apr 22 2003 Silvan Calarco 1.2.4-4qilnx +- fixed the gunzip symlink + +* Mon Apr 14 2003 Alessandro Ramazzina 1.2.4-3qilnx +- fixed symlink error + +* Mon Apr 07 2003 Alessandro Ramazzina 1.2.4-1qilnx +- creation of gzip package