Changed security fix for OpenPKG-SA-2005.009-gzip.html. The previous version caused gzip to always put the results in the current directory.

openpkg/HISTORY

@@ -2,6 +2,7 @@
 2005
 ====
 
+20050624 "better" patch for GNU gzip, OpenPKG-SA-2005.009 (CAN-2005-1228)
 20050722 Upgraded to Zlib 1.2.3
 20050706 Fixed zlib security issue (OpenPKG-SA-2005.013, CAN-2005-2096)
 20050706 upgrade to latest version 20050606 of GNU config.* scripts

openpkg/gzip.c

@@ -6,27 +6,21 @@
  * where patch(1) is not available, such as the bootstrap phase
  * of an OpenPKG installation.
  *
- *   Michael Schloh von Bennewitz <michael@schloh.com>
- *
  * Patch taken from Debian:
- *   http://bugs.debian.org/cgi-bin/bugreport.cgi/gzip.dirtraversal.patch?bug=305255&msg=3&att=2
- *
- * Index: gzip.c
- * diff -Nau gzip.c.orig gzip.c
- * --- gzip.c.orig	2002-09-28 09:38:43 +0200
- * +++ gzip.c	2005-06-09 13:42:12 +0200
- * @@ -927,6 +927,10 @@
- *  	}
- *  	** Create the output file **
- *  	remove_ofname = 1;
- * +	char *baseout;
- * +	baseout = base_name(ofname);
- * +	strncpy(ofname, baseout, sizeof(ofname));
- * +	ofname[sizeof(ofname) - 1] = '\0';
- *  	ofd = OPEN(ofname, flags, RW_USER);
- *  	if (ofd == -1) {
- *  	    progerror(ofname);
+ *   http://bugs.debian.org/cgi-bin/bugreport.cgi/gzip.dirtraversal_better.patch?bug=305255&msg=12&att=1
  *
+ * --- gzip.c.old  2005-04-28 01:45:23.405819616 +0200
+ * +++ gzip.c      2005-04-28 02:10:35.386963544 +0200
+ * @@ -1330,6 +1330,8 @@ local int get_method(in)
+ *                         error("corrupted input -- file name too large");
+ *                     }
+ *                 }
+ * +               char *base2 = base_name (base);
+ * +               strcpy(base, base2);
+ *                  / * If necessary, adapt the name to local OS conventions:* /
+ *                  if (!list) {
+ *                     MAKE_LEGAL_NAME(base);
+ * 
 */
 
 /* gzip (GNU zip) -- compress files with zip algorithm and 'compress' interface
@@ -69,7 +63,7 @@ static char  *license_msg[] = {
  */
 
 #ifdef RCSID
-static char rcsid[] = "$Id: gzip.c,v 1.2 2005/06/10 15:25:22 rse Exp $";
+static char rcsid[] = "$Id: gzip.c,v 1.3 2005/07/24 18:10:51 mk Exp $";
 #endif
 
 #include <config.h>
@@ -236,7 +230,7 @@ typedef RETSIGTYPE (*sig_type) OF((int));
 DECLARE(uch, inbuf,  INBUFSIZ +INBUF_EXTRA);
 DECLARE(uch, outbuf, OUTBUFSIZ+OUTBUF_EXTRA);
 DECLARE(ush, d_buf,  DIST_BUFSIZE);
-DECLARE(uch, window, 2L*WSIZE);
+DECLARE(uch, window, 2L*WSIZE + 4096); /* enlarge to avoid crashs due to peeking beyond the buffer end */
 #ifndef MAXSEG_64K
     DECLARE(ush, tab_prefix, 1L<<BITS);
 #else
@@ -946,7 +940,6 @@ local int create_outfile()
 {
     struct stat	ostat; /* stat for ofname */
     int flags = O_WRONLY | O_CREAT | O_EXCL | O_BINARY;
-    char *baseout;
 
     if (ascii && decompress) {
 	flags &= ~O_BINARY; /* force ascii text mode */
@@ -959,9 +952,6 @@ local int create_outfile()
 	}
 	/* Create the output file */
 	remove_ofname = 1;
-	baseout = base_name(ofname);
-	strncpy(ofname, baseout, sizeof(ofname));
-	ofname[sizeof(ofname) - 1] = '\0';
 	ofd = OPEN(ofname, flags, RW_USER);
 	if (ofd == -1) {
 	    progerror(ofname);
@@ -1260,6 +1250,7 @@ local int get_method(in)
     char magic[2]; /* magic header */
     int imagic1;   /* like magic[1], but can represent EOF */
     ulg stamp;     /* time stamp */
+    char *base2;
 
     /* If --force and --stdout, zcat == cat, so do not complain about
      * premature end of file: use try_byte instead of get_byte.
@@ -1359,6 +1350,8 @@ local int get_method(in)
 			error("corrupted input -- file name too large");
 		    }
 		}
+                base2 = base_name (base);
+                strcpy(base, base2);
                 /* If necessary, adapt the name to local OS conventions: */
                 if (!list) {
                    MAKE_LEGAL_NAME(base);

openpkg/openpkg.spec

@@ -38,7 +38,7 @@
 #   o any cc(1)
 
 #   the package version/release
-%define       V_openpkg  20050722
+%define       V_openpkg  20050724
 
 #   the used software versions
 %define       V_rpm      4.2.1