(2007-04-11) Kable-distro
This commit is contained in:
63
base-source/gzip-1.3.5-security_fixes-1.patch
Normal file
63
base-source/gzip-1.3.5-security_fixes-1.patch
Normal file
@@ -0,0 +1,63 @@
|
||||
Submitted By: Matthew Burgess (matthew at linuxfromscratch dot org)
|
||||
Origin: http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.1.diff.gz
|
||||
Date: 2005-05-12
|
||||
Initial package version: 1.3.5
|
||||
Description: Fix two security vulnerabilities in gzip: A path traversal
|
||||
bug when using the -N option (CAN-2005-1228) and a race condition in the
|
||||
file permission restore code (CAN-2005-0998).
|
||||
|
||||
diff -Naur gzip-1.3.5.orig/gzip.c gzip-1.3.5/gzip.c
|
||||
--- gzip-1.3.5.orig/gzip.c 2002-09-28 07:38:43.000000000 +0000
|
||||
+++ gzip-1.3.5/gzip.c 2005-05-12 19:15:14.796031360 +0000
|
||||
@@ -875,8 +875,11 @@
|
||||
}
|
||||
|
||||
close(ifd);
|
||||
- if (!to_stdout && close(ofd)) {
|
||||
- write_error();
|
||||
+ if (!to_stdout) {
|
||||
+ /* Copy modes, times, ownership, and remove the input file */
|
||||
+ copy_stat(&istat);
|
||||
+ if (close(ofd))
|
||||
+ write_error();
|
||||
}
|
||||
if (method == -1) {
|
||||
if (!to_stdout) xunlink (ofname);
|
||||
@@ -896,10 +899,6 @@
|
||||
}
|
||||
fprintf(stderr, "\n");
|
||||
}
|
||||
- /* Copy modes, times, ownership, and remove the input file */
|
||||
- if (!to_stdout) {
|
||||
- copy_stat(&istat);
|
||||
- }
|
||||
}
|
||||
|
||||
/* ========================================================================
|
||||
@@ -1324,6 +1323,8 @@
|
||||
error("corrupted input -- file name too large");
|
||||
}
|
||||
}
|
||||
+ char *base2 = base_name (base);
|
||||
+ strcpy(base, base2);
|
||||
/* If necessary, adapt the name to local OS conventions: */
|
||||
if (!list) {
|
||||
MAKE_LEGAL_NAME(base);
|
||||
@@ -1725,7 +1726,7 @@
|
||||
reset_times(ofname, ifstat);
|
||||
#endif
|
||||
/* Copy the protection modes */
|
||||
- if (chmod(ofname, ifstat->st_mode & 07777)) {
|
||||
+ if (fchmod(ofd, ifstat->st_mode & 07777)) {
|
||||
int e = errno;
|
||||
WARN((stderr, "%s: ", progname));
|
||||
if (!quiet) {
|
||||
@@ -1734,7 +1735,7 @@
|
||||
}
|
||||
}
|
||||
#ifndef NO_CHOWN
|
||||
- chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
|
||||
+ fchown(ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
|
||||
#endif
|
||||
remove_ofname = 0;
|
||||
/* It's now safe to remove the input file: */
|
||||
Reference in New Issue
Block a user