+gzip (1.3.2-3woody4) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team
+ * Applied patch by Steve Grub to fix premission setting race condition
+ [gzip.c, CAN-2005-0988]
+ * Applied patch by Ulf Härnhammar to fix directory traversal problem
+ [gzip.c, CAN-2005-1228, Bug#305255]
+
+ -- Martin Schulze <joey@infodrom.org> Thu, 2 Jun 2005 16:26:06 +0200
+
gzip (1.3.2-3woody3) stable-security; urgency=high
* Non-maintainer upload by the Security Team
}
close(ifd);
- if (!to_stdout && close(ofd)) {
- write_error();
+ if (!to_stdout) {
+ /* Copy modes, times, ownership, and remove the input file */
+ copy_stat(&istat);
+ if (close(ofd))
+ write_error();
}
if (method == -1) {
if (!to_stdout) xunlink (ofname);
}
fprintf(stderr, "\n");
}
- /* Copy modes, times, ownership, and remove the input file */
- if (!to_stdout) {
- copy_stat(&istat);
- }
}
/* ========================================================================
/* Copy the base name. Keep a directory prefix intact. */
char *p = base_name (ofname);
char *base = p;
+ char *base2;
for (;;) {
*p = (char)get_char();
if (*p++ == '\0') break;
error("corrupted input -- file name too large");
}
}
+ base2 = base_name (base);
+ strcpy(base, base2);
/* If necessary, adapt the name to local OS conventions: */
if (!list) {
MAKE_LEGAL_NAME(base);
reset_times(ofname, ifstat);
#endif
/* Copy the protection modes */
- if (chmod(ofname, ifstat->st_mode & 07777)) {
+ if (fchmod(ofd, ifstat->st_mode & 07777)) {
int e = errno;
WARN((stderr, "%s: ", progname));
if (!quiet) {
}
}
#ifndef NO_CHOWN
- chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
+ (void) fchown(ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
#endif
remove_ofname = 0;
/* It's now safe to remove the input file: */