From: Martin Schulze Date: Thu, 4 Nov 2004 11:55:03 +0000 (+0100) Subject: Imported Debian patch 1.3.2-3woody3 X-Git-Url: https://git.cworth.org/git?p=gzip;a=commitdiff_plain;h=8f94ab178da95f87bd131b8faaec313a5d9d672f Imported Debian patch 1.3.2-3woody3 --- diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..5c60f49 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,267 @@ +gzip (1.3.2-3woody3) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Revert patches for zdiff and znew since the use of 'set -C' should + indeed be sufficient. + + -- Martin Schulze Thu, 4 Nov 2004 12:55:03 +0100 + +gzip (1.3.2-3woody2) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Applied Trustix patch to correct insecure temporary file use in zdiff + and znew [zdiff.in, znew.in, CAN-2004-0970, Bugtraq Id 11288] + + -- Martin Schulze Sun, 31 Oct 2004 20:02:13 +0100 + +gzip (1.3.2-3woody1) stable-security; urgency=high + + * Non-maintainer upload by the Security Team + * Fix multiple instances of insecure temporary files + - gzexe.in (CVE-1999-1332), which became un-fixed sometime since potato + - znew (CAN-2003-0367) + + -- Matt Zimmerman Sat, 31 May 2003 17:41:06 -0400 + +gzip (1.3.2-3) unstable; urgency=low + + * modify gzexe.in to hard-code /bin/gzip instead of trying to use BINDIR + which yields /usr/bin/gzip. Don't use PATH since we have no idea what it + might be when the gzexe'd executable gets run. Closes: #119641 + + -- Bdale Garbee Wed, 14 Nov 2001 23:00:59 -0700 + +gzip (1.3.2-2) unstable; urgency=low + + * fix silly mistake made when moving man pages from hard to soft links, so + man pages for zegrep, zfgrep, and uncompress work again, closes: #118325 + + -- Bdale Garbee Mon, 5 Nov 2001 00:53:40 -0700 + +gzip (1.3.2-1) unstable; urgency=low + + * new upstream release, incorporating my diffs to 1.3.1 + + -- Bdale Garbee Sun, 4 Nov 2001 09:47:40 -0700 + +gzip (1.3.1-2) unstable; urgency=low + + * add build dependencies on autoconf and automake + * fix infodir spec so we install in the build tree, not the system directory + + -- Bdale Garbee Sat, 3 Nov 2001 02:18:06 -0700 + +gzip (1.3.1-1) unstable; urgency=low + + * new upstream version! From alpha.gnu.org, on the explicit advice of the + current upstream maintainers, who are working with Debian to prepare a new + stable release that addresses many of the open issues in our BTS. + . + large file support handled in configure, closes: #108612, #83061, #113000 + it appears the subtle problem with concatenation is fixed, closes: #114591 + various segfault problems appear fixed, closes: #46312 + gzip -r issues fixed, closes: #53645, #106186 + problem with --no-filename option fixed, closes: #59067 + zgrep -r disallowed - "I did not use the patch as it was not a complete + . fix for the problem and I thought it would cause more problems than + . it would cure. Instead, I simply disallowed zgrep -r", closes: #81288 + error message reworded, closes: #76238 + compression factor output fixed, closes: #80362 + zgrep -H fixed, closes: #84371 + permission issue when forced to compress linked file fixed, closes: #88918 + manpage hardlinks fixed, closes: #94733 + gzip --help now goes to stdout, closes: #97020 + zless no longer runs less if file doesn't exist, closes: #109097 + problem with -best fixed, closes: #17650 + zgrep now understands --, closes: #28475 + file size output by gzip fixed for large files, closes: #40721 + * fix location referenced for GPL on Debian systems, closes: #112095 + * move install-info remove call from from postrm to prerm + + -- Bdale Garbee Sat, 3 Nov 2001 01:01:02 -0700 + +gzip (1.2.4-33) unstable; urgency=low + + * update to current policy + + -- Bdale Garbee Thu, 2 Dec 1999 01:10:58 -0700 + +gzip (1.2.4-32) unstable; urgency=low + + * update prototype for and definition of basename function for compatibility + with glibc2.0, still in use on m68k. Closes: #45058 + + -- Bdale Garbee Wed, 15 Sep 1999 02:01:47 -0600 + +gzip (1.2.4-31) unstable; urgency=medium + + * fix problems I induced while merging the upstream patch in the last upload, + most notably omitting zless from the package. + Closes: #44883, #44885, #44890, #44882, #44887, #44895, #44896 + + -- Bdale Garbee Sun, 12 Sep 1999 12:06:00 -0600 + +gzip (1.2.4-30) unstable; urgency=low + + * upstream patch, closes: #28872 + 1998-11-18 Paul Eggert + gzip.c (get_method): Don't complain about trailing zeros at + the end of a gzipped file, as they're commonly appended to fill + out a block (e.g. by GNU tar). + * update to FHS compliance + + -- Bdale Garbee Fri, 10 Sep 1999 21:34:07 -0600 + +gzip (1.2.4-29) unstable; urgency=low + + * apply patch from Vincent Renardias that improves behavior when trying to + decompress a corrupted .gz file. Closes 7472, 16385 + + -- Bdale Garbee Wed, 27 Jan 1999 20:50:12 -0700 + +gzip (1.2.4-28) frozen unstable; urgency=medium + + * patch zforce to make it work at all, closes 22760 + * patch to fix decompression of concatenated gzip files, closes 30537 + + -- Bdale Garbee Fri, 22 Jan 1999 10:43:09 -0700 + +gzip (1.2.4-27) frozen unstable; urgency=low + + * patch from Jean-loup (upstream maintainer) for zgrep.in to fix the + problems with -A and -B successfully passing to grep. Closes 21209. + + -- Bdale Garbee Sat, 25 Apr 1998 22:47:15 -0600 + +gzip (1.2.4-26) frozen unstable; urgency=low + + * fix FSF address in copyright file, lintian now reports no errors + * minor tweak to Makefile to fix warnings during dh_installmanpages run + + -- Bdale Garbee Tue, 24 Mar 1998 00:40:48 -0700 + +gzip (1.2.4-25) frozen unstable; urgency=low + + * update znew.in and zdiff.in to do save tempfile handling, closes 19794 + + -- Bdale Garbee Sat, 21 Mar 1998 23:48:26 -0700 + +gzip (1.2.4-24) unstable; urgency=low + + * minor fix for complaints about short files, closes 19159 + + -- Bdale Garbee Wed, 11 Mar 1998 02:21:50 -0700 + +gzip (1.2.4-23) unstable; urgency=high + + * respond to security advisory from Alan Cox via Christian Hudon, fixes + an obscure possibility to get gzip to execute code + + -- Bdale Garbee Wed, 11 Mar 1998 02:16:59 -0700 + +gzip (1.2.4-22) unstable; urgency=high + + * gzexe modified to use tempfile in response to security advisory + + -- Bdale Garbee Sat, 31 Jan 1998 14:30:20 -0700 + +gzip (1.2.4-21) unstable; urgency=low + + * fix from the upstream maintainer for voluminous "Broken Pipe" messages + when using 'zgrep -l' or equivalent. Closes bug 15178. + + -- Bdale Garbee Sun, 4 Jan 1998 00:56:21 -0700 + +gzip (1.2.4-20) unstable; urgency=low + + * freshen rules file to match current debhelper + * improve handling of undocumented executables. Closes bug 13578. + + -- Bdale Garbee Sun, 4 Jan 1998 00:56:21 -0700 + +gzip (1.2.4-19) unstable; urgency=low + + * change dependency to Pre-Depends, to keep dpkg from getting hosed during + libc6 upgrades. Closes 15091. + * switch from debmake to debhelper. In the process, closes 15412. + + -- Bdale Garbee Mon, 8 Dec 1997 23:42:49 -0700 + +gzip (1.2.4-18) unstable; urgency=low + + * don't install INSTALL in the doc directory, closes bug 13224. + + -- Bdale Garbee Fri, 5 Sep 1997 15:06:35 -0600 + +gzip (1.2.4-17) unstable; urgency=low + + * fix distribution problem in changelog file + + -- Bdale Garbee Fri, 5 Sep 1997 15:06:35 -0600 + +gzip (1.2.4-16) stable frozen unstable; urgency=low + + * libc6 + * tweaks to rules file to install Changelog, closes bug 12488 + + -- Bdale Garbee Thu, 4 Sep 1997 22:46:28 -0600 + +gzip (1.2.4-15) stable frozen unstable; urgency=low + + * fix minor security issue - race condition reported on bugtraq list + * rework debian/rules to build with debugging then strip + + -- Bdale Garbee Fri, 14 Mar 1997 21:14:44 -0700 + +gzip (1.2.4-14) stable frozen unstable; urgency=medium + + * The -13 upload was built against a libc5 too new for 'stable'. + + -- Bdale Garbee Thu, 28 Nov 1996 11:37:31 -0700 + +gzip (1.2.4-13) stable frozen unstable; urgency=medium + + * Fix missing "essential" flag on package, lost during standards update. + * Push this version back into stable to solve the 'compress' link problem. + + -- Bdale Garbee Tue, 19 Nov 1996 09:14:14 -0700 + +gzip (1.2.4-12) unstable; urgency=low + + * New packag format. + + -- Bdale Garbee Sat, 02 Nov 1996 14:47:42 -0800 + + +Thu Jul 18 01:30:22 MDT 1996 Bdale Garbee + + * add zegrep and zfgrep links in /usr/bin (Bug#3326) + * add an extended description (Bug#3591) + * tweak control files to use dpkg-name, etc. + +Fri May 24 07:37:54 MDT 1996 Bdale Garbee + + * don't provide a 'compress' link since it breaks things, but provide + an 'uncompress' link since it's useful. + * fix some administrivia + +Sun Apr 14 20:39:19 MDT 1996 Bdale Garbee + + * change gzexe.in to not use BINDIR, but assume gzip is in PATH + * add Architecture field in the control file + +Wed Jan 17 00:07:00 MST 1996 Bdale Garbee + + * switch targets in the Makefile to also install the links called + 'compress' and 'uncompress' since some utilities care about these, + and we're unlikely to ever have a 'compress' package because of the + intellectual property issues. + +Sat Dec 2 23:45:40 MST 1995 Bdale Garbee + + * building for ELF + * add 'zless' as a near-clone of 'zmore', closes bug 1776 + * unable to duplicate bug 1090, something has improved since then? + * add libc5 dependency + * new maintainer + diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..efa237c --- /dev/null +++ b/debian/control @@ -0,0 +1,19 @@ +Source: gzip +Section: base +Priority: required +Maintainer: Bdale Garbee +Build-Depends: debhelper, automake, autoconf (>= 2.52) +Standards-Version: 3.5.6.0 + +Package: gzip +Architecture: any +Pre-Depends: ${shlibs:Depends} +Depends: debianutils (>= 1.6) +Essential: yes +Description: The GNU compression utility. + This is the standard GNU file compression utility, which is also the default + compression tool for Debian. It typically operates on files with names + ending in '.gz'. + . + This package can also decompress '.Z' files created with 'compress'. + diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..a577062 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,28 @@ +This package is maintained for Debian by Bdale Garbee , and +was built from the sources found at: + + ftp://alpha.gnu.org/gnu/gzip/gzip-1.3.1.tar.gz + +Copyright (C) 1999, 2001 Free Software Foundation, Inc. +Copyright (C) 1992, 1993 Jean-loup Gailly + + This file is part of gzip (GNU zip). + + gzip is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + gzip is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with tar; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + diff --git a/debian/dirs b/debian/dirs new file mode 100644 index 0000000..e1cfbed --- /dev/null +++ b/debian/dirs @@ -0,0 +1,3 @@ +bin +usr/share/info +usr/share/man/man1 diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..b3f0b7f --- /dev/null +++ b/debian/postinst @@ -0,0 +1,8 @@ +#! /bin/sh + +set -e + +install-info --quiet --section "General Commands" "General Commands" \ + /usr/share/info/gzip.info.gz + +#DEBHELPER# diff --git a/debian/preinst b/debian/preinst new file mode 100644 index 0000000..6230ffa --- /dev/null +++ b/debian/preinst @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +dpkg --assert-support-predepends + +#DEBHELPER# diff --git a/debian/prerm b/debian/prerm new file mode 100644 index 0000000..b2dac83 --- /dev/null +++ b/debian/prerm @@ -0,0 +1,7 @@ +#!/bin/sh -e + +if [ "$1" = remove ]; then + install-info --quiet --remove gzip +fi + +#DEBHELPER# diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..78452df --- /dev/null +++ b/debian/rules @@ -0,0 +1,71 @@ +#!/usr/bin/make -f +# Debian rules file for gzip, requires the debhelper package. +# Crafted by Bdale Garbee, bdale@gag.com, 5 November 2000 + +# Comment this to turn off debhelper verbose mode. +export DH_VERBOSE=1 + +# This is the debhelper compatibility version to use. +export DH_COMPAT=3 + +CFLAGS="-g -O2 -Wall" + +configure: configure-stamp +configure-stamp: + dh_testdir + CFLAGS=$(CFLAGS) ./configure \ + --prefix=/usr \ + --infodir=`pwd`/debian/gzip/usr/share/info \ + --mandir=`pwd`/debian/gzip/usr/share/man + touch configure-stamp + +build: configure-stamp build-stamp +build-stamp: + dh_testdir + $(MAKE) + touch build-stamp + +clean: + dh_testdir + dh_testroot + -rm -f build-stamp configure-stamp + make distclean || exit 0 + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + make install prefix=debian/gzip/usr bindir=debian/gzip/bin \ + scriptdir=debian/gzip/usr/bin + ln debian/gzip/bin/gzip debian/gzip/bin/uncompress + +binary-indep: build install + +binary-arch: build install + dh_testdir + dh_testroot + dh_installdocs README* TODO + dh_installmanpages + dh_installinfo gzip.info + dh_installchangelogs + dh_link + dh_strip + dh_compress + ln -s gunzip.1.gz debian/gzip/usr/share/man/man1/uncompress.1.gz + ln -s zgrep.1.gz debian/gzip/usr/share/man/man1/zegrep.1.gz + ln -s zgrep.1.gz debian/gzip/usr/share/man/man1/zfgrep.1.gz + dh_fixperms + # You may want to make some executables suid here. + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure + diff --git a/gzexe.in b/gzexe.in index b7a0cf4..b67e92e 100755 --- a/gzexe.in +++ b/gzexe.in @@ -13,7 +13,7 @@ # The : is required for some old versions of csh. # On Ultrix, /bin/sh is too buggy, change the first line to: #!/bin/sh5 -x=`basename $0` +x=`basename "$0"` if test $# = 0; then echo compress executables. original file foo is renamed to foo~ echo usage: ${x} [-d] files... @@ -21,9 +21,6 @@ if test $# = 0; then exit 1 fi -tmp=gz$$ -trap "rm -f $tmp; exit 1" 1 2 3 5 10 13 15 - decomp=0 res=0 test "$x" = "ungzexe" && decomp=1 @@ -32,12 +29,10 @@ if test "x$1" = "x-d"; then shift fi -echo hi > zfoo1$$ -echo hi > zfoo2$$ -if test -z "`(${CPMOD-cpmod} zfoo1$$ zfoo2$$) 2>&1`"; then - cpmod=${CPMOD-cpmod} +cpmod= +if type ${CPMOD:-cpmod} 2>/dev/null; then + cpmod=${CPMOD:-cpmod} fi -rm -f zfoo[12]$$ tail="" IFS="${IFS= }"; saveifs="$IFS"; IFS="${IFS}:" @@ -75,9 +70,14 @@ for i do continue fi case "`basename $i`" in - gzip | tail | chmod | ln | sleep | rm) + bash | chmod | gzip | ln | mktemp | rm | sed | sh | tail) echo "${x}: $i would depend on itself"; continue ;; esac + + tmp=`/bin/mktemp -t gzexe.XXXXXXXXXX` || exit 1 + trap "rm -f $tmp; exit 1" HUP INT QUIT PIPE TERM + trap "rm -f $tmp; exit 0" EXIT + if test -z "$cpmod"; then cp -p "$i" $tmp 2>/dev/null || cp "$i" $tmp if test -w $tmp 2>/dev/null; then @@ -90,22 +90,23 @@ for i do if test $decomp -eq 0; then sed 1q $0 > $tmp sed "s|^if tail|if $tail|" >> $tmp <<'EOF' -skip=22 +skip=23 set -C umask=`umask` umask 77 -if tail +$skip $0 | "BINDIR"/gzip -cd > /tmp/gztmp$$; then +tmpfile=$(tempfile -p gztmp -d /tmp) +if tail +$skip $0 | /bin/gzip -cd >> $tmpfile; then umask $umask - /bin/chmod 700 /tmp/gztmp$$ + /bin/chmod 700 $tmpfile prog="`echo $0 | /bin/sed 's|^.*/||'`" - if /bin/ln /tmp/gztmp$$ "/tmp/$prog" 2>/dev/null; then - trap '/bin/rm -f /tmp/gztmp$$ "/tmp/$prog"; exit $res' 0 - (/bin/sleep 5; /bin/rm -f /tmp/gztmp$$ "/tmp/$prog") 2>/dev/null & + if /bin/ln $tmpfile "/tmp/$prog" 2>/dev/null; then + trap '/bin/rm -f $tmpfile "/tmp/$prog"; exit $res' 0 + (/bin/sleep 5; /bin/rm -f $tmpfile "/tmp/$prog") 2>/dev/null & /tmp/"$prog" ${1+"$@"}; res=$? else - trap '/bin/rm -f /tmp/gztmp$$; exit $res' 0 - (/bin/sleep 5; /bin/rm -f /tmp/gztmp$$) 2>/dev/null & - /tmp/gztmp$$ ${1+"$@"}; res=$? + trap '/bin/rm -f $tmpfile; exit $res' 0 + (/bin/sleep 5; /bin/rm -f $tmpfile) 2>/dev/null & + $tmpfile ${1+"$@"}; res=$? fi else echo Cannot decompress $0; exit 1 @@ -128,6 +129,7 @@ EOF : else echo ${x}: $i probably not in gzexe format, file unchanged. + rm -f $tmp res=1 continue fi diff --git a/znew.in b/znew.in index ebf87ab..dd1c94a 100755 --- a/znew.in +++ b/znew.in @@ -16,8 +16,8 @@ block=1024 warn="(does not preserve modes and timestamp)" tmp=/tmp/zfoo.$$ set -C -echo hi > $tmp.1 -echo hi > $tmp.2 +echo hi > $tmp.1 || exit 1 +echo hi > $tmp.2 || exit 1 if test -z "`(${CPMOD-cpmod} $tmp.1 $tmp.2) 2>&1`"; then cpmod=${CPMOD-cpmod} warn=""