+++ /dev/null
-Submitted By: Matthew Burgess (matthew at linuxfromscratch dot org)
-Origin: http://security.ubuntu.com/ubuntu/pool/main/g/gzip/gzip_1.3.5-9ubuntu3.1.diff.gz
-Date: 2005-05-12
-Initial package version: 1.3.5
-Description: Fix two security vulnerabilities in gzip: A path traversal
-bug when using the -N option (CAN-2005-1228) and a race condition in the
-file permission restore code (CAN-2005-0998).
-
-diff -Naur gzip-1.3.5.orig/gzip.c gzip-1.3.5/gzip.c
---- gzip-1.3.5.orig/gzip.c 2002-09-28 07:38:43.000000000 +0000
-+++ gzip-1.3.5/gzip.c 2005-05-12 19:15:14.796031360 +0000
-@@ -875,8 +875,11 @@
- }
-
- close(ifd);
-- if (!to_stdout && close(ofd)) {
-- write_error();
-+ if (!to_stdout) {
-+ /* Copy modes, times, ownership, and remove the input file */
-+ copy_stat(&istat);
-+ if (close(ofd))
-+ write_error();
- }
- if (method == -1) {
- if (!to_stdout) xunlink (ofname);
-@@ -896,10 +899,6 @@
- }
- fprintf(stderr, "\n");
- }
-- /* Copy modes, times, ownership, and remove the input file */
-- if (!to_stdout) {
-- copy_stat(&istat);
-- }
- }
-
- /* ========================================================================
-@@ -1324,6 +1323,8 @@
- error("corrupted input -- file name too large");
- }
- }
-+ char *base2 = base_name (base);
-+ strcpy(base, base2);
- /* If necessary, adapt the name to local OS conventions: */
- if (!list) {
- MAKE_LEGAL_NAME(base);
-@@ -1725,7 +1726,7 @@
- reset_times(ofname, ifstat);
- #endif
- /* Copy the protection modes */
-- if (chmod(ofname, ifstat->st_mode & 07777)) {
-+ if (fchmod(ofd, ifstat->st_mode & 07777)) {
- int e = errno;
- WARN((stderr, "%s: ", progname));
- if (!quiet) {
-@@ -1734,7 +1735,7 @@
- }
- }
- #ifndef NO_CHOWN
-- chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
-+ fchown(ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
- #endif
- remove_ofname = 0;
- /* It's now safe to remove the input file: */