PKG_TARBALL = $(THISAPP).tar.gz
-# This patch modifies 'znew' so we don't use temporary files:
-PKG_PATCHES += $(THISAPP)-openbsd-owl-tmp.patch
-
-# Fix CVE 2006-4337
-# (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337) and
-# CVE 2006-4338 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338),
-# against malformed gzip files:
-PKG_PATCHES += $(THISAPP)-cve-2006-4337_len.patch
-PKG_PATCHES += $(THISAPP)-cve-2006-4338.patch
###############################################################################
# Installation Details
--- /dev/null
+http://cvs.fedoraproject.org/viewvc/devel/gzip/gzip-1.3.5-cve-2006-4337_len.patch?view=co
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
+
+--- gzip-1.3.5/unlzh.c.len 2006-11-22 09:35:10.000000000 +0100
++++ gzip-1.3.5/unlzh.c 2006-11-22 09:38:52.000000000 +0100
+@@ -199,7 +199,7 @@
+ }
+ *p = ch;
+ }
+- start[len] = nextcode;
++ start[len] = start[len] + weight[len];
+ }
+ }
+
--- /dev/null
+http://cvs.fedoraproject.org/viewvc/devel/gzip/gzip-1.3.5-cve-2006-4338.patch?view=co
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
+
+--- gzip-1.3.3/unlzh.c.4338 2006-09-07 10:49:31.000000000 +0200
++++ gzip-1.3.3/unlzh.c 2006-09-07 11:37:53.000000000 +0200
+@@ -260,7 +260,7 @@
+ if (bitbuf & mask) c = right[c];
+ else c = left [c];
+ mask >>= 1;
+- } while (c >= NT);
++ } while (c >= NT && (mask || c != left[c]));
+ }
+ fillbuf((int) pt_len[c]);
+ if (c <= 2) {
+@@ -296,7 +296,7 @@
+ if (bitbuf & mask) j = right[j];
+ else j = left [j];
+ mask >>= 1;
+- } while (j >= NC);
++ } while (j >= NC && (mask || j != left[j]));
+ }
+ fillbuf((int) c_len[j]);
+ return j;
+@@ -313,7 +313,7 @@
+ if (bitbuf & mask) j = right[j];
+ else j = left [j];
+ mask >>= 1;
+- } while (j >= NP);
++ } while (j >= NP && (mask || j != left[j]));
+ }
+ fillbuf((int) pt_len[j]);
+ if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1));
--- /dev/null
+http://cvs.fedoraproject.org/viewvc/devel/gzip/gzip-1.3.12-openbsd-owl-tmp.patch?view=co
+
+--- gzip-1.3.12/znew.in.owl-tmp 2007-06-04 09:15:11.000000000 +0200
++++ gzip-1.3.12/znew.in 2007-06-04 09:23:18.000000000 +0200
+@@ -55,28 +55,27 @@
+ # block is the disk block size (best guess, need not be exact)
+
+ warn="(does not preserve modes and timestamp)"
+-tmp=${TMPDIR-/tmp}/zfoo.$$
+-set -C
+-echo hi > $tmp || exit
+-if test -z "`(${CPMOD-cpmod} $tmp $tmp) 2>&1`"; then
+- cpmod=${CPMOD-cpmod}
++cpmod=
++cpmodarg=
++if type ${CPMOD:-cpmod} 2>/dev/null; then
++ cpmod=${CPMOD:-cpmod}
+ warn=""
+ fi
+
+-if test -z "$cpmod" && ${TOUCH-touch} -r $tmp $tmp 2>/dev/null; then
+- cpmod="${TOUCH-touch}"
++if test -z "$cpmod"; then
++ cpmod=touch
+ cpmodarg="-r"
+ warn="(does not preserve file modes)"
+ fi
+
+-# check if GZIP env. variable uses -S or --suffix
+-gzip -q $tmp
+-ext=`echo $tmp* | sed "s|$tmp||"`
+-rm -f $tmp*
+-if test -z "$ext"; then
+- echo znew: error determining gzip extension
+- exit 1
+-fi
++case "$GZIP" in
++ *-S*) ext=`echo "$GZIP" | sed 's/^.*-S[[:space:]]*\([^[:space:]]*\).*$/\1/'`
++ ;;
++ *-suffix*) ext=`echo "$GZIP" | sed 's/^.*--suffix=\([^[:space:]]*\).*$/\1/'`
++ ;;
++ *) ext='.gz'
++ ;;
++esac
+ if test "$ext" = ".Z"; then
+ echo znew: cannot use .Z as gzip extension.
+ exit 1
projects / ipfire-3.x.git / commitdiff
