From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 7 Feb 2010 14:54:14 +0000 (+0100)
Subject: gzip: Copy patch files into repository.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c192dc6f86bfbd1327b893a8bc686f0c56a57555;p=ipfire-3.x.git

gzip: Copy patch files into repository.
---

diff --git a/pkgs/core/gzip/gzip.nm b/pkgs/core/gzip/gzip.nm
index 097e136e9..c1bd08dc7 100644
--- a/pkgs/core/gzip/gzip.nm
+++ b/pkgs/core/gzip/gzip.nm
@@ -41,15 +41,6 @@ endef
 
 PKG_TARBALL    = $(THISAPP).tar.gz
 
-# This patch modifies 'znew' so we don't use temporary files:
-PKG_PATCHES   += $(THISAPP)-openbsd-owl-tmp.patch
-
-# Fix CVE 2006-4337
-# (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337) and
-# CVE 2006-4338 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338),
-# against malformed gzip files:
-PKG_PATCHES   += $(THISAPP)-cve-2006-4337_len.patch
-PKG_PATCHES   += $(THISAPP)-cve-2006-4338.patch
 
 ###############################################################################
 # Installation Details
diff --git a/pkgs/core/gzip/patches/gzip-1.3.13-cve-2006-4337_len.patch b/pkgs/core/gzip/patches/gzip-1.3.13-cve-2006-4337_len.patch
new file mode 100644
index 000000000..db9f98199
--- /dev/null
+++ b/pkgs/core/gzip/patches/gzip-1.3.13-cve-2006-4337_len.patch
@@ -0,0 +1,15 @@
+http://cvs.fedoraproject.org/viewvc/devel/gzip/gzip-1.3.5-cve-2006-4337_len.patch?view=co
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
+
+--- gzip-1.3.5/unlzh.c.len	2006-11-22 09:35:10.000000000 +0100
++++ gzip-1.3.5/unlzh.c	2006-11-22 09:38:52.000000000 +0100
+@@ -199,7 +199,7 @@
+ 	    }
+ 	    *p = ch;
+ 	}
+-	start[len] = nextcode;
++	start[len] = start[len] + weight[len];
+     }
+ }
+ 
diff --git a/pkgs/core/gzip/patches/gzip-1.3.13-cve-2006-4338.patch b/pkgs/core/gzip/patches/gzip-1.3.13-cve-2006-4338.patch
new file mode 100644
index 000000000..2442ab110
--- /dev/null
+++ b/pkgs/core/gzip/patches/gzip-1.3.13-cve-2006-4338.patch
@@ -0,0 +1,33 @@
+http://cvs.fedoraproject.org/viewvc/devel/gzip/gzip-1.3.5-cve-2006-4338.patch?view=co
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
+
+--- gzip-1.3.3/unlzh.c.4338	2006-09-07 10:49:31.000000000 +0200
++++ gzip-1.3.3/unlzh.c	2006-09-07 11:37:53.000000000 +0200
+@@ -260,7 +260,7 @@
+ 		    if (bitbuf & mask) c = right[c];
+ 		    else               c = left [c];
+ 		    mask >>= 1;
+-		} while (c >= NT);
++		} while (c >= NT && (mask || c != left[c]));
+ 	    }
+ 	    fillbuf((int) pt_len[c]);
+ 	    if (c <= 2) {
+@@ -296,7 +296,7 @@
+ 	    if (bitbuf & mask) j = right[j];
+ 	    else               j = left [j];
+ 	    mask >>= 1;
+-	} while (j >= NC);
++	} while (j >= NC && (mask || j != left[j])); 
+     }
+     fillbuf((int) c_len[j]);
+     return j;
+@@ -313,7 +313,7 @@
+ 	    if (bitbuf & mask) j = right[j];
+ 	    else               j = left [j];
+ 	    mask >>= 1;
+-	} while (j >= NP);
++	} while (j >= NP && (mask || j != left[j]));
+     }
+     fillbuf((int) pt_len[j]);
+     if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1));
diff --git a/pkgs/core/gzip/patches/gzip-1.3.13-openbsd-owl-tmp.patch b/pkgs/core/gzip/patches/gzip-1.3.13-openbsd-owl-tmp.patch
new file mode 100644
index 000000000..8028df3d4
--- /dev/null
+++ b/pkgs/core/gzip/patches/gzip-1.3.13-openbsd-owl-tmp.patch
@@ -0,0 +1,47 @@
+http://cvs.fedoraproject.org/viewvc/devel/gzip/gzip-1.3.12-openbsd-owl-tmp.patch?view=co
+
+--- gzip-1.3.12/znew.in.owl-tmp	2007-06-04 09:15:11.000000000 +0200
++++ gzip-1.3.12/znew.in	2007-06-04 09:23:18.000000000 +0200
+@@ -55,28 +55,27 @@
+ # block is the disk block size (best guess, need not be exact)
+ 
+ warn="(does not preserve modes and timestamp)"
+-tmp=${TMPDIR-/tmp}/zfoo.$$
+-set -C
+-echo hi > $tmp || exit
+-if test -z "`(${CPMOD-cpmod} $tmp $tmp) 2>&1`"; then
+-  cpmod=${CPMOD-cpmod}
++cpmod= 
++cpmodarg= 
++if type ${CPMOD:-cpmod} 2>/dev/null; then 
++  cpmod=${CPMOD:-cpmod} 
+   warn=""
+ fi
+ 
+-if test -z "$cpmod" && ${TOUCH-touch} -r $tmp $tmp 2>/dev/null; then
+-  cpmod="${TOUCH-touch}"
++if test -z "$cpmod"; then 
++  cpmod=touch 
+   cpmodarg="-r"
+   warn="(does not preserve file modes)"
+ fi
+ 
+-# check if GZIP env. variable uses -S or --suffix
+-gzip -q $tmp
+-ext=`echo $tmp* | sed "s|$tmp||"`
+-rm -f $tmp*
+-if test -z "$ext"; then
+-  echo znew: error determining gzip extension
+-  exit 1
+-fi
++case "$GZIP" in                                                                  
++  *-S*) ext=`echo "$GZIP" | sed 's/^.*-S[[:space:]]*\([^[:space:]]*\).*$/\1/'`   
++       ;;                                                                        
++  *-suffix*) ext=`echo "$GZIP" | sed 's/^.*--suffix=\([^[:space:]]*\).*$/\1/'`   
++       ;;                                                                        
++  *) ext='.gz'                                                                   
++       ;;                                                                        
++esac  
+ if test "$ext" = ".Z"; then
+   echo znew: cannot use .Z as gzip extension.
+   exit 1