rpms/gzip/F-11 gzip-1.3.13-noemptysuffix.patch, NONE, 1.1 gzip.spec, 1.48, 1.49
Karel Klíč
kklic at fedoraproject.org
Tue Feb 23 10:09:01 UTC 2010
Author: kklic
Update of /cvs/extras/rpms/gzip/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14355
Modified Files:
gzip.spec
Added Files:
gzip-1.3.13-noemptysuffix.patch
Log Message:
disallow -S '' parameter in gunzip
gzip-1.3.13-noemptysuffix.patch:
gzip.1 | 11 +++++------
gzip.c | 6 +++---
2 files changed, 8 insertions(+), 9 deletions(-)
--- NEW FILE gzip-1.3.13-noemptysuffix.patch ---
diff -up gzip-1.3.13/gzip.1.noemptysuffix gzip-1.3.13/gzip.1
--- gzip-1.3.13/gzip.1.noemptysuffix 2009-09-26 20:43:28.000000000 +0200
+++ gzip-1.3.13/gzip.1 2010-02-22 14:29:54.828770607 +0100
@@ -291,15 +291,14 @@ will descend into the directory and comp
).
.TP
.B \-S .suf --suffix .suf
-Use suffix .suf instead of .gz. Any suffix can be given, but suffixes
+When compressing, use suffix .suf instead of .gz.
+Any non-empty suffix can be given, but suffixes
other than .z and .gz should be avoided to avoid confusion when files
-are transferred to other systems. A null suffix forces gunzip to try
-decompression on all given files regardless of suffix, as in:
+are transferred to other systems.
- gunzip -S "" * (*.* for MSDOS)
+When decompressing, add .suf to the beginning of the list of
+suffixes to try, when deriving an output file name from an input file name.
-Previous versions of gzip used
-the .z suffix. This was changed to avoid a conflict with
.IR pack "(1)".
.TP
.B \-t --test
diff -up gzip-1.3.13/gzip.c.noemptysuffix gzip-1.3.13/gzip.c
--- gzip-1.3.13/gzip.c.noemptysuffix 2010-02-22 14:29:54.000000000 +0100
+++ gzip-1.3.13/gzip.c 2010-02-22 14:34:33.480895239 +0100
@@ -547,11 +547,11 @@ int main (argc, argv)
program_name);
}
#endif
- if ((z_len == 0 && !decompress) || z_len > MAX_SUFFIX) {
- fprintf(stderr, "%s: incorrect suffix '%s'\n",
- program_name, z_suffix);
+ if (z_len == 0 || z_len > MAX_SUFFIX) {
+ fprintf(stderr, "%s: invalid suffix '%s'\n", program_name, z_suffix);
do_exit(ERROR);
}
+
if (do_lzw && !decompress) work = lzw;
/* Allocate all global buffers (for DYN_ALLOC option) */
Index: gzip.spec
===================================================================
RCS file: /cvs/extras/rpms/gzip/F-11/gzip.spec,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -p -r1.48 -r1.49
--- gzip.spec 21 Jan 2010 19:17:00 -0000 1.48
+++ gzip.spec 23 Feb 2010 10:09:01 -0000 1.49
@@ -1,7 +1,7 @@
Summary: The GNU data compression program
Name: gzip
Version: 1.3.12
-Release: 10%{?dist}
+Release: 11%{?dist}
# info pages are under GFDL license
License: GPLv2 and GFDL
Group: Applications/File
@@ -19,6 +19,8 @@ Patch17: gzip-1.3.12-futimens.patch
Patch18: gzip-1.3.12-zdiff.patch
Patch19: gzip-1.3.12-cve-2009-2624.patch
Patch20: gzip-1.3.12-cve-2010-0001.patch
+# Fixed in upstream
+Patch21: gzip-1.3.13-noemptysuffix.patch
URL: http://www.gzip.org/
Requires: /sbin/install-info
Requires: mktemp less
@@ -47,6 +49,7 @@ very commonly used data compression prog
%patch18 -p1 -b .ret
%patch19 -p1 -b .cve-2009-2624
%patch20 -p1 -b .cve-2010-0001
+%patch21 -p1 -b .noemptysuffix
%build
export DEFS="NO_ASM"
@@ -94,6 +97,9 @@ fi
%{_infodir}/gzip.info*
%changelog
+* Mon Feb 22 2010 Karel Klic <kklic at redhat.com> - 1.3.12-11
+- Added a patch to disallow -S '' parameter (noemptysuffix)
+
* Tue Jan 19 2010 Karel Klic <kklic at redhat.com> - 1.3.12-10
- fixes for CVE-2009-2624 and CVE-2010-0001
Resolves: rhbz#557471
More information about the scm-commits
mailing list