rpms/gzip/F-11 gzip-1.3.13-noemptysuffix.patch, NONE, 1.1 gzip.spec, 1.48, 1.49

Tue Feb 23 10:09:01 UTC 2010

Author: kklic

Update of /cvs/extras/rpms/gzip/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14355

Modified Files:
	gzip.spec 
Added Files:
	gzip-1.3.13-noemptysuffix.patch 
Log Message:
disallow -S '' parameter in gunzip

gzip-1.3.13-noemptysuffix.patch:
 gzip.1 |   11 +++++------
 gzip.c |    6 +++---
 2 files changed, 8 insertions(+), 9 deletions(-)

--- NEW FILE gzip-1.3.13-noemptysuffix.patch ---
diff -up gzip-1.3.13/gzip.1.noemptysuffix gzip-1.3.13/gzip.1
--- gzip-1.3.13/gzip.1.noemptysuffix	2009-09-26 20:43:28.000000000 +0200
+++ gzip-1.3.13/gzip.1	2010-02-22 14:29:54.828770607 +0100
@@ -291,15 +291,14 @@ will descend into the directory and comp
 ).
 .TP
 .B \-S .suf   --suffix .suf
-Use suffix .suf instead of .gz. Any suffix can be given, but suffixes
+When compressing, use suffix .suf instead of .gz.
+Any non-empty suffix can be given, but suffixes
 other than .z and .gz should be avoided to avoid confusion when files
-are transferred to other systems.  A null suffix forces gunzip to  try
-decompression on all given files regardless of suffix, as in:
+are transferred to other systems.
 
-    gunzip -S "" *       (*.* for MSDOS)
+When decompressing, add .suf to the beginning of the list of
+suffixes to try, when deriving an output file name from an input file name.
 
-Previous versions of gzip used
-the .z suffix. This was changed to avoid a conflict with
 .IR pack "(1)".
 .TP
 .B \-t --test
diff -up gzip-1.3.13/gzip.c.noemptysuffix gzip-1.3.13/gzip.c
--- gzip-1.3.13/gzip.c.noemptysuffix	2010-02-22 14:29:54.000000000 +0100
+++ gzip-1.3.13/gzip.c	2010-02-22 14:34:33.480895239 +0100
@@ -547,11 +547,11 @@ int main (argc, argv)
 		program_name);
     }
 #endif
-    if ((z_len == 0 && !decompress) || z_len > MAX_SUFFIX) {
-        fprintf(stderr, "%s: incorrect suffix '%s'\n",
-                program_name, z_suffix);
+    if (z_len == 0 || z_len > MAX_SUFFIX) {
+        fprintf(stderr, "%s: invalid suffix '%s'\n", program_name, z_suffix);
         do_exit(ERROR);
     }
+
     if (do_lzw && !decompress) work = lzw;
 
     /* Allocate all global buffers (for DYN_ALLOC option) */


Index: gzip.spec
===================================================================
RCS file: /cvs/extras/rpms/gzip/F-11/gzip.spec,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -p -r1.48 -r1.49
--- gzip.spec	21 Jan 2010 19:17:00 -0000	1.48
+++ gzip.spec	23 Feb 2010 10:09:01 -0000	1.49
@@ -1,7 +1,7 @@
 Summary: The GNU data compression program
 Name: gzip
 Version: 1.3.12
-Release: 10%{?dist}
+Release: 11%{?dist}
 # info pages are under GFDL license
 License: GPLv2 and GFDL
 Group: Applications/File
@@ -19,6 +19,8 @@ Patch17: gzip-1.3.12-futimens.patch
 Patch18: gzip-1.3.12-zdiff.patch
 Patch19: gzip-1.3.12-cve-2009-2624.patch
 Patch20: gzip-1.3.12-cve-2010-0001.patch
+# Fixed in upstream
+Patch21: gzip-1.3.13-noemptysuffix.patch
 URL: http://www.gzip.org/
 Requires: /sbin/install-info
 Requires: mktemp less
@@ -47,6 +49,7 @@ very commonly used data compression prog
 %patch18 -p1 -b .ret
 %patch19 -p1 -b .cve-2009-2624
 %patch20 -p1 -b .cve-2010-0001
+%patch21 -p1 -b .noemptysuffix
 
 %build
 export DEFS="NO_ASM"
@@ -94,6 +97,9 @@ fi
 %{_infodir}/gzip.info*
 
 %changelog
+* Mon Feb 22 2010 Karel Klic <kklic at redhat.com> - 1.3.12-11
+- Added a patch to disallow -S '' parameter (noemptysuffix)
+
 * Tue Jan 19 2010 Karel Klic <kklic at redhat.com> - 1.3.12-10
 - fixes for CVE-2009-2624 and CVE-2010-0001
   Resolves: rhbz#557471

