diff -r 2168e180aa83 -r 349e022de8ed components/gzip/patches/znew.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/gzip/patches/znew.patch Thu Oct 24 13:41:59 2013 +0200 @@ -0,0 +1,152 @@ +From b3b5611e046b93fb20aa783d6d11d986f33f91f6 Mon Sep 17 00:00:00 2001 +From: Paul Eggert cs.ucla.edu> +Date: Thu, 3 Oct 2013 21:12:09 -0700 +Subject: [PATCH] znew: avoid denial-of-service issue + +Reported by Rich Burridge in . +* znew.in: Rewrite to avoid the need for a temporary file in /tmp. +That way, we avoid the need for set -C +and worrying about denial of service. +Use touch -r and chmod --reference rather than cpmod. +Assume cp -p works, as it's now universal. +Quote 'echo' args better, while we're at it. +(warn, tmp, cpmod, cpmodarg): Remove. +(GZIP): Unset, so that we needn't test for gzip extension. +(ext): Now always '.gz'. +* znew.1: Document the change of implementation assumptions. +--- +diff --git a/znew.1 b/znew.1 +index dcdf84f..2a7e5e1 100644 +--- a/znew.1 ++++ b/znew.1 +@@ -32,9 +32,16 @@ Keep a .Z file when it is smaller than the .gz file; implies + .SH "SEE ALSO" + gzip(1), zmore(1), zdiff(1), zgrep(1), zforce(1), gzexe(1), compress(1) + .SH BUGS +-.I Znew +-does not maintain the time stamp with the -P option if +-.I cpmod(1) +-is not available and +-.I touch(1) +-does not support the -r option. ++If the ++.B \-P ++option is used, ++.I znew ++does not maintain the time stamp if ++.IR touch (1) ++does not support the ++.B \-r ++option, and does not maintain permissions if ++.IR chmod (1) ++does not support the ++.B \-\-reference ++option. +diff --git a/znew.in b/znew.in +index 9bd3ce9..d16311a 100644 +--- a/znew.in ++++ b/znew.in +@@ -58,33 +58,9 @@ new=0 + block=1024 + # block is the disk block size (best guess, need not be exact) + +-warn="(does not preserve modes and timestamp)" +-tmp=${TMPDIR-/tmp}/zfoo.$$ +-set -C +-echo hi > $tmp || exit +-if test -z "`(${CPMOD-cpmod} $tmp $tmp) 2>&1`"; then +- cpmod=${CPMOD-cpmod} +- warn="" +-fi +- +-if test -z "$cpmod" && ${TOUCH-touch} -r $tmp $tmp 2>/dev/null; then +- cpmod="${TOUCH-touch}" +- cpmodarg="-r" +- warn="(does not preserve file modes)" +-fi +- +-# check if GZIP env. variable uses -S or --suffix +-gzip -q $tmp +-ext=`echo $tmp* | sed "s|$tmp||"` +-rm -f $tmp* +-if test -z "$ext"; then +- echo znew: error determining gzip extension +- exit 1 +-fi +-if test "$ext" = ".Z"; then +- echo znew: cannot use .Z as gzip extension. +- exit 1 +-fi ++# Beware -s or --suffix in $GZIP. ++unset GZIP ++ext=.gz + + for arg + do +@@ -116,26 +92,27 @@ if test -n "$opt"; then + fi + + for i do +- n=`echo $i | sed 's/.Z$//'` ++ n=`echo "$i" | sed 's/.Z$//'` + if test ! -f "$n.Z" ; then +- echo $n.Z not found ++ echo "$n.Z not found" + res=1; continue + fi + test $keep -eq 1 && old=`wc -c < "$n.Z"` + if test $pipe -eq 1; then + if gzip -d < "$n.Z" | gzip $opt > "$n$ext"; then + # Copy file attributes from old file to new one, if possible. +- test -n "$cpmod" && $cpmod $cpmodarg "$n.Z" "$n$ext" 2> /dev/null ++ touch -r"$n.Z" -- "$n$ext" 2>/dev/null ++ chmod --reference="$n.Z" -- "$n$ext" 2>/dev/null + else +- echo error while recompressing $n.Z ++ echo "error while recompressing $n.Z" + res=1; continue + fi + else + if test $check -eq 1; then +- if cp -p "$n.Z" "$n.$$" 2> /dev/null || cp "$n.Z" "$n.$$"; then ++ if cp -p "$n.Z" "$n.$$"; then + : + else +- echo cannot backup "$n.Z" ++ echo "cannot backup $n.Z" + res=1; continue + fi + fi +@@ -143,7 +120,7 @@ for i do + : + else + test $check -eq 1 && mv "$n.$$" "$n.Z" +- echo error while uncompressing $n.Z ++ echo "error while uncompressing $n.Z" + res=1; continue + fi + if gzip $opt "$n"; then +@@ -151,10 +128,10 @@ for i do + else + if test $check -eq 1; then + mv "$n.$$" "$n.Z" && rm -f "$n" +- echo error while recompressing $n ++ echo "error while recompressing $n" + else + # compress $n (might be dangerous if disk full) +- echo error while recompressing $n, left uncompressed ++ echo "error while recompressing $n, left uncompressed" + fi + res=1; continue + fi +@@ -175,7 +152,7 @@ for i do + else + test $pipe -eq 0 && mv "$n.$$" "$n.Z" + rm -f "$n$ext" +- echo error while testing $n$ext, $n.Z unchanged ++ echo "error while testing $n$ext, $n.Z unchanged" + res=1; continue + fi + elif test $pipe -eq 1; then +-- +1.8.3.1