--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gzip/6294656-6283819.patch Mon Feb 21 02:25:09 2011 -0800
@@ -0,0 +1,62 @@
+--- gzip-1.3.5.orig/gzip.c
++++ gzip-1.3.5/gzip.c
[email protected]@ -878,8 +878,11 @@
+ }
+
+ close(ifd);
+- if (!to_stdout && close(ofd)) {
+- write_error();
++ if (!to_stdout) {
++ /* Copy modes, times, ownership, and remove the input file */
++ copy_stat(&istat);
++ if (close(ofd))
++ write_error();
+ }
+ if (method == -1) {
+ if (!to_stdout) xunlink (ofname);
[email protected]@ -899,10 +902,6 @@
+ }
+ fprintf(stderr, "\n");
+ }
+- /* Copy modes, times, ownership, and remove the input file */
+- if (!to_stdout) {
+- copy_stat(&istat);
+- }
+ }
+
+ /* ========================================================================
[email protected]@ -1322,6 +1321,7 @@
+ /* Copy the base name. Keep a directory prefix intact. */
+ char *p = base_name (ofname);
+ char *base = p;
++ char *base2;
+ for (;;) {
+ *p = (char)get_char();
+ if (*p++ == '\0') break;
[email protected]@ -1329,6 +1329,8 @@
+ error("corrupted input -- file name too large");
+ }
+ }
++ base2 = base_name (base);
++ strcpy(base, base2);
+ /* If necessary, adapt the name to local OS conventions: */
+ if (!list) {
+ MAKE_LEGAL_NAME(base);
[email protected]@ -1730,7 +1732,7 @@
+ reset_times(ofname, ifstat);
+ #endif
+ /* Copy the protection modes */
+- if (chmod(ofname, ifstat->st_mode & 07777)) {
++ if (fchmod(ofd, ifstat->st_mode & 07777)) {
+ int e = errno;
+ WARN((stderr, "%s: ", progname));
+ if (!quiet) {
[email protected]@ -1739,7 +1741,7 @@
+ }
+ }
+ #ifndef NO_CHOWN
+- chown(ofname, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
++ (void) fchown(ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
+ #endif
+ remove_ofname = 0;
+ /* It's now safe to remove the input file: */--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gzip/6470484.patch Mon Feb 21 02:25:09 2011 -0800
@@ -0,0 +1,200 @@
+Index: gnu/usr.bin/gzip/gzip.h
+===================================================================
+RCS file: /home/ncvs/src/gnu/usr.bin/gzip/gzip.h,v
+retrieving revision 1.4
+diff -u -d -r1.4 gzip.h
+--- gzip/gzip.h 2 May 2004 23:07:49 -0000 1.4
++++ gzip/gzip.h 17 Sep 2006 10:58:37 -0000
[email protected]@ -202,6 +202,8 @@
+ extern int to_stdout; /* output to stdout (-c) */
+ extern int save_orig_name; /* set if original name must be saved */
+
++#define MIN(a,b) ((a) <= (b) ? (a) : (b))
++
+ #define get_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(0))
+ #define try_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(1))
+
+Index: gnu/usr.bin/gzip/inflate.c
+===================================================================
+RCS file: /home/ncvs/src/gnu/usr.bin/gzip/inflate.c,v
+retrieving revision 1.9
+diff -u -d -r1.9 inflate.c
+--- gzip/inflate.c 13 Aug 2004 05:38:44 -0000 1.9
++++ gzip/inflate.c 17 Sep 2006 10:58:37 -0000
[email protected]@ -316,7 +316,7 @@
+ {
+ *t = (struct huft *)NULL;
+ *m = 0;
+- return 0;
++ return 2;
+ }
+
+
+Index: gnu/usr.bin/gzip/unlzh.c
+===================================================================
+RCS file: /home/ncvs/src/gnu/usr.bin/gzip/unlzh.c,v
+retrieving revision 1.5
+diff -u -d -r1.5 unlzh.c
+--- gzip/unlzh.c 27 Aug 1999 23:35:53 -0000 1.5
++++ gzip/unlzh.c 17 Sep 2006 10:58:37 -0000
[email protected]@ -148,13 +148,17 @@
+ unsigned i, k, len, ch, jutbits, avail, nextcode, mask;
+
+ for (i = 1; i <= 16; i++) count[i] = 0;
+- for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++;
++ for (i = 0; i < (unsigned)nchar; i++) {
++ if (bitlen[i] > 16)
++ error("Bad table (case a)\n");
++ else count[bitlen[i]]++;
++ }
+
+ start[1] = 0;
+ for (i = 1; i <= 16; i++)
+ start[i + 1] = start[i] + (count[i] << (16 - i));
+- if ((start[17] & 0xffff) != 0)
+- error("Bad table\n");
++ if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
++ error("Bad table (case b)\n");
+
+ jutbits = 16 - tablebits;
+ for (i = 1; i <= (unsigned)tablebits; i++) {
[email protected]@ -168,15 +172,15 @@
+
+ i = start[tablebits + 1] >> jutbits;
+ if (i != 0) {
+- k = 1 << tablebits;
+- while (i != k) table[i++] = 0;
++ k = MIN(1 << tablebits, DIST_BUFSIZE);
++ while (i < k) table[i++] = 0;
+ }
+
+ avail = nchar;
+ mask = (unsigned) 1 << (15 - tablebits);
+ for (ch = 0; ch < (unsigned)nchar; ch++) {
+ if ((len = bitlen[ch]) == 0) continue;
+- nextcode = start[len] + weight[len];
++ nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE);
+ if (len <= (unsigned)tablebits) {
+ for (i = start[len]; i < nextcode; i++) table[i] = ch;
+ } else {
[email protected]@ -217,7 +221,7 @@
+ for (i = 0; i < 256; i++) pt_table[i] = c;
+ } else {
+ i = 0;
+- while (i < n) {
++ while (i < MIN(n,NPT)) {
+ c = bitbuf >> (BITBUFSIZ - 3);
+ if (c == 7) {
+ mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3);
[email protected]@ -227,7 +231,7 @@
+ pt_len[i++] = c;
+ if (i == i_special) {
+ c = getbits(2);
+- while (--c >= 0) pt_len[i++] = 0;
++ while (--c >= 0 && i < NPT) pt_len[i++] = 0;
+ }
+ }
+ while (i < nn) pt_len[i++] = 0;
[email protected]@ -247,7 +251,7 @@
+ for (i = 0; i < 4096; i++) c_table[i] = c;
+ } else {
+ i = 0;
+- while (i < n) {
++ while (i < MIN(n,NC)) {
+ c = pt_table[bitbuf >> (BITBUFSIZ - 8)];
+ if (c >= NT) {
+ mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8);
[email protected]@ -255,14 +259,14 @@
+ if (bitbuf & mask) c = right[c];
+ else c = left [c];
+ mask >>= 1;
+- } while (c >= NT);
++ } while (c >= NT && (mask || c != left[c]));
+ }
+ fillbuf((int) pt_len[c]);
+ if (c <= 2) {
+ if (c == 0) c = 1;
+ else if (c == 1) c = getbits(4) + 3;
+ else c = getbits(CBIT) + 20;
+- while (--c >= 0) c_len[i++] = 0;
++ while (--c >= 0 && i < NC) c_len[i++] = 0;
+ } else c_len[i++] = c - 2;
+ }
+ while (i < NC) c_len[i++] = 0;
[email protected]@ -291,7 +295,7 @@
+ if (bitbuf & mask) j = right[j];
+ else j = left [j];
+ mask >>= 1;
+- } while (j >= NC);
++ } while (j >= NC && (mask || j != left[j]));
+ }
+ fillbuf((int) c_len[j]);
+ return j;
[email protected]@ -308,7 +312,7 @@
+ if (bitbuf & mask) j = right[j];
+ else j = left [j];
+ mask >>= 1;
+- } while (j >= NP);
++ } while (j >= NP && (mask || j != left[j]));
+ }
+ fillbuf((int) pt_len[j]);
+ if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1));
[email protected]@ -355,7 +359,7 @@
+ while (--j >= 0) {
+ buffer[r] = buffer[i];
+ i = (i + 1) & (DICSIZ - 1);
+- if (++r == count) return r;
++ if (++r >= count) return r;
+ }
+ for ( ; ; ) {
+ c = decode_c();
[email protected]@ -365,14 +369,14 @@
+ }
+ if (c <= UCHAR_MAX) {
+ buffer[r] = c;
+- if (++r == count) return r;
++ if (++r >= count) return r;
+ } else {
+ j = c - (UCHAR_MAX + 1 - THRESHOLD);
+ i = (r - decode_p() - 1) & (DICSIZ - 1);
+ while (--j >= 0) {
+ buffer[r] = buffer[i];
+ i = (i + 1) & (DICSIZ - 1);
+- if (++r == count) return r;
++ if (++r >= count) return r;
+ }
+ }
+ }
+Index: gnu/usr.bin/gzip/unpack.c
+===================================================================
+RCS file: /home/ncvs/src/gnu/usr.bin/gzip/unpack.c,v
+retrieving revision 1.6
+diff -u -d -r1.6 unpack.c
+--- gzip/unpack.c 27 Aug 1999 23:35:54 -0000 1.6
++++ gzip/unpack.c 17 Sep 2006 10:58:37 -0000
[email protected]@ -12,7 +12,6 @@
+ #include "gzip.h"
+ #include "crypt.h"
+
+-#define MIN(a,b) ((a) <= (b) ? (a) : (b))
+ /* The arguments must not have side effects. */
+
+ #define MAX_BITLEN 25
[email protected]@ -132,7 +131,7 @@
+ /* Remember where the literals of this length start in literal[] : */
+ lit_base[len] = base;
+ /* And read the literals: */
+- for (n = leaves[len]; n > 0; n--) {
++ for (n = leaves[len]; n > 0 && base < LITERALS; n--) {
+ literal[base++] = (uch)get_byte();
+ }
+ }
[email protected]@ -168,7 +167,7 @@
+ prefixp = &prefix_len[1<<peek_bits];
+ for (len = 1; len <= peek_bits; len++) {
+ int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */
+- while (prefixes--) *--prefixp = (uch)len;
++ while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len;
+ }
+ /* The length of all other codes is unknown: */
+ while (prefixp > prefix_len) *--prefixp = 0;--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gzip/Makefile Mon Feb 21 02:25:09 2011 -0800
@@ -0,0 +1,74 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+include ../../make-rules/shared-macros.mk
+
+COMPONENT_NAME= gzip
+COMPONENT_VERSION= 1.3.5
+COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
+COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
+COMPONENT_ARCHIVE_HASH= sha1:843272609b9bff1bdf2770a28d498d6519901e73
+COMPONENT_ARCHIVE_URL= http://alpha.gnu.org/gnu/gzip/$(COMPONENT_ARCHIVE)
+
+include ../../make-rules/prep.mk
+include ../../make-rules/configure.mk
+include ../../make-rules/ips.mk
+
+CONFIGURE_OPTIONS += --infodir=$(CONFIGURE_INFODIR)
+CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)"
+
+# Fix references to Solaris renamed programs (z*->gz*) in man pages, info
+# pages and in wrapper scripts.
+COMPONENT_PRE_INSTALL_ACTION = \
+ (cd $(COMPONENT_SRC) ; \
+ for file in `ls *.1 *.info z*.in` ; do \
+ mv $$file $$file.tmp ; \
+ sed -f $(COMPONENT_DIR)/renaming.sed $$file.tmp > $$file ; \
+ $(RM) $$file.tmp ; \
+ done)
+
+# Rename installed programs and man pages in proto dir (z*->gz*).
+COMPONENT_POST_INSTALL_ACTION = \
+ (for dir in $(PROTOUSRBINDIR) $(PROTOUSRSHAREMAN1DIR) ; do \
+ cd $$dir; \
+ for zfile in `ls z*`; do ; \
+ mv $$zfile g$$zfile ; \
+ done ; \
+ done)
+
+# Provide missing man pages.
+GZGREP_MAN_VARIANTS+=$(PROTOUSRSHAREMAN1DIR)/gzegrep.1
+GZGREP_MAN_VARIANTS+=$(PROTOUSRSHAREMAN1DIR)/gzfgrep.1
+
+$(GZGREP_MAN_VARIANTS):
+ $(RM) [email protected]; echo ".so man1/gzgrep.1" > [email protected]
+
+build: $(BUILD_32)
+
+install: $(INSTALL_32) $(GZGREP_MAN_VARIANTS)
+
+test:
+ @echo "no tests available"
+
+BUILD_PKG_DEPENDENCIES = $(BUILD_TOOLS)
+
+include ../../make-rules/depend.mk
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gzip/SUNWgzip.p5m Mon Feb 21 02:25:09 2011 -0800
@@ -0,0 +1,33 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+#
+# Legacy package information for renamed SUNWgzip package
+#
+
+set name=pkg.fmri value=pkg:/[email protected],5.11-0.133
+set name=pkg.renamed value=true
+
+set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
+
+depend fmri=compress/[email protected] type=require
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gzip/gzip.license Mon Feb 21 02:25:09 2011 -0800
@@ -0,0 +1,25 @@
+Oracle elects to use only the GNU Lesser General Public License version
+2.1 (LGPL)/GNU General Public License version 2 (GPL) for any software
+where a choice of LGPL/GPL license versions are made available with the
+language indicating that LGPLv2.1/GPLv2 or any later version may be
+used, or where a choice of which version of the LGPL/GPL is applied is
+unspecified. Unless specifically stated otherwise, where a choice
+exists between another license and either the GPL or the LGPL, Oracle
+chooses the other license.
+-----------------------------------------------------------------------
+
+Copyright (C) 1992-1993 Jean-loup Gailly
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gzip/gzip.p5m Mon Feb 21 02:25:09 2011 -0800
@@ -0,0 +1,70 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+set name=pkg.fmri value=pkg:/compress/[email protected]$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
+set name=pkg.summary value="GNU Zip (gzip)"
+set name=pkg.description value="The GNU Zip (gzip) compression utility"
+set name=info.classification value="org.opensolaris.category.2008:Applications/System Utilities"
+set name=info.upstream_url value="http://directory.fsf.org/GNU/gzip.html"
+set name=info.source_url value=$(COMPONENT_ARCHIVE_URL)
+set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
+
+dir path=usr
+dir path=usr/bin
+dir path=usr/share
+dir path=usr/share/info
+dir path=usr/share/man
+dir path=usr/share/man/man1
+file path=usr/bin/gzdiff
+file path=usr/bin/gzexe
+file path=usr/bin/gzforce
+file path=usr/bin/gzgrep
+file path=usr/bin/gzip
+file path=usr/bin/gzless
+file path=usr/bin/gzmore
+file path=usr/bin/gznew
+file path=usr/share/info/gzip.info
+file path=usr/share/man/man1/gunzip.1
+file path=usr/share/man/man1/gzcat.1
+file path=usr/share/man/man1/gzcmp.1
+file path=usr/share/man/man1/gzdiff.1
+file path=usr/share/man/man1/gzegrep.1
+file path=usr/share/man/man1/gzexe.1
+file path=usr/share/man/man1/gzfgrep.1
+file path=usr/share/man/man1/gzforce.1
+file path=usr/share/man/man1/gzgrep.1
+file path=usr/share/man/man1/gzip.1
+file path=usr/share/man/man1/gzless.1
+file path=usr/share/man/man1/gzmore.1
+file path=usr/share/man/man1/gznew.1
+hardlink path=usr/bin/gunzip target=gzip
+hardlink path=usr/bin/gzcat target=gzip
+hardlink path=usr/bin/gzcmp target=gzdiff
+hardlink path=usr/bin/gzegrep target=gzgrep
+hardlink path=usr/bin/gzfgrep target=gzgrep
+
+
+license gzip.license license="GPLv2"
+
+legacy pkg=SUNWgzip \
+ name="The GNU Zip (gzip) compression utility" \
+ desc="The GNU Zip (gzip) compression utility 1.3.5"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gzip/renaming.sed Mon Feb 21 02:25:09 2011 -0800
@@ -0,0 +1,27 @@
+s/zcat/gzcat/g
+s/Zcat/Gzcat/g
+s/ZCAT/GZCAT/g
+s/zcmp/gzcmp/g
+s/Zcmp/Gzcmp/g
+s/ZCMP/GZCMP/g
+s/znew/gznew/g
+s/Znew/Gznew/g
+s/ZNEW/GZNEW/g
+s/zdiff/gzdiff/g
+s/Zdiff/Gzdiff/g
+s/ZDIFF/GZDIFF/g
+s/zgrep/gzgrep/g
+s/Zgrep/Gzgrep/g
+s/ZGREP/GZGREP/g
+s/zmore/gzmore/g
+s/Zmore/Gzmore/g
+s/ZMORE/GZMORE/g
+s/zless/gzless/g
+s/Zless/Gzless/g
+s/ZLESS/GZLESS/g
+s/zforce/gzforce/g
+s/Zforce/Gzforce/g
+s/ZFORCE/GZFORCE/g
+s/zegrep/gzegrep/g
+s/zfgrep/gzfgrep/g
+s/^gzgrep /gzgrep, gzegrep, gzfgrep /
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/gzip/version.patch Mon Feb 21 02:25:09 2011 -0800
@@ -0,0 +1,11 @@
+--- gzip-1.3.5/gzip.c-orig Fri Oct 6 05:44:06 2006
++++ gzip-1.3.5/gzip.c Fri Oct 6 05:48:53 2006
[email protected]@ -427,6 +427,8 @@
+ #endif
+ printf ("\n");
+ printf ("Written by Jean-loup Gailly.\n");
++ printf ("patched for Sun BugIDs 6294656 6283819\n");
++ printf ("patched for CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338\n");
+ }
+
+ local void progerror (string)