cvs commit: patches/unzip unzip-5.50-dont_make_noise-1.patch unzip-5.50-dotdot-1.patch unzip-5.50-fix_Makefile-1.patch unzip-5.50-fix_libz-1.patch unzip-5.51-dont_make_noise-1.patch unzip-5.51-fix_Makefile-1.patch unzip-5.51-fix_libz-1.patch unzip-5.50-dont-make-noise.patch unzip-5.50-dotdot.patch unzip-5.50-fix-Makefile.patch unzip-5.50-fix-libz.patch unzip-5.51-dont-make-noise.patch unzip-5.51-fix-Makefile.patch unzip-5.51-fix-libz.patch

jim at linuxfromscratch.org jim at linuxfromscratch.org
Mon Jun 7 22:14:04 PDT 2004


jim         04/06/07 23:14:04

  Added:       unzip    unzip-5.50-dont_make_noise-1.patch
                        unzip-5.50-dotdot-1.patch
                        unzip-5.50-fix_Makefile-1.patch
                        unzip-5.50-fix_libz-1.patch
                        unzip-5.51-dont_make_noise-1.patch
                        unzip-5.51-fix_Makefile-1.patch
                        unzip-5.51-fix_libz-1.patch
  Removed:     unzip    unzip-5.50-dont-make-noise.patch
                        unzip-5.50-dotdot.patch
                        unzip-5.50-fix-Makefile.patch
                        unzip-5.50-fix-libz.patch
                        unzip-5.51-dont-make-noise.patch
                        unzip-5.51-fix-Makefile.patch
                        unzip-5.51-fix-libz.patch
  Log:
  Naming Scheme Update
  
  Revision  Changes    Path
  1.1                  patches/unzip/unzip-5.50-dont_make_noise-1.patch
  
  Index: unzip-5.50-dont_make_noise-1.patch
  ===================================================================
  Submitted By: Tushar Teredesai <tushar at linuxfromscratch.org>
  Date: 2003-09-22
  Initial Package Version: 5.50
  Origin: http://archive.linuxfromscratch.org/mail-archives/blfs-dev/2003-August/003213.html
  Description: When unzipping files, the unzip stub prints out lot of "useful" info messages.
  These messages can cause applications such as Midnight Commander to display strange behavior.
  This patch is useful for users linking unzip to the system zlib
  (i.e. installed as per the BLFS guidelines).
  --- unzip-5.50/unzipstb.c.orig	2003-09-22 01:05:45.000000000 -0500
  +++ unzip-5.50/unzipstb.c	2003-09-22 01:06:57.000000000 -0500
  @@ -30,27 +30,6 @@
   
       pVersion = UzpVersion();
   
  -    printf("UnZip stub:  checking version numbers (DLL is dated %s)\n",
  -      pVersion->date);
  -    printf("   UnZip versions:    expecting %d.%d%d, using %d.%d%d%s\n",
  -      UZ_MAJORVER, UZ_MINORVER, UZ_PATCHLEVEL, pVersion->unzip.major,
  -      pVersion->unzip.minor, pVersion->unzip.patchlevel, pVersion->betalevel);
  -    printf("   ZipInfo versions:  expecting %d.%d%d, using %d.%d%d\n",
  -      ZI_MAJORVER, ZI_MINORVER, UZ_PATCHLEVEL, pVersion->zipinfo.major,
  -      pVersion->zipinfo.minor, pVersion->zipinfo.patchlevel);
  -
  -/*
  -    D2_M*VER and os2dll.* are obsolete, though retained for compatibility:
  -
  -    printf("   OS2 DLL versions:  expecting %d.%d%d, using %d.%d%d\n",
  -      D2_MAJORVER, D2_MINORVER, D2_PATCHLEVEL, pVersion->os2dll.major,
  -      pVersion->os2dll.minor, pVersion->os2dll.patchlevel);
  - */
  -
  -    if (pVersion->flag & 2)
  -        printf("   using zlib version %s\n", pVersion->zlib_version);
  -    printf("\n");
  -
       /* call the actual UnZip routine (string-arguments version) */
       return UzpMain(argc, argv);
   }
  
  
  
  1.1                  patches/unzip/unzip-5.50-dotdot-1.patch
  
  Index: unzip-5.50-dotdot-1.patch
  ===================================================================
  Submitted By: Tushar Teredesai <tushar at linuxfromscratch.org>
  Date: 2003-10-03
  Initial Package Version: 5.50
  Origin: Redhat RPM, Gentoo Source
  Description: Fixes a directory traversal security (priority Medium) bug.
  Check out <http://archives.neohapsis.com/archives/bugtraq/2003-05/0113.html>.
  diff -ur unzip-5.50/unix/unix.c unzip-5.50-lhh/unix/unix.c
  --- unzip-5.50/unix/unix.c	2002-01-21 17:54:42.000000000 -0500
  +++ unzip-5.50-lhh/unix/unix.c	2003-06-11 18:35:38.000000000 -0400
  @@ -421,7 +421,8 @@
    */
   {
       char pathcomp[FILNAMSIZ];      /* path-component buffer */
  -    char *pp, *cp=(char *)NULL;    /* character pointers */
  +    char *pp, *cp=(char *)NULL,    /* character pointers */
  +         *dp=(char *)NULL;
       char *lastsemi=(char *)NULL;   /* pointer to last semi-colon in pathcomp */
   #ifdef ACORN_FTYPE_NFS
       char *lastcomma=(char *)NULL;  /* pointer to last comma in pathcomp */
  @@ -429,6 +430,7 @@
   #endif
       int quote = FALSE;             /* flags */
       int killed_ddot = FALSE;       /* is set when skipping "../" pathcomp */
  +    int snarf_ddot = FALSE;	   /* Is set while scanning for "../" */
       int error = MPN_OK;
       register unsigned workch;      /* hold the character being tested */
   
  @@ -467,6 +469,9 @@
       while ((workch = (uch)*cp++) != 0) {
   
           if (quote) {                 /* if character quoted, */
  +	    if ((pp == pathcomp) && (workch == '.'))
  +		/* Oh no you don't... */
  +		goto ddot_hack;
               *pp++ = (char)workch;    /*  include it literally */
               quote = FALSE;
           } else
  @@ -481,15 +486,44 @@
                   break;
   
               case '.':
  -                if (pp == pathcomp) {   /* nothing appended yet... */
  +                if (pp == pathcomp) {
  +ddot_hack:
  +		    /* nothing appended yet... */
                       if (*cp == '/') {   /* don't bother appending "./" to */
                           ++cp;           /*  the path: skip behind the '/' */
                           break;
  -                    } else if (!uO.ddotflag && *cp == '.' && cp[1] == '/') {
  -                        /* "../" dir traversal detected */
  -                        cp += 2;        /*  skip over behind the '/' */
  -                        killed_ddot = TRUE; /*  set "show message" flag */
  -                        break;
  +                    } else if (!uO.ddotflag) {
  +
  +			/*
  +			 * SECURITY: Skip past control characters if the user
  +			 * didn't OK use of absolute pathnames. lhh - this is
  +			 * a very quick, ugly, inefficient fix.
  +			 */
  +			dp = cp;
  +			do {
  +			    workch = (uch)(*dp);
  +			    if (workch == '/' && snarf_ddot) {
  +                                /* "../" dir traversal detected */
  +                                cp = dp + 1;      /* skip past the '/' */
  +                                killed_ddot = TRUE; /* set "show msg" flag */
  +                                break;
  +                            } else if (workch == '.' && !snarf_ddot) {
  +				snarf_ddot = TRUE;
  +                	    } else if (isprint(workch) ||
  +				       ((workch > 127) && (workch <= 254))) {
  +				/*
  +				 * Since we found a printable, non-ctrl char,
  +				 * we can stop looking for '../', the amount
  +				 * in ../!
  +				 */
  +			        break;
  +			    }
  +
  +			    dp++;
  +                        } while (*dp != 0);
  +
  +			if (killed_ddot)
  +			    break;
                       }
                   }
                   *pp++ = '.';
  
  
  
  1.1                  patches/unzip/unzip-5.50-fix_Makefile-1.patch
  
  Index: unzip-5.50-fix_Makefile-1.patch
  ===================================================================
  Submitted By: BLFS Book <blfs-book at linuxfromscratch.org>
  Date: 2003-10-03
  Initial Package Version: 5.50
  Origin: NA
  Description: Creates a missing symlink.
  diff -urN unzip-5.50/unix/Makefile unzip-5.50-rcl/unix/Makefile
  --- unzip-5.50/unix/Makefile	Sat Feb 16 17:00:38 2002
  +++ unzip-5.50-rcl/unix/Makefile	Sat Sep 28 14:32:44 2002
  @@ -818,6 +818,7 @@
   	ln -sf crc_gcc.pic.o crc32.pic.o
   	gcc -shared -Wl,-soname,libunzip.so.0 -o libunzip.so.0.4 $(OBJSDLL)
   	ln -sf libunzip.so.0.4 libunzip.so.0
  +	ln -sf libunzip.so.0.4 libunzip.so
   	gcc -c -O unzipstb.c
   	gcc -o unzip unzipstb.o -L. -lunzip -lz
  
  
  
  1.1                  patches/unzip/unzip-5.50-fix_libz-1.patch
  
  Index: unzip-5.50-fix_libz-1.patch
  ===================================================================
  Submitted By: BLFS Book <blfs-book at linuxfromscratch.org>
  Date: 2003-10-03
  Initial Package Version: 5.50
  Origin: NA
  Description: Fixes compilation against system zlib.
  diff -urN unzip-5.50/api.c unzip-5.50-rcl/api.c
  --- unzip-5.50/api.c	Thu Nov 22 23:43:26 2001
  +++ unzip-5.50-rcl/api.c	Sat Sep 28 14:31:51 2002
  @@ -48,6 +48,11 @@
   #endif
   #include "unzvers.h"
   
  +/* This is defined as zlibVersion() in zlib.h version 1.1.4 */
  +#ifdef   zlib_version
  +#  undef zlib_version
  +#endif
  +
   #ifdef DLL      /* This source file supplies DLL-only interface code. */
   
   jmp_buf dll_error_return;
  
  
  
  1.1                  patches/unzip/unzip-5.51-dont_make_noise-1.patch
  
  Index: unzip-5.51-dont_make_noise-1.patch
  ===================================================================
  Submitted By: Tushar Teredesai <tushar at linuxfromscratch.org>
  Date: 2003-09-22
  Initial Package Version: 5.50
  Origin: http://archive.linuxfromscratch.org/mail-archives/blfs-dev/2003-August/003213.html
  Description: When unzipping files, the unzip stub prints out lot of "useful" info messages.
  These messages can cause applications such as Midnight Commander to display strange behavior.
  This patch is useful for users linking unzip to the system zlib
  (i.e. installed as per the BLFS guidelines).
  --- unzip-5.50/unzipstb.c.orig	2003-09-22 01:05:45.000000000 -0500
  +++ unzip-5.50/unzipstb.c	2003-09-22 01:06:57.000000000 -0500
  @@ -30,27 +30,6 @@
   
       pVersion = UzpVersion();
   
  -    printf("UnZip stub:  checking version numbers (DLL is dated %s)\n",
  -      pVersion->date);
  -    printf("   UnZip versions:    expecting %d.%d%d, using %d.%d%d%s\n",
  -      UZ_MAJORVER, UZ_MINORVER, UZ_PATCHLEVEL, pVersion->unzip.major,
  -      pVersion->unzip.minor, pVersion->unzip.patchlevel, pVersion->betalevel);
  -    printf("   ZipInfo versions:  expecting %d.%d%d, using %d.%d%d\n",
  -      ZI_MAJORVER, ZI_MINORVER, UZ_PATCHLEVEL, pVersion->zipinfo.major,
  -      pVersion->zipinfo.minor, pVersion->zipinfo.patchlevel);
  -
  -/*
  -    D2_M*VER and os2dll.* are obsolete, though retained for compatibility:
  -
  -    printf("   OS2 DLL versions:  expecting %d.%d%d, using %d.%d%d\n",
  -      D2_MAJORVER, D2_MINORVER, D2_PATCHLEVEL, pVersion->os2dll.major,
  -      pVersion->os2dll.minor, pVersion->os2dll.patchlevel);
  - */
  -
  -    if (pVersion->flag & 2)
  -        printf("   using zlib version %s\n", pVersion->zlib_version);
  -    printf("\n");
  -
       /* call the actual UnZip routine (string-arguments version) */
       return UzpMain(argc, argv);
   }
  
  
  
  1.1                  patches/unzip/unzip-5.51-fix_Makefile-1.patch
  
  Index: unzip-5.51-fix_Makefile-1.patch
  ===================================================================
  Submitted By: BLFS Book <blfs-book at linuxfromscratch.org>
  Date: 2003-10-03
  Initial Package Version: 5.50
  Origin: NA
  Description: Creates a missing symlink.
  diff -urN unzip-5.50/unix/Makefile unzip-5.50-rcl/unix/Makefile
  --- unzip-5.50/unix/Makefile	Sat Feb 16 17:00:38 2002
  +++ unzip-5.50-rcl/unix/Makefile	Sat Sep 28 14:32:44 2002
  @@ -818,6 +818,7 @@
   	ln -sf crc_gcc.pic.o crc32.pic.o
   	gcc -shared -Wl,-soname,libunzip.so.0 -o libunzip.so.0.4 $(OBJSDLL)
   	ln -sf libunzip.so.0.4 libunzip.so.0
  +	ln -sf libunzip.so.0.4 libunzip.so
   	gcc -c -O unzipstb.c
   	gcc -o unzip unzipstb.o -L. -lunzip -lz
  
  
  
  1.1                  patches/unzip/unzip-5.51-fix_libz-1.patch
  
  Index: unzip-5.51-fix_libz-1.patch
  ===================================================================
  Submitted By: BLFS Book <blfs-book at linuxfromscratch.org>
  Date: 2003-10-03
  Initial Package Version: 5.50
  Origin: NA
  Description: Fixes compilation against system zlib.
  diff -urN unzip-5.50/api.c unzip-5.50-rcl/api.c
  --- unzip-5.50/api.c	Thu Nov 22 23:43:26 2001
  +++ unzip-5.50-rcl/api.c	Sat Sep 28 14:31:51 2002
  @@ -48,6 +48,11 @@
   #endif
   #include "unzvers.h"
   
  +/* This is defined as zlibVersion() in zlib.h version 1.1.4 */
  +#ifdef   zlib_version
  +#  undef zlib_version
  +#endif
  +
   #ifdef DLL      /* This source file supplies DLL-only interface code. */
   
   jmp_buf dll_error_return;
  
  
  



More information about the patches mailing list