diff --git a/0001-gzip-detect-invalid-input.patch b/0001-gzip-detect-invalid-input.patch new file mode 100644 index 0000000000000000000000000000000000000000..c7427d957f470acf5800350da2ff3105d81eaa12 --- /dev/null +++ b/0001-gzip-detect-invalid-input.patch @@ -0,0 +1,58 @@ +From 9559806a04d3c62bf789a2bf8760d561880b7e65 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Tue, 28 Jun 2022 22:30:08 -0500 +Subject: [PATCH] gzip: detect invalid input + +Problem reported by Young Mo Kang and fix from Mark Adler (Bug#56247). +* inflate.c: Include stdbool.h. +(fresh): New static var. +* inflate.c (flush_output): Clear it. +(inflate): Set it. +(inflate_codes): Fail if the offset is outside a fresh input window. +--- + inflate.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/inflate.c b/inflate.c +index f54eb65..d7ab98f 100644 +--- a/inflate.c ++++ b/inflate.c +@@ -117,6 +117,7 @@ + + #include + ++#include + #include + + #include "tailor.h" +@@ -153,8 +154,9 @@ static int huft_free (struct huft *); + "uch *slide;" and then malloc'ed in the latter case. The definition + must be in unzip.h, included above. */ + /* unsigned wp; current position in slide */ ++static bool fresh; + #define wp outcnt +-#define flush_output(w) (wp=(w),flush_window()) ++#define flush_output(w) (fresh = false, wp = (w), flush_window ()) + + /* Tables for deflate from PKZIP's appnote.txt. */ + static unsigned border[] = { /* Order of the bit length code lengths */ +@@ -572,6 +574,8 @@ inflate_codes(struct huft *tl, struct huft *td, int bl, int bd) + NEEDBITS(e) + d = w - t->v.n - ((unsigned)b & mask_bits[e]); + DUMPBITS(e) ++ if (fresh && w <= d) ++ return 1; + Tracevv((stderr,"\\[%d,%d]", w-d, n)); + + /* do the copy */ +@@ -954,6 +958,7 @@ inflate(void) + wp = 0; + bk = 0; + bb = 0; ++ fresh = true; + + + /* decompress until the last block */ +-- +2.31.1 + diff --git a/gzip.spec b/gzip.spec index c58a818e34a5a3657f13ae46c8a7298ae787b388..dccdab329eff7f50192eecb6a666d8b2517f53e6 100644 --- a/gzip.spec +++ b/gzip.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 Name: gzip Version: 1.12 @@ -11,6 +11,7 @@ Source1: https://www.gnu.org/licenses/fdl-1.3.txt Source100: colorzgrep.csh Source101: colorzgrep.sh +Patch1: 0001-gzip-detect-invalid-input.patch URL: https://www.gzip.org/ Requires: coreutils @@ -38,7 +39,7 @@ BuildArch: noarch The %{name}-doc package contains documentation files for %{name}. %prep -%setup -q +%autosetup -n %{name}-%{version} -p1 cp %{SOURCE1} . autoreconf @@ -69,9 +70,13 @@ mkdir -p %{buildroot}%{profiledir} install -p -m 644 %{SOURCE100} %{buildroot}%{profiledir} install -p -m 644 %{SOURCE101} %{buildroot}%{profiledir} +%generate_compatibility_deps + %files %license COPYING fdl-1.3.txt +%dir %{abidir} %{_bindir}/* +%{abidir}/*-option.list %{_mandir}/*/* %{_infodir}/gzip.info* %{profiledir}/* @@ -80,6 +85,10 @@ install -p -m 644 %{SOURCE101} %{buildroot}%{profiledir} %doc NEWS README AUTHORS ChangeLog THANKS TODO %changelog +* Tue Dec 06 2022 Shawn Wang - 1.12-2 +- update spec files +- add one bugfix patch + * Fri Sep 23 2022 mgb01105731 - 1.12-1 - update to 1.12