correct lzh patch, thanks to Haruhiko Okumura.

(Portage version: 2.0.51.22-r3)
author: Tavis Ormandy <taviso@gentoo.org> 2006-09-27 14:30:11 +0000
committer: Tavis Ormandy <taviso@gentoo.org> 2006-09-27 14:30:11 +0000
commit: 1da9a4ceab1e1da3c354fc9a5692d4e963a90d94 (patch)
tree: 2eab94d3b4eeea73742317d76aaa3377a1fcf0ab /app-arch
parent: Add inherit eutils (diff)
download: gentoo-2-1da9a4ceab1e1da3c354fc9a5692d4e963a90d94.tar.gz
gentoo-2-1da9a4ceab1e1da3c354fc9a5692d4e963a90d94.tar.bz2
gentoo-2-1da9a4ceab1e1da3c354fc9a5692d4e963a90d94.zip
5 files changed, 298 insertions, 66 deletions
diff --git a/app-arch/gzip/ChangeLog b/app-arch/gzip/ChangeLog
index 5036ef7a2825..e10bec25d122 100644
--- a/app-arch/gzip/ChangeLog
+++ b/app-arch/gzip/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-arch/gzip
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-arch/gzip/ChangeLog,v 1.67 2006/09/22 22:41:41 kloeri Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-arch/gzip/ChangeLog,v 1.68 2006/09/27 14:30:11 taviso Exp $
+
+*gzip-1.3.5-r10 (27 Sep 2006)
+
+  27 Sep 2006; Tavis Ormandy <taviso@gentoo.org>
+  +files/gzip-1.3.5-CVE-2006-4334-8.2.patch, +gzip-1.3.5-r10.ebuild:
+  Correct unlzh security patch, thanks to Haruhiko Okumura.
 
   22 Sep 2006; Bryan Østergaard <kloeri@gentoo.org> gzip-1.3.5-r9.ebuild:
   Stable on alpha + ia64, bug 145511.
diff --git a/app-arch/gzip/Manifest b/app-arch/gzip/Manifest
index d179d31977f0..6444b535a6ba 100644
--- a/app-arch/gzip/Manifest
+++ b/app-arch/gzip/Manifest
@@ -1,71 +1,22 @@
-AUX gzip-1.3.5-CVE-2006-4334-8.patch 5173 RMD160 6ff5ef3e913162b95bb430b88df270ff4d2b58e5 SHA1 9308e09dd6cc755a5cf20fbb4723567fa6f36f81 SHA256 f02d5c874897ca6cdf02c9d4c08b86262e6682decf1d6c5d94dea93b0a892c06
-MD5 94d483b3d8caf3505532061d4cf33e56 files/gzip-1.3.5-CVE-2006-4334-8.patch 5173
-RMD160 6ff5ef3e913162b95bb430b88df270ff4d2b58e5 files/gzip-1.3.5-CVE-2006-4334-8.patch 5173
-SHA256 f02d5c874897ca6cdf02c9d4c08b86262e6682decf1d6c5d94dea93b0a892c06 files/gzip-1.3.5-CVE-2006-4334-8.patch 5173
-AUX gzip-1.3.5-alpha.patch 1302 RMD160 6a5b719d9f9b2dcedfb8c16dcc53c3ee73be3fef SHA1 73c2a453df635fd7b37878c678434063e961fd7c SHA256 78ac1ee2c0cfb61da4bc6c17d3755dc93c26974b97ddebcb54121e357c392cba
-MD5 3ac15e61ddb326ae27cb0ae6aa4d580f files/gzip-1.3.5-alpha.patch 1302
-RMD160 6a5b719d9f9b2dcedfb8c16dcc53c3ee73be3fef files/gzip-1.3.5-alpha.patch 1302
-SHA256 78ac1ee2c0cfb61da4bc6c17d3755dc93c26974b97ddebcb54121e357c392cba files/gzip-1.3.5-alpha.patch 1302
-AUX gzip-1.3.5-asm-execstack.patch 319 RMD160 74a60d8ecc8891fde826fdc45298822259967c12 SHA1 0ea6976fc69123245d1b1fa1048281304354e7fe SHA256 fde7b893a1bd41e5fbe5f1cd75a523c47c2a5710f976e529f4e251d510c1bc5e
-MD5 4fb394294581607c9272f6cb416860d0 files/gzip-1.3.5-asm-execstack.patch 319
-RMD160 74a60d8ecc8891fde826fdc45298822259967c12 files/gzip-1.3.5-asm-execstack.patch 319
-SHA256 fde7b893a1bd41e5fbe5f1cd75a523c47c2a5710f976e529f4e251d510c1bc5e files/gzip-1.3.5-asm-execstack.patch 319
-AUX gzip-1.3.5-debian.patch 3309 RMD160 daa104d01ffa2e224ac4b3057906d16278120d5a SHA1 a916b5174b7805c8e3e288b2625f6461bb411e60 SHA256 35759dcd55ab4568e6409ccd58bf93d1aecc0ad0b79e6b3bca40049ce26e63d1
-MD5 0243373763322810b1f5aa7d9c9a1b91 files/gzip-1.3.5-debian.patch 3309
-RMD160 daa104d01ffa2e224ac4b3057906d16278120d5a files/gzip-1.3.5-debian.patch 3309
-SHA256 35759dcd55ab4568e6409ccd58bf93d1aecc0ad0b79e6b3bca40049ce26e63d1 files/gzip-1.3.5-debian.patch 3309
-AUX gzip-1.3.5-gunzip-dir.patch 631 RMD160 f81891781435964eb7d86b18b5feda1bfc8c998e SHA1 fb438be65a15d33a7a4b23ac25dd653973f1f8e3 SHA256 48165f1a1aad6f44fd726524ed43a9186de78c1c41b19693b095abad08c9dba0
+MD5 6a8a0aae6cf1e3a8a7e77b78cf9132c3 gzip-1.3.5-r10.ebuild 2286
+MD5 ae5a6587dd797ff4fdca9c9ebd0e7d5a gzip-1.3.5-r8.ebuild 2288
+MD5 271be078567bdac72df8b49a4537c8f6 ChangeLog 11051
+MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164
+MD5 9376b86536d06f4918d561007b9e3f6e gzip-1.3.5-r9.ebuild 2284
 MD5 4fd655838d1349db119f0dacc1010071 files/gzip-1.3.5-gunzip-dir.patch 631
-RMD160 f81891781435964eb7d86b18b5feda1bfc8c998e files/gzip-1.3.5-gunzip-dir.patch 631
-SHA256 48165f1a1aad6f44fd726524ed43a9186de78c1c41b19693b095abad08c9dba0 files/gzip-1.3.5-gunzip-dir.patch 631
-AUX gzip-1.3.5-gzip-perm.patch 1787 RMD160 5daf23ecd6be595759c76db99a9b02aaa676e288 SHA1 a94b44f232d6b43db4716d4f102c6171cfe56cf6 SHA256 45550ecd33f97b5e449e6ee4a008537b05cc15ecaef76de0819eae700df4527b
-MD5 fb3f3a95b94f29dfdcca9fa99a03f8bb files/gzip-1.3.5-gzip-perm.patch 1787
-RMD160 5daf23ecd6be595759c76db99a9b02aaa676e288 files/gzip-1.3.5-gzip-perm.patch 1787
-SHA256 45550ecd33f97b5e449e6ee4a008537b05cc15ecaef76de0819eae700df4527b files/gzip-1.3.5-gzip-perm.patch 1787
-AUX gzip-1.3.5-huft-build-return-fix.patch 612 RMD160 a0447d38d930e8771ce029c607414246e4fa17ec SHA1 cc01b599c71b8fbefa80aa115e63faa0a7d38c71 SHA256 c0bd0979fb37e9fb79794dbaaf49c39698fb4003c7abf432b2e68b157afe979f
+MD5 4fb394294581607c9272f6cb416860d0 files/gzip-1.3.5-asm-execstack.patch 319
 MD5 d0ef7fafcc72001c6c37b1a22bd4b1b4 files/gzip-1.3.5-huft-build-return-fix.patch 612
-RMD160 a0447d38d930e8771ce029c607414246e4fa17ec files/gzip-1.3.5-huft-build-return-fix.patch 612
-SHA256 c0bd0979fb37e9fb79794dbaaf49c39698fb4003c7abf432b2e68b157afe979f files/gzip-1.3.5-huft-build-return-fix.patch 612
-AUX gzip-1.3.5-infodir.patch 988 RMD160 ce5c7eb066d60d81e1d42474677f22cffa0833b8 SHA1 03404431e2118d4da2783dcec45acde1a8dc9a5e SHA256 dcbbbd77b0156c05e2e4b16293d41414251674c1780d92d61e609788423d4bf9
 MD5 681d0cffb9740e1294cb0161f33281d2 files/gzip-1.3.5-infodir.patch 988
-RMD160 ce5c7eb066d60d81e1d42474677f22cffa0833b8 files/gzip-1.3.5-infodir.patch 988
-SHA256 dcbbbd77b0156c05e2e4b16293d41414251674c1780d92d61e609788423d4bf9 files/gzip-1.3.5-infodir.patch 988
-AUX gzip-1.3.5-rsync.patch 10411 RMD160 982a40c0f21f60d52adf4c6453e4aeb18de4b02f SHA1 a52aed5624e6900e88b2e14b73e3af5764d3d544 SHA256 d6086152c1544a23c312f43d77edc970064876becf2eec97cf50e45930c36948
-MD5 f8688050690d3658df1dbe8bf73b6346 files/gzip-1.3.5-rsync.patch 10411
-RMD160 982a40c0f21f60d52adf4c6453e4aeb18de4b02f files/gzip-1.3.5-rsync.patch 10411
-SHA256 d6086152c1544a23c312f43d77edc970064876becf2eec97cf50e45930c36948 files/gzip-1.3.5-rsync.patch 10411
-AUX gzip-1.3.5-zgrep-sed.patch 930 RMD160 99bc34cee207364fd5c16fdf267aed9366b51ee5 SHA1 42296dc9fa0dc30e4af07456b9f4c71ef173047c SHA256 182ca965d4a3db2abcab4d7a91899df8245eeb0ca9ba4b0322e41ab3f89bd3fd
+MD5 3ac15e61ddb326ae27cb0ae6aa4d580f files/gzip-1.3.5-alpha.patch 1302
+MD5 40e2d329b2936535797e4ee8eaee5729 files/digest-gzip-1.3.5-r10 62
 MD5 be1a01c45519ed5d8b319884bc4a882d files/gzip-1.3.5-zgrep-sed.patch 930
-RMD160 99bc34cee207364fd5c16fdf267aed9366b51ee5 files/gzip-1.3.5-zgrep-sed.patch 930
-SHA256 182ca965d4a3db2abcab4d7a91899df8245eeb0ca9ba4b0322e41ab3f89bd3fd files/gzip-1.3.5-zgrep-sed.patch 930
-AUX gzip-1.3.5-zgreppipe.patch 347 RMD160 c0971b18570f4f6a8497d7ef6be21c133dc44b9f SHA1 f10097609892f1ee355c6c4a1de4ab97b37d16fe SHA256 edab696c1cdb3ca24281848365db993c59c1407e2e3d2db7ed7ef1d66b52cd7f
-MD5 6f23d31c688bfc0b10ebf505dc8aabc2 files/gzip-1.3.5-zgreppipe.patch 347
-RMD160 c0971b18570f4f6a8497d7ef6be21c133dc44b9f files/gzip-1.3.5-zgreppipe.patch 347
-SHA256 edab696c1cdb3ca24281848365db993c59c1407e2e3d2db7ed7ef1d66b52cd7f files/gzip-1.3.5-zgreppipe.patch 347
-AUX gzip-1.3.5-znew-tempfile-2.patch 1931 RMD160 cdfe696be4d6c5c67ad259a2f0958ec67be670b3 SHA1 297bf60e8f7db807b58415aa43dea3e0a9b1347d SHA256 98cb432fc65ce9e7cbb479c47ca6119d423651254dfa491042b6dd2a7fb6585c
-MD5 17f0be7717f949fc0acd0ef316982cd6 files/gzip-1.3.5-znew-tempfile-2.patch 1931
-RMD160 cdfe696be4d6c5c67ad259a2f0958ec67be670b3 files/gzip-1.3.5-znew-tempfile-2.patch 1931
-SHA256 98cb432fc65ce9e7cbb479c47ca6119d423651254dfa491042b6dd2a7fb6585c files/gzip-1.3.5-znew-tempfile-2.patch 1931
-DIST gzip-1.3.5.tar.gz 331550 RMD160 5011f20441f31838c34b981c325107dd85737ff9 SHA1 843272609b9bff1bdf2770a28d498d6519901e73 SHA256 631820e566353eafc4bdc0d9d8221c26c7ef6b5d10a254783dbe9bcac88caa07
-EBUILD gzip-1.3.5-r8.ebuild 2288 RMD160 d47a747efc6dc61ccf74013b6a9b4193bc61102b SHA1 5d45f52739c82841e2829619665dc815fd0f878d SHA256 f00620f6624a6ba7517a48accfbedd19c019c8b871cf0ab5b11ba57d6913fa61
-MD5 ae5a6587dd797ff4fdca9c9ebd0e7d5a gzip-1.3.5-r8.ebuild 2288
-RMD160 d47a747efc6dc61ccf74013b6a9b4193bc61102b gzip-1.3.5-r8.ebuild 2288
-SHA256 f00620f6624a6ba7517a48accfbedd19c019c8b871cf0ab5b11ba57d6913fa61 gzip-1.3.5-r8.ebuild 2288
-EBUILD gzip-1.3.5-r9.ebuild 2284 RMD160 168aef27b11a8f80dd1786de20befebc7fda2271 SHA1 8b114a9ed51acfcf72a0146c6762a01554dd4969 SHA256 2abedfe7bbc05932175ead584a228bfcbf709be4c648bf25471173c1537f4715
-MD5 9376b86536d06f4918d561007b9e3f6e gzip-1.3.5-r9.ebuild 2284
-RMD160 168aef27b11a8f80dd1786de20befebc7fda2271 gzip-1.3.5-r9.ebuild 2284
-SHA256 2abedfe7bbc05932175ead584a228bfcbf709be4c648bf25471173c1537f4715 gzip-1.3.5-r9.ebuild 2284
-MISC ChangeLog 10841 RMD160 f084dd73d6de18d707fb172986c1015ce4dc74e8 SHA1 d2fdae9c7bd3f1a33b16362559505d97b537339b SHA256 72a730b4032ec037f6ad37a33803d5356dbca2289febff00e87a8c7bc611e2c5
-MD5 88f1da930d94c0beb8bdb49f0b55232c ChangeLog 10841
-RMD160 f084dd73d6de18d707fb172986c1015ce4dc74e8 ChangeLog 10841
-SHA256 72a730b4032ec037f6ad37a33803d5356dbca2289febff00e87a8c7bc611e2c5 ChangeLog 10841
-MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92
-MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164
-RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 metadata.xml 164
-SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92 metadata.xml 164
+MD5 94d483b3d8caf3505532061d4cf33e56 files/gzip-1.3.5-CVE-2006-4334-8.patch 5173
 MD5 b88cd4d307670111059400e1132d179f files/digest-gzip-1.3.5-r8 232
-RMD160 9ce0351305c191b5400cf658faf4b282dad18b42 files/digest-gzip-1.3.5-r8 232
-SHA256 0bfcc4dcd48430f1951f1452812e9809725069fb910d5234a32d8788ba84fa96 files/digest-gzip-1.3.5-r8 232
 MD5 b88cd4d307670111059400e1132d179f files/digest-gzip-1.3.5-r9 232
-RMD160 9ce0351305c191b5400cf658faf4b282dad18b42 files/digest-gzip-1.3.5-r9 232
-SHA256 0bfcc4dcd48430f1951f1452812e9809725069fb910d5234a32d8788ba84fa96 files/digest-gzip-1.3.5-r9 232
+MD5 29c206ae22c9f41a6017901fa9dd6118 files/.gzip-1.3.5-CVE-2006-4334-8.2.patch.swp 20480
+MD5 f8688050690d3658df1dbe8bf73b6346 files/gzip-1.3.5-rsync.patch 10411
+MD5 6f23d31c688bfc0b10ebf505dc8aabc2 files/gzip-1.3.5-zgreppipe.patch 347
+MD5 fb3f3a95b94f29dfdcca9fa99a03f8bb files/gzip-1.3.5-gzip-perm.patch 1787
+MD5 0243373763322810b1f5aa7d9c9a1b91 files/gzip-1.3.5-debian.patch 3309
+MD5 17f0be7717f949fc0acd0ef316982cd6 files/gzip-1.3.5-znew-tempfile-2.patch 1931
+MD5 0f1036580593054685f85e4c1806f0e4 files/gzip-1.3.5-CVE-2006-4334-8.2.patch 5163
diff --git a/app-arch/gzip/files/digest-gzip-1.3.5-r10 b/app-arch/gzip/files/digest-gzip-1.3.5-r10
new file mode 100644
index 000000000000..07db7e681363
--- /dev/null
+++ b/app-arch/gzip/files/digest-gzip-1.3.5-r10
@@ -0,0 +1 @@
+MD5 3d6c191dfd2bf307014b421c12dc8469 gzip-1.3.5.tar.gz 331550
diff --git a/app-arch/gzip/files/gzip-1.3.5-CVE-2006-4334-8.2.patch b/app-arch/gzip/files/gzip-1.3.5-CVE-2006-4334-8.2.patch
new file mode 100644
index 000000000000..26dfe4291707
--- /dev/null
+++ b/app-arch/gzip/files/gzip-1.3.5-CVE-2006-4334-8.2.patch
@@ -0,0 +1,186 @@
+http://bugs.gentoo.org/145511
+
+diff -ruN gzip-1.3.5.orig/gzip.h gzip-1.3.5/gzip.h
+--- gzip-1.3.5.orig/gzip.h	2001-10-01 07:53:41.000000000 +0100
++++ gzip-1.3.5/gzip.h	2006-09-27 15:25:23.340499960 +0100
+@@ -198,6 +198,8 @@
+ extern int to_stdout;      /* output to stdout (-c) */
+ extern int save_orig_name; /* set if original name must be saved */
+ 
++#define MIN(a,b) ((a) <= (b) ? (a) : (b))
++
+ #define get_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(0))
+ #define try_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(1))
+ 
+diff -ruN gzip-1.3.5.orig/inflate.c gzip-1.3.5/inflate.c
+--- gzip-1.3.5.orig/inflate.c	2002-09-25 22:20:13.000000000 +0100
++++ gzip-1.3.5/inflate.c	2006-09-27 15:25:23.342499656 +0100
+@@ -337,7 +337,7 @@
+   {
+     *t = (struct huft *)NULL;
+     *m = 0;
+-    return 0;
++    return 2;
+   }
+ 
+ 
+diff -ruN gzip-1.3.5.orig/unlzh.c gzip-1.3.5/unlzh.c
+--- gzip-1.3.5.orig/unlzh.c	1999-10-06 06:00:00.000000000 +0100
++++ gzip-1.3.5/unlzh.c	2006-09-27 15:26:00.882792664 +0100
+@@ -149,13 +149,17 @@
+     unsigned i, k, len, ch, jutbits, avail, nextcode, mask;
+ 
+     for (i = 1; i <= 16; i++) count[i] = 0;
+-    for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++;
++    for (i = 0; i < (unsigned)nchar; i++) {
++        if (bitlen[i] > 16)
++        error("Bad table (case a)\n");
++        else count[bitlen[i]]++;
++    }
+ 
+     start[1] = 0;
+     for (i = 1; i <= 16; i++)
+ 	start[i + 1] = start[i] + (count[i] << (16 - i));
+-    if ((start[17] & 0xffff) != 0)
+-	error("Bad table\n");
++    if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
++	error("Bad table (case b)\n");
+ 
+     jutbits = 16 - tablebits;
+     for (i = 1; i <= (unsigned)tablebits; i++) {
+@@ -169,8 +173,8 @@
+ 
+     i = start[tablebits + 1] >> jutbits;
+     if (i != 0) {
+-	k = 1 << tablebits;
+-	while (i != k) table[i++] = 0;
++	k = MIN(1 << tablebits, DIST_BUFSIZE);
++	while (i < k) table[i++] = 0;
+     }
+ 
+     avail = nchar;
+@@ -179,6 +183,7 @@
+ 	if ((len = bitlen[ch]) == 0) continue;
+ 	nextcode = start[len] + weight[len];
+ 	if (len <= (unsigned)tablebits) {
++	    nextcode = MIN(nextcode, DIST_BUFSIZE);
+ 	    for (i = start[len]; i < nextcode; i++) table[i] = ch;
+ 	} else {
+ 	    k = start[len];
+@@ -218,7 +223,7 @@
+ 	for (i = 0; i < 256; i++) pt_table[i] = c;
+     } else {
+ 	i = 0;
+-	while (i < n) {
++	while (i < MIN(n,NPT)) {
+ 	    c = bitbuf >> (BITBUFSIZ - 3);
+ 	    if (c == 7) {
+ 		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3);
+@@ -228,7 +233,7 @@
+ 	    pt_len[i++] = c;
+ 	    if (i == i_special) {
+ 		c = getbits(2);
+-		while (--c >= 0) pt_len[i++] = 0;
++		while (--c >= 0 && i < NPT) pt_len[i++] = 0;
+ 	    }
+ 	}
+ 	while (i < nn) pt_len[i++] = 0;
+@@ -248,7 +253,7 @@
+ 	for (i = 0; i < 4096; i++) c_table[i] = c;
+     } else {
+ 	i = 0;
+-	while (i < n) {
++	while (i < MIN(n,NC)) {
+ 	    c = pt_table[bitbuf >> (BITBUFSIZ - 8)];
+ 	    if (c >= NT) {
+ 		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8);
+@@ -256,14 +261,14 @@
+ 		    if (bitbuf & mask) c = right[c];
+ 		    else               c = left [c];
+ 		    mask >>= 1;
+-		} while (c >= NT);
++		} while (c >= NT && (mask || c != left[c]));
+ 	    }
+ 	    fillbuf((int) pt_len[c]);
+ 	    if (c <= 2) {
+ 		if      (c == 0) c = 1;
+ 		else if (c == 1) c = getbits(4) + 3;
+ 		else             c = getbits(CBIT) + 20;
+-		while (--c >= 0) c_len[i++] = 0;
++		while (--c >= 0 && i < NC) c_len[i++] = 0;
+ 	    } else c_len[i++] = c - 2;
+ 	}
+ 	while (i < NC) c_len[i++] = 0;
+@@ -292,7 +297,7 @@
+ 	    if (bitbuf & mask) j = right[j];
+ 	    else               j = left [j];
+ 	    mask >>= 1;
+-	} while (j >= NC);
++	} while (j >= NC && (mask || j != left[j]));
+     }
+     fillbuf((int) c_len[j]);
+     return j;
+@@ -309,7 +314,7 @@
+ 	    if (bitbuf & mask) j = right[j];
+ 	    else               j = left [j];
+ 	    mask >>= 1;
+-	} while (j >= NP);
++	} while (j >= NP && (mask || j != left[j]));
+     }
+     fillbuf((int) pt_len[j]);
+     if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1));
+@@ -356,7 +361,7 @@
+     while (--j >= 0) {
+ 	buffer[r] = buffer[i];
+ 	i = (i + 1) & (DICSIZ - 1);
+-	if (++r == count) return r;
++	if (++r >= count) return r;
+     }
+     for ( ; ; ) {
+ 	c = decode_c();
+@@ -366,14 +371,14 @@
+ 	}
+ 	if (c <= UCHAR_MAX) {
+ 	    buffer[r] = c;
+-	    if (++r == count) return r;
++	    if (++r >= count) return r;
+ 	} else {
+ 	    j = c - (UCHAR_MAX + 1 - THRESHOLD);
+ 	    i = (r - decode_p() - 1) & (DICSIZ - 1);
+ 	    while (--j >= 0) {
+ 		buffer[r] = buffer[i];
+ 		i = (i + 1) & (DICSIZ - 1);
+-		if (++r == count) return r;
++		if (++r >= count) return r;
+ 	    }
+ 	}
+     }
+diff -ruN gzip-1.3.5.orig/unpack.c gzip-1.3.5/unpack.c
+--- gzip-1.3.5.orig/unpack.c	1999-10-06 06:00:00.000000000 +0100
++++ gzip-1.3.5/unpack.c	2006-09-27 15:25:23.343499504 +0100
+@@ -13,7 +13,6 @@
+ #include "gzip.h"
+ #include "crypt.h"
+ 
+-#define MIN(a,b) ((a) <= (b) ? (a) : (b))
+ /* The arguments must not have side effects. */
+ 
+ #define MAX_BITLEN 25
+@@ -133,7 +132,7 @@
+ 	/* Remember where the literals of this length start in literal[] : */
+ 	lit_base[len] = base;
+ 	/* And read the literals: */
+-	for (n = leaves[len]; n > 0; n--) {
++	for (n = leaves[len]; n > 0 && base < LITERALS; n--) {
+ 	    literal[base++] = (uch)get_byte();
+ 	}
+     }
+@@ -169,7 +168,7 @@
+     prefixp = &prefix_len[1<<peek_bits];
+     for (len = 1; len <= peek_bits; len++) {
+ 	int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */
+-	while (prefixes--) *--prefixp = (uch)len;
++	while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len;
+     }
+     /* The length of all other codes is unknown: */
+     while (prefixp > prefix_len) *--prefixp = 0;
diff --git a/app-arch/gzip/gzip-1.3.5-r10.ebuild b/app-arch/gzip/gzip-1.3.5-r10.ebuild
new file mode 100644
index 000000000000..f1fa7dee0a5e
--- /dev/null
+++ b/app-arch/gzip/gzip-1.3.5-r10.ebuild
@@ -0,0 +1,88 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-arch/gzip/gzip-1.3.5-r10.ebuild,v 1.1 2006/09/27 14:30:11 taviso Exp $
+
+inherit eutils flag-o-matic
+
+DESCRIPTION="Standard GNU compressor"
+HOMEPAGE="http://www.gnu.org/software/gzip/gzip.html"
+SRC_URI="mirror://gentoo/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="nls build static pic"
+
+RDEPEND=""
+DEPEND="${RDEPEND}
+	nls? ( sys-devel/gettext )"
+PROVIDE="virtual/gzip"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}"/${P}-CVE-2006-4334-8.2.patch
+	epatch "${FILESDIR}"/${P}-debian.patch
+	epatch "${FILESDIR}"/${P}-znew-tempfile-2.patch
+	epatch "${FILESDIR}"/${P}-gunzip-dir.patch
+	epatch "${FILESDIR}"/${P}-asm-execstack.patch
+	epatch "${FILESDIR}"/${P}-gzip-perm.patch
+	epatch "${FILESDIR}"/${P}-infodir.patch
+	epatch "${FILESDIR}"/${P}-rsync.patch
+	epatch "${FILESDIR}"/${P}-zgrep-sed.patch
+	epatch "${FILESDIR}"/${P}-alpha.patch
+	epatch "${FILESDIR}"/${P}-zgreppipe.patch
+}
+
+src_compile() {
+	use static && append-flags -static
+	# avoid text relocation in gzip
+	use pic && export DEFS="NO_ASM"
+	econf --exec-prefix=/ $(use_enable nls) || die
+	emake || die
+}
+
+src_install() {
+	dodir /usr/bin /usr/share/man/man1
+	make prefix=${D}/usr \
+		exec_prefix=${D}/ \
+		mandir=${D}/usr/share/man \
+		infodir=${D}/usr/share/info \
+		install || die
+
+	cd ${D}/bin
+
+	for i in gzexe zforce zgrep zmore znew zcmp
+	do
+		sed -i -e "s:${D}::" ${i} || die
+		chmod 755 ${i}
+	done
+
+	# No need to waste space -- these guys should be links
+	# gzcat is equivilant to zcat, but historically zcat
+	# was a link to compress.
+	rm -f gunzip zcat zcmp zegrep zfgrep
+	dosym gzip /bin/gunzip
+	dosym gzip /bin/gzcat
+	dosym gzip /bin/zcat
+	dosym zdiff /bin/zcmp
+	dosym zgrep /bin/zegrep
+	dosym zgrep /bin/zfgrep
+
+	if ! use build
+	then
+		cd ${D}/usr/share/man/man1
+		rm -f gunzip.* zcmp.* zcat.*
+		ln -s gzip.1.gz gunzip.1.gz
+		ln -s zdiff.1.gz zcmp.1.gz
+		ln -s gzip.1.gz zcat.1.gz
+		ln -s gzip.1.gz gzcat.1.gz
+		cd ${S}
+		rm -rf ${D}/usr/man ${D}/usr/lib
+		dodoc ChangeLog NEWS README THANKS TODO
+		docinto txt
+		dodoc algorithm.doc gzip.doc
+	else
+		rm -rf ${D}/usr
+	fi
+}
author	Tavis Ormandy <taviso@gentoo.org>	2006-09-27 14:30:11 +0000
committer	Tavis Ormandy <taviso@gentoo.org>	2006-09-27 14:30:11 +0000
commit	1da9a4ceab1e1da3c354fc9a5692d4e963a90d94 (patch)
tree	2eab94d3b4eeea73742317d76aaa3377a1fcf0ab /app-arch
parent	Add inherit eutils (diff)
download	gentoo-2-1da9a4ceab1e1da3c354fc9a5692d4e963a90d94.tar.gz gentoo-2-1da9a4ceab1e1da3c354fc9a5692d4e963a90d94.tar.bz2 gentoo-2-1da9a4ceab1e1da3c354fc9a5692d4e963a90d94.zip