security bump. insecure tmpfile handling bug 68405

2 files changed, 31 insertions, 0 deletions

diff --git a/app-arch/gzip/files/digest-gzip-1.3.5-r2 b/app-arch/gzip/files/digest-gzip-1.3.5-r2
new file mode 100644
index 000000000000..d9e68f978e4f
--- /dev/null
+++ b/app-arch/gzip/files/digest-gzip-1.3.5-r2
@@ -0,0 +1,2 @@
+MD5 3d6c191dfd2bf307014b421c12dc8469 gzip_1.3.5.orig.tar.gz 331550
+MD5 63d6cf343da210a3740aef2ed583f85d gzip-1.3.5-deb.patch.bz2 9136
diff --git a/app-arch/gzip/files/gzip-1.3.5-zdiff-tempfile.patch b/app-arch/gzip/files/gzip-1.3.5-zdiff-tempfile.patch
new file mode 100644
index 000000000000..293560dc8763
--- /dev/null
+++ b/app-arch/gzip/files/gzip-1.3.5-zdiff-tempfile.patch
@@ -0,0 +1,29 @@
+--- zdiff.in	2002-09-26 04:33:24.000000000 -0400
++++ zdiff.in.new	2004-10-26 19:06:08.000000000 -0400
+@@ -35,6 +35,10 @@
+ 	echo "Usage: $prog [${comp}_options] file [file]"
+ 	exit 2
+ fi
++tmp=`tempfile -d /tmp -p gz` || {
++	echo 'cannot create a temporary file' >&2
++	exit 1
++}
+ set $FILES
+ if test $# -eq 1; then
+ 	FILE=`echo "$1" | sed 's/[-.][zZtga]*$//'`
+@@ -47,11 +51,11 @@
+ 	        *[-.]gz* | *[-.][zZ] | *.t[ga]z)
+ 			F=`echo "$2" | sed 's|.*/||;s|[-.][zZtga]*||'`
+ 			set -C
+-			trap 'rm -f /tmp/"$F".$$; exit 2' HUP INT PIPE TERM 0
+-			gzip -cdfq "$2" > /tmp/"$F".$$ || exit
+-                        gzip -cdfq "$1" | $comp $OPTIONS - /tmp/"$F".$$
++			trap 'rm -f $tmp; exit 2' HUP INT PIPE TERM 0
++			gzip -cdfq "$2" > $tmp || exit
++			gzip -cdfq "$1" | $comp $OPTIONS - $tmp
+                         STAT="$?"
+-			/bin/rm -f /tmp/"$F".$$ || STAT=2
++			/bin/rm -f $tmp || STAT=2
+ 			trap - HUP INT PIPE TERM 0
+ 			exit $STAT;;
+