From owner-freebsd-ports@FreeBSD.ORG Sun Oct 16 00:00:04 2005 Return-Path: X-Original-To: freebsd-ports@freebsd.org Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D017116A420 for ; Sun, 16 Oct 2005 00:00:04 +0000 (GMT) (envelope-from edwin@mavetju.org) Received: from mail3out.barnet.com.au (mail3out.barnet.com.au [202.83.176.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DD9643D46 for ; Sun, 16 Oct 2005 00:00:03 +0000 (GMT) (envelope-from edwin@mavetju.org) Received: by mail3out.barnet.com.au (Postfix, from userid 27) id D0AB9877CB1; Sun, 16 Oct 2005 10:00:02 +1000 (EST) X-Viruscan-Id: <4351980200000FEFAE3CA5@BarNet> Received: from mail3-auth.barnet.com.au (mail3.barnet.com.au [202.83.176.16]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.barnet.com.au", Issuer "BarNet Root Certificate Authority" (verified OK)) by mail3.barnet.com.au (Postfix) with ESMTP id 92162877CAD; Sun, 16 Oct 2005 10:00:02 +1000 (EST) Received: from k7.mavetju (edwin-3.int.barnet.com.au [10.10.12.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "edwin.adsl.barnet.com.au", Issuer "BarNet Root Certificate Authority" (not verified)) by mail3-auth.barnet.com.au (Postfix) with ESMTP id B938F877CA9; Sun, 16 Oct 2005 10:00:01 +1000 (EST) Received: by k7.mavetju (Postfix, from userid 1001) id 8BA38611E; Sun, 16 Oct 2005 10:00:00 +1000 (EST) Date: Sun, 16 Oct 2005 10:00:00 +1000 From: Edwin Groothuis To: Mike Brown Message-ID: <20051016000000.GH1278@k7.mavetju> References: <200510152250.j9FMo4D5001378@chilled.skew.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200510152250.j9FMo4D5001378@chilled.skew.org> User-Agent: Mutt/1.5.9i Cc: jharris@widomaker.com, freebsd-ports@freebsd.org Subject: Re: bzip2 port still out of date X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Oct 2005 00:00:04 -0000 On Sat, Oct 15, 2005 at 04:50:04PM -0600, Mike Brown wrote: > archivers/bzip2 seems to still be languishing at 1.0.3, despite the suggestion at > http://www.freebsd.org/ports/portaudit/197f444f-e8ef-11d9-b875-0001020eed82.html > that there was a 1.0.3_1 due in late June, when the vulnerabilities were reported. > > Since the FreeBSD 4.x base system does not come with bzgrep, I've been using > the bzip2 port. It would be nice to be able to upgrade my installation so I > can stop getting security warnings. Is there a new revision of the port in the > works? > > (Actually, on my system, I employed a temporary workaround:) > > cd /usr/ports/archivers/bzip2 > make deinstall > make DISABLE_VULNERABILITIES=yes > cd work/bzip2-1.0.3 > chmod a+rx bzgrep bzdiff bzmore > cp -p bzgrep bzdiff bzmore /usr/local/bin > gzip -c9 bzgrep.1 > /usr/local/man/man1/bzgrep.1.gz > gzip -c9 bzdiff.1 > /usr/local/man/man1/bzdiff.1.gz > gzip -c9 bzmore.1 > /usr/local/man/man1/bzmore.1.gz > > (bzgrep, bzdiff, and bzmore are shell scripts in the port) I have gone through the patches noted in the ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:14.bzip2.asc and compared them with the current state of 1.0.3. There was only something missing in bzip2.c. If the maintainer (hi jharris!) is okay with it I will commit the following patch: Index: Makefile =================================================================== RCS file: /home/pcvs/ports/archivers/bzip2/Makefile,v retrieving revision 1.40 diff -u -r1.40 Makefile --- Makefile 20 Jul 2005 07:50:43 -0000 1.40 +++ Makefile 15 Oct 2005 23:56:31 -0000 @@ -8,6 +8,7 @@ PORTNAME= bzip2 PORTVERSION= 1.0.3 +PORTREVISION= 1 CATEGORIES= archivers MASTER_SITES= http://www.bzip.org/${PORTVERSION}/ Index: files/patch-bzip2.c =================================================================== RCS file: files/patch-bzip2.c diff -N files/patch-bzip2.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-bzip2.c 15 Oct 2005 23:56:31 -0000 @@ -0,0 +1,92 @@ +--- bzip2.c.orig Wed Feb 16 03:25:35 2005 ++++ bzip2.c Sun Oct 16 09:47:40 2005 +@@ -312,6 +312,7 @@ + + static void copyFileName ( Char*, Char* ); + static void* myMalloc ( Int32 ); ++static int applySavedFileAttrToOutputFile ( int fd ); + + + +@@ -457,6 +458,10 @@ + ret = fflush ( zStream ); + if (ret == EOF) goto errhandler_io; + if (zStream != stdout) { ++ int fd = fileno ( zStream ); ++ if (fd < 0) goto errhandler_io; ++ ret = applySavedFileAttrToOutputFile ( fd ); ++ if (ret != 0) goto errhandler_io; + ret = fclose ( zStream ); + outputHandleJustInCase = NULL; + if (ret == EOF) goto errhandler_io; +@@ -569,6 +574,12 @@ + + closeok: + if (ferror(zStream)) goto errhandler_io; ++ if ( stream != stdout) { ++ int fd = fileno ( stream ); ++ if (fd < 0) goto errhandler_io; ++ ret = applySavedFileAttrToOutputFile ( fd ); ++ if (ret != 0) goto errhandler_io; ++ } + ret = fclose ( zStream ); + if (ret == EOF) goto errhandler_io; + +@@ -1129,7 +1140,7 @@ + + + static +-void applySavedMetaInfoToOutputFile ( Char *dstName ) ++void applySavedTimeInfoToOutputFile ( Char *dstName ) + { + # if BZ_UNIX + IntNative retVal; +@@ -1138,16 +1149,26 @@ + uTimBuf.actime = fileMetaInfo.st_atime; + uTimBuf.modtime = fileMetaInfo.st_mtime; + +- retVal = chmod ( dstName, fileMetaInfo.st_mode ); +- ERROR_IF_NOT_ZERO ( retVal ); +- + retVal = utime ( dstName, &uTimBuf ); + ERROR_IF_NOT_ZERO ( retVal ); ++# endif ++} ++ ++static ++int applySavedFileAttrToOutputFile ( int fd ) ++{ ++# if BZ_UNIX ++ IntNative retVal; ++ ++ retVal = fchmod ( fd, fileMetaInfo.st_mode ); ++ if (retVal != 0) ++ return retVal; + +- retVal = chown ( dstName, fileMetaInfo.st_uid, fileMetaInfo.st_gid ); ++ (void) fchown ( fd, fileMetaInfo.st_uid, fileMetaInfo.st_gid ); + /* chown() will in many cases return with EPERM, which can + be safely ignored. + */ ++ return 0; + # endif + } + +@@ -1370,7 +1391,7 @@ + + /*--- If there was an I/O error, we won't get here. ---*/ + if ( srcMode == SM_F2F ) { +- applySavedMetaInfoToOutputFile ( outName ); ++ applySavedTimeInfoToOutputFile ( outName ); + deleteOutputOnInterrupt = False; + if ( !keepInputFiles ) { + IntNative retVal = remove ( inName ); +@@ -1548,7 +1569,7 @@ + /*--- If there was an I/O error, we won't get here. ---*/ + if ( magicNumberOK ) { + if ( srcMode == SM_F2F ) { +- applySavedMetaInfoToOutputFile ( outName ); ++ applySavedTimeInfoToOutputFile ( outName ); + deleteOutputOnInterrupt = False; + if ( !keepInputFiles ) { + IntNative retVal = remove ( inName ); Edwin -- Edwin Groothuis | Personal website: http://www.mavetju.org edwin@mavetju.org | Weblog: http://weblog.barnet.com.au/edwin/