Date: Sun, 16 Oct 2005 10:00:00 +1000 From: Edwin Groothuis <edwin@mavetju.org> To: Mike Brown <mike@skew.org> Cc: jharris@widomaker.com, freebsd-ports@freebsd.org Subject: Re: bzip2 port still out of date Message-ID: <20051016000000.GH1278@k7.mavetju> In-Reply-To: <200510152250.j9FMo4D5001378@chilled.skew.org> References: <200510152250.j9FMo4D5001378@chilled.skew.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 15, 2005 at 04:50:04PM -0600, Mike Brown wrote: > archivers/bzip2 seems to still be languishing at 1.0.3, despite the suggestion at > http://www.freebsd.org/ports/portaudit/197f444f-e8ef-11d9-b875-0001020eed82.html > that there was a 1.0.3_1 due in late June, when the vulnerabilities were reported. > > Since the FreeBSD 4.x base system does not come with bzgrep, I've been using > the bzip2 port. It would be nice to be able to upgrade my installation so I > can stop getting security warnings. Is there a new revision of the port in the > works? > > (Actually, on my system, I employed a temporary workaround:) > > cd /usr/ports/archivers/bzip2 > make deinstall > make DISABLE_VULNERABILITIES=yes > cd work/bzip2-1.0.3 > chmod a+rx bzgrep bzdiff bzmore > cp -p bzgrep bzdiff bzmore /usr/local/bin > gzip -c9 bzgrep.1 > /usr/local/man/man1/bzgrep.1.gz > gzip -c9 bzdiff.1 > /usr/local/man/man1/bzdiff.1.gz > gzip -c9 bzmore.1 > /usr/local/man/man1/bzmore.1.gz > > (bzgrep, bzdiff, and bzmore are shell scripts in the port) I have gone through the patches noted in the ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:14.bzip2.asc and compared them with the current state of 1.0.3. There was only something missing in bzip2.c. If the maintainer (hi jharris!) is okay with it I will commit the following patch: Index: Makefile =================================================================== RCS file: /home/pcvs/ports/archivers/bzip2/Makefile,v retrieving revision 1.40 diff -u -r1.40 Makefile --- Makefile 20 Jul 2005 07:50:43 -0000 1.40 +++ Makefile 15 Oct 2005 23:56:31 -0000 @@ -8,6 +8,7 @@ PORTNAME= bzip2 PORTVERSION= 1.0.3 +PORTREVISION= 1 CATEGORIES= archivers MASTER_SITES= http://www.bzip.org/${PORTVERSION}/ Index: files/patch-bzip2.c =================================================================== RCS file: files/patch-bzip2.c diff -N files/patch-bzip2.c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/patch-bzip2.c 15 Oct 2005 23:56:31 -0000 @@ -0,0 +1,92 @@ +--- bzip2.c.orig Wed Feb 16 03:25:35 2005 ++++ bzip2.c Sun Oct 16 09:47:40 2005 +@@ -312,6 +312,7 @@ + + static void copyFileName ( Char*, Char* ); + static void* myMalloc ( Int32 ); ++static int applySavedFileAttrToOutputFile ( int fd ); + + + +@@ -457,6 +458,10 @@ + ret = fflush ( zStream ); + if (ret == EOF) goto errhandler_io; + if (zStream != stdout) { ++ int fd = fileno ( zStream ); ++ if (fd < 0) goto errhandler_io; ++ ret = applySavedFileAttrToOutputFile ( fd ); ++ if (ret != 0) goto errhandler_io; + ret = fclose ( zStream ); + outputHandleJustInCase = NULL; + if (ret == EOF) goto errhandler_io; +@@ -569,6 +574,12 @@ + + closeok: + if (ferror(zStream)) goto errhandler_io; ++ if ( stream != stdout) { ++ int fd = fileno ( stream ); ++ if (fd < 0) goto errhandler_io; ++ ret = applySavedFileAttrToOutputFile ( fd ); ++ if (ret != 0) goto errhandler_io; ++ } + ret = fclose ( zStream ); + if (ret == EOF) goto errhandler_io; + +@@ -1129,7 +1140,7 @@ + + + static +-void applySavedMetaInfoToOutputFile ( Char *dstName ) ++void applySavedTimeInfoToOutputFile ( Char *dstName ) + { + # if BZ_UNIX + IntNative retVal; +@@ -1138,16 +1149,26 @@ + uTimBuf.actime = fileMetaInfo.st_atime; + uTimBuf.modtime = fileMetaInfo.st_mtime; + +- retVal = chmod ( dstName, fileMetaInfo.st_mode ); +- ERROR_IF_NOT_ZERO ( retVal ); +- + retVal = utime ( dstName, &uTimBuf ); + ERROR_IF_NOT_ZERO ( retVal ); ++# endif ++} ++ ++static ++int applySavedFileAttrToOutputFile ( int fd ) ++{ ++# if BZ_UNIX ++ IntNative retVal; ++ ++ retVal = fchmod ( fd, fileMetaInfo.st_mode ); ++ if (retVal != 0) ++ return retVal; + +- retVal = chown ( dstName, fileMetaInfo.st_uid, fileMetaInfo.st_gid ); ++ (void) fchown ( fd, fileMetaInfo.st_uid, fileMetaInfo.st_gid ); + /* chown() will in many cases return with EPERM, which can + be safely ignored. + */ ++ return 0; + # endif + } + +@@ -1370,7 +1391,7 @@ + + /*--- If there was an I/O error, we won't get here. ---*/ + if ( srcMode == SM_F2F ) { +- applySavedMetaInfoToOutputFile ( outName ); ++ applySavedTimeInfoToOutputFile ( outName ); + deleteOutputOnInterrupt = False; + if ( !keepInputFiles ) { + IntNative retVal = remove ( inName ); +@@ -1548,7 +1569,7 @@ + /*--- If there was an I/O error, we won't get here. ---*/ + if ( magicNumberOK ) { + if ( srcMode == SM_F2F ) { +- applySavedMetaInfoToOutputFile ( outName ); ++ applySavedTimeInfoToOutputFile ( outName ); + deleteOutputOnInterrupt = False; + if ( !keepInputFiles ) { + IntNative retVal = remove ( inName ); Edwin -- Edwin Groothuis | Personal website: http://www.mavetju.org edwin@mavetju.org | Weblog: http://weblog.barnet.com.au/edwin/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051016000000.GH1278>