bzip2 port still out of date
Edwin Groothuis
edwin at mavetju.org
Sat Oct 15 17:00:04 PDT 2005
On Sat, Oct 15, 2005 at 04:50:04PM -0600, Mike Brown wrote:
> archivers/bzip2 seems to still be languishing at 1.0.3, despite the suggestion at
> http://www.freebsd.org/ports/portaudit/197f444f-e8ef-11d9-b875-0001020eed82.html
> that there was a 1.0.3_1 due in late June, when the vulnerabilities were reported.
>
> Since the FreeBSD 4.x base system does not come with bzgrep, I've been using
> the bzip2 port. It would be nice to be able to upgrade my installation so I
> can stop getting security warnings. Is there a new revision of the port in the
> works?
>
> (Actually, on my system, I employed a temporary workaround:)
>
> cd /usr/ports/archivers/bzip2
> make deinstall
> make DISABLE_VULNERABILITIES=yes
> cd work/bzip2-1.0.3
> chmod a+rx bzgrep bzdiff bzmore
> cp -p bzgrep bzdiff bzmore /usr/local/bin
> gzip -c9 bzgrep.1 > /usr/local/man/man1/bzgrep.1.gz
> gzip -c9 bzdiff.1 > /usr/local/man/man1/bzdiff.1.gz
> gzip -c9 bzmore.1 > /usr/local/man/man1/bzmore.1.gz
>
> (bzgrep, bzdiff, and bzmore are shell scripts in the port)
I have gone through the patches noted in the
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:14.bzip2.asc
and compared them with the current state of 1.0.3. There was only
something missing in bzip2.c. If the maintainer (hi jharris!) is
okay with it I will commit the following patch:
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/archivers/bzip2/Makefile,v
retrieving revision 1.40
diff -u -r1.40 Makefile
--- Makefile 20 Jul 2005 07:50:43 -0000 1.40
+++ Makefile 15 Oct 2005 23:56:31 -0000
@@ -8,6 +8,7 @@
PORTNAME= bzip2
PORTVERSION= 1.0.3
+PORTREVISION= 1
CATEGORIES= archivers
MASTER_SITES= http://www.bzip.org/${PORTVERSION}/
Index: files/patch-bzip2.c
===================================================================
RCS file: files/patch-bzip2.c
diff -N files/patch-bzip2.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/patch-bzip2.c 15 Oct 2005 23:56:31 -0000
@@ -0,0 +1,92 @@
+--- bzip2.c.orig Wed Feb 16 03:25:35 2005
++++ bzip2.c Sun Oct 16 09:47:40 2005
+@@ -312,6 +312,7 @@
+
+ static void copyFileName ( Char*, Char* );
+ static void* myMalloc ( Int32 );
++static int applySavedFileAttrToOutputFile ( int fd );
+
+
+
+@@ -457,6 +458,10 @@
+ ret = fflush ( zStream );
+ if (ret == EOF) goto errhandler_io;
+ if (zStream != stdout) {
++ int fd = fileno ( zStream );
++ if (fd < 0) goto errhandler_io;
++ ret = applySavedFileAttrToOutputFile ( fd );
++ if (ret != 0) goto errhandler_io;
+ ret = fclose ( zStream );
+ outputHandleJustInCase = NULL;
+ if (ret == EOF) goto errhandler_io;
+@@ -569,6 +574,12 @@
+
+ closeok:
+ if (ferror(zStream)) goto errhandler_io;
++ if ( stream != stdout) {
++ int fd = fileno ( stream );
++ if (fd < 0) goto errhandler_io;
++ ret = applySavedFileAttrToOutputFile ( fd );
++ if (ret != 0) goto errhandler_io;
++ }
+ ret = fclose ( zStream );
+ if (ret == EOF) goto errhandler_io;
+
+@@ -1129,7 +1140,7 @@
+
+
+ static
+-void applySavedMetaInfoToOutputFile ( Char *dstName )
++void applySavedTimeInfoToOutputFile ( Char *dstName )
+ {
+ # if BZ_UNIX
+ IntNative retVal;
+@@ -1138,16 +1149,26 @@
+ uTimBuf.actime = fileMetaInfo.st_atime;
+ uTimBuf.modtime = fileMetaInfo.st_mtime;
+
+- retVal = chmod ( dstName, fileMetaInfo.st_mode );
+- ERROR_IF_NOT_ZERO ( retVal );
+-
+ retVal = utime ( dstName, &uTimBuf );
+ ERROR_IF_NOT_ZERO ( retVal );
++# endif
++}
++
++static
++int applySavedFileAttrToOutputFile ( int fd )
++{
++# if BZ_UNIX
++ IntNative retVal;
++
++ retVal = fchmod ( fd, fileMetaInfo.st_mode );
++ if (retVal != 0)
++ return retVal;
+
+- retVal = chown ( dstName, fileMetaInfo.st_uid, fileMetaInfo.st_gid );
++ (void) fchown ( fd, fileMetaInfo.st_uid, fileMetaInfo.st_gid );
+ /* chown() will in many cases return with EPERM, which can
+ be safely ignored.
+ */
++ return 0;
+ # endif
+ }
+
+@@ -1370,7 +1391,7 @@
+
+ /*--- If there was an I/O error, we won't get here. ---*/
+ if ( srcMode == SM_F2F ) {
+- applySavedMetaInfoToOutputFile ( outName );
++ applySavedTimeInfoToOutputFile ( outName );
+ deleteOutputOnInterrupt = False;
+ if ( !keepInputFiles ) {
+ IntNative retVal = remove ( inName );
+@@ -1548,7 +1569,7 @@
+ /*--- If there was an I/O error, we won't get here. ---*/
+ if ( magicNumberOK ) {
+ if ( srcMode == SM_F2F ) {
+- applySavedMetaInfoToOutputFile ( outName );
++ applySavedTimeInfoToOutputFile ( outName );
+ deleteOutputOnInterrupt = False;
+ if ( !keepInputFiles ) {
+ IntNative retVal = remove ( inName );
Edwin
--
Edwin Groothuis | Personal website: http://www.mavetju.org
edwin at mavetju.org | Weblog: http://weblog.barnet.com.au/edwin/
More information about the freebsd-ports
mailing list