fedora-cvs-commits@redhat.com
[Top] [All Lists]

rpms/unzip/FC-3 unzip-5.51-toctou.patch, NONE, 1.1 unzip.spec, 1.19, 1.2

Subject: rpms/unzip/FC-3 unzip-5.51-toctou.patch, NONE, 1.1 unzip.spec, 1.19, 1.20
From:
Date: Wed, 3 Aug 2005 10:33:03 -0400
Author: varekova

Update of /cvs/dist/rpms/unzip/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv1967

Modified Files:
        unzip.spec 
Added Files:
        unzip-5.51-toctou.patch 
Log Message:
 - fix bug 164928 - TOCTOU issue in unzip


unzip-5.51-toctou.patch:
 unix.c |   20 ++++++++++----------
 1 files changed, 10 insertions(+), 10 deletions(-)

--- NEW FILE unzip-5.51-toctou.patch ---
--- unzip-5.51/unix/unix.c.toctou       2004-04-12 02:29:58.000000000 +0200
+++ unzip-5.51/unix/unix.c      2005-08-03 15:52:54.023108992 +0200
@@ -1002,6 +1002,16 @@
     ush z_uidgid[2];
     int have_uidgid_flg;
 
+/*---------------------------------------------------------------------------
+    Change the file permissions from default ones to those stored in the
+    zipfile.
+  ---------------------------------------------------------------------------*/
+         
+#ifndef NO_CHMOD
+    if (fchmod(fileno(G.outfile), 0xffff & G.pInfo->file_attr))
+        perror("chmod (file attributes) error");
+#endif
+
     fclose(G.outfile);
 
 /*---------------------------------------------------------------------------
@@ -1111,16 +1121,6 @@
 #endif /* ?AOS_VS */
     }
 
-/*---------------------------------------------------------------------------
-    Change the file permissions from default ones to those stored in the
-    zipfile.
-  ---------------------------------------------------------------------------*/
-
-#ifndef NO_CHMOD
-    if (chmod(G.filename, 0xffff & G.pInfo->file_attr))
-        perror("chmod (file attributes) error");
-#endif
-
 } /* end function close_outfile() */
 
 #endif /* !MTS */


Index: unzip.spec
===================================================================
RCS file: /cvs/dist/rpms/unzip/FC-3/unzip.spec,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- unzip.spec  9 Sep 2004 13:57:47 -0000       1.19
+++ unzip.spec  3 Aug 2005 14:32:58 -0000       1.20
@@ -1,12 +1,13 @@
 Summary: A utility for unpacking zip files.
 Name: unzip
 Version: 5.51
-Release: 4
+Release: 4.fc3
 License: BSD
 Group: Applications/Archiving
 Source: ftp://ftp.info-zip.org/pub/infozip/src/unzip551.tar.gz
 Patch0: unzip542-rpmoptflags.patch
 Patch1: unzip-5.51-near-4GB.patch
+Patch2: unzip-5.51-toctou.patch
 URL: http://www.info-zip.org/pub/infozip/UnZip.html
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 
@@ -25,6 +26,7 @@
 %setup -q 
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1 -b .toctou
 ln -s unix/Makefile Makefile
 
 %build
@@ -45,6 +47,9 @@
 %{_mandir}/*/*
 
 %changelog
+* Wed Aug  3 2005 Ivana Varekova <varekova@xxxxxxxxxx> 5.51-4.fc3
+- fix bug 164928 - TOCTOU issue in unzip
+
 * Mon Jun 21 2004 Lon Hohberger <lhh@xxxxxxxxxx> 5.51-4
 - Extend max file/archive size to 2^32-8193 (4294959103) bytes
 

--
fedora-cvs-commits mailing list
fedora-cvs-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-cvs-commits

<Prev in Thread] Current Thread [Next in Thread>
  • rpms/unzip/FC-3 unzip-5.51-toctou.patch, NONE, 1.1 unzip.spec, 1.19, 1.20, fedora-cvs-commits <=