[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/unzip/devel unzip-5.51-toctou.patch, NONE, 1.1 unzip.spec, 1.25, 1.26



Author: varekova

Update of /cvs/dist/rpms/unzip/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv23722

Modified Files:
	unzip.spec 
Added Files:
	unzip-5.51-toctou.patch 
Log Message:
- fix bug 164928 - TOCTOU issue in unzip


unzip-5.51-toctou.patch:
 unix.c |   21 +++++++++++----------
 1 files changed, 11 insertions(+), 10 deletions(-)

--- NEW FILE unzip-5.51-toctou.patch ---
--- unzip-5.51/unix/unix.c.toctoe	2005-08-03 13:42:46.954963752 +0200
+++ unzip-5.51/unix/unix.c	2005-08-03 13:45:13.901624464 +0200
@@ -1003,6 +1003,17 @@
     int have_uidgid_flg;
 
     fchmod(fileno(G.outfile), 0400);
+
+/*---------------------------------------------------------------------------
+    Change the file permissions from default ones to those stored in the
+    zipfile. It is necessary to change permissions before fclose command.
+  ---------------------------------------------------------------------------*/
+	  
+#ifndef NO_CHMOD
+    if (fchmod(fileno(G.outfile), 0xffff & G.pInfo->file_attr))
+          perror("chmod (file attributes) error");
+#endif
+		      
     fclose(G.outfile);
 
 /*---------------------------------------------------------------------------
@@ -1115,16 +1126,6 @@
 #endif /* ?AOS_VS */
     }
 
-/*---------------------------------------------------------------------------
-    Change the file permissions from default ones to those stored in the
-    zipfile.
-  ---------------------------------------------------------------------------*/
-
-#ifndef NO_CHMOD
-    if (chmod(G.filename, 0xffff & G.pInfo->file_attr))
-        perror("chmod (file attributes) error");
-#endif
-
 } /* end function close_outfile() */
 
 #endif /* !MTS */


Index: unzip.spec
===================================================================
RCS file: /cvs/dist/rpms/unzip/devel/unzip.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- unzip.spec	9 May 2005 07:52:11 -0000	1.25
+++ unzip.spec	3 Aug 2005 12:21:09 -0000	1.26
@@ -1,7 +1,7 @@
 Summary: A utility for unpacking zip files.
 Name: unzip
 Version: 5.51
-Release: 11
+Release: 12
 License: BSD
 Group: Applications/Archiving
 Source: ftp://ftp.info-zip.org/pub/infozip/src/unzip551.tar.gz
@@ -10,6 +10,7 @@
 Patch2: unzip-5.51-link-segv.patch
 Patch3: unzip-5.51-link-segv2.patch
 Patch4: unzip-5.51-link-segv3.patch
+Patch5: unzip-5.51-toctou.patch
 URL: http://www.info-zip.org/pub/infozip/UnZip.html
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 
@@ -31,6 +32,7 @@
 %patch2 -p1 -b .link-segv
 %patch3 -p1 -b .morn
 %patch4 -p1 -b .morn2
+%patch5 -p1 -b .toctou
 ln -s unix/Makefile Makefile
 
 %build
@@ -51,6 +53,9 @@
 %{_mandir}/*/*
 
 %changelog
+* Wed Aug  3 2005 Ivana Varekova <varekova redhat com> 5.51-12
+- fix bug 164928 - TOCTOU issue in unzip
+
 * Mon May  9 2005 Ivana Varekova <varekova redhat com> 5.51-11
 - fix bug 156959 – invalid file mode on created files 
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]