First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 70277
Alias:
Product:
Component:
Status: CLOSED
Resolution: FIXED
Assigned To: Gentoo's Team for Core System packages <base-system@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Michael Moen <mi-gentoo@moensolutions.com>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 70277 depends on: Show dependency tree
Show dependency graph
Bug 70277 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)





View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-11-06 09:48 0000 
When trying to use zdiff on 2 gzipped files (works fine when only one file is
gzipped) you get the following error:

/bin/zdiff: line 54: /tmp/gzcuA0AB: cannot overwrite existing file

Possibly related to bug #68405

uname -a
Linux xxxx 2.4.25_pre7-gss-r2 #2 SMP Tue Mar 2 06:45:59 PST 2004 i686 AMD
Athlon(tm) MP 2400+ AuthenticAMD GNU/Linux

------- Comment #1 From solar 2004-11-17 13:34:09 0000 ------- 
gzip-r4 in the tree. No patch for this. Remains problem (security bug?)

------- Comment #2 From Florian Schilhabel (RETIRED) 2004-11-18 06:02:12 0000 ------- 
hi,
i guess, the problem is here:
line 37:
tmp=`tempfile -d /tmp -p gz` || {
...
this actually _creates_ a temporary file...
and this behaviour of tempfile is the reason, why
line 53:
gzip -cdfq "$2" > $tmp || exit
(correctly) refuses to extract to an existing file...

solution:

one could unlink the tempfile after creating it with tempfile
note, that this solution would introduce (theoretically) a race condition...
(an attacker knows the tempfilename after unlinking and _before_ actually writing to that file)
as gzip refuses to extract, if the file already exists, i guess this would be a 
good solution anyways...

further comments?

best regards
florian

------- Comment #3 From SpanKY 2004-12-12 20:33:18 0000 ------- 
fixed in 1.3.5-r4

------- Comment #4 From Michael Moen 2004-12-15 22:46:32 0000 ------- 
Still does not work when comparing 2 gzipped files.

zdiff mysql-2004-11-13-170003.sql.gz mysql-2004-12-08-140005.sql.gz
/bin/zdiff: line 51: /tmp/mysql2004-12-08-140005.sql.gz.52jbkt: cannot overwrite existing file

And now that gzip-1.3.5-r1 has been removed from the tree I don't have a working version of gzip.

------- Comment #5 From SpanKY 2005-01-04 11:28:15 0000 ------- 
fixed in gzip-1.3.5-r5

------- Comment #6 From Michael Moen 2005-01-06 18:39:43 0000 ------- 
Confirmed fixed in gzip-1.3.5-r5
First Last Prev Next    No search results available      Search page      Enter new bug