diff -Nru gzip-1.10/debian/changelog gzip-1.10/debian/changelog --- gzip-1.10/debian/changelog 2022-03-23 13:57:33.000000000 +0000 +++ gzip-1.10/debian/changelog 2022-04-08 10:53:06.000000000 +0000 @@ -1,3 +1,22 @@ +gzip (1.10-4ubuntu4) jammy; urgency=medium + + * SECURITY UPDATE: arbitrary file override with crafted file names + - debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline + file names in zgrep.in. + - debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am, + tests/zgrep-abuse. + - debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in. + - debian/patches/CVE-2022-1271-4.patch: optimize out a grep in + gzexe.in. + - debian/patches/CVE-2022-1271-5.patch: use C locale more often in + gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in. + - debian/patches/CVE-2022-1271-6.patch: fix "binary file matches" + mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in. + - debian/rules: fix permissions on new test scripts. + - CVE-2022-1271 + + -- Marc Deslauriers Fri, 08 Apr 2022 06:53:06 -0400 + gzip (1.10-4ubuntu3) jammy; urgency=medium * No-change rebuild for ppc64el baseline bump. diff -Nru gzip-1.10/debian/patches/CVE-2022-1271-1.patch gzip-1.10/debian/patches/CVE-2022-1271-1.patch --- gzip-1.10/debian/patches/CVE-2022-1271-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ gzip-1.10/debian/patches/CVE-2022-1271-1.patch 2022-04-08 10:50:50.000000000 +0000 @@ -0,0 +1,43 @@ +From dc9740df61e575e8c3148b7bd3c147a81ea00c7c Mon Sep 17 00:00:00 2001 +From: Lasse Collin +Date: Mon, 4 Apr 2022 23:52:49 -0700 +Subject: zgrep: avoid exploit via multi-newline file names + +* zgrep.in: The issue with the old code is that with multiple +newlines, the N-command will read the second line of input, +then the s-commands will be skipped because it's not the end +of the file yet, then a new sed cycle starts and the pattern +space is printed and emptied. So only the last line or two get +escaped. This patch makes sed read all lines into the pattern +space and then do the escaping. + +This vulnerability was discovered by: +cleemy desu wayo working with Trend Micro Zero Day Initiative +--- + zgrep.in | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/zgrep.in b/zgrep.in +index 345dae3..bdf7da2 100644 +--- a/zgrep.in ++++ b/zgrep.in +@@ -222,9 +222,13 @@ do + '* | *'&'* | *'\'* | *'|'*) + i=$(printf '%s\n' "$i" | + sed ' +- $!N +- $s/[&\|]/\\&/g +- $s/\n/\\n/g ++ :start ++ $!{ ++ N ++ b start ++ } ++ s/[&\|]/\\&/g ++ s/\n/\\n/g + ');; + esac + sed_script="s|^|$i:|" +-- +cgit v1.1 + diff -Nru gzip-1.10/debian/patches/CVE-2022-1271-2.patch gzip-1.10/debian/patches/CVE-2022-1271-2.patch --- gzip-1.10/debian/patches/CVE-2022-1271-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ gzip-1.10/debian/patches/CVE-2022-1271-2.patch 2022-04-08 10:50:58.000000000 +0000 @@ -0,0 +1,84 @@ +From d74a30d45c6834c8e9f87115197370fe86656d81 Mon Sep 17 00:00:00 2001 +From: Jim Meyering +Date: Mon, 4 Apr 2022 23:52:49 -0700 +Subject: zgrep: add NEWS and tests for this exploitable bug + +* tests/zgrep-abuse: New file, based on PoC by cleemy desu wayo. +* tests/Makefile.am (TESTS): Add it. +* NEWS: Mention the exploit. +The bug appears to have been present since the beginning. +--- + NEWS | 3 +++ + tests/Makefile.am | 1 + + tests/zgrep-abuse | 41 +++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 45 insertions(+) + create mode 100755 tests/zgrep-abuse + +#diff --git a/NEWS b/NEWS +#index c1159b0..84e0ef0 100644 +#--- a/NEWS +#+++ b/NEWS +#@@ -16,6 +16,9 @@ GNU gzip NEWS -*- outline -*- +# +# ** Bug fixes +# +#+ zgrep applied to a crafted file name with two or more newlines +#+ can no longer overwrite an arbitrary, attacker-selected file. +#+ +# 'zdiff -C 5' no longer misbehaves by treating '5' as a file name. +# +# Configure-time options like --program-prefix now work. +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -34,6 +34,7 @@ TESTS = \ + z-suffix \ + zdiff \ + zgrep-f \ ++ zgrep-abuse \ + zgrep-context \ + zgrep-signal \ + znew-k +--- /dev/null ++++ b/tests/zgrep-abuse +@@ -0,0 +1,41 @@ ++#!/bin/sh ++# Show how zgrep applied to a crafted file name may overwrite ++# a selected file with chosen content. Fixed in gzip-1.12. ++ ++# Copyright (C) 2022 Free Software Foundation, Inc. ++ ++# This program is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++ ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++ ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++# limit so don't run it by default. ++ ++. "${srcdir=.}/init.sh"; path_prepend_ .. ++ ++: > z || framework_failure_ ++echo test |gzip > 'z| ++p ++1s|.*|chosen-content| ++1w hacked ++etouch .\x2fhacked2 ++d ++# ++#' || framework_failure_ ++ ++fail=0 ++ ++zgrep test z* > /dev/null ++ ++# Before the fix, each of these would be created. ++test -f hacked && fail=1 ++test -f hacked2 && fail=1 ++ ++Exit $fail diff -Nru gzip-1.10/debian/patches/CVE-2022-1271-3.patch gzip-1.10/debian/patches/CVE-2022-1271-3.patch --- gzip-1.10/debian/patches/CVE-2022-1271-3.patch 1970-01-01 00:00:00.000000000 +0000 +++ gzip-1.10/debian/patches/CVE-2022-1271-3.patch 2022-04-08 10:51:01.000000000 +0000 @@ -0,0 +1,46 @@ +From c99f320d5c0fd98fe88d9cea5407eb7ad9d50e8a Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Mon, 4 Apr 2022 23:52:49 -0700 +Subject: zgrep: port to POSIX sed +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* zgrep.in (res): When escaping the file name do not rely on GNU +sed’s extension to POSIX with respect to s/.../\n/. Instead, use +features that should also work with AIX and/or Solaris sed. This is +simpler anyway, and would have prevented the recently-fixed bug. +--- + zgrep.in | 15 ++++----------- + 1 file changed, 4 insertions(+), 11 deletions(-) + +diff --git a/zgrep.in b/zgrep.in +index bdf7da2..6a16dd1 100644 +--- a/zgrep.in ++++ b/zgrep.in +@@ -220,18 +220,11 @@ do + case $i in + (*' + '* | *'&'* | *'\'* | *'|'*) +- i=$(printf '%s\n' "$i" | +- sed ' +- :start +- $!{ +- N +- b start +- } +- s/[&\|]/\\&/g +- s/\n/\\n/g +- ');; ++ icolon=$(printf '%s\n' "$i:" | ++ sed -e 's/[&\|]/\\&/g' -e '$!s/$/\\/');; ++ (*) icolon="$i:";; + esac +- sed_script="s|^|$i:|" ++ sed_script="s|^|$icolon|" + + # Fail if grep or sed fails. + r=$( +-- +cgit v1.1 + diff -Nru gzip-1.10/debian/patches/CVE-2022-1271-4.patch gzip-1.10/debian/patches/CVE-2022-1271-4.patch --- gzip-1.10/debian/patches/CVE-2022-1271-4.patch 1970-01-01 00:00:00.000000000 +0000 +++ gzip-1.10/debian/patches/CVE-2022-1271-4.patch 2022-04-08 10:51:04.000000000 +0000 @@ -0,0 +1,37 @@ +From 0e2d07fc2c4393cfb9dbab580d0bee4525b9c9b3 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Mon, 4 Apr 2022 23:52:49 -0700 +Subject: gzexe: optimize out a grep +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* gzexe.in: Avoid an unnecessary invocation of ‘grep’, +by using sed instead. Also, look only for at-most-3-digit numbers, +for consistency with the rest of the script. +--- + gzexe.in | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/gzexe.in b/gzexe.in +index 04b06a9..1a691e0 100644 +--- a/gzexe.in ++++ b/gzexe.in +@@ -91,10 +91,11 @@ for i do + continue + fi + if test $decomp -eq 0; then +- if sed -e 1d -e 2q "$file" | grep "^skip=[0-9][0-9]*$" >/dev/null; then ++ case `sed -n -e 1d -e '/^skip=[0-9][0-9]*$/p' -e 2q "$file"` in ++ skip=[0-9] | skip=[0-9][0-9] | skip=[0-9][0-9][0-9]) + printf >&2 '%s\n' "$0: $i is already gzexe'd" +- continue +- fi ++ continue;; ++ esac + fi + if test -u "$file"; then + printf >&2 '%s\n' "$0: $i has setuid permission, unchanged" +-- +cgit v1.1 + diff -Nru gzip-1.10/debian/patches/CVE-2022-1271-5.patch gzip-1.10/debian/patches/CVE-2022-1271-5.patch --- gzip-1.10/debian/patches/CVE-2022-1271-5.patch 1970-01-01 00:00:00.000000000 +0000 +++ gzip-1.10/debian/patches/CVE-2022-1271-5.patch 2022-04-08 10:52:34.000000000 +0000 @@ -0,0 +1,173 @@ +Backport of: + +From 5e1fc8b92c1af9382365aef0f9130341ee1d2c76 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Mon, 4 Apr 2022 23:52:49 -0700 +Subject: maint: use C locale more often + +* gzexe.in, zdiff.in, zgrep.in: +Run expr and sed in the C locale when it might help to avoid +undefined behavior on non-GNU platforms. +* sample/zfile, znew.in: Run in the C locale, for simplicity and +to avoid undefined behavior on non-GNU platforms. +--- + gzexe.in | 4 ++-- + sample/zfile | 3 +++ + zdiff.in | 4 ++-- + zgrep.in | 29 +++++++++++++++++------------ + znew.in | 3 +++ + 5 files changed, 27 insertions(+), 16 deletions(-) + +--- a/gzexe.in ++++ b/gzexe.in +@@ -91,7 +91,7 @@ for i do + continue + fi + if test $decomp -eq 0; then +- case `sed -n -e 1d -e '/^skip=[0-9][0-9]*$/p' -e 2q "$file"` in ++ case `LC_ALL=C sed -n -e 1d -e '/^skip=[0-9][0-9]*$/p' -e 2q "$file"` in + skip=[0-9] | skip=[0-9][0-9] | skip=[0-9][0-9][0-9]) + printf >&2 '%s\n' "$0: $i is already gzexe'd" + continue;; +@@ -203,7 +203,7 @@ EOF + else + # decompression + skip=44 +- skip_line=`sed -e 1d -e 2q "$file"` ++ skip_line=`LC_ALL=C sed -e 1d -e 2q "$file"` + case $skip_line in + skip=[0-9] | skip=[0-9][0-9] | skip=[0-9][0-9][0-9]) + eval "$skip_line";; +--- a/sample/zfile ++++ b/sample/zfile +@@ -1,5 +1,8 @@ + #!/bin/sh + ++LC_ALL=C ++export LC_ALL ++ + if test $# = 0; then + echo 'zfile: file(1) for programs which may be compressed with gzexe' + echo usage: `basename $0` files... +--- a/zdiff.in ++++ b/zdiff.in +@@ -53,7 +53,7 @@ while :; do + --h*) printf '%s\n' "$usage" || exit 2; exit;; + --v*) printf '%s\n' "$version" || exit 2; exit;; + --) shift; break;; +- -*\'*) cmp="$cmp '"`printf '%sX\n' "$1" | sed "$escape"`;; ++ -*\'*) cmp="$cmp '"`printf '%sX\n' "$1" | LC_ALL=C sed "$escape"`;; + -?*) cmp="$cmp '$1'";; + *) break;; + esac +@@ -72,7 +72,7 @@ exec 3>&1 + if test $# -eq 1; then + case $1 in + *[-.]gz* | *[-.][zZ] | *.t[ga]z) +- FILE=`expr "X$1" : 'X\(.*\)[-.][zZtga]*$'` ++ FILE=`LC_ALL=C expr "X$1" : 'X\(.*\)[-.][zZtga]*$'` + gzip_status=$( + exec 4>&1 + (gzip -cd -- "$1" 4>&-; echo $? >&4) 3>&- | eval "$cmp" - '"$FILE"' >&3 +--- a/zgrep.in ++++ b/zgrep.in +@@ -64,30 +64,33 @@ while test $# -ne 0; do + + case $option in + (-[0123456789EFGHIKLPRTUVZabchilnoqrsuvwxyz]*[!0123456789]*) +- arg2=-\'$(expr "X$option" : 'X-.[0-9]*\(.*\)' | sed "$escape") ++ arg2=-\'$(LC_ALL=C expr "X$option" : 'X-.[0-9]*\(.*\)' | ++ LC_ALL=C sed "$escape") + eval "set -- $arg2 "'${1+"$@"}' +- option=$(expr "X$option" : 'X\(-.[0-9]*\)');; ++ option=$(LC_ALL=C expr "X$option" : 'X\(-.[0-9]*\)');; + (--binary-*=* | --[lm]a*=* | --reg*=*) + ;; + (-[ABCDXdefm] | --binary-* | --file | --[lm]a* | --reg*) + case ${1?"$option option requires an argument"} in + (*\'*) +- optarg=" '"$(printf '%s\n' "$1" | sed "$escape");; ++ optarg=" '"$(printf '%s\n' "$1" | LC_ALL=C sed "$escape");; + (*) + optarg=" '$1'";; + esac + shift;; + (-f?*\'*) +- optarg=" '"$(expr "X$option" : 'X-f\(.*\)' | sed "$escape") ++ optarg=" '"$(LC_ALL=C expr "X$option" : 'X-f\(.*\)' | ++ LC_ALL=C sed "$escape") + option=-f;; + (-f?*) +- optarg=" '"$(expr "X$option" : 'X-f\(.*\)')\' ++ optarg=" '"$(LC_ALL=C expr "X$option" : 'X-f\(.*\)')\' + option=-f;; + (--file=*\'*) +- optarg=" '"$(expr "X$option" : 'X--file=\(.*\)' | sed "$escape") ++ optarg=" '"$(LC_ALL=C expr "X$option" : 'X--file=\(.*\)' | ++ LC_ALL=C sed "$escape") + option=--file;; + (--file=*) +- optarg=" '"$(expr "X$option" : 'X--file=\(.*\)')\' ++ optarg=" '"$(LC_ALL=C expr "X$option" : 'X--file=\(.*\)')\' + option=--file;; + (--) + break;; +@@ -96,7 +99,8 @@ while test $# -ne 0; do + (*) + case $option in + (*\'*) +- operands="$operands '"$(printf '%s\n' "$option" | sed "$escape");; ++ operands="$operands '"$(printf '%s\n' "$option" | LC_ALL=C sed "$escape") ++ ;; + (*) + operands="$operands '$option'";; + esac +@@ -169,7 +173,7 @@ while test $# -ne 0; do + + case $option in + (*\'?*) +- option=\'$(printf '%s\n' "$option" | sed "$escape");; ++ option=\'$(printf '%s\n' "$option" | LC_ALL=C sed "$escape");; + (*) + option="'$option'";; + esac +@@ -182,7 +186,7 @@ eval "set -- $operands "'${1+"$@"}' + if test $have_pat -eq 0; then + case ${1?"missing pattern; try \`$0 --help' for help"} in + (*\'*) +- grep="$grep -- '"$(printf '%s\n' "$1" | sed "$escape");; ++ grep="$grep -- '"$(printf '%s\n' "$1" | LC_ALL=C sed "$escape");; + (*) + grep="$grep -- '$1'";; + esac +@@ -221,7 +225,7 @@ do + (*' + '* | *'&'* | *'\'* | *'|'*) + icolon=$(printf '%s\n' "$i:" | +- sed -e 's/[&\|]/\\&/g' -e '$!s/$/\\/');; ++ LC_ALL=C sed -e 's/[&\|]/\\&/g' -e '$!s/$/\\/');; + (*) icolon="$i:";; + esac + sed_script="s|^|$icolon|" +@@ -229,7 +233,8 @@ do + # Fail if grep or sed fails. + r=$( + exec 4>&1 +- (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&- ++ (eval "$grep" 4>&-; echo $? >&4) 3>&- | ++ LC_ALL=C sed "$sed_script" >&3 4>&- + ) || { r=$?; test $r -lt 2 && r=2; } + test 256 -le $r && r=$(expr 128 + $r % 128) + exit $r +--- a/znew.in ++++ b/znew.in +@@ -18,6 +18,9 @@ + # with this program; if not, write to the Free Software Foundation, Inc., + # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + ++LC_ALL=C ++export LC_ALL ++ + version="znew (gzip) @VERSION@ + Copyright (C) 2010-2018 Free Software Foundation, Inc. + This is free software. You may redistribute copies of it under the terms of diff -Nru gzip-1.10/debian/patches/CVE-2022-1271-6.patch gzip-1.10/debian/patches/CVE-2022-1271-6.patch --- gzip-1.10/debian/patches/CVE-2022-1271-6.patch 1970-01-01 00:00:00.000000000 +0000 +++ gzip-1.10/debian/patches/CVE-2022-1271-6.patch 2022-04-08 10:53:06.000000000 +0000 @@ -0,0 +1,168 @@ +From 9d3248751178939713a39115cf68ec8a11506cc9 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Tue, 5 Apr 2022 15:16:33 -0700 +Subject: zgrep: fix "binary file matches" mislabeling +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Problem reported by Jim Avera (Bug#31280). +This became more of an issue when GNU grep 3.5 (2020) started sending +"binary file matches" diagnostics to stderr instead of to stdout. +* tests/Makefile.am (TESTS): Add zgrep-binary. +* tests/zgrep-binary: New test. +* zgrep.in (args): New var, to accumulate args separately +from grep command, so we can prepend args if need be. +Most uses of 'grep' changed to use 'args' instead, or also. +(with_filename): Set to 1 if more than one file and -h not given; +this simplifies later code. +(gnuish_grep): New var; evaluates to true if grep supports +-H and --label options, as is true for GNU and FreeBSD grep. +Append -H to 'grep' if outputting file names with GNUish grep, +and use --label with GNUish grep unless reading from stdin, +as that’s safer and more efficient than relabeling with 'sed'. +--- + NEWS | 3 +++ + tests/Makefile.am | 1 + + tests/zgrep-binary | 30 ++++++++++++++++++++++++++++++ + zgrep.in | 28 +++++++++++++++++++--------- + 4 files changed, 53 insertions(+), 9 deletions(-) + create mode 100755 tests/zgrep-binary + +#diff --git a/NEWS b/NEWS +#index 6f83b6a..c15d2e0 100644 +#--- a/NEWS +#+++ b/NEWS +#@@ -20,6 +20,9 @@ GNU gzip NEWS -*- outline -*- +# can no longer overwrite an arbitrary, attacker-selected file. +# [bug introduced in gzip-1.3.10] +# +#+ zgrep now names input file on error instead of mislabeling it as +#+ "(standard input)", if grep supports the GNU -H and --label options. +#+ +# 'zdiff -C 5' no longer misbehaves by treating '5' as a file name. +# [bug present since the beginning] +# +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -35,6 +35,7 @@ TESTS = \ + zdiff \ + zgrep-f \ + zgrep-abuse \ ++ zgrep-binary \ + zgrep-context \ + zgrep-signal \ + znew-k +--- /dev/null ++++ b/tests/zgrep-binary +@@ -0,0 +1,30 @@ ++#!/bin/sh ++# 'zgrep PATTERN FILE' would output "(standard input): binary file matches" ++# without mentioning FILE. Fixed in gzip-1.12. ++ ++# Copyright (C) 2022 Free Software Foundation, Inc. ++ ++# This program is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++ ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++ ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++# limit so don't run it by default. ++ ++. "${srcdir=.}/init.sh"; path_prepend_ .. ++ ++fail=0 ++ ++unset GREP_OPTIONS ++ ++printf 'foo\0\n' >f || framework_failure_ ++LC_ALL=C zgrep foo f >out 2>err && grep '(standard input)' out err && fail=1 ++ ++Exit $fail +--- a/zgrep.in ++++ b/zgrep.in +@@ -23,6 +23,7 @@ + # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + grep='${GREP-'\''@GREP@'\''}' ++args= + + version='zgrep (gzip) @VERSION@ + Copyright (C) 2010-2018 Free Software Foundation, Inc. +@@ -178,7 +179,7 @@ while test $# -ne 0; do + option="'$option'";; + esac + +- grep="$grep $option$optarg" ++ args="$args $option$optarg" + done + + eval "set -- $operands "'${1+"$@"}' +@@ -186,15 +187,23 @@ eval "set -- $operands "'${1+"$@"}' + if test $have_pat -eq 0; then + case ${1?"missing pattern; try \`$0 --help' for help"} in + (*\'*) +- grep="$grep -- '"$(printf '%s\n' "$1" | LC_ALL=C sed "$escape");; ++ args="$args -- '"$(printf '%s\n' "$1" | LC_ALL=C sed "$escape");; + (*) +- grep="$grep -- '$1'";; ++ args="$args -- '$1'";; + esac + shift + fi + + if test $# -eq 0; then + set -- - ++elif test 1 -lt $# && test $no_filename -eq 0; then ++ with_filename=1 ++fi ++ ++l_e=$(eval "(echo e | $grep -H --label=l e) 2>/dev/null") && test "$l_e" = l:e ++gnuish_grep="test $? -eq 0" ++if $gnuish_grep && test $with_filename -eq 1; then ++ grep="$grep -H" + fi + + exec 3>&1 +@@ -207,9 +216,9 @@ do + exec 5>&1 + (gzip -cdfq -- "$i" 5>&-; echo $? >&5) 3>&- | + if test $files_with_matches -eq 1; then +- eval "$grep" >/dev/null && { printf '%s\n' "$i" || exit 2; } ++ eval "$grep$args" >/dev/null && { printf '%s\n' "$i" || exit 2; } + elif test $files_without_matches -eq 1; then +- eval "$grep" >/dev/null || { ++ eval "$grep$args" >/dev/null || { + r=$? + if test $r -eq 1; then + printf '%s\n' "$i" || r=2 +@@ -217,9 +226,10 @@ do + test 256 -le $r && r=$(expr 128 + $r % 128) + exit $r + } +- elif test $with_filename -eq 0 && +- { test $# -eq 1 || test $no_filename -eq 1; }; then +- eval "$grep" ++ elif $gnuish_grep && test "$i" != -; then ++ eval "$grep --label \"\$i\"$args" ++ elif $gnuish_grep || test $with_filename -eq 0; then ++ eval "$grep$args" + else + case $i in + (*' +@@ -233,7 +243,7 @@ do + # Fail if grep or sed fails. + r=$( + exec 4>&1 +- (eval "$grep" 4>&-; echo $? >&4) 3>&- | ++ (eval "$grep$args" 4>&-; echo $? >&4) 3>&- | + LC_ALL=C sed "$sed_script" >&3 4>&- + ) || { r=$?; test $r -lt 2 && r=2; } + test 256 -le $r && r=$(expr 128 + $r % 128) diff -Nru gzip-1.10/debian/patches/series gzip-1.10/debian/patches/series --- gzip-1.10/debian/patches/series 2021-04-29 16:07:15.000000000 +0000 +++ gzip-1.10/debian/patches/series 2022-04-08 10:53:06.000000000 +0000 @@ -9,3 +9,9 @@ 0001-Document-IBM-Z-environment-variables.patch 0002-IBM-Z-DFLTCC-fix-three-data-corruption-issues.patch 0003-IBM-Z-multi_file_segfault.diff +CVE-2022-1271-1.patch +CVE-2022-1271-2.patch +CVE-2022-1271-3.patch +CVE-2022-1271-4.patch +CVE-2022-1271-5.patch +CVE-2022-1271-6.patch diff -Nru gzip-1.10/debian/rules gzip-1.10/debian/rules --- gzip-1.10/debian/rules 2021-03-03 09:11:57.000000000 +0000 +++ gzip-1.10/debian/rules 2022-04-08 10:53:06.000000000 +0000 @@ -73,6 +73,8 @@ configure: configure-stamp configure-stamp: reconf-stamp dh_testdir + chmod 775 tests/zgrep-abuse + chmod 775 tests/zgrep-binary mkdir -p builddir cd builddir && env \ $(foreach i,CC CFLAGS CPPFLAGS LDFLAGS,$(call shellexport,$i)) \ @@ -82,6 +84,8 @@ configure-indep: configure-indep-stamp configure-indep-stamp: reconf-stamp dh_testdir + chmod 775 tests/zgrep-abuse + chmod 775 tests/zgrep-binary mkdir -p builddir-indep cd builddir-indep && ../configure --host=i686-w64-mingw32 \ LIBS="-Wl,-Bstatic -lssp" --disable-silent-rules