Patch-ID# 116340-09


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security gzip hardlinked info
Synopsis: SunOS 5.9: gzip and Freeware info files patch
Date: May/05/2010


Install Requirements: NA

Solaris Release: 9

SunOS Release: 5.9

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as 116341

Topic: SunOS 5.9: gzip and Freeware info files patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
479345215137900
506995815217348
509749115226169
621517715243440
628381915270970
629465615275340
632422215287123
647048415350454
661627815430399
683586415559788
684711615566675
688480115591688
693021415625822
693286015627897


Changes incorporated in this version: 6930214 6932860

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/usr/bin/gunzip
/usr/bin/gzcat
/usr/bin/gzcmp
/usr/bin/gzdiff
/usr/bin/gzegrep
/usr/bin/gzexe
/usr/bin/gzfgrep
/usr/bin/gzforce
/usr/bin/gzgrep
/usr/bin/gzip
/usr/bin/gzless
/usr/bin/gzmore
/usr/bin/gznew
/usr/sfw/share/info/dir
/usr/sfw/share/info/gdk.info
/usr/sfw/share/info/glib.info
/usr/sfw/share/info/grep.info
/usr/sfw/share/info/gtk.info
/usr/sfw/share/info/gtk.info-1
/usr/sfw/share/info/gtk.info-2
/usr/sfw/share/info/gtk.info-3
/usr/sfw/share/info/gtk.info-4
/usr/sfw/share/info/gtk.info-5
/usr/sfw/share/info/gtk.info-6
/usr/sfw/share/info/gzip.info
/usr/sfw/share/info/info-stnd.info
/usr/sfw/share/info/info-stnd.info-1
/usr/sfw/share/info/info-stnd.info-2
/usr/sfw/share/info/info.info
/usr/sfw/share/info/tar.info
/usr/sfw/share/info/tar.info-1
/usr/sfw/share/info/tar.info-10
/usr/sfw/share/info/tar.info-11
/usr/sfw/share/info/tar.info-2
/usr/sfw/share/info/tar.info-3
/usr/sfw/share/info/tar.info-4
/usr/sfw/share/info/tar.info-5
/usr/sfw/share/info/tar.info-6
/usr/sfw/share/info/tar.info-7
/usr/sfw/share/info/tar.info-8
/usr/sfw/share/info/tar.info-9
/usr/sfw/share/info/texinfo
/usr/sfw/share/info/texinfo-1
/usr/sfw/share/info/texinfo-10
/usr/sfw/share/info/texinfo-11
/usr/sfw/share/info/texinfo-12
/usr/sfw/share/info/texinfo-13
/usr/sfw/share/info/texinfo-2
/usr/sfw/share/info/texinfo-3
/usr/sfw/share/info/texinfo-4
/usr/sfw/share/info/texinfo-5
/usr/sfw/share/info/texinfo-6
/usr/sfw/share/info/texinfo-7
/usr/sfw/share/info/texinfo-8
/usr/sfw/share/info/texinfo-9
/usr/sfw/share/info/wget.info
/usr/sfw/share/info/wget.info-1
/usr/sfw/share/info/wget.info-2
/usr/sfw/share/info/wget.info-3
/usr/sfw/share/info/wget.info-4
/usr/sfw/share/info/wget.info-5
/usr/share/src/gzip/AUTHORS
/usr/share/src/gzip/COPYING
/usr/share/src/gzip/ChangeLog
/usr/share/src/gzip/INSTALL
/usr/share/src/gzip/Makefile.am
/usr/share/src/gzip/Makefile.in
/usr/share/src/gzip/NEWS
/usr/share/src/gzip/README
/usr/share/src/gzip/README-alpha
/usr/share/src/gzip/README.sfw
/usr/share/src/gzip/THANKS
/usr/share/src/gzip/TODO
/usr/share/src/gzip/acinclude.m4 (deleted)
/usr/share/src/gzip/aclocal.m4
/usr/share/src/gzip/algorithm.doc
/usr/share/src/gzip/amiga/Makefile.gcc
/usr/share/src/gzip/amiga/Makefile.sasc
/usr/share/src/gzip/amiga/match.a
/usr/share/src/gzip/amiga/tailor.c
/usr/share/src/gzip/amiga/utime.h
/usr/share/src/gzip/atari/Makefile.st
/usr/share/src/gzip/bits.c
/usr/share/src/gzip/config.guess (deleted)
/usr/share/src/gzip/config.h.in
/usr/share/src/gzip/config.sub (deleted)
/usr/share/src/gzip/configure
/usr/share/src/gzip/configure.in
/usr/share/src/gzip/crypt.c
/usr/share/src/gzip/crypt.h
/usr/share/src/gzip/deflate.c
/usr/share/src/gzip/depcomp
/usr/share/src/gzip/fdl.texi
/usr/share/src/gzip/getopt.c
/usr/share/src/gzip/getopt.h
/usr/share/src/gzip/getopt1.c
/usr/share/src/gzip/gunzip.1
/usr/share/src/gzip/gzexe.1
/usr/share/src/gzip/gzexe.in
/usr/share/src/gzip/gzip.1
/usr/share/src/gzip/gzip.c
/usr/share/src/gzip/gzip.doc
/usr/share/src/gzip/gzip.h
/usr/share/src/gzip/gzip.info
/usr/share/src/gzip/gzip.texi
/usr/share/src/gzip/inflate.c
/usr/share/src/gzip/install-sh
/usr/share/src/gzip/lzw.c
/usr/share/src/gzip/lzw.h
/usr/share/src/gzip/m4/ccstdc.m4 (deleted)
/usr/share/src/gzip/m4/isc-posix.m4 (deleted)
/usr/share/src/gzip/m4/largefile.m4 (deleted)
/usr/share/src/gzip/m4/shell.m4
/usr/share/src/gzip/match.c
/usr/share/src/gzip/mdate-sh
/usr/share/src/gzip/missing
/usr/share/src/gzip/mkinstalldirs
/usr/share/src/gzip/msdos/Makefile.bor
/usr/share/src/gzip/msdos/Makefile.djg
/usr/share/src/gzip/msdos/Makefile.msc
/usr/share/src/gzip/msdos/doturboc.bat
/usr/share/src/gzip/msdos/gzip.prj
/usr/share/src/gzip/msdos/match.asm
/usr/share/src/gzip/msdos/tailor.c
/usr/share/src/gzip/nt/Makefile.nt
/usr/share/src/gzip/os2/Makefile.os2
/usr/share/src/gzip/os2/gzip.def
/usr/share/src/gzip/os2/gzip16.def
/usr/share/src/gzip/primos/build.cpl
/usr/share/src/gzip/primos/ci.opts
/usr/share/src/gzip/primos/include/errno.h
/usr/share/src/gzip/primos/include/fcntl.h
/usr/share/src/gzip/primos/include/stdlib.h
/usr/share/src/gzip/primos/include/sysStat.h
/usr/share/src/gzip/primos/include/sysTypes.h
/usr/share/src/gzip/primos/primos.c
/usr/share/src/gzip/primos/readme
/usr/share/src/gzip/revision.h
/usr/share/src/gzip/rpmatch.c
/usr/share/src/gzip/sample/add.c
/usr/share/src/gzip/sample/makecrc.c
/usr/share/src/gzip/sample/sub.c
/usr/share/src/gzip/sample/zfile
/usr/share/src/gzip/sample/zread.c
/usr/share/src/gzip/sample/ztouch
/usr/share/src/gzip/stamp-h.in (deleted)
/usr/share/src/gzip/stamp-vti
/usr/share/src/gzip/tailor.h
/usr/share/src/gzip/texinfo.tex
/usr/share/src/gzip/trees.c
/usr/share/src/gzip/unlzh.c
/usr/share/src/gzip/unlzw.c
/usr/share/src/gzip/unpack.c
/usr/share/src/gzip/unzip.c
/usr/share/src/gzip/util.c
/usr/share/src/gzip/version.texi
/usr/share/src/gzip/vms/Makefile.gcc
/usr/share/src/gzip/vms/Makefile.mms
/usr/share/src/gzip/vms/Makefile.vms
/usr/share/src/gzip/vms/Readme.vms
/usr/share/src/gzip/vms/gzip.hlp
/usr/share/src/gzip/vms/makegzip.com
/usr/share/src/gzip/vms/vms.c
/usr/share/src/gzip/yesno.c
/usr/share/src/gzip/zcat.1
/usr/share/src/gzip/zcmp.1
/usr/share/src/gzip/zdiff.1
/usr/share/src/gzip/zdiff.in
/usr/share/src/gzip/zforce.1
/usr/share/src/gzip/zforce.in
/usr/share/src/gzip/zgrep.1
/usr/share/src/gzip/zgrep.in
/usr/share/src/gzip/zip.c
/usr/share/src/gzip/zless.1
/usr/share/src/gzip/zless.in
/usr/share/src/gzip/zmore.1
/usr/share/src/gzip/zmore.in
/usr/share/src/gzip/znew.1
/usr/share/src/gzip/znew.in

Problem Description:

6930214 CVE-2010-0624: heap-based buffer overflow in GNU tar
6932860 patch 116340-08/SUNWgzip/install/postinstall uses ROOTDIR which is undefined
 
(from 116340-08)
 
6616278 upgrade GNU tar (gtar) to 1.19 or greater to address CVE-2007-4131
6835864 upgrade GNU tar (gtar) to version 1.22
6847116 wget requires updating to the latest community version
6884801 wget accepts certificates that do not match the host name
 
(from 116340-07)
 
5097491 wget doesn't support secure HTTP
6215177 need complete support for large files in wget
 
(from 116340-06)
 
6470484 multiple security issues in gzip archiver may lead to arbitrary code execution
 
(from 116340-05)
 
6324222 gzcat/gunzip/gzcmp files missing after patch 116340-02[3] is applied to Unicon CP2160 satellite
 
(from 116340-04)
 
6283819 gzip TOCTOU file-permissions vulnerability
6294656 gzip vulnerability <=1.3.5: a malicious archive may write unintended files when uncompressed with -N
 
(from 116340-03)
 
5069958 [metropolis] file-roller does not display multibyte characters
 
(from 116340-02)
 
	This patch revision was generated to remove the postbackout script
	and to include man pages reference in Special Instructions.
 
(from 116340-01)
 
4793452 gzip 1.2.4 changes hardlinked files silently to -rwxrwxrwx


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
Not all patches listed in this section as needed for the completion
of a fix or feature, may be available at the same time as this patch.
This allows the remaining fixes/features to be made available sooner.
 
NOTE 1:  To get gzip man pages, please also install the following patch:
 
         114014-08 (or greater)  libxml and Freeware man pages Patch
 
NOTE 2:  To get the full fix for BugId 5069958 (file-roller does not display
	 multibyte characters), and including gtar man pages, please also
         install the following patches:
 
         114014-09 (or greater)  libxml and Freeware man pages Patch
         118189-01 (or greater)  Freeware localizable message file patch
         118191-01 (or greater)  gtar patch
 
NOTE 3:  To get the source files for the gtar package, please also install
	 the following patch:
 
	 118193-01 (or greater)  gtar source patch	
 
NOTE 4:  To get the full fix for BugId's 5097491 (wget doesn't support secure
         HTTP) and 6215177 (need complete support for large files in wget),
         please also install the following patches:
 
         114014-14 (or greater)  libxml, libxslt and Freeware manpages patch
         118189-02 (or greater)  Freeware localizable message file patch
         125326-01 (or greater)  wget patch
 
NOTE 5:  To get the full fix for BugId's 6884801 (wget accepts certificates
         that do not match the host name) and 6847116 (wget requires updating
         to the latest community version), please also install the following
         patches:
 
         114014-25 (or greater)  libxml, libxslt and Freeware manpages patch
         125326-02 (or greater)  wget patch
 
NOTE 6:  To get the full fix for BugId's 6835864 (upgrade GNU tar (gtar)
         to version 1.22) and 6616278 (upgrade GNU tar (gtar) to 1.19 or
         greater to address CVE-2007-4131), please also install
         the following patches:
 
         118191-04 (or greater)  gtar patch
         118193-03 (or greater)  gtar source patch


README -- Last modified date: Saturday, November 10, 2012