Update to latest upstream release.

Fixes security bugs BZ#865591 & 865592.
12 years ago · 6328e65813
parent 2bf0c8407b
commit 6328e65813
9 changed files with 142 additions and 140 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 fdupes-1.50-PR2.tar.gz
+/fdupes-1.51.tar.gz
--- a/fdupes-1.50-compare-file.patch
+++ b/fdupes-1.50-compare-file.patch
@ -1,58 +0,0 @@
-diff -urNp fdupes-1.50-PR2.orig/fdupes.c fdupes-1.50-PR2/fdupes.c
--- fdupes-1.50-PR2.orig/fdupes.c	2009-01-31 20:11:49.577968848 +0530
-+++ fdupes-1.50-PR2/fdupes.c	2009-01-31 22:01:11.872219443 +0530
-@@ -492,7 +492,10 @@ file_t **checkmatch(filetree_t **root, f
-   else {
-     if (checktree->file->crcpartial == NULL) {
-       crcsignature = getcrcpartialsignature(checktree->file->d_name);
-      if (crcsignature == NULL) return NULL;
-+      if (crcsignature == NULL) {
-+        errormsg ("cannot read file %s\n", checktree->file->d_name);
-+        return NULL;
-+      }
- 
-       checktree->file->crcpartial = (char*) malloc(strlen(crcsignature)+1);
-       if (checktree->file->crcpartial == NULL) {
-@@ -504,7 +507,10 @@ file_t **checkmatch(filetree_t **root, f
- 
-     if (file->crcpartial == NULL) {
-       crcsignature = getcrcpartialsignature(file->d_name);
-      if (crcsignature == NULL) return NULL;
-+      if (crcsignature == NULL) {
-+        errormsg ("cannot read file %s\n", file->d_name);
-+        return NULL;
-+      }
- 
-       file->crcpartial = (char*) malloc(strlen(crcsignature)+1);
-       if (file->crcpartial == NULL) {
-@@ -577,8 +583,8 @@ file_t **checkmatch(filetree_t **root, f
- 
- int confirmmatch(FILE *file1, FILE *file2)
- {
-  unsigned char c1 = 0;
-  unsigned char c2 = 0;
-+  unsigned char c1[CHUNK_SIZE];
-+  unsigned char c2[CHUNK_SIZE];
-   size_t r1;
-   size_t r2;
-   
-@@ -586,14 +592,13 @@ int confirmmatch(FILE *file1, FILE *file
-   fseek(file2, 0, SEEK_SET);
- 
-   do {
-    r1 = fread(&c1, sizeof(c1), 1, file1);
-    r2 = fread(&c2, sizeof(c2), 1, file2);
-+    r1 = fread(c1, 1, sizeof(c1), file1);
-+    r2 = fread(c2, 1, sizeof(c2), file2);
- 
-    if (c1 != c2) return 0; /* file contents are different */
-  } while (r1 && r2);
-+    if (r1 != r2) return 0; /* file lengths are different */
-+    if (memcmp (c1, c2, r1)) return 0; /* file contents are different */
-+  } while (r2);
-   
-  if (r1 != r2) return 0; /* file lengths are different */
-
-   return 1;
- }
- 
--- a/fdupes-1.50-destdir.patch
+++ b/fdupes-1.50-destdir.patch
@ -1,29 +0,0 @@
-diff -urNp fdupes-1.50-PR2.orig/Makefile fdupes-1.50-PR2/Makefile
--- fdupes-1.50-PR2.orig/Makefile	2009-01-31 20:11:49.577968848 +0530
-+++ fdupes-1.50-PR2/Makefile	2009-01-31 21:17:01.207220400 +0530
-@@ -40,6 +40,8 @@ include Makefile.inc/VERSION
- #
- PROGRAM_NAME=fdupes
- 
-+DESTDIR =
-+
- #
- # BIN_DIR indicates directory where program is to be installed. 
- # Suggested value is "$(PREFIX)/bin"
-@@ -97,12 +99,12 @@ fdupes: $(OBJECT_FILES)
- 	$(CC) $(CFLAGS) -o fdupes $(OBJECT_FILES)
- 
- installdirs:
-	test -d $(BIN_DIR) || -$(MKDIR) $(BIN_DIR)
-	test -d $(MAN_DIR) || -$(MKDIR) $(MAN_DIR)
-+	test -d $(DESTDIR)$(BIN_DIR) || $(MKDIR) $(DESTDIR)$(BIN_DIR)
-+	test -d $(DESTDIR)$(MAN_DIR) || $(MKDIR) $(DESTDIR)$(MAN_DIR)
- 
- install: fdupes installdirs
-	$(INSTALL_PROGRAM)	fdupes   $(BIN_DIR)/$(PROGRAM_NAME)
-	$(INSTALL_DATA)		fdupes.1 $(MAN_DIR)/$(PROGRAM_NAME).$(MAN_EXT)
-+	$(INSTALL_PROGRAM)	fdupes   $(DESTDIR)$(BIN_DIR)/$(PROGRAM_NAME)
-+	$(INSTALL_DATA)		fdupes.1 $(DESTDIR)$(MAN_DIR)/$(PROGRAM_NAME).$(MAN_EXT)
- 
- clean:
- 	$(RM) $(OBJECT_FILES)
--- a/fdupes-1.50-lfs.patch
+++ b/fdupes-1.50-lfs.patch
@ -1,33 +0,0 @@
-diff -urNp fdupes-1.50-PR2.orig/fdupes.c fdupes-1.50-PR2/fdupes.c
--- fdupes-1.50-PR2.orig/fdupes.c	2009-01-31 20:11:49.577968848 +0530
-+++ fdupes-1.50-PR2/fdupes.c	2009-01-31 20:29:17.103220311 +0530
-@@ -643,7 +643,7 @@ void printmatches(file_t *files)
-   while (files != NULL) {
-     if (files->hasdupes) {
-       if (!ISFLAG(flags, F_OMITFIRST)) {
-	if (ISFLAG(flags, F_SHOWSIZE)) printf("%ld byte%seach:\n", files->size,
-+	if (ISFLAG(flags, F_SHOWSIZE)) printf("%lld byte%seach:\n", files->size,
- 	 (files->size != 1) ? "s " : " ");
- 	if (ISFLAG(flags, F_DSAMELINE)) escapefilename("\\ ", &files->d_name);
- 	printf("%s%c", files->d_name, ISFLAG(flags, F_DSAMELINE)?' ':'\n');
-@@ -796,7 +796,7 @@ void deletefiles(file_t *files, int prom
-       do {
- 	printf("Set %d of %d, preserve files [1 - %d, all]", 
-           curgroup, groups, counter);
-	if (ISFLAG(flags, F_SHOWSIZE)) printf(" (%ld byte%seach)", files->size,
-+	if (ISFLAG(flags, F_SHOWSIZE)) printf(" (%lld byte%seach)", files->size,
- 	  (files->size != 1) ? "s " : " ");
- 	printf(": ");
- 	fflush(stdout);
-diff -urNp fdupes-1.50-PR2.orig/Makefile fdupes-1.50-PR2/Makefile
--- fdupes-1.50-PR2.orig/Makefile	2009-01-31 20:11:49.577968848 +0530
-+++ fdupes-1.50-PR2/Makefile	2009-01-31 20:25:59.639218322 +0530
-@@ -74,7 +74,7 @@ MKDIR   = mkdir -p
- CC = gcc
- COMPILER_OPTIONS = -Wall -O -g
- 
-CFLAGS= $(COMPILER_OPTIONS) -I. -DVERSION=\"$(VERSION)\" $(EXTERNAL_MD5) $(EXPERIMENTAL_RBTREE) $(OMIT_GETOPT_LONG)
-+CFLAGS= $(COMPILER_OPTIONS) -I. -D_FILE_OFFSET_BITS=64 -DVERSION=\"$(VERSION)\" $(EXTERNAL_MD5) $(EXPERIMENTAL_RBTREE) $(OMIT_GETOPT_LONG)
- 
- INSTALL_PROGRAM = $(INSTALL) -c -m 0755
- INSTALL_DATA    = $(INSTALL) -c -m 0644
--- a/fdupes-1.51-check-permissions.patch
+++ b/fdupes-1.51-check-permissions.patch
@ -0,0 +1,90 @@
+diff -Naur fdupes-1.51.orig/fdupes.1 fdupes-1.51/fdupes.1
+--- fdupes-1.51.orig/fdupes.1	2013-04-20 12:00:09.000000000 -0500
+++ fdupes-1.51/fdupes.1	2013-07-16 13:01:16.264491871 -0500
+@@ -56,6 +56,9 @@
+ when used together with --delete, preserve the first file in each
+ set of duplicates and delete the others without prompting the user 
+ .TP
+.B -p --permissions
+don't consider files with different owner/group or permission bits as duplicates
+.TP
+ .B -v --version
+ display fdupes version
+ .TP
+diff -Naur fdupes-1.51.orig/fdupes.c fdupes-1.51/fdupes.c
+--- fdupes-1.51.orig/fdupes.c	2013-04-20 13:02:18.000000000 -0500
+++ fdupes-1.51/fdupes.c	2013-07-16 13:03:04.529344704 -0500
+@@ -51,6 +51,7 @@
+ #define F_RECURSEAFTER      0x0200
+ #define F_NOPROMPT          0x0400
+ #define F_SUMMARIZEMATCHES  0x0800
+#define F_PERMISSIONS       0x1000
+ 
+ char *program_name;
+ 
+@@ -467,6 +468,19 @@
+   return 1;
+ }
+ 
+int same_permissions(char* name1, char* name2)
+{
+    struct stat s1, s2;
+
+    if (stat(name1, &s1) != 0) return -1;
+    if (stat(name2, &s2) != 0) return -1;
+
+    return (s1.st_mode == s2.st_mode &&
+            s1.st_uid == s2.st_uid &&
+            s1.st_gid == s2.st_gid);
+}
+
+
+ file_t **checkmatch(filetree_t **root, filetree_t *checktree, file_t *file)
+ {
+   int cmpresult;
+@@ -489,6 +503,10 @@
+     cmpresult = -1;
+   else 
+     if (fsize > checktree->file->size) cmpresult = 1;
+  else
+    if (ISFLAG(flags, F_PERMISSIONS) &&
+        !same_permissions(file->d_name, checktree->file->d_name))
+        cmpresult = -1;
+   else {
+     if (checktree->file->crcpartial == NULL) {
+       crcsignature = getcrcpartialsignature(checktree->file->d_name);
+@@ -958,6 +976,7 @@
+   printf(" -N --noprompt    \ttogether with --delete, preserve the first file in\n");
+   printf("                  \teach set of duplicates and delete the rest without\n");
+   printf("                  \tprompting the user\n");
+  printf(" -p --permissions \tdon't consider files with different owner/group or permission bits as duplicates\n");
+   printf(" -v --version     \tdisplay fdupes version\n");
+   printf(" -h --help        \tdisplay this help message\n\n");
+ #ifdef OMIT_GETOPT_LONG
+@@ -1000,6 +1019,7 @@
+     { "noprompt", 0, 0, 'N' },
+     { "summarize", 0, 0, 'm'},
+     { "summary", 0, 0, 'm' },
+    { "permissions", 0, 0, 'p' },
+     { 0, 0, 0, 0 }
+   };
+ #define GETOPT getopt_long
+@@ -1011,7 +1031,7 @@
+ 
+   oldargv = cloneargs(argc, argv);
+ 
+-  while ((opt = GETOPT(argc, argv, "frRq1Ss::HlndvhNm"
+  while ((opt = GETOPT(argc, argv, "frRq1Ss::HlndvhNmp"
+ #ifndef OMIT_GETOPT_LONG
+           , long_options, NULL
+ #endif
+@@ -1059,6 +1079,9 @@
+     case 'm':
+       SETFLAG(flags, F_SUMMARIZEMATCHES);
+       break;
+    case 'p':
+      SETFLAG(flags, F_PERMISSIONS);
+      break;
+ 
+     default:
+       fprintf(stderr, "Try `fdupes --help' for more information.\n");
--- a/fdupes-1.51-destdir.patch
+++ b/fdupes-1.51-destdir.patch
@ -0,0 +1,29 @@
+diff -Naur fdupes-1.51.orig/Makefile fdupes-1.51/Makefile
+--- fdupes-1.51.orig/Makefile	2013-04-20 12:51:58.000000000 -0500
+++ fdupes-1.51/Makefile	2013-07-16 09:22:30.169197997 -0500
+@@ -46,6 +46,8 @@
+ #
+ PROGRAM_NAME=fdupes
+ 
+DESTDIR =
+
+ #
+ # BIN_DIR indicates directory where program is to be installed. 
+ # Suggested value is "$(PREFIX)/bin"
+@@ -103,12 +105,12 @@
+ 	$(CC) $(CFLAGS) -o fdupes $(OBJECT_FILES)
+ 
+ installdirs:
+-	test -d $(BIN_DIR) || $(MKDIR) $(BIN_DIR)
+-	test -d $(MAN_DIR) || $(MKDIR) $(MAN_DIR)
+	test -d $(DESTDIR)$(BIN_DIR) || $(MKDIR) $(DESTDIR)$(BIN_DIR)
+	test -d $(DESTDIR)$(MAN_DIR) || $(MKDIR) $(DESTDIR)$(MAN_DIR)
+ 
+ install: fdupes installdirs
+-	$(INSTALL_PROGRAM)	fdupes   $(BIN_DIR)/$(PROGRAM_NAME)
+-	$(INSTALL_DATA)		fdupes.1 $(MAN_DIR)/$(PROGRAM_NAME).$(MAN_EXT)
+	$(INSTALL_PROGRAM)      fdupes   $(DESTDIR)$(BIN_DIR)/$(PROGRAM_NAME)
+	$(INSTALL_DATA)         fdupes.1 $(DESTDIR)$(MAN_DIR)/$(PROGRAM_NAME).$(MAN_EXT)
+ 
+ clean:
+ 	$(RM) $(OBJECT_FILES)
--- a/fdupes.spec
+++ b/fdupes.spec
@ -1,20 +1,18 @@
-Name:           fdupes
-Summary:        Finds duplicate files in a given set of directories
-Version:        1.50
-Release:        0.7.PR2%{?dist}
-License:        MIT
-Group:          Applications/File
-URL:            http://netdial.caribe.net/~adrian2/fdupes.html
-Source0:        http://netdial.caribe.net/~adrian2/programs/fdupes/beta/%{name}-%{version}-PR2.tar.gz
+Name:		fdupes
+Summary:	Finds duplicate files in a given set of directories
+Version:	1.51
+Release:	1%{?dist}
+License:	MIT
+Group:		Applications/File
+URL:		https://code.google.com/p/fdupes/
+Source0:	https://fdupes.googlecode.com/files/%{name}-%{version}.tar.gz
 Source1:        macros.fdupes

-Patch0:         %{name}-%{version}-destdir.patch
-# http://bugs.debian.org/213385
-Patch1:         %{name}-%{version}-compare-file.patch
-# http://bugs.debian.org/447601
-Patch2:         %{name}-%{version}-lfs.patch
+Patch0:		fdupes-1.51-destdir.patch
 # http://bugs.debian.org/353789
-Patch3:         %{name}-%{version}-typo.patch
+Patch1:		fdupes-1.50-typo.patch
+# Fix CVE
+Patch2:         fdupes-1.51-check-permissions.patch


 %description
@ -23,11 +21,10 @@ directories.


 %prep
-%setup -q -n %{name}-%{version}-PR2
+%setup -q -n %{name}-%{version}
+%patch2 -p1 -b .cve
 %patch0 -p1 -b .destdir
-%patch1 -p1 -b .cmp
-%patch2 -p1 -b .lfs
-%patch3 -p1 -b .typo
+%patch1 -p1 -b .typo


 %build
@ -57,7 +54,12 @@ install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/rpm/
 %{_bindir}/%{name}
 %{_sysconfdir}/rpm/macros.fdupes

+
 %changelog
+* Tue Jul 16 2013 Richard Shaw <hobbes1069@gmail.com> - 1.51-1
+- Update to latest upstream release.
+- Fixes security bugs BZ#865591 & 865592.
+
 * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.50-0.7.PR2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

--- a/macros.fdupes
+++ b/macros.fdupes
@ -2,7 +2,7 @@
 _target=""; \
 _symlinks=0; \
 %{-s:_symlinks=1;} \
- fdupes -q -n -r %1 | \
+ fdupes -q -n -r -p %1 | \
  while read _file; do \
    if test -z "$_target" ; then \
      _target="$_file"; \
--- a/2
+++ b/2
@ -1 +1 @@
-a4f0de2d9a79efce3d712d6520e58c7f  fdupes-1.50-PR2.tar.gz
+47d0410c90c9e51e450933ba35a32b62  fdupes-1.51.tar.gz