app-arch/bzip2/files/bzip2-1.0.2-bzgrep.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Ripped from Fedora

* Fri Nov 25 2005 Ivana Varekova <varekova@redhat.com> 1.0.3-2
- fix bug 174172 - CAN-2005-0758 bzgrep has security issue in sed usage

--- bzip2-1.0.2/bzgrep.flaw	2005-06-16 08:51:21.000000000 -0400
+++ bzip2-1.0.2/bzgrep	2005-06-16 08:55:20.000000000 -0400
@@ -63,7 +63,11 @@
     bzip2 -cdfq "$i" | $grep $opt "$pat"
     r=$?
   else
-    bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${i}:|"
+    j=${i//\\/\\\\}
+    j=${j//|/\\|}
+    j=${j//&/\\&}
+    j=`printf "%s" "$j" | tr '\n' ' '`
+    bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|"
     r=$?
   fi
   test "$r" -ne 0 && res="$r"