rpms/zoo/FC-3 zoo-2.10-pathsize-security.patch, NONE, 1.1 zoo-gcc4.patch, NONE, 1.1 zoo.spec, 1.4, 1.5

Nicolas Mailhot (nim) fedora-extras-commits at redhat.com
Sun Feb 26 22:44:41 UTC 2006 

Author: nim

Update of /cvs/extras/rpms/zoo/FC-3
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11342/FC-3

Modified Files:
	zoo.spec 
Added Files:
	zoo-2.10-pathsize-security.patch zoo-gcc4.patch 
Log Message:
auto-import zoo-2.10-6.fc3 on branch FC-3 from zoo-2.10-6.fc3.src.rpm
Apply patch for exploitable buffer overflow (bug #183109)

zoo-2.10-pathsize-security.patch:

--- NEW FILE zoo-2.10-pathsize-security.patch ---
diff -uNr zoo-2.10.orig/misc.c zoo-2.10.new/misc.c
--- zoo-2.10.orig/misc.c	2006-02-26 23:30:55.000000000 +0100
+++ zoo-2.10.new/misc.c	2006-02-26 23:37:17.000000000 +0100
@@ -136,11 +136,14 @@
 char *fullpath (direntry)
 struct direntry *direntry;
 {
-	static char result[PATHSIZE];
+	static char result[PATHSIZE+PATHSIZE+12]; // Room for enough space
 	combine (result,
 				direntry->dirlen != 0 ? direntry->dirname : "", 
 				(direntry->namlen != 0) ? direntry->lfname : direntry->fname
 			  );
+        if (strlen (result) >= PATHSIZE) {
+                prterror ('f', "Combined dirname and filename too long\n");
+        }
 	return (result);
 }
 

zoo-gcc4.patch:

--- NEW FILE zoo-gcc4.patch ---
--- zoo-2.10.orig/ar.h	2005-04-05 10:53:38.000000000 +0200
+++ zoo-2.10/ar.h	2005-04-05 10:52:12.000000000 +0200
@@ -117,7 +117,6 @@
   void move_left();
 #else
 # define MOVE_LEFT memmove
- extern VOIDPTR memmove();
 #endif
 
 #if 0


Index: zoo.spec
===================================================================
RCS file: /cvs/extras/rpms/zoo/FC-3/zoo.spec,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- zoo.spec	10 Dec 2004 22:03:13 -0000	1.4
+++ zoo.spec	26 Feb 2006 22:44:41 -0000	1.5
@@ -1,26 +1,29 @@
-Name:    zoo
-Version: 2.10
-Release: 2
-Epoch:   0
-Summary: File archiving utility with compression
+Name:      zoo
+Version:   2.10
+Release:   6%{?dist}
+Summary:   File archiving utility with compression
 
 Group:     Applications/Archiving
 License:   Distributable
 Source:    ftp://ftp.debian.org/debian/pool/non-free/z/zoo/zoo_2.10.orig.tar.gz
 Patch0:    ftp://ftp.debian.org/debian/pool/non-free/z/zoo/zoo_2.10-9.diff.gz
 Patch1:    zoo-2.10-tempfile.patch
+Patch2:    zoo-gcc4.patch
+Patch3:    zoo-2.10-pathsize-security.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %description
-zoo is a file archiving utility for maintaining collections of files. 
-It uses Lempel-Ziv compression to provide space savings in the 
-range of 20 to 80 percent depending on the type of data. Written by 
+zoo is a file archiving utility for maintaining collections of files.
+It uses Lempel-Ziv compression to provide space savings in the
+range of 20 to 80 percent depending on the type of data. Written by
 Rahul Dhesi, and posted to the USENET newsgroup comp.sources.misc.
 
 %prep
 %setup -n zoo-2.10.orig
 %patch0 -p1 -b .debian
 %patch1 -p1 -b .tempfile
+%patch2 -p1 -b .gcc4
+%patch3 -p1 -b .pathsize
 
 %build
 make %{?_smp_mflags} OPTIM="%{optflags}" linux
@@ -42,7 +45,19 @@
 %attr(0755,root,root) %{_bindir}/*
 
 %changelog
-* Sun Apr 25 2004  Mailhot <Nicolas.Mailhot at laPoste.net> - 0:2.10-0.fdr.2
+* Sun Feb 26 2006 Nicolas Mailhot <nicolas.mailhot at laposte.net> - 2.10-6
+- apply preliminary patch for bug #183109 (just to be sure)
+
+* Mon Feb 13 2006 Nicolas Mailhot <nicolas.mailhot at laposte.net> - 2.10-5
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Mon Jun 16 2005 Nicolas Mailhot <nicolas.mailhot at laposte.net> - 2.10-4
+- rebuild with gcc 4.1
+
+* Tue Apr 05 2005  Adrian Reber <adrian at lisas.de> - 2.10-3
+- fix gcc4 errors
+
+* Sun Apr 25 2004 Nicolas Mailhot <Nicolas.Mailhot at laPoste.net> - 0:2.10-0.fdr.2
 * Use debian source
 
 * Tue Apr 20 2004 Nicolas Mailhot <Nicolas.Mailhot at laPoste.net> - 0:2.10-0.fdr.1

More information about the scm-commits mailing list