rpms/zoo/FC-4 zoo-2.10-pathsize-security.patch, NONE, 1.1 zoo.spec, 1.6, 1.7

Sun Feb 26 22:43:03 UTC 2006

Author: nim

Update of /cvs/extras/rpms/zoo/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11238/FC-4

Modified Files:
	zoo.spec 
Added Files:
	zoo-2.10-pathsize-security.patch 
Log Message:
auto-import zoo-2.10-6.fc4 on branch FC-4 from zoo-2.10-6.fc4.src.rpm
Apply patch for exploitable buffer overflow (bug #183109)

zoo-2.10-pathsize-security.patch:

--- NEW FILE zoo-2.10-pathsize-security.patch ---
diff -uNr zoo-2.10.orig/misc.c zoo-2.10.new/misc.c
--- zoo-2.10.orig/misc.c	2006-02-26 23:30:55.000000000 +0100
+++ zoo-2.10.new/misc.c	2006-02-26 23:37:17.000000000 +0100
@@ -136,11 +136,14 @@
 char *fullpath (direntry)
 struct direntry *direntry;
 {
-	static char result[PATHSIZE];
+	static char result[PATHSIZE+PATHSIZE+12]; // Room for enough space
 	combine (result,
 				direntry->dirlen != 0 ? direntry->dirname : "", 
 				(direntry->namlen != 0) ? direntry->lfname : direntry->fname
 			  );
+        if (strlen (result) >= PATHSIZE) {
+                prterror ('f', "Combined dirname and filename too long\n");
+        }
 	return (result);
 }
 


Index: zoo.spec
===================================================================
RCS file: /cvs/extras/rpms/zoo/FC-4/zoo.spec,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- zoo.spec	5 Apr 2005 11:09:28 -0000	1.6
+++ zoo.spec	26 Feb 2006 22:43:03 -0000	1.7
@@ -1,6 +1,6 @@
 Name:      zoo
 Version:   2.10
-Release:   3
+Release:   6%{?dist}
 Summary:   File archiving utility with compression
 
 Group:     Applications/Archiving
@@ -9,6 +9,7 @@
 Patch0:    ftp://ftp.debian.org/debian/pool/non-free/z/zoo/zoo_2.10-9.diff.gz
 Patch1:    zoo-2.10-tempfile.patch
 Patch2:    zoo-gcc4.patch
+Patch3:    zoo-2.10-pathsize-security.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %description
@@ -22,6 +23,7 @@
 %patch0 -p1 -b .debian
 %patch1 -p1 -b .tempfile
 %patch2 -p1 -b .gcc4
+%patch3 -p1 -b .pathsize
 
 %build
 make %{?_smp_mflags} OPTIM="%{optflags}" linux
@@ -43,10 +45,19 @@
 %attr(0755,root,root) %{_bindir}/*
 
 %changelog
+* Sun Feb 26 2006 Nicolas Mailhot <nicolas.mailhot at laposte.net> - 2.10-6
+- apply preliminary patch for bug #183109 (just to be sure)
+
+* Mon Feb 13 2006 Nicolas Mailhot <nicolas.mailhot at laposte.net> - 2.10-5
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Mon Jun 16 2005 Nicolas Mailhot <nicolas.mailhot at laposte.net> - 2.10-4
+- rebuild with gcc 4.1
+
 * Tue Apr 05 2005  Adrian Reber <adrian at lisas.de> - 2.10-3
 - fix gcc4 errors
 
-* Sun Apr 25 2004  Mailhot <Nicolas.Mailhot at laPoste.net> - 0:2.10-0.fdr.2
+* Sun Apr 25 2004 Nicolas Mailhot <Nicolas.Mailhot at laPoste.net> - 0:2.10-0.fdr.2
 * Use debian source
 
 * Tue Apr 20 2004 Nicolas Mailhot <Nicolas.Mailhot at laPoste.net> - 0:2.10-0.fdr.1


