rpms/zoo/FC-4 zoo-2.10-pathsize-security.patch, NONE, 1.1 zoo.spec, 1.6, 1.7
Nicolas Mailhot (nim)
fedora-extras-commits at redhat.com
Sun Feb 26 22:43:03 UTC 2006
Author: nim
Update of /cvs/extras/rpms/zoo/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11238/FC-4
Modified Files:
zoo.spec
Added Files:
zoo-2.10-pathsize-security.patch
Log Message:
auto-import zoo-2.10-6.fc4 on branch FC-4 from zoo-2.10-6.fc4.src.rpm
Apply patch for exploitable buffer overflow (bug #183109)
zoo-2.10-pathsize-security.patch:
--- NEW FILE zoo-2.10-pathsize-security.patch ---
diff -uNr zoo-2.10.orig/misc.c zoo-2.10.new/misc.c
--- zoo-2.10.orig/misc.c 2006-02-26 23:30:55.000000000 +0100
+++ zoo-2.10.new/misc.c 2006-02-26 23:37:17.000000000 +0100
@@ -136,11 +136,14 @@
char *fullpath (direntry)
struct direntry *direntry;
{
- static char result[PATHSIZE];
+ static char result[PATHSIZE+PATHSIZE+12]; // Room for enough space
combine (result,
direntry->dirlen != 0 ? direntry->dirname : "",
(direntry->namlen != 0) ? direntry->lfname : direntry->fname
);
+ if (strlen (result) >= PATHSIZE) {
+ prterror ('f', "Combined dirname and filename too long\n");
+ }
return (result);
}
Index: zoo.spec
===================================================================
RCS file: /cvs/extras/rpms/zoo/FC-4/zoo.spec,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- zoo.spec 5 Apr 2005 11:09:28 -0000 1.6
+++ zoo.spec 26 Feb 2006 22:43:03 -0000 1.7
@@ -1,6 +1,6 @@
Name: zoo
Version: 2.10
-Release: 3
+Release: 6%{?dist}
Summary: File archiving utility with compression
Group: Applications/Archiving
@@ -9,6 +9,7 @@
Patch0: ftp://ftp.debian.org/debian/pool/non-free/z/zoo/zoo_2.10-9.diff.gz
Patch1: zoo-2.10-tempfile.patch
Patch2: zoo-gcc4.patch
+Patch3: zoo-2.10-pathsize-security.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%description
@@ -22,6 +23,7 @@
%patch0 -p1 -b .debian
%patch1 -p1 -b .tempfile
%patch2 -p1 -b .gcc4
+%patch3 -p1 -b .pathsize
%build
make %{?_smp_mflags} OPTIM="%{optflags}" linux
@@ -43,10 +45,19 @@
%attr(0755,root,root) %{_bindir}/*
%changelog
+* Sun Feb 26 2006 Nicolas Mailhot <nicolas.mailhot at laposte.net> - 2.10-6
+- apply preliminary patch for bug #183109 (just to be sure)
+
+* Mon Feb 13 2006 Nicolas Mailhot <nicolas.mailhot at laposte.net> - 2.10-5
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Mon Jun 16 2005 Nicolas Mailhot <nicolas.mailhot at laposte.net> - 2.10-4
+- rebuild with gcc 4.1
+
* Tue Apr 05 2005 Adrian Reber <adrian at lisas.de> - 2.10-3
- fix gcc4 errors
-* Sun Apr 25 2004 Mailhot <Nicolas.Mailhot at laPoste.net> - 0:2.10-0.fdr.2
+* Sun Apr 25 2004 Nicolas Mailhot <Nicolas.Mailhot at laPoste.net> - 0:2.10-0.fdr.2
* Use debian source
* Tue Apr 20 2004 Nicolas Mailhot <Nicolas.Mailhot at laPoste.net> - 0:2.10-0.fdr.1
More information about the fedora-extras-commits
mailing list