rpms/zoo/FC-3 zoo-2.10-CAN-2005-2349.patch, NONE, 1.1 zoo-2.10-febz-183426.patch, NONE, 1.1 zoo-gcc.patch, NONE, 1.1 zoo-return.patch, NONE, 1.1 zoo-security_pathsize.patch, NONE, 1.1 zoo.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 sources, 1.2, 1.3 zoo.spec, 1.5, 1.6 zoo-2.10-pathsize-security.patch, 1.1, NONE zoo-gcc4.patch, 1.1, NONE

Nicolas Mailhot (nim) fedora-extras-commits at redhat.com
Sat Mar 4 13:42:14 UTC 2006


Author: nim

Update of /cvs/extras/rpms/zoo/FC-3
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32233/FC-3

Modified Files:
	.cvsignore sources zoo.spec 
Added Files:
	zoo-2.10-CAN-2005-2349.patch zoo-2.10-febz-183426.patch 
	zoo-gcc.patch zoo-return.patch zoo-security_pathsize.patch 
	zoo.patch 
Removed Files:
	zoo-2.10-pathsize-security.patch zoo-gcc4.patch 
Log Message:
auto-import zoo-2.10-7.fc3 on branch FC-3 from zoo-2.10-7.fc3.src.rpm
rebase on opensuse package, CVE-2006-0855 fix #2, bz #183109 fix

zoo-2.10-CAN-2005-2349.patch:

--- NEW FILE zoo-2.10-CAN-2005-2349.patch ---
--- portable.c
+++ portable.c
@@ -364,6 +364,31 @@
       show_dir(direntry);
    }
 #endif
+   char *p;
+   /* take off '../'   */
+   while ((p = strstr( direntry->dirname, "../" )) != NULL) {
+      while (*(p+3) != '\0') {
+        *p = *(p + 3);
+        p++;
+      }
+      *p = *(p+3); /* move last null */
+      //printf("zoo: skipped \"../\" path component in '%s'\n", direntry->dirname);
+   }
+   /* take off  '/'  */
+   if ( direntry->dirname[0] == '/' ) {
+      p = direntry->dirname;
+      while (*p != '\0') {
+        *p = *(p + 1);
+        p++;
+      }
+      *p = *(p+1); /* move last null */
+      //printf("zoo: skipped \"/\" path component in '%s'\n", direntry->dirname);
+   }
+   /* take off '..'   */
+   if(!strcmp(direntry->dirname, ".."))
+      direntry->dirname[0] = '\0';
+   /* direntry->dirlen = strlen(direntry->dirname); */
+
    return (0);
 }
 

zoo-2.10-febz-183426.patch:

--- NEW FILE zoo-2.10-febz-183426.patch ---
diff -uNr zoo/parse.c zoo.new/parse.c
--- zoo/parse.c	1991-07-11 21:07:34.000000000 +0200
+++ zoo.new/parse.c	2006-03-04 14:17:50.000000000 +0100
@@ -39,7 +39,7 @@
    char *namep;                   /* points to relevant part of tempname */
 
    char *p;
-   strcpy (tempname, fname);
+   strncpy(tempname, fname, LFNAMESIZE);
 
 #ifdef DEBUG
 printf ("parse:  supplied name is [%s].\n", tempname);

zoo-gcc.patch:

--- NEW FILE zoo-gcc.patch ---
diff -uNr zoo.orig/makefile zoo/makefile
--- zoo.orig/makefile	1992-07-27 06:01:40.000000000 +0200
+++ zoo/makefile	2002-11-25 16:41:06.000000000 +0100
@@ -21,7 +21,7 @@
 CC = cc
 CFLAGS =
 MODEL =
-EXTRA = -DBIG_MEM -DNDEBUG
+EXTRA = -DBIG_MEM -DNDEBUG -DANSI_PROTO
 LINTFLAGS = -DLINT
 OPTIM = -O
 DESTDIR = /usr/local/bin
diff -uNr zoo.orig/options.h zoo/options.h
--- zoo.orig/options.h	1991-07-11 21:07:32.000000000 +0200
+++ zoo/options.h	2002-11-25 16:41:30.000000000 +0100
@@ -104,7 +104,7 @@
 #define GETTZ
 #define FATTR
 #define T_SIGNAL	int
-#define VARARGS
+#define STDARG
 #define NEED_MEMMOVE
 #define T_UINT16		unsigned short		/* must be 16 bit unsigned */
 #define HAVE_ISATTY

zoo-return.patch:

--- NEW FILE zoo-return.patch ---
--- ar.h
+++ ar.h
@@ -116,7 +116,9 @@
   void move_left();
 #else
 # define MOVE_LEFT memmove
+# ifndef ANSI_HDRS
  extern VOIDPTR memmove();
+# endif
 #endif
 
 #if 0
--- bsd.c
+++ bsd.c
@@ -104,4 +104,5 @@
 	seekpos = lseek(fd, 0L, SEEK_CUR);
 	if (seekpos >= 0)
 		return ftruncate(fd, seekpos);
+	return 0;
 }
--- mstime.i
+++ mstime.i
@@ -12,6 +12,7 @@
 Function mstime() converts time in seconds since January 1 of BASEYEAR
 to MS-DOS format date and time.
 */
+void
 mstime(longtime, date, time)
 long longtime;       /* input:  seconds since Jan 1, BASEYEAR   */
 int *date, *time;    /* output: MS-DOS format date and time */
--- nixtime.i
+++ nixtime.i
@@ -36,6 +36,7 @@
          (tm->tm_hour << 11);
    }
 
+   return 0;
 }
 
 /*****************
--- options.h
+++ options.h
@@ -157,11 +157,13 @@
 #define GETTZ
 #define FATTR
 #define T_SIGNAL	void
+#define STDARG
 /* #define VARARGS */
 /* #define NEED_MEMMOVE */
 #define T_UINT16		unsigned short		/* must be 16 bit unsigned */
 #define HAVE_ISATTY
 /* #define NEED_VPRINTF */
+#define BSD4_3		/* for I/O definitions */
 #endif /* BSD4_4 */
 
 /***********************************************************************/

zoo-security_pathsize.patch:

--- NEW FILE zoo-security_pathsize.patch ---
--- misc.c
+++ misc.c
@@ -135,11 +135,17 @@
 char *fullpath (direntry)
 struct direntry *direntry;
 {
-	static char result[PATHSIZE];
+	static char result[PATHSIZE+LFNAMESIZE+12]; /* Room for enough space.*/
 	combine (result,
 				direntry->dirlen != 0 ? direntry->dirname : "", 
 				(direntry->namlen != 0) ? direntry->lfname : direntry->fname
 			  );
+
+       if (strlen (result) >= PATHSIZE) {
+               prterror ('f', "Combined dirname and filename too long!\n");
+               *result = '\0';
+       }
+
 	return (result);
 }
 

zoo.patch:

--- NEW FILE zoo.patch ---
--- basename.c
+++ basename.c
@@ -18,7 +18,7 @@
 
 /* This function strips device/directory information from
 a pathname and returns just the plain filename */
-void basename (pathname, fname)
+void my_basename (pathname, fname)
 char *pathname;
 char fname[];
 {
--- makefile
+++ makefile
@@ -18,13 +18,13 @@
 
 MAKE = make	      # needed for some systems e.g. older BSD
 
-CC = cc
+CC = gcc
 CFLAGS =
 MODEL =
 EXTRA = -DBIG_MEM -DNDEBUG
 LINTFLAGS = -DLINT
 OPTIM = -O
-DESTDIR = /usr/local/bin
+DESTDIR = /usr/bin
 
 #List of all object files created for Zoo
 ZOOOBJS = addbfcrc.o addfname.o basename.o comment.o crcdefs.o \
@@ -107,10 +107,10 @@
 convex:
 	$(MAKE) CFLAGS="-c $(OPTIM) -DBSD4_3 -DANSI_HDRS" $(TARGETS)
 
-# Linux 0.96c, gcc 2.2.2
+# Linux 2.0.0, gcc 2.7.2
 linux:
 	$(MAKE) \
-	CFLAGS="-c -O2 -DBSD4_3 -DANSI_HDRS -DLINUX" \
+       CFLAGS="-c $(OPTIM) -DBSD4_4 -DANSI_HDRS -DLINUX" \
 	$(TARGETS)
 
 # linux as above, static linked
--- options.h
+++ options.h
@@ -89,7 +89,7 @@
 /***********************************************************************/
 
 #ifdef BSD4_3
-#define NOSTRCHR /* not really needed for 4.3BSD */
+/* #define NOSTRCHR */ /* not really needed for 4.3BSD */
 #define FILTER
 #define IO_MACROS
 #define EXISTS(f)		(access(f, 00) == 0)
--- various.h
+++ various.h
@@ -26,6 +26,7 @@
 #ifdef ANSI_HDRS /* if not defined in stdio.h */
 # include <string.h>
 # include <stdlib.h>
+# include <time.h>
 #else
 FILE *fdopen PARMS ((int, char *));
 FILE *fopen PARMS ((char *, char *));
--- zooadd.c
+++ zooadd.c
@@ -132,7 +132,7 @@
 
 if (zoo_file == NOFILE)
    prterror ('f', could_not_open, zoo_path);
-basename(zoo_path, zoo_fname);      /* get basename of archive */
+my_basename(zoo_path, zoo_fname);      /* get basename of archive */
 rootname (zoo_path, zoo_bak);       /* name without extension */
 strcat (zoo_bak, BACKUP_EXT);       /* name of backup of this archive */
 
@@ -222,7 +222,7 @@
 		break;
 	}
 
-   basename (this_path, this_fname);   /* get just filename for later */
+   my_basename (this_path, this_fname);   /* get just filename for later */
 
    this_file = zooopen(this_path, Z_READ);
    if (this_file == NOFILE) {
--- zoofns.h
+++ zoofns.h
@@ -85,7 +85,7 @@
 void addfname PARMS ((char *, long, unsigned int, unsigned int, 
 							unsigned, unsigned));
 void add_version PARMS ((char *, struct direntry *));
-void basename PARMS ((char *, char []));
+void my_basename PARMS ((char *, char []));
 void break_off PARMS ((void));
 void close_file PARMS ((ZOOFILE));
 void comment PARMS ((char *, char *));


Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/zoo/FC-3/.cvsignore,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- .cvsignore	8 Nov 2004 05:36:41 -0000	1.2
+++ .cvsignore	4 Mar 2006 13:42:13 -0000	1.3
@@ -1,2 +1 @@
-zoo_2.10-9.diff.gz
-zoo_2.10.orig.tar.gz
+zoo.tar.gz


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/zoo/FC-3/sources,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- sources	8 Nov 2004 05:36:41 -0000	1.2
+++ sources	4 Mar 2006 13:42:13 -0000	1.3
@@ -1,2 +1 @@
-2dca488e015f6d6079fb3b2106bcbc5e  zoo_2.10-9.diff.gz
-dca5f2cf71379a51ea1e66b25f1e0294  zoo_2.10.orig.tar.gz
+9419da66d2de4c59b405d5c59845a828  zoo.tar.gz


Index: zoo.spec
===================================================================
RCS file: /cvs/extras/rpms/zoo/FC-3/zoo.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- zoo.spec	26 Feb 2006 22:44:41 -0000	1.5
+++ zoo.spec	4 Mar 2006 13:42:13 -0000	1.6
@@ -1,33 +1,45 @@
 Name:      zoo
 Version:   2.10
-Release:   6%{?dist}
+Release:   7%{?dist}
 Summary:   File archiving utility with compression
 
 Group:     Applications/Archiving
 License:   Distributable
-Source:    ftp://ftp.debian.org/debian/pool/non-free/z/zoo/zoo_2.10.orig.tar.gz
-Patch0:    ftp://ftp.debian.org/debian/pool/non-free/z/zoo/zoo_2.10-9.diff.gz
-Patch1:    zoo-2.10-tempfile.patch
-Patch2:    zoo-gcc4.patch
-Patch3:    zoo-2.10-pathsize-security.patch
+# There is no zoo upstream anymore so let's not pretend we have an authoritative source
+# This zoo.tar.gz archive was taken from opensuse
+Source:    zoo.tar.gz
+Patch0:    zoo.patch
+Patch1:    zoo-%{version}-tempfile.patch
+Patch2:    zoo-gcc.patch
+Patch3:    zoo-%{version}-CAN-2005-2349.patch
+Patch4:    zoo-return.patch
+Patch5:    zoo-security_pathsize.patch
+Patch6:    zoo-%{version}-febz-183426.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
+
 %description
 zoo is a file archiving utility for maintaining collections of files.
 It uses Lempel-Ziv compression to provide space savings in the
 range of 20 to 80 percent depending on the type of data. Written by
 Rahul Dhesi, and posted to the USENET newsgroup comp.sources.misc.
 
+
 %prep
-%setup -n zoo-2.10.orig
-%patch0 -p1 -b .debian
-%patch1 -p1 -b .tempfile
+%setup -q -n %{name}
+%patch0
+%patch1 -p1
 %patch2 -p1 -b .gcc4
-%patch3 -p1 -b .pathsize
+%patch3 -b .can
+%patch4
+%patch5 -b .pathsize
+%patch6 -p1 -b .febz183426
+
 
 %build
 make %{?_smp_mflags} OPTIM="%{optflags}" linux
 
+
 %install
 rm -fr %{buildroot}
 install -d -m 0755 %{buildroot}%{_bindir} \
@@ -36,15 +48,24 @@
 install -m 0755 fiz zoo %{buildroot}%{_bindir}/
 install -m 0644 fiz.1 zoo.1 %{buildroot}%{_mandir}/man1/
 
+
 %clean
 rm -fr %{buildroot}
 
+
 %files
 %defattr(0644, root, root, 0755)
 %doc %{_mandir}/man1/*
 %attr(0755,root,root) %{_bindir}/*
 
+
 %changelog
+* Sat Mar 4 2006 Nicolas Mailhot <nicolas.mailhot at laposte.net> - 2.10-7
+- rebase on OpenSuse 2.10-866 package as the OpenSuse team did some nice 
+  cleanups
+- drop our fix to CVE-2006-0855 for the OpenSuse one
+- add bug #183109 fix
+
 * Sun Feb 26 2006 Nicolas Mailhot <nicolas.mailhot at laposte.net> - 2.10-6
 - apply preliminary patch for bug #183109 (just to be sure)
 


--- zoo-2.10-pathsize-security.patch DELETED ---


--- zoo-gcc4.patch DELETED ---




More information about the fedora-extras-commits mailing list