rpms/zoo/devel zoo-2.10-pathsize-security.patch, NONE, 1.1 zoo.spec, 1.8, 1.9

Nicolas Mailhot (nim) fedora-extras-commits at redhat.com
Sun Feb 26 22:41:20 UTC 2006 

Author: nim

Update of /cvs/extras/rpms/zoo/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11140/devel

Modified Files:
	zoo.spec 
Added Files:
	zoo-2.10-pathsize-security.patch 
Log Message:
auto-import zoo-2.10-6.fc5 on branch devel from zoo-2.10-6.fc5.src.rpm
Apply patch for exploitable buffer overflow

zoo-2.10-pathsize-security.patch:

--- NEW FILE zoo-2.10-pathsize-security.patch ---
diff -uNr zoo-2.10.orig/misc.c zoo-2.10.new/misc.c
--- zoo-2.10.orig/misc.c	2006-02-26 23:30:55.000000000 +0100
+++ zoo-2.10.new/misc.c	2006-02-26 23:37:17.000000000 +0100
@@ -136,11 +136,14 @@
 char *fullpath (direntry)
 struct direntry *direntry;
 {
-	static char result[PATHSIZE];
+	static char result[PATHSIZE+PATHSIZE+12]; // Room for enough space
 	combine (result,
 				direntry->dirlen != 0 ? direntry->dirname : "", 
 				(direntry->namlen != 0) ? direntry->lfname : direntry->fname
 			  );
+        if (strlen (result) >= PATHSIZE) {
+                prterror ('f', "Combined dirname and filename too long\n");
+        }
 	return (result);
 }
 


Index: zoo.spec
===================================================================
RCS file: /cvs/extras/rpms/zoo/devel/zoo.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- zoo.spec	13 Feb 2006 21:37:04 -0000	1.8
+++ zoo.spec	26 Feb 2006 22:41:20 -0000	1.9
@@ -1,6 +1,6 @@
 Name:      zoo
 Version:   2.10
-Release:   5%{?dist}
+Release:   6%{?dist}
 Summary:   File archiving utility with compression
 
 Group:     Applications/Archiving
@@ -9,6 +9,7 @@
 Patch0:    ftp://ftp.debian.org/debian/pool/non-free/z/zoo/zoo_2.10-9.diff.gz
 Patch1:    zoo-2.10-tempfile.patch
 Patch2:    zoo-gcc4.patch
+Patch3:    zoo-2.10-pathsize-security.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %description
@@ -22,6 +23,7 @@
 %patch0 -p1 -b .debian
 %patch1 -p1 -b .tempfile
 %patch2 -p1 -b .gcc4
+%patch3 -p1 -b .pathsize
 
 %build
 make %{?_smp_mflags} OPTIM="%{optflags}" linux
@@ -43,6 +45,9 @@
 %attr(0755,root,root) %{_bindir}/*
 
 %changelog
+* Sun Feb 26 2006 Nicolas Mailhot <nicolas.mailhot at laposte.net> - 2.10-6
+- apply preliminary patch for bug #183109 (just to be sure)
+
 * Mon Feb 13 2006 Nicolas Mailhot <nicolas.mailhot at laposte.net> - 2.10-5
 - rebuilt for new gcc4.1 snapshot and glibc changes

More information about the fedora-extras-commits mailing list