Package: zoo / 2.10-28

Metadata

Package Version Patches format
zoo 2.10-28 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01 old fixes.patch | (download)

ar.h | 3 3 + 0 - 0 !
basename.c | 2 1 + 1 - 0 !
fiz.1 | 2 1 + 1 - 0 !
linux.c | 73 73 + 0 - 0 !
machine.c | 4 4 + 0 - 0 !
makefile | 13 11 + 2 - 0 !
makelist.c | 2 2 + 0 - 0 !
misc.c | 3 2 + 1 - 0 !
misc2.c | 4 4 + 0 - 0 !
nixtime.i | 10 7 + 3 - 0 !
options.h | 26 26 + 0 - 0 !
portable.h | 6 6 + 0 - 0 !
zoo.1 | 19 4 + 15 - 0 !
zoo.c | 1 1 + 0 - 0 !
zoo.h | 4 3 + 1 - 0 !
zooadd.c | 7 5 + 2 - 0 !
zooadd2.c | 4 3 + 1 - 0 !
zooext.c | 7 4 + 3 - 0 !
zoofns.h | 6 3 + 3 - 0 !
zooio.h | 1 1 + 0 - 0 !
zoolist.c | 3 2 + 1 - 0 !
zoopack.c | 5 3 + 2 - 0 !
22 files changed, 169 insertions(+), 36 deletions(-)

 old fixes, that were made before this package has changed to use dpatch.

02 traversal directory.patch | (download)

portable.c | 35 35 + 0 - 0 !
1 file changed, 35 insertions(+)

 patch to solve problem with "directory traversal bug" cve id can-2005-2349

03 fix manage archive under AMD64.patch | (download)

makefile | 5 5 + 0 - 0 !
misc.c | 4 4 + 0 - 0 !
zoodel.c | 4 4 + 0 - 0 !
zooext.c | 4 4 + 0 - 0 !
zoopack.c | 4 4 + 0 - 0 !
5 files changed, 21 insertions(+)

 patch to solve problems managing files under amd64 and maybe under others 64 archs.


04 fix fullpath buffer overflow.patch | (download)

misc.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 fix  "fullpath()" file name handling buffer overflow, can-2006-0855
05 CVE 2006 1269.patch | (download)

parse.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 buffer overflow during archive creation cve-2006-1269

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183426

A buffer overflow bug exists in zoo which is triggered during archive
creation. This issue is borderline a bug as it's really only a
problem if someone is creating a zoo archive on a directory full of
files controlled by a local attacker.

06 CVE 2007 1673.patch | (download)

zooext.c | 9 9 + 0 - 0 !
zoolist.c | 9 9 + 0 - 0 !
2 files changed, 18 insertions(+)

 multiple vendors zoo file decompression infinite loop dos
 http://archives.neohapsis.com/archives/bugtraq/2007-05/0046.html
 .
 It's possible to make the ZOO implementation to enter in an infinite loop
 condition. The vulnerability lies in the algorithm used to locate the
 files inside the archive. Each file in a ZOO archive is identified by a
 direntry structure. Those structures are linked between themselves with a
 'next' pointer. This pointer is in fact an offset from the beginning of
 the file, representing the next direntry structure. By specifying an
 already processed file, it's possible to process more than one time this
 same file. The ZOO parser will then enter an infinite loop condition.

07 ms help reduce outputted newlines in help.patch | (download)

zoo.c | 11 5 + 6 - 0 !
1 file changed, 5 insertions(+), 6 deletions(-)

 reduce newlines outputted in help screens
 There are huge gaps between the help screen (extra empty lines).
 The following patch minimizes them.

08 wait return comment out.patch | (download)

zoo.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 disable 'hit return to continue' screens
 The requirement to press RET key are not very confortable. The
 following patch removed the requirement to press a key to next screen,
 so that the output can be fed to less(1) etc.

10 printf.patch | (download)

zoolist.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 fix missing format strings



12 printf.patch | (download)

zooadd.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix missing format strings


14 printf.patch | (download)

zoo.c | 14 7 + 7 - 0 !
1 file changed, 7 insertions(+), 7 deletions(-)

 fix missing format strings


20 makefile.patch | (download)

makefile | 10 7 + 3 - 0 !
1 file changed, 7 insertions(+), 3 deletions(-)

 enabled hardened build flags through dpkg-buildflags