Package: unadf / 0.7.11a-7

Metadata

Package Version Patches format
unadf 0.7.11a-7 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
source code fixes | (download)

Lib/Generic/adf_nativ.c | 1 0 1 - 0 !
Lib/Generic/adf_nativ.h | 1 0 1 - 0 !
Lib/adf_bitm.c | 2 1 1 - 0 !
Lib/adf_cache.c | 2 1 1 - 0 !
Lib/adf_dir.c | 2 1 1 - 0 !
Lib/adf_env.c | 2 1 1 - 0 !
Lib/adf_file.c | 2 1 1 - 0 !
Lib/adf_hd.c | 2 1 1 - 0 !
Lib/adf_raw.c | 2 1 1 - 0 !
9 files changed, 7 insertions( ), 9 deletions(-)

 
 fix header files
64 bit fixes | (download)

Demo/Makefile | 2 1 1 - 0 !
Demo/unadf.c | 10 5 5 - 0 !
Lib/Makefile | 2 1 1 - 0 !
Lib/adf_bitm.c | 26 13 13 - 0 !
Lib/adf_bitm.h | 2 1 1 - 0 !
Lib/adf_blk.h | 211 106 105 - 0 !
Lib/adf_cache.c | 21 11 10 - 0 !
Lib/adf_cache.h | 2 1 1 - 0 !
Lib/adf_defs.h | 10 6 4 - 0 !
Lib/adf_dir.c | 28 14 14 - 0 !
Lib/adf_dir.h | 6 3 3 - 0 !
Lib/adf_disk.c | 38 19 19 - 0 !
Lib/adf_disk.h | 8 4 4 - 0 !
Lib/adf_dump.c | 14 7 7 - 0 !
Lib/adf_dump.h | 8 5 3 - 0 !
Lib/adf_env.c | 20 10 10 - 0 !
Lib/adf_file.c | 56 28 28 - 0 !
Lib/adf_file.h | 10 5 5 - 0 !
Lib/adf_hd.c | 48 24 24 - 0 !
Lib/adf_hd.h | 18 9 9 - 0 !
Lib/adf_link.c | 2 1 1 - 0 !
Lib/adf_link.h | 3 2 1 - 0 !
Lib/adf_raw.c | 36 18 18 - 0 !
Lib/adf_raw.h | 8 4 4 - 0 !
Lib/adf_salv.c | 8 4 4 - 0 !
Lib/adf_str.h | 66 33 33 - 0 !
Lib/adf_util.c | 10 5 5 - 0 !
Lib/adf_util.h | 8 4 4 - 0 !
Lib/adflib.h | 20 10 10 - 0 !
Lib/hd_blk.h | 162 81 81 - 0 !
Lib/myconf | 19 13 6 - 0 !
Lib/myconf.sh | 19 13 6 - 0 !
Makefile | 13 7 6 - 0 !
33 files changed, 468 insertions( ), 446 deletions(-)

 
---
add hardening flags in compiler options | (download)

Demo/Makefile | 3 3 0 - 0 !
Demo/unadf.c | 3 1 2 - 0 !
Lib/Makefile | 2 2 0 - 0 !
3 files changed, 6 insertions( ), 2 deletions(-)

 
 add hardening flags in compiler options
privacy breach.patch | (download)

Faq/adf_info.html | 12 0 12 - 0 !
1 file changed, 12 deletions(-)

 
 remove monitoring from faq
CVE 2016 1243_CVE 2016 1244 | (download)

Demo/unadf.c | 41 22 19 - 0 !
1 file changed, 22 insertions( ), 19 deletions(-)

 
 fix unsafe extraction by using mkdir() instead of shell command
  This commit fixes following vulnerabilities:

  - CVE-2016-1243: stack buffer overflow caused by blindly trusting on
    pathname lengths of archived files

    Stack allocated buffer sysbuf was filled with sprintf() without any
    bounds checking in extracTree() function.

  - CVE-2016-1244: execution of unsanitized input

    Shell command used for creating directory paths was constructed by
    concatenating names of archived files to the end of the command
    string.

  So, if the user was tricked to extract a specially crafted .adf file,
  the attacker was able to execute arbitrary code with privileges of the
  user.

  This commit fixes both issues by

    1) replacing mkdir shell commands with mkdir() function calls
    2) removing redundant sysbuf buffer