Hi,
A new zlibc release is available. It fixes a couple of security issues
when invoked with setuid programs.
Moreover, after years of inactivity, I made much needed changes to make
zlibc compile and work with current OS versions (Solaris and Linux).
Zlibc allows executables to uncompress their datafiles on the fly. No
kernel patch, no recompilation of the executables nor the libraries is
needed.
Zlibc (sources, .debs and RPMs) can currently be found at the following
location:
http://zlibc.linux.lu/
There is an zlibc mailing list at zlibc(a)zlibc.linux.lu. You may
subscribe to it by sending a message with 'subscribe' in its body or
subject to zlibc-request(a)zlibc.linux.lu, or by visiting the following URL:
https://zlibc.linux.lu/mailman3/postorius/lists/zlibc.zlibc.linux.lu/
The sha1sums are:
29927852064f4682e598a7ebb21d5e29c3b9138e zlibc-0.9l-1.i386.rpm
39fa591517194cc0bc68e0e549b9af9206ab09c9 zlibc-0.9l.lsm
d5ebf505a67fd91a6e86803da81e19fafbfaf2dd zlibc-0.9l.tar.gz
Alain
Hey there,
We have some vunlerabilities that we wanted to make you aware of in the
Zlibc software. Do you by chance have a GPG/PGP key so that we can send
you that information securely? I have attached our key for ease of use
in future communications.
Thanks,
Marc Hartshorne
Exodus Disclosure Team
I am on Debian 7.6.
I installed zlibc from the Debian repository,
and compliled from zlibc-0.9k .
I have yet to get it to work. Both fail to uncompress with simple commands
like cat(1) and head(1) .
For example:
zcat /etc/alternatives/xjc.1.gz | head
.'" t
."
." Copyright 2005-2006 Sun Microsystems, Inc. All Rights Reserved.
." DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
."
." This code is free software; you can redistribute it and/or modify it
." under the terms of the GNU General Public License version 2 only, as
." published by the Free Software Foundation.
."
." This code is distributed in the hope that it will be useful, but WITHOUT
ls -l /lib/uncompress.so
-rwSr-Sr-- 1 root root 40464 Oct 9 2009 /lib/uncompress.so
export LD_PRELOAD=uncompress.so
env | grep LD_
LD_PRELOAD=uncompress.so
LD_LIBRARY_PATH=/lib:/usr/lib
head /etc/alternatives/xjc.1.gz | od -c
0000000 037 213 \b \0 \0 \0 \0 \0 002 003 275 Z k s 333 F
0000020 262 375 316 _ 1 245 335 l 354 224 004 J 362 & [ W
0000040 Q 251 226 226 h K ) 275 . I 305 v 205 256 354 020
:
etc.
LD_ZLIB_VERBOSE=1 head /etc/alternatives/xjc.1.gz >/dev/null
progname = head
/home/mbianchi/.zlibrc
/etc/zlibc.conf
opening /home/mbianchi/.zlibrc 0
Listing class
4 4 4 .tar0 1 default
ls -l /home/mbianchi/.zlibrc
ls: cannot access /home/mbianchi/.zlibrc: No such file or directory
head /etc/zlibc.conf
# sample zlibrc file
# by default, commands may also unlink compressed files
commands default use unlink
commands "xman" use disable
# Eamcs has its own way of handling compressed files
commands "xemacs" use disable disable_child
Any ideas as to what might be wrong?
--
Mike Bianchi
Foveal Systems
973 822-2085
MBianchi(a)Foveal.com
http://www.AutoAuditorium.comhttp://www.FovealMounts.com
diff of readdir_tmpl.c
36d35
< #include<assert.h>
40,42d38
< assert(dirp);
< if(!real_READDIR) _zlibc_init();
< assert(real_READDIR);
solves the uninitialised functionpointer when readdir is called.
regards,
Leo van den Berg
Due to some hard disk issue at tux.org, and also for simplification
purposes, the address of the zlibc mailing list has been changed.
The new list address is now: zlibc(a)zlibc.linux.lu
The archives URL is: http://zlibc.linux.lu/pipermail/zlibc/
The subscriber list has already been imported into the new host, so no
specific action is needed on your part in order to keep your subscription.
You only need to remember to use the new address
(zlibc(a)zlibc.linux.lu) when posting to the list.
Sorry for the inconvenience,
Alain
I'm trying to compile zlibc on Solaris 9 using gcc v3.4.2 (from
www.sunfreeware.com) and I get the following error.
Any assistance would be great,
Tom
1:srss-sun-02:/var/tmp/zlibc-0.9k$ make
gcc -g -O2 -O4 -Wall -DHAVE_CONFIG_H -DSYSCONFDIR=\"/usr/local/etc\" -Dsparc
-Dsun -Dsolaris2_9 -Dsolaris2 -Dsolaris -I. -I. -fpic -c open.c
gcc -g -O2 -O4 -Wall -DHAVE_CONFIG_H -DSYSCONFDIR=\"/usr/local/etc\" -Dsparc
-Ds
un -Dsolaris2_9 -Dsolaris2 -Dsolaris -I. -I. -fpic -c altnames.c
altnames.c:7: error: parse error before "char"
altnames.c: In function `_access':
altnames.c:7: error: `var1' undeclared (first use in this function)
altnames.c:7: error: (Each undeclared identifier is reported only once
altnames.c:7: error: for each function it appears in.)
altnames.c:7: error: `var2' undeclared (first use in this function)
altnames.c: At top level:
altnames.c:8: error: parse error before "char"
altnames.c: In function `_chmod':
altnames.c:8: error: `var1' undeclared (first use in this function)
altnames.c:8: error: `var2' undeclared (first use in this function)
altnames.c: At top level:
altnames.c:10: error: parse error before "char"
altnames.c: In function `_stat':
altnames.c:10: error: `var1' undeclared (first use in this function)
altnames.c:10: error: `var2' undeclared (first use in this function)
altnames.c: At top level:
altnames.c:11: error: parse error before "char"
altnames.c: In function `_lstat':
altnames.c:11: error: `var1' undeclared (first use in this function)
altnames.c:11: error: `var2' undeclared (first use in this function)
altnames.c: At top level:
altnames.c:22: error: parse error before "char"
altnames.c: In function `_link':
altnames.c:22: error: `var1' undeclared (first use in this function)
altnames.c:22: error: `var2' undeclared (first use in this function)
altnames.c: At top level:
altnames.c:23: error: parse error before "char"
altnames.c: In function `_symlink':
altnames.c:23: error: `var1' undeclared (first use in this function)
altnames.c:23: error: `var2' undeclared (first use in this function)
altnames.c: At top level:
altnames.c:24: error: parse error before "char"
altnames.c: In function `_rename':
altnames.c:24: error: `var1' undeclared (first use in this function)
altnames.c:24: error: `var2' undeclared (first use in this function)
altnames.c: At top level:
altnames.c:26: error: parse error before "char"
altnames.c: In function `_chown':
altnames.c:26: error: `var1' undeclared (first use in this function)
altnames.c:26: error: `var2' undeclared (first use in this function)
altnames.c:26: error: `var3' undeclared (first use in this function)
altnames.c: At top level:
altnames.c:36: error: parse error before "char"
altnames.c: In function `_open':
altnames.c:36: error: `var1' undeclared (first use in this function)
altnames.c:36: error: `var2' undeclared (first use in this function)
altnames.c:36: error: `var3' undeclared (first use in this function)
altnames.c: At top level:
altnames.c:37: error: parse error before "char"
altnames.c: In function `_open64':
altnames.c:37: error: `var1' undeclared (first use in this function)
altnames.c:37: error: `var2' undeclared (first use in this function)
altnames.c:37: error: `var3' undeclared (first use in this function)
altnames.c: At top level:
altnames.c:38: error: parse error before "char"
altnames.c: In function `__open':
altnames.c:38: error: `var1' undeclared (first use in this function)
altnames.c:38: error: `var2' undeclared (first use in this function)
altnames.c:38: error: `var3' undeclared (first use in this function)
altnames.c: At top level:
altnames.c:39: error: parse error before "char"
altnames.c: In function `__open64':
altnames.c:39: error: `var1' undeclared (first use in this function)
altnames.c:39: error: `var2' undeclared (first use in this function)
altnames.c:39: error: `var3' undeclared (first use in this function)
altnames.c: At top level:
altnames.c:40: error: parse error before "char"
altnames.c: In function `_unlink':
altnames.c:40: error: `var1' undeclared (first use in this function)
altnames.c: At top level:
altnames.c:42: error: parse error before "char"
altnames.c: In function `_readlink':
altnames.c:42: error: `var1' undeclared (first use in this function)
altnames.c:42: error: `var2' undeclared (first use in this function)
altnames.c:42: error: `var3' undeclared (first use in this function)
altnames.c: At top level:
altnames.c:43: error: parse error before "char"
altnames.c: In function `__readlink':
altnames.c:43: error: `var1' undeclared (first use in this function)
altnames.c:43: error: `var2' undeclared (first use in this function)
altnames.c:43: error: `var3' undeclared (first use in this function)
make: *** [altnames.o] Error 1
1:srss-sun-02:/var/tmp/zlibc-0.9k$
_______________________________________________
zlibc mailing list
zlibc(a)tux.org
http://www.tux.org/mailman/listinfo/zlibc
A new zlibc release is available. This is mainly a maintainance
release. It's major benefit is compatibility with current glibc
version (workaround for the private __libc_open function, which should
cover most cases) and Solaris (tested on Solaris 10).
Zlibc allows executables to uncompress their datafiles on the fly. No
kernel patch, no recompilation of the executables and the libraries is
needed.
Zlibc (sources and RPM) can currently be found at the following
places:
http://www.tux.org/pub/knaff/zlibchttp://zlibc.linux.lu/
and soon at:
ftp://ibiblio.unc.edu/pub/Linux/libs/compression
There is an zlibc mailing list at zlibc(a)tux.org. You may subscribe to
it by sending a message with 'subscribe' in its body or subject to
zlibc-request(a)tux.org, or by visiting the following URL:
http://www.tux.org/mailman/listinfo/zlibc
The sha1sums are:
ca8fd4ea0590e976ce6ca24fe8055946ef33e944 zlibc-0.9k-1.i586.rpm
e9fb3a65a7ac7b1210f5a0236720ffec55cac086 zlibc-0.9k.lsm
5ba50a4c26aca6275d5fd5b7b8357a42ad66b936 zlibc-0.9k.tar.gz
Alain
_______________________________________________
zlibc mailing list
zlibc(a)tux.org
http://www.tux.org/mailman/listinfo/zlibc
You cannot just download
ftp://www.tux.org/pub/knaff/zlibc/zlibc-0.9j.tar.gz and expect to
compile it.
After un-tar'ing it, you must apply the latest patch which is at
ftp://www.tux.org/pub/knaff/zlibc/zlibc-0.9j-20040228.diff.gz
Then you can configure and build.
Once you do this it'll compile on Redhat 9. Still haven't tested it yet.
(Why can't all the latest patches be bundled with the source in a new
"k" release. If that was done, most of the compile questions for the
past year wouldn't have been necessary)
_______________________________________________
zlibc mailing list
zlibc(a)tux.org
http://www.tux.org/mailman/listinfo/zlibc
im new bout zlibc,
is zlibc actually also patch fopen function(in general
stdio function--beside posix)? i do something like this
after LD_PRELOAD
1. cat myfile
it returns contents of file,cat using fopen function to
open file.
2. less myfile
it returns too cos less using open function to open file.
but how could it be ?? i try to grep fopen, i found
nothing :(.how its work or which file/code tell about
fopen function.
would you could help this. i need it for my study bout
compression.
im using zlibc-0.9j
===========================================================================================
Netkuis Instan untuk wilayah Bandung (kode area 022) - SD,SMP,SMA berhadiah total puluhan juta rupiah... periode I dimulai 1 April 2004
===========================================================================================
_______________________________________________
zlibc mailing list
zlibc(a)tux.org
http://www.tux.org/mailman/listinfo/zlibc
Hi!
I downloaded zlibc to give it a try and I can not get
it compiled!
Apparently symbols like st_atime, st_ctime, ... are already defined!
Here is the output of the make
gcc -DHAVE_CONFIG_H -DSYSCONFDIR=\"/usr/local/etc\" -Di686 -Dpc -Dlinux
-fpic -I. -I. -c open.c
In file included from zlibc.h:205,
from sysincludes.h:142,
from open.c:10:
kernel_stat.h:21: warning: no semicolon at end of struct or union
kernel_stat.h:21: error: syntax error before '.' token
kernel_stat.h:24: error: syntax error before '.' token
kernel_stat.h:27: error: syntax error before '.' token
kernel_stat.h:34: error: syntax error before '}' token
In file included from sysincludes.h:142,
from open.c:10:
zlibc.h:219:13: warning: extra tokens at end of #undef directive
zlibc.h:241:13: warning: extra tokens at end of #undef directive
make: *** [open.o] Error 1
Thanks for any help
BTW, I am running gentoo linux.
======================
_______________________________________________
zlibc mailing list
zlibc(a)tux.org
http://www.tux.org/mailman/listinfo/zlibc