diff options
author | Marius Bakke <marius@gnu.org> | 2020-07-26 13:37:12 +0200 |
---|---|---|
committer | Marius Bakke <marius@gnu.org> | 2020-07-26 13:37:12 +0200 |
commit | ebd1ba713cbefc9ad5dac609255e1344a328e360 (patch) | |
tree | 39a48103b244191090bd43984100935940611f7e /gnu/packages/patches/glibc-CVE-2016-4429.patch | |
parent | ccc1d743a64fd71bee1a27f1f495978989b41126 (diff) | |
download | guix-ebd1ba713cbefc9ad5dac609255e1344a328e360.tar.gz |
gnu: glibc: Remove old versions.
* gnu/packages/patches/glibc-CVE-2015-5180.patch, gnu/packages/patches/glibc-CVE-2015-7547.patch, gnu/packages/patches/glibc-CVE-2016-3075.patch, gnu/packages/patches/glibc-CVE-2016-3706.patch, gnu/packages/patches/glibc-CVE-2016-4429.patch, gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch, gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch, gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch, gnu/packages/patches/glibc-o-largefile.patch, gnu/packages/patches/glibc-vectorized-strcspn-guards.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/base.scm (glibc-2.26, glibc-2.25, glibc-2.24, glibc-2.23, glibc-2.22): Remove variables.
Diffstat (limited to 'gnu/packages/patches/glibc-CVE-2016-4429.patch')
-rw-r--r-- | gnu/packages/patches/glibc-CVE-2016-4429.patch | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/gnu/packages/patches/glibc-CVE-2016-4429.patch b/gnu/packages/patches/glibc-CVE-2016-4429.patch deleted file mode 100644 index 5eebd10543..0000000000 --- a/gnu/packages/patches/glibc-CVE-2016-4429.patch +++ /dev/null @@ -1,58 +0,0 @@ -From bdce95930e1d9a7d013d1ba78740243491262879 Mon Sep 17 00:00:00 2001 -From: Florian Weimer <fweimer@redhat.com> -Date: Mon, 23 May 2016 20:18:34 +0200 -Subject: [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ - #20112] - -The call is technically in a loop, and under certain circumstances -(which are quite difficult to reproduce in a test case), alloca -can be invoked repeatedly during a single call to clntudp_call. -As a result, the available stack space can be exhausted (even -though individual alloca sizes are bounded implicitly by what -can fit into a UDP packet, as a side effect of the earlier -successful send operation). - -(cherry picked from commit bc779a1a5b3035133024b21e2f339fe4219fb11c) ---- - ChangeLog | 7 +++++++ - NEWS | 4 ++++ - sunrpc/clnt_udp.c | 10 +++++++++- - 3 files changed, 20 insertions(+), 1 deletion(-) - -diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c -index a6cf5f1..4d9acb1 100644 ---- a/sunrpc/clnt_udp.c -+++ b/sunrpc/clnt_udp.c -@@ -388,9 +388,15 @@ send_again: - struct sock_extended_err *e; - struct sockaddr_in err_addr; - struct iovec iov; -- char *cbuf = (char *) alloca (outlen + 256); -+ char *cbuf = malloc (outlen + 256); - int ret; - -+ if (cbuf == NULL) -+ { -+ cu->cu_error.re_errno = errno; -+ return (cu->cu_error.re_status = RPC_CANTRECV); -+ } -+ - iov.iov_base = cbuf + 256; - iov.iov_len = outlen; - msg.msg_name = (void *) &err_addr; -@@ -415,10 +421,12 @@ send_again: - cmsg = CMSG_NXTHDR (&msg, cmsg)) - if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR) - { -+ free (cbuf); - e = (struct sock_extended_err *) CMSG_DATA(cmsg); - cu->cu_error.re_errno = e->ee_errno; - return (cu->cu_error.re_status = RPC_CANTRECV); - } -+ free (cbuf); - } - #endif - do --- -2.9.3 - |