diff options
| author | Mark H Weaver <mhw@netris.org> | 2015-10-08 10:01:02 -0400 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2015-10-08 10:07:44 -0400 |
| commit | 48e4a9f32f93c404b6fb4472164d8e00d12b2937 (patch) | |
| tree | 8057d803846a751ff0a2beef9f66b45d8f9a0765 /gnu/packages/patches/unzip-overflow-long-fsize.patch | |
| parent | e91e28d60c66362b7114d7a3ed7809609f2c1b4b (diff) | |
| download | guix-48e4a9f32f93c404b6fb4472164d8e00d12b2937.tar.gz | |
gnu: unzip: Add various fixes.
* gnu/packages/patches/unzip-increase-size-of-cfactorstr.patch: Delete file. Replace with ... * gnu/packages/patches/unzip-overflow-long-fsize.patch: ... this new file. * gnu/packages/patches/unzip-attribs-overflow.patch, gnu/packages/patches/unzip-fix-overflows-and-infloop.patch, gnu/packages/patches/unzip-format-secure.patch: New files. * gnu/packages/patches/unzip-CVE-2014-9636.patch: Replace contents with fixed patch from Fedora. * gnu-system.am (dist_patch_DATA): Adjust accordingly. * gnu/packages/zip.scm (unzip)[source]: Adjust list of patches.
Diffstat (limited to 'gnu/packages/patches/unzip-overflow-long-fsize.patch')
| -rw-r--r-- | gnu/packages/patches/unzip-overflow-long-fsize.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/gnu/packages/patches/unzip-overflow-long-fsize.patch b/gnu/packages/patches/unzip-overflow-long-fsize.patch new file mode 100644 index 0000000000..76963480d5 --- /dev/null +++ b/gnu/packages/patches/unzip-overflow-long-fsize.patch @@ -0,0 +1,38 @@ +Copied from Fedora. + +http://pkgs.fedoraproject.org/cgit/unzip.git/plain/unzip-6.0-overflow-long-fsize.patch?id=d18f821e + +diff --git a/list.c b/list.c +index f7359c3..4c3d703 100644 +--- a/list.c ++++ b/list.c +@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type error code */ + { + int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; + #ifndef WINDLL +- char sgn, cfactorstr[10]; ++ char sgn, cfactorstr[13]; + int longhdr=(uO.vflag>1); + #endif + int date_format; +@@ -339,7 +339,19 @@ int list_files(__G) /* return PK-type error code */ + G.crec.compression_method == ENHDEFLATED) { + methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; + } else if (methnum >= NUM_METHODS) { +- sprintf(&methbuf[4], "%03u", G.crec.compression_method); ++ /* 2013-02-26 SMS. ++ * http://sourceforge.net/tracker/?func=detail ++ * &aid=2861648&group_id=118012&atid=679786 ++ * Unexpectedly large compression methods overflow ++ * &methbuf[]. Use the old, three-digit decimal format ++ * for values which fit. Otherwise, sacrifice the ++ * colon, and use four-digit hexadecimal. ++ */ ++ if (G.crec.compression_method <= 999) { ++ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method); ++ } else { ++ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method); ++ } + } + + #if 0 /* GRR/Euro: add this? */ |