summary refs log tree commit diff
path: root/gnu/packages/patches/zziplib-CVE-2017-5976.patch
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2018-02-09 15:56:06 +0100
committerMarius Bakke <mbakke@fastmail.com>2018-02-09 16:43:49 +0100
commit165c8b2adcae739fb16db1e892241bf45814e3bd (patch)
treee9dd97d295fe75511e578d3cc2ae1f3f9806f3b8 /gnu/packages/patches/zziplib-CVE-2017-5976.patch
parenta68fdfea96370c8a4b95af1fcd6e2fd7eb72da29 (diff)
downloadguix-165c8b2adcae739fb16db1e892241bf45814e3bd.tar.gz
gnu: zziplib: Update to 0.13.68.
* gnu/packages/patches/zziplib-CVE-2017-5974.patch,
gnu/packages/patches/zziplib-CVE-2017-5975.patch,
gnu/packages/patches/zziplib-CVE-2017-5976.patch,
gnu/packages/patches/zziplib-CVE-2017-5978.patch,
gnu/packages/patches/zziplib-CVE-2017-5979.patch,
gnu/packages/patches/zziplib-CVE-2017-5981.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/compression.scm (zziplib): Update to 0.13.68.
[source](patches): Remove.
[arguments]: Remove #:parallel-tests?.  Set #:tests? #f.
Diffstat (limited to 'gnu/packages/patches/zziplib-CVE-2017-5976.patch')
-rw-r--r--gnu/packages/patches/zziplib-CVE-2017-5976.patch61
1 files changed, 0 insertions, 61 deletions
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5976.patch b/gnu/packages/patches/zziplib-CVE-2017-5976.patch
deleted file mode 100644
index 17fc30e302..0000000000
--- a/gnu/packages/patches/zziplib-CVE-2017-5976.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-Fix CVE-2017-5976:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5976
-
-Patch copied from Debian.
-
-Index: zziplib-0.13.62/zzip/memdisk.c
-===================================================================
---- zziplib-0.13.62.orig/zzip/memdisk.c
-+++ zziplib-0.13.62/zzip/memdisk.c
-@@ -201,6 +201,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
-         {
-             void *mem = malloc(ext1 + 2);
-             item->zz_ext[1] = mem;
-+	    item->zz_extlen[1] = ext1 + 2;
-             memcpy(mem, ptr1, ext1);
-             ((char *) (mem))[ext1 + 0] = 0;
-             ((char *) (mem))[ext1 + 1] = 0;
-@@ -209,6 +210,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
-         {
-             void *mem = malloc(ext2 + 2);
-             item->zz_ext[2] = mem;
-+	    item->zz_extlen[2] = ext2 + 2;
-             memcpy(mem, ptr2, ext2);
-             ((char *) (mem))[ext2 + 0] = 0;
-             ((char *) (mem))[ext2 + 1] = 0;
-@@ -245,8 +247,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR
-     while (1)
-     {
-         ZZIP_EXTRA_BLOCK *ext = entry->zz_ext[i];
--        if (ext)
-+        if (ext && (entry->zz_extlen[i] >= zzip_extra_block_headerlength))
-         {
-+	    char *endblock = (char *)ext + entry->zz_extlen[i];
-+
-             while (*(short *) (ext->z_datatype))
-             {
-                 if (datatype == zzip_extra_block_get_datatype(ext))
-@@ -257,6 +261,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR
-                 e += zzip_extra_block_headerlength;
-                 e += zzip_extra_block_get_datasize(ext);
-                 ext = (void *) e;
-+		if (e >= endblock)
-+		{
-+		    break;
-+		}
-                 ____;
-             }
-         }
-Index: zziplib-0.13.62/zzip/memdisk.h
-===================================================================
---- zziplib-0.13.62.orig/zzip/memdisk.h
-+++ zziplib-0.13.62/zzip/memdisk.h
-@@ -66,6 +66,7 @@ struct _zzip_mem_entry {
-     int              zz_filetype;  /* (from "z_filetype") */
-     char*            zz_comment;   /* zero-terminated (from "comment") */
-     ZZIP_EXTRA_BLOCK* zz_ext[3];   /* terminated by null in z_datatype */
-+    int              zz_extlen[3]; /* length of zz_ext[i] in bytes */
- };                                 /* the extra blocks are NOT converted */
- 
- #define _zzip_mem_disk_findfirst(_d_) ((_d_)->list)