aboutsummaryrefslogtreecommitdiff
Fix CVE-2017-16844:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16844
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511

Patch copied from Debian procmail package 3.22-26:

http://http.debian.net/debian/pool/main/p/procmail/procmail_3.22-26.debian.tar.xz

From: Santiago Vila <sanvila@debian.org>
Subject: Fix heap-based buffer overflow in loadbuf()
Bug-Debian: http://bugs.debian.org/876511
X-Debian-version: 3.22-26

--- a/src/formisc.c
+++ b/src/formisc.c
@@ -103,7 +103,7 @@
 }
 							    /* append to buf */
 void loadbuf(text,len)const char*const text;const size_t len;
-{ if(buffilled+len>buflen)			  /* buf can't hold the text */
+{ while(buffilled+len>buflen)			  /* buf can't hold the text */
      buf=realloc(buf,buflen+=Bsize);
   tmemmove(buf+buffilled,text,len);buffilled+=len;
 }
generated by cgit
2-31 00:55:43 +0100'>2022-12-31gnu: kodi: Update to 19.5....* gnu/packages/kodi.scm (kodi): Update to 19.5. [source]: Remove obsolete patches; delete bundled jars. [arguments]: Update configure flags; adjust build phase 'patch-stuff to use Groovy from Guix; adjust file names; remove obsolete substitutions; disable TestCPUInfo.GetCPUFrequency test; remove trailing #T from build phases. [native-inputs]: Drop input labels; add googletest, groovy, openjdk9, and java-commons-lang; remove icedtea. [inputs]: Add spdlog-for-kodi; replace fmt-7 with fmt-6 (for spdlog). (kodi/wayland)[arguments]: Adjust configure flags. [inputs]: Use modify-inputs. * gnu/local.mk (dist_patch_DATA): Remove obsolete patches. * gnu/packages/patches/kodi-set-libcurl-ssl-parameters.patch: Adjust. * gnu/packages/patches/kodi-increase-test-timeout.patch: Remove file. * gnu/packages/patches/kodi-skip-test-449.patch: Remove file. Ricardo Wurmus