Merge remote-tracking branch 'origin/master' into core-updates

author: Efraim Flashner <efraim@flashner.co.il> 2021-03-24 15:28:33 +0200
committer: Efraim Flashner <efraim@flashner.co.il> 2021-03-24 20:50:44 +0200
commit: 2aab587f842908a886e3bd08b028885dddd650e0 (patch)
tree: 87c0723a9ae2c69ab6920d90b6e87ad8510492fe /gnu/packages/patches/unzip-CVE-2018-18384.patch
parent: 5664bcdcb0e4c10dfe48dd5e4730fc3c746a21e2 (diff)
parent: 65c46e79e0495fe4d32f6f2725d7233fff10fd70 (diff)
download: guix-2aab587f842908a886e3bd08b028885dddd650e0.tar.gz
guix-2aab587f842908a886e3bd08b028885dddd650e0.zip
1 files changed, 35 insertions, 0 deletions
diff --git a/gnu/packages/patches/unzip-CVE-2018-18384.patch b/gnu/packages/patches/unzip-CVE-2018-18384.patch
new file mode 100644
index 0000000000..54d4b8cb64
--- /dev/null
+++ b/gnu/packages/patches/unzip-CVE-2018-18384.patch
@@ -0,0 +1,35 @@
+--- unzip60/list.c	
++++ unzip60/list.c	
+@@ -97,7 +97,7 @@ int list_files(__G)    /* return PK-type
+ {
+     int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
+ #ifndef WINDLL
+-    char sgn, cfactorstr[13];
++    char sgn, cfactorstr[1+10+1+1];	/* <sgn><int>%NUL */
+     int longhdr=(uO.vflag>1);
+ #endif
+     int date_format;
+@@ -389,9 +389,9 @@ int list_files(__G)    /* return PK-type
+             }
+ #else /* !WINDLL */
+             if (cfactor == 100)
+-                sprintf(cfactorstr, LoadFarString(CompFactor100));
++                snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
+             else
+-                sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
++                snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
+             if (longhdr)
+                 Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats),
+                   FmZofft(G.crec.ucsize, "8", "u"), methbuf,
+@@ -471,9 +471,9 @@ int list_files(__G)    /* return PK-type
+ 
+ #else /* !WINDLL */
+         if (cfactor == 100)
+-            sprintf(cfactorstr, LoadFarString(CompFactor100));
++            snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
+         else
+-            sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
++            snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
+         if (longhdr) {
+             Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer),
+               FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"),
author	Efraim Flashner <efraim@flashner.co.il>	2021-03-24 15:28:33 +0200
committer	Efraim Flashner <efraim@flashner.co.il>	2021-03-24 20:50:44 +0200
commit	2aab587f842908a886e3bd08b028885dddd650e0 (patch)
tree	87c0723a9ae2c69ab6920d90b6e87ad8510492fe /gnu/packages/patches/unzip-CVE-2018-18384.patch
parent	5664bcdcb0e4c10dfe48dd5e4730fc3c746a21e2 (diff)
parent	65c46e79e0495fe4d32f6f2725d7233fff10fd70 (diff)
download	guix-2aab587f842908a886e3bd08b028885dddd650e0.tar.gz guix-2aab587f842908a886e3bd08b028885dddd650e0.zip