aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/unzip-CVE-2016-9844.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/unzip-CVE-2016-9844.patch')
-rw-r--r--gnu/packages/patches/unzip-CVE-2016-9844.patch39
1 files changed, 39 insertions, 0 deletions
diff --git a/gnu/packages/patches/unzip-CVE-2016-9844.patch b/gnu/packages/patches/unzip-CVE-2016-9844.patch
new file mode 100644
index 0000000000..0e4a173397
--- /dev/null
+++ b/gnu/packages/patches/unzip-CVE-2016-9844.patch
@@ -0,0 +1,39 @@
+From 754137e70cf58a64ad524b704a86b651ba0cde07 Mon Sep 17 00:00:00 2001
+From: Petr Stodulka <pstodulk@redhat.com>
+Date: Wed, 14 Dec 2016 16:30:36 +0100
+Subject: [PATCH] Fix CVE-2016-9844 (rhbz#1404283)
+
+Fixes buffer overflow in zipinfo in similar way like fix for
+CVE-2014-9913 provided by upstream.
+---
+ zipinfo.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/zipinfo.c b/zipinfo.c
+index c03620e..accca2a 100644
+--- a/zipinfo.c
++++ b/zipinfo.c
+@@ -1984,7 +1984,19 @@ static int zi_short(__G) /* return PK-type error code */
+ ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3);
+ methbuf[3] = dtype[dnum];
+ } else if (methnum >= NUM_METHODS) { /* unknown */
+- sprintf(&methbuf[1], "%03u", G.crec.compression_method);
++ /* 2016-12-05 SMS.
++ * https://launchpad.net/bugs/1643750
++ * Unexpectedly large compression methods overflow
++ * &methbuf[]. Use the old, three-digit decimal format
++ * for values which fit. Otherwise, sacrifice the "u",
++ * and use four-digit hexadecimal.
++ */
++ if (G.crec.compression_method <= 999) {
++ sprintf( &methbuf[ 1], "%03u", G.crec.compression_method);
++ } else {
++ sprintf( &methbuf[ 0], "%04X", G.crec.compression_method);
++ }
++
+ }
+
+ for (k = 0; k < 15; ++k)
+--
+2.5.5
+
05d87fb2c58b829b9d0'>monads: Add 'mparameterize'....* etc/system-tests.scm (mparameterize): Move to... * guix/monads.scm (mparameterize): ... here. * tests/monads.scm ("mparameterize"): New test. * .dir-locals.el (c-mode): Add it. Ludovic Courtès 2022-07-10.dir-locals.el: Restore Emacs 27 lisp-fill-paragraph behavior....* .dir-locals.el (scheme-mode): Set fill-paragraph-function to a lisp-fill-paragraph version that matches that of Emacs 27. Maxim Cournoyer 2022-06-28.dir-locals.el: Properly indent 'wrap-script'....* .dir-locals.el (scheme-mode): Indent 'wrap-script' the same way as 'wrap-program'. Maxim Cournoyer 2022-06-07.dir-locals: Adjust to bug-reference-mode in Emacs 28....* .dir-locals.el: Adjust 'bug-reference-bug-regexp' and 'bug-reference-url-format' to Emacs 28. Ludovic Courtès 2022-03-06import: github: Reuse HTTP connection for the /tags URL fallback....* guix/import/github.scm (fetch-releases-or-tags): Call 'open-connection-for-uri' and reuse the same connection for the two 'http-fetch' calls. * .dir-locals.el (scheme-mode): Add 'call-with-port'. Ludovic Courtès 2022-03-06tests: Add (guix http-client) tests....* tests/http-client.scm: New file. * Makefile.am (SCM_TESTS): Add it. * .dir-locals.el (scheme-mode): Add 'with-http-server'. Ludovic Courtès 2022-01-29.dir-locals.el: Don't mess up indentation of prepend and append....The current version appears to assume special values in the first and second package, but it's either all lists (default append) or all package input expressions (inside modify-inputs), which themselves are either packages or lists consisting of a package and a string. * .dir-locals.el: Drop (eval . (put 'prepend 'scheme-indent-function 2)) and (eval . (put 'append 'scheme-indent-function 2)). Liliana Marie Prikler 2021-08-12Merge branch 'master' into core-updates-frozen... Conflicts: gnu/packages/algebra.scm gnu/packages/games.scm gnu/packages/golang.scm gnu/packages/kerberos.scm gnu/packages/mail.scm gnu/packages/python.scm gnu/packages/ruby.scm gnu/packages/scheme.scm gnu/packages/tex.scm gnu/packages/tls.scm gnu/packages/version-control.scm Marius Bakke 2021-08-02.dir-locals.el: Specify indentation rule for with-shepherd-action....* .dir-locals.el (scheme-mode) <with-shepherd-action>: New indentation rule. Maxim Cournoyer 2021-07-18Merge branch 'master' into core-updatesLudovic Courtès 2021-07-11packages: Add 'modify-inputs'....* guix/packages.scm (inputs-sans-labels, replace-input): New procedures. (prepend, replace, modify-inputs): New macros. * doc/guix.texi (Defining Package Variants): Document 'modify-inputs'. * dir-locals.el: Add 'modify-inputs' and its keywords. Ludovic Courtès 2021-06-29pack: Add support for the deb format....* .dir-locals.el (scheme-mode)[gexp->derivation]: Define indentation rule. * guix/scripts/pack.scm (debian-archive): New procedure. (%formats): Register the new deb format. (show-formats): Add it to the usage string. * tests/pack.scm (%ar-bootstrap): New variable. (deb archive with symlinks): New test. * doc/guix.texi (Invoking guix pack): Document it. * NEWS: Add news entry. Maxim Cournoyer 2021-03-30build-system: Rewrite using gexps....* guix/packages.scm (expand-input): Remove 'store', 'system', and 'cross-system' parameters; add #:native?. Rewrite to return name/gexp-input tuples. (bag->derivation): Adjust accordingly. Lower (bag-build bag). (bag->cross-derivation): Ditto. Instead of #:native-drvs and #:target-drvs, pass #:build-inputs, #:host-inputs, and #:target-inputs. (%derivation-cache): Remove. * gnu/packages/bootstrap.scm (raw-build): Turn into a monadic procedure. * gnu/packages/commencement.scm (glibc-final)[arguments]: Use 'gexp-input' for the #:allowed-references argument. * guix/build-system/cmake.scm (cmake-build): Remove 'store' parameter. Switch to the use of gexps and 'gexp->derivation'. (lower): Remove #:source from 'private-keywords'. * guix/build-system/glib-or-gtk.scm (glib-or-gtk-build, lower): Likewise. * guix/build-system/font.scm (font-build): Likewise. * guix/build-system/gnu.scm (gnu-build): Likewise, and remove 'canonicalize-reference'. (gnu-cross-build): Likewise, and expect #:build-inputs, #:host-inputs, and #:target-inputs instead of #:native-drvs and #:target-drvs. (lower): Likewise. * guix/build-system/perl.scm (perl-build, lower): Likewise. * guix/build-system/python.scm (python-build, lower): Likewise. * guix/build-system/ruby.scm (ruby-build, lower): Likewise. * guix/build-system/waf.scm (waf-build, lower): Likewise. * guix/build-system/trivial.scm (guile-for-build): Remove. (trivial-build): Remove 'store' parameter, change to gexps. (trivial-cross-build): Ditto, and change to #:build-inputs & co. * guix/build-system/cargo.scm (cargo-build): Change to 'gexp->derivation'. * guix/build-system/copy.scm (copy-build): Likewise. * guix/build-system/dune.scm (dune-build): Likewise. * guix/build-system/guile.scm (guile-build, guile-cross-build): Likewise. * guix/build-system/meson.scm (meson-build): Likewise. * guix/build-system/ocaml.scm (ocaml-build): Likewise. * guix/build-system/scons.scm (scons-build): Likewise. * guix/build-system/texlive.scm (texlive-build): Likewise. * guix/build-system/android-ndk.scm (android-ndk-build): Likewise. * guix/build-system/ant.scm (ant-build): Likewise. * guix/build-system/asdf.scm (asdf-build/source, asdf-build): Likewise. * guix/build-system/chicken.scm (chicken-build): Likewise. * guix/build-system/clojure.scm (clojure-build): Likewise. (source->output-path, maybe-guile->guile): Remove. * guix/build-system/dub.scm (dub-build): Likewise. * guix/build-system/emacs.scm (emacs-build): Likewise. * guix/build-system/go.scm (go-build): Likewise. * guix/build-system/haskell.scm (haskell-build): Likewise. * guix/build-system/julia.scm (julia-build): Likewise. * guix/build-system/linux-module.scm (linux-module-build) (linux-module-build-cross): Likewise. * guix/build-system/maven.scm (maven-build): Likewise. * guix/build-system/minify.scm (minify-build): Likewise. * guix/build-system/node.scm (node-build): Likewise. * guix/build-system/qt.scm (qt-build, qt-cross-build): Likewise. * guix/build-system/r.scm (r-build): Likewise. * guix/build-system/rakudo.scm (rakudo-build): Likewise. * guix/build-system/renpy.scm (renpy-build): Likewise. * tests/builders.scm ("gnu-build"): Call 'store-lower' on 'gnu-build'. Pass #:source parameter. * tests/packages.scm ("search paths"): Use 'abort-to-prompt' instead of a normal return from the 'build' method. ("package->bag, sensitivity to %current-target-system"): Change 'build' to match the new build system signature. squash! build-system: Rewrite using gexps. squash! build-system: Rewrite using gexps. Ludovic Courtès 2020-12-15system: 'init' does not recompute the hash of each store item....Fixes <https://bugs.gnu.org/44760>. Previously, the 'register-path' call would re-traverse ITEM to compute its nar hash, even though that hash is already known in the initial store. This patch also avoids repeated opening/closing of the database. * guix/store/database.scm (call-with-database): Export. * guix/scripts/system.scm (copy-item): Add 'db' parameter. Call 'sqlite-register' instead of 'register-path'. (copy-closure): Remove redundant call to 'references*'. Call 'call-with-database' and pass the database to 'copy-item'. Ludovic Courtès 2020-11-17Merge remote-tracking branch 'origin/version-1.2.0' into master...Conflicts: gnu/packages/bioinformatics.scm The python-pysam package fixed in master was kept instead of the update done in the version-1.2.0 branch. Maxim Cournoyer 2020-11-16.dir-locals.el: Add upstream report link....Follow up from 1d6e7732b163c9e945c9e5b32c726fe3b5f09c3a. * .dir-locals.el: Modify comment to point at the report to bug-gnu-emacs. Miguel Ángel Arruga Vivas 2020-11-16.dir-locals.el: Use setq-local on guix-directory....* .dir-locals.el: Use setq-local on guix-directory. While a problem with using setq hasn't been identified, this seems like good hygiene. Christopher Lemmer Webber 2020-11-16.dir-locals.el: Prevent errors if .dir-locals.el isn't found....While this repo should presumably always have a .dir-locals.el by the nature of this file itself, it seems that this behavior "leaks". See added comment for more details on the fix to this strange bug, which is likely an upstream emacs or vc-mode issue. Thanks to Miguel Ángel Arruga Vivas and Maxim Cournoyer for helping investigate this problem. * .dir-locals.el: Don't error out if .dir-locals.el isn't found. Christopher Lemmer Webber 2020-11-12maint: update-guix-package: Optionally add sources to store....Following discussions in <https://issues.guix.gnu.org/43893>, keeping a copy of the updated package source is desirable when generating a release. * build-aux/update-guix-package.scm (version-controlled?): Remove variable. (call-with-temporary-git-worktree): Renamed from 'with-temporary-git-worktree'. Update doc. Do not change directory implicitly. Define as a procedure, not a syntax. (keep-source-in-store): New procedure. (main): Adjust to use with call-with-temporary-git-worktree. Add the sources to the store when GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set. Exit gracefully when FIND-ORIGIN-REMOTE returns #f. (%savannah-guix-git-repo-push-url-regexp): Adjust match for a potential colon separator. * Makefile.am (GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT): Adjust. * .dir-locals.el (scheme-mode): Remove entry for with-temporary-git-worktree. * doc/contributing.texi (Updating the Guix Package): Update doc. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Maxim Cournoyer 2020-11-01.dir-locals.el: Require cl-lib at runtime....* .dir-locals.el (nil)<Geiser>: Load cl-lib when needed. Miguel Ángel Arruga Vivas 2020-10-31.dir-locals.el: Automatically set the GEISER-GUILE-LOAD-PATH variable....Thanks to Miguel Ángel Arruga Vivas and Pierre Neidhardt for their suggestions and improvements. * .dir-locals.el: Set the GUIX-DIRECTORY and GEISER-GUILE-LOAD-PATH Emacs variables based on the location of the .dir-locals file. Maxim Cournoyer 2020-10-19maint: update-guix-package: Prevent accidentally breaking guix pull....Fixes <https://issues.guix.gnu.org/43893>. This changes the 'update-guix-package' tool so that it: 1. Always uses a clean checkout to compute the hash of the updated 'guix' package. 2. Ensures the commit used in the updated 'guix' package definition has already been pushed upstream. * build-aux/update-guix-package.scm (%savannah-guix-git-repo-push-url): New variable. (with-input-pipe-to-string, with-temporary-git-worktree): New syntaxes. (find-origin-remote, git-add-worktree): New procedures. (commit-already-pushed?): New predicate. (main): Check the commit used has already been pushed upstream and compute the hash from a clean checkout. * doc/contributing.texi (Updating the Guix Package): Document it. * .dir-locals.el (scheme-mode): Fix indentation of with-temporary-git-worktree. Maxim Cournoyer 2020-09-14deduplication: pass store directory to replace-with-link....This causes with-writable-file to take into consideration the actual store being used, as passed to 'deduplicate', rather than whatever (%store-directory) may return. * guix/store/deduplication.scm (replace-with-link): new keyword argument 'store'. Pass to with-writable-file. (with-writable-file, call-with-writable-file): new store argument. (deduplicate): pass store to replace-with-link. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Caleb Ristvedt 2020-09-14.dir-locals.el: fix call-with-{retrying-}transaction indenting....* .dir-locals.el (call-with-transaction, call-with-retrying-transaction): change scheme-indent-function property from 2 to 1. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Caleb Ristvedt 2020-08-26.dir-locals.el: Add indentation rule for 'package/inherit'....* .dir-locals.el (scheme-mode): Add 'package/inherit'. Ludovic Courtès 2020-06-25deduplication: Use 'dynamic-wind' when changing permissions of the parent....Suggested by Caleb Ristvedt <caleb.ristvedt@cune.org>. * guix/store/deduplication.scm (call-with-writable-file): New procedure. (with-writable-file): New macro. (replace-with-link): Use it. Ludovic Courtès 2020-06-16channels: 'latest-channel-instance' authenticates Git checkouts....Fixes <https://bugs.gnu.org/22883>. * guix/channels.scm (<channel>)[introduction]: New field. (<channel-introduction>): New record type. (%guix-channel-introduction): New variable. (%default-channels): Use it. (<channel-metadata>)[keyring-reference]: New field. (%default-keyring-reference): New variable. (read-channel-metadata, read-channel-metadata-from-source): Initialize the 'keyring-reference' field. (commit-short-id, verify-introductory-commit) (authenticate-channel): New procedures. (latest-channel-instance): Call 'authenticate-channel' when CHANNEL has an introduction. * tests/channels.scm (gpg+git-available?, commit-id-string): New procedures. ("authenticate-channel, wrong first commit signer"): ("authenticate-channel, .guix-authorizations"): New tests. * doc/guix.texi (Invoking guix pull): Mention authentication. Ludovic Courtès 2020-06-10database: separate transaction-handling and retry-handling....Previously call-with-transaction would both retry when SQLITE_BUSY errors were thrown and do what its name suggested (start and rollback/commit a transaction). This changes it to do only what its name implies, which simplifies its implementation. Retrying is provided by the new call-with-SQLITE_BUSY-retrying procedure. * guix/store/database.scm (call-with-transaction): no longer restarts, new #:restartable? argument controls whether "begin" or "begin immediate" is used. (call-with-SQLITE_BUSY-retrying, call-with-retrying-transaction, call-with-retrying-savepoint): new procedures. (register-items): use call-with-retrying-transaction to preserve old behavior. * .dir-locals.el (call-with-retrying-transaction, call-with-retrying-savepoint): add indentation information. Caleb Ristvedt 2020-06-10database: ensure update-or-insert is run within a transaction...update-or-insert can break if an insert occurs between when it decides whether to update or insert and when it actually performs that operation. Putting the check and the update/insert operation in the same transaction ensures that the update/insert will only succeed if no other write has occurred in the middle. * guix/store/database.scm (call-with-savepoint): new procedure. (update-or-insert): use call-with-savepoint to ensure the read and the insert/update occur within the same transaction. Caleb Ristvedt 2020-06-10database: rewrite query procedures in terms of with-statement....Most of our queries would fail to finalize their statements properly if sqlite returned an error during their execution. This resolves that, and also makes them somewhat more concise as a side-effect. This also makes some small changes to improve certain queries where behavior was strange or overly verbose. * guix/store/database.scm (call-with-statement): new procedure. (with-statement): new macro. (last-insert-row-id, path-id, update-or-insert, add-references): rewrite to use with-statement. (update-or-insert): factor last-insert-row-id out of the end of both branches. (add-references): remove pointless last-insert-row-id call. * .dir-locals.el (with-statement): add indenting information. Caleb Ristvedt 2020-06-06ui: 'display-search-results' automatically invokes the pager....* guix/ui.scm (call-with-paginated-output-port): New procedure. (with-paginated-output-port): New macro. (display-search-results): Use it instead of displaying a hint. Ludovic Courtès 2020-06-05git-authenticate: Add tests....* guix/tests/git.scm (call-with-environment-variables) (with-environment-variables): Remove. * guix/tests/git.scm (populate-git-repository): Add clauses for signed commits and signed merges. * guix/tests/gnupg.scm: New file. * tests/git-authenticate.scm: New file. * tests/ed25519bis.key, tests/ed25519bis.sec: New files. * Makefile.am (dist_noinst_DATA): Add 'guix/tests/gnupg.scm'. (SCM_TESTS): Add 'tests/git-authenticate.scm'. (EXTRA_DIST): Add tests/ed25519bis.{key,sec}. Ludovic Courtès