Fixes this buffer overflow: https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a Patch copied from upstream source repository: https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a From e37b620fe8f14535d737e89a4dcabaed4517bf1a Mon Sep 17 00:00:00 2001 From: Tim Kientzle Date: Sun, 21 Aug 2016 10:51:43 -0700 Subject: [PATCH] Issue #767: Buffer overflow printing a filename The safe_fprintf function attempts to ensure clean output for an arbitrary sequence of bytes by doing a trial conversion of the multibyte characters to wide characters -- if the resulting wide character is printable then we pass through the corresponding bytes unaltered, otherwise, we convert them to C-style ASCII escapes. The stack trace in Issue #767 suggest that the 20-byte buffer was getting overflowed trying to format a non-printable multibyte character. This should only happen if there is a valid multibyte character of more than 5 bytes that was unprintable. (Each byte would get expanded to a four-charcter octal-style escape of the form "\123" resulting in >20 characters for the >5 byte multibyte character.) I've not been able to reproduce this, but have expanded the conversion buffer to 128 bytes on the belief that no multibyte character set has a single character of more than 32 bytes. --- tar/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tar/util.c b/tar/util.c index 9ff22f2..2b4aebe 100644 --- a/tar/util.c +++ b/tar/util.c @@ -182,7 +182,7 @@ safe_fprintf(FILE *f, const char *fmt, ...) } /* If our output buffer is full, dump it and keep going. */ - if (i > (sizeof(outbuff) - 20)) { + if (i > (sizeof(outbuff) - 128)) { outbuff[i] = '\0'; fprintf(f, "%s", outbuff); i = 0; alue=''/>
path: root/gnu/machine
AgeCommit message (Expand)Author
2021-08-29Migrate to the new 'targets' field of bootloader-configuration....The old 'target' field is deprecated; adjust the sources to use the new 'targets' one instead. * doc/guix-cookbook.texi<target>: Replace by 'targets'. * gnu/bootloader/grub.scm: Likewise. * gnu/installer/parted.scm: Likewise. * gnu/machine/digital-ocean.scm: Likewise. * gnu/system/examples/asus-c201.tmpl: Likewise * gnu/system/examples/bare-bones.tmpl: Likewise * gnu/system/examples/bare-hurd.tmpl: Likewise * gnu/system/examples/beaglebone-black.tmpl: Likewise * gnu/system/examples/desktop.tmpl: Likewise * gnu/system/examples/docker-image.tmpl: Likewise * gnu/system/examples/lightweight-desktop.tmpl: Likewise * gnu/system/examples/vm-image.tmpl: Likewise * gnu/system/examples/yggdrasil.tmpl: Likewise * gnu/system/hurd.scm: Likewise * gnu/system/images/hurd.scm: Likewise * gnu/system/images/novena.scm: Likewise * gnu/system/images/pine64.scm: Likewise * gnu/system/images/pinebook-pro.scm: Likewise * gnu/system/images/rock64.scm: Likewise * gnu/system/install.scm: Likewise * gnu/system/vm.scm: Likewise * gnu/tests.scm: Likewise * gnu/tests/ganeti.scm: Likewise * gnu/tests/install.scm: Likewise * gnu/tests/nfs.scm: Likewise * gnu/tests/telephony.scm: Likewise * tests/boot-parameters.scm: Likewise * tests/system.scm: Likewise Maxim Cournoyer
2021-06-20services: openssh: Replace 'without-password' by 'prohibit-password'....For some time, OpenSSH's option 'PermitRootLogin' has deprecated the ambiguous argument 'without-password' with 'prohibit-password'. * doc/guix.texi (Network Services): Replace 'without-password by 'prohibit-password. * gnu/machine/digital-ocean.scm (guix-infect): Change system configuration to use 'prohibit-password. * gnu/services/ssh.scm (openssh-configuration): Change comment to use 'prohibit-password. (openssh-config-file): Add support for 'prohibit-password to 'permit-root-login'. Warn about deprecated 'without-password usage. * gnu/tests/ganeti.scm (%ganeti-os): Replace 'without-password by 'prohibit-password. Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr> Brice Waegeneire
2021-06-03machine: ssh: Respect calling convention for monadic procedures....Fixes a regression introduced in 2885c3568edec35086f8feeae5b60259cbea407c. Reported by Mathieu Othacehe. * gnu/machine/ssh.scm (deploy-managed-host)[eval/error-handling]: Return two values in the standard case. Ludovic Courtès
2021-06-01machine: ssh: Gracefully handle failure of the effectful bits....Previously, '&inferior-exception' raised by 'upgrade-shepherd-services' and co. would go through as-is, leaving users with an ugly backtrace. * gnu/machine/ssh.scm (deploy-managed-host): Define 'eval/error-handling' and use it in lieu of EVAL as arguments to 'switch-to-system', 'upgrade-shepherd-services', and 'install-bootloader'. Ludovic Courtès
2021-02-25machine: ssh: Use 'formatted-message'....* gnu/machine/ssh.scm (machine-check-initrd-modules): Use 'formatted-message' instead of 'format' + '&message'. Ludovic Courtès