From 4876e3a692739bb9ca00d0f500fd5f4b3eb16ce3 Mon Sep 17 00:00:00 2001
From: Tom Callaway <spot@fedoraproject.org>
Date: Fri, 7 Sep 2012 11:39:29 -0400
Subject: apply fix for CVE-2012-4409 (thanks to Raphael Geissert)

---
 mcrypt-CVE-2012-4409.patch | 12 ++++++++++++
 mcrypt.spec                | 10 +++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 mcrypt-CVE-2012-4409.patch
diff --git a/mcrypt-CVE-2012-4409.patch b/mcrypt-CVE-2012-4409.patch
new file mode 100644
index 0000000..747f428
--- /dev/null
+++ b/mcrypt-CVE-2012-4409.patch
@@ -0,0 +1,12 @@
+diff -up mcrypt-2.6.8/src/extra.c.CVE-2012-4409 mcrypt-2.6.8/src/extra.c
+--- mcrypt-2.6.8/src/extra.c.CVE-2012-4409	2012-09-07 11:00:55.906870746 -0400
++++ mcrypt-2.6.8/src/extra.c	2012-09-07 11:00:27.967858365 -0400
+@@ -242,6 +242,8 @@ int check_file_head(FILE * fstream, char
+ 			if (m_getbit(0, sflag) != 0) { /* if the first bit is set */
+ 				*salt_size = m_setbit(0, sflag, 0);
+ 				if (*salt_size > 0) {
++					if (*salt_size > sizeof(tmp_buf))
++						err_quit(_("Salt is too long\n"));
+ 					fread(tmp_buf, 1, *salt_size,
+ 					      fstream);
+ 					memmove(salt, tmp_buf, *salt_size);
 
-- 
cgit v0.12

ref='/guix/tree/tests/hexpm.scm?id=011bf3280b823d2ae1d2fb5c1402c380e0e6320e'>tree</a><a href='/guix/commit/tests/hexpm.scm?id=011bf3280b823d2ae1d2fb5c1402c380e0e6320e'>commit</a><a href='/guix/diff/tests/hexpm.scm?id=011bf3280b823d2ae1d2fb5c1402c380e0e6320e'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/hexpm.scm'>
<input type='hidden' name='id' value='011bf3280b823d2ae1d2fb5c1402c380e0e6320e'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=011bf3280b823d2ae1d2fb5c1402c380e0e6320e'>root</a>/<a href='/guix/log/tests?id=011bf3280b823d2ae1d2fb5c1402c380e0e6320e'>tests</a>/<a href='/guix/log/tests/hexpm.scm?id=011bf3280b823d2ae1d2fb5c1402c380e0e6320e'>hexpm.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/hexpm.scm?id=011bf3280b823d2ae1d2fb5c1402c380e0e6320e&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-06-03 22:58:53 +0200'>2024-06-03</span></td><td><a href='/guix/commit/tests/hexpm.scm?id=510ad5d93c0ba6208aa42815863853ec522352e6'>import: utils: End package descriptions with period.</a><span class='msg-avail'>...<span class='msg-tooltip'>* guix/import/utils.scm (beautify-description): Append period to last
words which do not end with one.
* tests/crate.scm: Append period to descriptions.
* tests/elm.scm: Append period to descriptions.
* tests/gem.scm: Append period to descriptions.
* tests/hexpm.scm: Append period to descriptions.
* tests/minetest.scm: Append period to descriptions.
* tests/pypi.scm: Append period to descriptions.
* tests/import-utils.scm ("beautify-description: transform fragment into
sentence"): Likewise.

Change-Id: I0b12c4d94cb26cf62fab5b7cbf7885e66ff6c10f
Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Herman Rimm</td></tr>
<tr><td><span title='2023-05-31 23:50:06 +0200'>2023-05-31</span></td><td><a href='/guix/commit/tests/hexpm.scm?id=654fcf9971bb01389d577be07c6ec0f68940c743'>tests: Use quasiquoted 'match' patterns for package sexps.</a><span class='msg-avail'>...<span class='msg-tooltip'>Turns out it's easier to read.

* tests/cpan.scm ("cpan-&gt;guix-package"): Use a quasiquoted pattern.
* tests/elpa.scm (eval-test-with-elpa): Likewise.
* tests/gem.scm ("gem-&gt;guix-package")
("gem-&gt;guix-package with a specific version")
("gem-recursive-import")
("gem-recursive-import with a specific version"): Likewise.
* tests/hexpm.scm ("hexpm-recursive-import"): Likewise.
* tests/opam.scm ("opam-&gt;guix-package"): Likewise.
* tests/pypi.scm ("pypi-&gt;guix-package, no wheel")
("pypi-&gt;guix-package, wheels")
("pypi-&gt;guix-package, no usable requirement file.")
("pypi-&gt;guix-package, package name contains \"-\" followed by digits"):
Likewise.
* tests/texlive.scm ("texlive-&gt;guix-package"): Likewise.
</span></span></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2024-06-03	import: utils: End package descriptions with period....* guix/import/utils.scm (beautify-description): Append period to last words which do not end with one. * tests/crate.scm: Append period to descriptions. * tests/elm.scm: Append period to descriptions. * tests/gem.scm: Append period to descriptions. * tests/hexpm.scm: Append period to descriptions. * tests/minetest.scm: Append period to descriptions. * tests/pypi.scm: Append period to descriptions. * tests/import-utils.scm ("beautify-description: transform fragment into sentence"): Likewise. Change-Id: I0b12c4d94cb26cf62fab5b7cbf7885e66ff6c10f Signed-off-by: Ludovic Courtès <ludo@gnu.org>	Herman Rimm
2023-05-31	tests: Use quasiquoted 'match' patterns for package sexps....Turns out it's easier to read. * tests/cpan.scm ("cpan->guix-package"): Use a quasiquoted pattern. * tests/elpa.scm (eval-test-with-elpa): Likewise. * tests/gem.scm ("gem->guix-package") ("gem->guix-package with a specific version") ("gem-recursive-import") ("gem-recursive-import with a specific version"): Likewise. * tests/hexpm.scm ("hexpm-recursive-import"): Likewise. * tests/opam.scm ("opam->guix-package"): Likewise. * tests/pypi.scm ("pypi->guix-package, no wheel") ("pypi->guix-package, wheels") ("pypi->guix-package, no usable requirement file.") ("pypi->guix-package, package name contains \"-\" followed by digits"): Likewise. * tests/texlive.scm ("texlive->guix-package"): Likewise.	Ludovic Courtès