From b0716eac4e800a0ea53e1b949250f671702f28a0 Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Tue, 30 Oct 2012 15:39:24 -0400 Subject: apply workaround to CVE-2012-4527 --- mcrypt-2.6.8.orig/src/mcrypt.c +++ mcrypt-2.6.8/src/mcrypt.c @@ -41,6 +41,8 @@ # include #endif +#define WIDTH 80 + static char rcsid[] = "$Id: mcrypt.c,v 1.2 2007/11/07 17:10:21 nmav Exp $"; @@ -482,7 +484,7 @@ #ifdef HAVE_STAT if (stream_flag == FALSE) { if (is_normal_file(file[i]) == FALSE) { - sprintf(tmperr, + snprintf(tmperr, WIDTH, _ ("%s: %s is not a regular file. Skipping...\n"), program_name, file[i]); @@ -501,7 +503,7 @@ dinfile = file[i]; if ((isatty(fileno((FILE *) (stdin))) == 1) && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ - sprintf(tmperr, + snprintf(tmperr, WIDTH, _ ("%s: Encrypted data will not be read from a terminal.\n"), program_name); @@ -520,7 +522,7 @@ einfile = file[i]; if ((isatty(fileno((FILE *) (stdout))) == 1) && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ - sprintf(tmperr, + snprintf(tmperr, WIDTH, _ ("%s: Encrypted data will not be written to a terminal.\n"), program_name); @@ -544,7 +546,7 @@ strcpy(outfile, einfile); /* if file has already the .nc ignore it */ if (strstr(outfile, ".nc") != NULL) { - sprintf(tmperr, + snprintf(tmperr, WIDTH, _ ("%s: file %s has the .nc suffix... skipping...\n"), program_name, outfile); @@ -590,10 +592,10 @@ if (x == 0) { if (stream_flag == FALSE) { - sprintf(tmperr, _("File %s was decrypted.\n"), dinfile); + snprintf(tmperr, WIDTH, _("File %s was decrypted.\n"), dinfile); err_warn(tmperr); } else { - sprintf(tmperr, _("Stdin was decrypted.\n")); + snprintf(tmperr, WIDTH, _("Stdin was decrypted.\n")); err_warn(tmperr); } #ifdef HAVE_STAT @@ -610,7 +612,7 @@ } else { if (stream_flag == FALSE) { - sprintf(tmperr, + snprintf(tmperr, WIDTH, _ ("File %s was NOT decrypted successfully.\n"), dinfile); @@ -636,10 +638,10 @@ if (x == 0) { if (stream_flag == FALSE) { - sprintf(tmperr, _("File %s was encrypted.\n"), einfile); + snprintf(tmperr, WIDTH, _("File %s was encrypted.\n"), einfile); err_warn(tmperr); } else { - sprintf(tmperr, _("Stdin was encrypted.\n")); + snprintf(tmperr, WIDTH, _("Stdin was encrypted.\n")); err_warn(tmperr); } #ifdef HAVE_STAT @@ -655,7 +657,7 @@ } else { if (stream_flag == FALSE) { - sprintf(tmperr, + snprintf(tmperr, WIDTH, _ ("File %s was NOT encrypted successfully.\n"), einfile); - git v0.12 lass='msg-avail'>...This is a squashed commit of the following: commit 0dccab9f417b406f5d4aedc81900fc7b2f16c9f6 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Thu Jul 2 00:30:16 2015 +0200 Typo commit 2cd28517b13524c242c7758783b0b2d8250fdded Author: Ludovic Courtès <ludo@gnu.org> Date: Wed Jul 1 14:56:34 2015 +0200 Preserve supplementary groups of build users The following patch is an attempt to address this bug (see <http://bugs.gnu.org/18994>) by preserving the supplementary groups of build users in the build environment. In practice, I would expect that supplementary groups would contain only one or two groups: the build users group, and possibly the “kvm” group. [Changed &at(0) to data() and removed tabs - Eelco] commit 6e38685ef65284093df79ebe7378bac33b0e7e5d Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Tue Jun 30 21:41:26 2015 +0200 GC: Handle ENOSPC creating/moving to the trash directory Issue #564. commit 5e0a9ae2e25a1016389f4893a6ed6682aadcf51d Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Mon Jun 22 15:54:55 2015 +0200 Use posix_fallocate to create /nix/var/nix/db/reserved commit 4e5ab98d6d14f8b0e3bd1d77b2f4f2354e7a49a8 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Mon Jun 22 15:47:40 2015 +0200 Make /nix/var/nix/db/reserved bigger Issue #564. commit 60bda60fc06135aa97a93301b1a9e2270768f5b3 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Wed Jun 10 16:17:06 2015 +0200 Export outputPaths function This is useful for the new hydra-queue-runner. commit 5dfea34048aa8541f20aeb2fbcd163561b609a49 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Thu Jul 2 22:51:33 2015 +0200 Use std::vector::data() commit 2459458bc8257734ca78cb7a2db3df20bd730ec0 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Thu Jun 4 16:04:41 2015 +0200 Allow substitutes for builds that have preferLocalBuild set Not substituting builds with "preferLocalBuild = true" was a bad idea, because it didn't take the cost of dependencies into account. For instance, if we can't substitute a fetchgit call, then we have to download/build git and all its dependencies. Partially reverts 5558652709f27e8a887580b77b93c705659d7a4b and adds a new derivation attribute "allowSubstitutes" to specify whether a derivation may be substituted. Ludovic Courtès