Copied from Debian.

From: Petr Stodulka <pstodulk@redhat.com>
Date: Mon, 14 Sep 2015 18:23:17 +0200
Subject: Upstream fix for heap overflow
Bug-Debian: https://bugs.debian.org/802162
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002
Forwarded: yes

---
 crypt.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

--- a/crypt.c
+++ b/crypt.c
@@ -465,7 +465,17 @@
     GLOBAL(pInfo->encrypted) = FALSE;
     defer_leftover_input(__G);
     for (n = 0; n < RAND_HEAD_LEN; n++) {
-        b = NEXTBYTE;
+        /* 2012-11-23 SMS.  (OUSPG report.)
+         * Quit early if compressed size < HEAD_LEN.  The resulting
+         * error message ("unable to get password") could be improved,
+         * but it's better than trying to read nonexistent data, and
+         * then continuing with a negative G.csize.  (See
+         * fileio.c:readbyte()).
+         */
+        if ((b = NEXTBYTE) == (ush)EOF)
+        {
+            return PK_ERR;
+        }
         h[n] = (uch)b;
         Trace((stdout, " (%02x)", h[n]));
     }
f3085df1c64c23a00c8f0da'>refs</a><a href='/guix/log/'>log</a><a href='/guix/tree/?id=60a989469743327e0f3085df1c64c23a00c8f0da'>tree</a><a class='active' href='/guix/commit/?id=60a989469743327e0f3085df1c64c23a00c8f0da'>commit</a><a href='/guix/diff/?id=60a989469743327e0f3085df1c64c23a00c8f0da'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/'>
<input type='hidden' name='id' value='60a989469743327e0f3085df1c64c23a00c8f0da'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='content'><div class='cgit-panel'><b>diff options</b><form method='get'><input type='hidden' name='id' value='60a989469743327e0f3085df1c64c23a00c8f0da'/><table><tr><td colspan='2'/></tr><tr><td class='label'>context:</td><td class='ctrl'><select name='context' onchange='this.form.submit();'><option value='1'>1</option><option value='2'>2</option><option value='3' selected='selected'>3</option><option value='4'>4</option><option value='5'>5</option><option value='6'>6</option><option value='7'>7</option><option value='8'>8</option><option value='9'>9</option><option value='10'>10</option><option value='15'>15</option><option value='20'>20</option><option value='25'>25</option><option value='30'>30</option><option value='35'>35</option><option value='40'>40</option></select></td></tr><tr><td class='label'>space:</td><td class='ctrl'><select name='ignorews' onchange='this.form.submit();'><option value='0' selected='selected'>include</option><option value='1'>ignore</option></select></td></tr><tr><td class='label'>mode:</td><td class='ctrl'><select name='dt' onchange='this.form.submit();'><option value='0' selected='selected'>unified</option><option value='1'>ssdiff</option><option value='2'>stat only</option></select></td></tr><tr><td/><td class='ctrl'><noscript><input type='submit' value='reload'/></noscript></td></tr></table></form></div><table summary='commit info' class='commit-info'>
<tr><th>author</th><td>Efraim Flashner &lt;efraim@flashner.co.il&gt;</td><td class='right'>2024-03-16 21:48:31 +0200</td></tr>
<tr><th>committer</th><td>Efraim Flashner &lt;efraim@flashner.co.il&gt;</td><td class='right'>2024-07-19 00:41:53 +0300</td></tr>
<tr><th>commit</th><td colspan='2' class='oid'><a href='/guix/commit/?id=60a989469743327e0f3085df1c64c23a00c8f0da'>60a989469743327e0f3085df1c64c23a00c8f0da</a> (<a href='/guix/patch/?id=60a989469743327e0f3085df1c64c23a00c8f0da'>patch</a>)</td></tr>
<tr><th>tree</th><td colspan='2' class='oid'><a href='/guix/tree/?id=60a989469743327e0f3085df1c64c23a00c8f0da'>91045e1a9dcbeadb666f57ce5c7be6ae897feda6</a></td></tr>
<tr><th>parent</th><td colspan='2' class='oid'><a href='/guix/commit/?id=c0865319a77cbbba17bc22beb002e601e80d0dd4'>c0865319a77cbbba17bc22beb002e601e80d0dd4</a> (<a href='/guix/diff/?id=60a989469743327e0f3085df1c64c23a00c8f0da&amp;id2=c0865319a77cbbba17bc22beb002e601e80d0dd4'>diff</a>)</td></tr><tr><th>download</th><td colspan='2' class='oid'><a href='/guix/snapshot/guix-60a989469743327e0f3085df1c64c23a00c8f0da.tar.gz'>guix-60a989469743327e0f3085df1c64c23a00c8f0da.tar.gz</a><br/><a href='/guix/snapshot/guix-60a989469743327e0f3085df1c64c23a00c8f0da.zip'>guix-60a989469743327e0f3085df1c64c23a00c8f0da.zip</a><br/></td></tr></table>
<div class='commit-subject'>gnu: Add rust-polars-0.37.</div><div class='commit-msg'>* gnu/packages/crates-io.scm (rust-polars-0.37): New variable.
(rust-polars-0.17): Inherit from rust-polars-0.37.

Change-Id: Ibd9371383eeed796d28e72f49a9208f7a4537722
</div><div class='diffstat-header'><a href='/guix/diff/?id=60a989469743327e0f3085df1c64c23a00c8f0da'>Diffstat</a></div><table summary='diffstat' class='diffstat'><tr><td class='mode'>-rw-r--r--</td><td class='upd'><a href='/guix/diff/gnu/packages/crates-io.scm?id=60a989469743327e0f3085df1c64c23a00c8f0da'>gnu/packages/crates-io.scm</a></td><td class='right'>42</td><td class='graph'><table summary='file diffstat' width='42%'><tr><td class='add' style='width: 83.3%;'/><td class='rem' style='width: 16.7%;'/><td class='none' style='width: 0.0%;'/></tr></table></td></tr>
</table><div class='diffstat-summary'>1 files changed, 35 insertions, 7 deletions</div><table summary='diff' class='diff'><tr><td><div class='head'>diff --git a/gnu/packages/crates-io.scm b/gnu/packages/crates-io.scm<br/>index ced43d4556..975b7dce27 100644<br/>--- a/<a href='/guix/tree/gnu/packages/crates-io.scm?id=c0865319a77cbbba17bc22beb002e601e80d0dd4'>gnu/packages/crates-io.scm</a><br/>+++ b/<a href='/guix/tree/gnu/packages/crates-io.scm?id=60a989469743327e0f3085df1c64c23a00c8f0da'>gnu/packages/crates-io.scm</a></div>