From 754137e70cf58a64ad524b704a86b651ba0cde07 Mon Sep 17 00:00:00 2001 From: Petr Stodulka Date: Wed, 14 Dec 2016 16:30:36 +0100 Subject: [PATCH] Fix CVE-2016-9844 (rhbz#1404283) Fixes buffer overflow in zipinfo in similar way like fix for CVE-2014-9913 provided by upstream. --- zipinfo.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/zipinfo.c b/zipinfo.c index c03620e..accca2a 100644 --- a/zipinfo.c +++ b/zipinfo.c @@ -1984,7 +1984,19 @@ static int zi_short(__G) /* return PK-type error code */ ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3); methbuf[3] = dtype[dnum]; } else if (methnum >= NUM_METHODS) { /* unknown */ - sprintf(&methbuf[1], "%03u", G.crec.compression_method); + /* 2016-12-05 SMS. + * https://launchpad.net/bugs/1643750 + * Unexpectedly large compression methods overflow + * &methbuf[]. Use the old, three-digit decimal format + * for values which fit. Otherwise, sacrifice the "u", + * and use four-digit hexadecimal. + */ + if (G.crec.compression_method <= 999) { + sprintf( &methbuf[ 1], "%03u", G.crec.compression_method); + } else { + sprintf( &methbuf[ 0], "%04X", G.crec.compression_method); + } + } for (k = 0; k < 15; ++k) -- 2.5.5 67b0dc41742aac8e9ee965d2e21595c52c4dd'>commitdiff
path: root/gnu/bootloader/u-boot.scm
/span>
AgeCommit message (Expand)Author
2021-05-29gnu: bootloader: Fix install-allwinner64-u-boot....This fixes boot breakage introduced in commit: a65c935e29766940148d52b8116634b1e1cbcba6 Multiple files were still needed, but the filenames changed. * gnu/bootloader/u-boot.scm (install-allwinner64-u-boot): Update to use both SPL and u-boot files with new filenames. Vagrant Cascadian
2021-02-08gnu: bootloader: Update install-allwinner64-u-boot....* gnu/bootloader/u-boot.scm (install-allwinner64-u-boot): Update to use a single file to install. Vagrant Cascadian
2021-02-08gnu: u-boot-puma-rk3399: Switch to using arm-trusted-firmware-rk3399....* gnu/packages/bootloaders.scm (u-boot-puma-rk3399)[native-inputs]: Add arm-trusted-firmware-rk3399. Remove arm-trusted-firmware-puma-rk3399 and rk3399-cortex-m0. * gnu/packages/firmware.scm (arm-trusted-firmware-puma-rk3399, rk3399-cortex-m0): Remove obsolete variables. * gnu/bootloader/u-boot.scm (install-puma-rk3399-u-boot): Install idbloader.img. Vagrant Cascadian
2020-10-05bootloader: Fix u-boot installation....This is a follow-up of f19cf27c2b9ff92e2c0fd931ef7fde39c376adaa. The bootloader installation must be done on the final disk-image, hence using "disk-image-installer" instead of "installer" callback. * gnu/bootloader/u-boot.scm: Turn all installer callbacks into disk-image-installer callbacks. * gnu/build/bootloader.scm (write-file-on-device): Open the output file with 'no-truncate and 'no-create options. * gnu/system/image.scm (with-imported-modules*): Add (gnu build bootloader) module. Mathieu Othacehe
2020-04-20gnu: Add u-boot-pinebook-pro-rk3399....* gnu/packages/bootloaders (u-boot-pinebook-pro-rk3399): New variable. * gnu/packages/patches/u-boot-DT-for-Pinebook-Pro.patch: New file. * gnu/packages/patches/u-boot-add-boe-nv140fhmn49-display.patch: New file. * gnu/packages/patches/u-boot-gpio-keys-binding-cons.patch: New file. * gnu/packages/patches/u-boot-leds-common-binding-con.patch: New file. * gnu/packages/patches/u-boot-support-Pinebook-Pro-laptop.patch: New file. * gnu/packages/patches/u-boot-video-rockchip-fix-build.patch: New file. * gnu/local.mk (dist_patch_DATA): Add new patches. * gnu/bootloader/u-boot.scm (install-pinebook-pro-rk3399-u-boot, u-boot-pinebook-pro-rk3399-bootloader): New variable. Co-authored-by: Jan Nieuwenhuizen <janneke@gnu.org> Vagrant Cascadian
gnu: Add convenience macros to make module imports more concise....* gnu.scm (use-package-modules, use-service-modules, use-system-modules): New macros. Joshua S. Grant
2014-09-09Have (gnu) re-export (guix gexp)....* gnu.scm (%public-modules): Add '(guix gexp)'. Ludovic Courtès
2014-05-22Add (gnu) module....* gnu.scm: New file. * gnu-system.am (GNU_SYSTEM_MODULES): Add it. * build-aux/hydra/demo-os.scm: Use (gnu) and strip import list accordingly. * doc/guix.texi (Using the Configuration System): Adjust example accordingly. Ludovic Courtès