From 754137e70cf58a64ad524b704a86b651ba0cde07 Mon Sep 17 00:00:00 2001 From: Petr Stodulka Date: Wed, 14 Dec 2016 16:30:36 +0100 Subject: [PATCH] Fix CVE-2016-9844 (rhbz#1404283) Fixes buffer overflow in zipinfo in similar way like fix for CVE-2014-9913 provided by upstream. --- zipinfo.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/zipinfo.c b/zipinfo.c index c03620e..accca2a 100644 --- a/zipinfo.c +++ b/zipinfo.c @@ -1984,7 +1984,19 @@ static int zi_short(__G) /* return PK-type error code */ ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3); methbuf[3] = dtype[dnum]; } else if (methnum >= NUM_METHODS) { /* unknown */ - sprintf(&methbuf[1], "%03u", G.crec.compression_method); + /* 2016-12-05 SMS. + * https://launchpad.net/bugs/1643750 + * Unexpectedly large compression methods overflow + * &methbuf[]. Use the old, three-digit decimal format + * for values which fit. Otherwise, sacrifice the "u", + * and use four-digit hexadecimal. + */ + if (G.crec.compression_method <= 999) { + sprintf( &methbuf[ 1], "%03u", G.crec.compression_method); + } else { + sprintf( &methbuf[ 0], "%04X", G.crec.compression_method); + } + } for (k = 0; k < 15; ++k) -- 2.5.5 d9b68cfffed4'>commitdiff
path: root/gnu/packages/mpd.scm
AgeCommit message (Expand)Author
2024-11-20gnu: ncmpcpp: Update to 0.10.1....* gnu/packages/mpd.scm (ncmpcpp): Update to 0.10.1. [origin]: Change URI to github. [native-inputs]: Add libtool, autoconf-2.71, automake. [arguments]: Use G-expressions. Change-Id: Id2662c10c143736d10320550b6ce6fffe841984c Mazin AlHaddad
2024-11-02gnu: mpd-mpc: build from git source....* gnu/packages/mpd.scm (mpd-mpc)[source]: Switch to git-fetch. Change-Id: I56e11e9565c3b1d8130f3f4806d99ad55d94ee26 Zheng Junjie
2024-11-02gnu: mpd-mpc: Update to 0.35....* gnu/packages/mpd.scm (mpd-mpc): Update to 0.35. Change-Id: I72237f9fd0e9a8549ba316ae2cb65ed60f4f02c7 Ian Eure
2024-08-31gnu: mpd: Add 'bash' input for 'wrap-program'....It is required for cross-compilation. * gnu/packages/mpd.scm (sonata)[native-inputs]: Remove labels. [inputs]: Add 'bash-minimal'. (mcg)[inputs]: Likewise. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Change-Id: I46f0f5f57a6053c7b03f0a3830df3b8bc752f361 Maxime Devos
2024-08-31build-systems: gnu: Export %default-gnu-imported-modules and %default-gnu-mod......Until now users would have to cargo cult or inspect the private %default-modules variable of (guix build-systems gnu) to discover which modules to include when extending the used modules via the #:modules argument. The renaming was automated via the command: $ git grep -l %gnu-build-system-modules | xargs sed 's/%gnu-build-system-modules/%default-gnu-imported-modules/' -i * guix/build-system/gnu.scm (%gnu-build-system-modules): Rename to... (%default-gnu-imported-modules): ... this. (%default-modules): Rename to... (%default-gnu-modules): ... this. Export. (dist-package, gnu-build, gnu-cross-build): Adjust accordingly. Change-Id: Idef307fff13cb76f3182d782b26e1cd3a5c757ee Maxim Cournoyer
2024-04-03gnu: sonata: Add gvfs as an input....I'm getting the following error and this change resolves it: /gnu/store/rw6n86c008xqdbjs3nk4i7ggf6srdpgs-python-wrapper-3.10.7/bin/python: symbol lookup error: /run/current-system/profile/lib/gio/modules/libgvfsdbus.so: undefined symbol: g_task_set_static_name Change-Id: I6f74a5a867ba7c3b3d7b233916af0e75d9e5501f Signed-off-by: Christopher Baines <mail@cbaines.net> Christopher Baines