From 754137e70cf58a64ad524b704a86b651ba0cde07 Mon Sep 17 00:00:00 2001 From: Petr Stodulka Date: Wed, 14 Dec 2016 16:30:36 +0100 Subject: [PATCH] Fix CVE-2016-9844 (rhbz#1404283) Fixes buffer overflow in zipinfo in similar way like fix for CVE-2014-9913 provided by upstream. --- zipinfo.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/zipinfo.c b/zipinfo.c index c03620e..accca2a 100644 --- a/zipinfo.c +++ b/zipinfo.c @@ -1984,7 +1984,19 @@ static int zi_short(__G) /* return PK-type error code */ ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3); methbuf[3] = dtype[dnum]; } else if (methnum >= NUM_METHODS) { /* unknown */ - sprintf(&methbuf[1], "%03u", G.crec.compression_method); + /* 2016-12-05 SMS. + * https://launchpad.net/bugs/1643750 + * Unexpectedly large compression methods overflow + * &methbuf[]. Use the old, three-digit decimal format + * for values which fit. Otherwise, sacrifice the "u", + * and use four-digit hexadecimal. + */ + if (G.crec.compression_method <= 999) { + sprintf( &methbuf[ 1], "%03u", G.crec.compression_method); + } else { + sprintf( &methbuf[ 0], "%04X", G.crec.compression_method); + } + } for (k = 0; k < 15; ++k) -- 2.5.5 diff
path: root/gnu/packages.scm
AgeCommit message (Expand)Author
2022-06-06packages: Use SRFI-71 instead of SRFI-11....* gnu/packages.scm (%package-module-path): Use 'let*' instead of 'let*-values'. (specification->package, specification->location) (specification->package+output): Use 'let' instead of 'let-values'. Ludovic Courtès
2022-06-06packages: Add 'specifications->packages'....* gnu/packages.scm (specifications->packages): New procedure. * guix/scripts/home/import.scm (manifest+configuration-files->code): Use it. * tests/home-import.scm (match-home-environment-no-services) (match-home-environment-no-services-nor-packages) (match-home-environment-bash-service) (match-home-environment-bash-service-with-alias): Adjust 'packages' field accordingly. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Antero Mejr
2022-04-04packages: Add 'package-unique-version-prefix'....* gnu/packages.scm (package-unique-version-prefix): New procedure. * guix/scripts/package.scm (manifest-entry-version-prefix): Use it. * tests/packages.scm ("package-unique-version-prefix, gcc@8") ("package-unique-version-prefix, grep"): New tests. Ludovic Courtès
2022-01-11shell: Cache profiles even when using package specs....This enables profile caching not just when '-m' or '-f' is used, but also when package specs are passed on the command line, as in: guix shell -D guix git It also changes profile cache keys to include the system type, which was previously ignored. * guix/scripts/shell.scm (options-with-caching)[single-file-for-caching]: Remove. Call 'profile-cached-gc-root' instead; adjust to accept two values. (profile-cache-primary-key): New procedure. (profile-cache-key): Remove. (profile-file-cache-key, profile-spec-cache-key): New procedures. (profile-cached-gc-root): Rewrite to include functionality formally in 'single-file-for-caching', but extend to handle package specs. * gnu/packages.scm (cache-is-authoritative?): Export. * guix/transformations.scm (transformation-option-key?): New procedure. * doc/guix.texi (Invoking guix shell): Move '--rebuild-cache' documentation to the bottom, just above '--root'. Explain caching and how these two options relate to that. Ludovic Courtès