aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/antiword-CVE-2014-8123.patch
blob: d8d346a63469d594db71577ae3c1d9e8900dc2f8 (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Description: Add check for buffer overflow with malformed input files
 This was later re-found and became CVE-2014-8123. 
Author: <eriks@debian.org>
Bug-Debian: http://bugs.debian.org/407015
Bug-Debian: https://bugs.debian.org/771768
Forwarded: http://seclists.org/oss-sec/2014/q4/870
Last-Update: 2016-01-11

--- antiword-0.37~/wordole.c	2005-08-26 21:49:57.000000000 +0200
+++ antiword-0.37/wordole.c	2009-06-03 22:31:15.948014682 +0200
@@ -259,6 +259,10 @@
 		}
 		tNameSize = (size_t)usGetWord(0x40, aucBytes);
 		tNameSize = (tNameSize + 1) / 2;
+		if ( tNameSize > sizeof(atPPSlist[iIndex].szName)) {
+			werr(0, "Name Size of PPS %d is too large", iIndex);
+			tNameSize = sizeof(atPPSlist[iIndex].szName);
+		}
 		vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
 		atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
 		if (atPPSlist[iIndex].ucType == 5) {
essor....* gnu/services/databases.scm: Export POSTGRESQL-CONFIGURATION-EXTENSION-PACKAGES. Marius Bakke 2021-12-05Merge remote-tracking branch 'origin/master' into core-updates-frozenRicardo Wurmus 2021-11-30services: Accept <inferior-package>s in lieu of <package>s....* gnu/services/authentication.scm (fprintd-configuration) (nslcd-configuration): Substitute file-like objects for package ones. * gnu/services/cgit.scm (cgit-configuration, opaque-cgit-configuration): Likewise. * gnu/services/cups.scm (package-list?, cups-configuration): Likewise. * gnu/services/dns.scm (verify-knot-configuration) (ddclient-configuration): Likewise. * gnu/services/docker.scm (docker-configuration): Likewise. * gnu/services/file-sharing.scm (transmission-daemon-configuration): Likewise. * gnu/services/getmail.scm (getmail-configuration): Likewise. * gnu/services/mail.scm (dovecot-configuration) (opaque-dovecot-configuration): Likewise. * gnu/services/messaging.scm (prosody-configuration) (opaque-prosody-configuration): Likewise. * gnu/services/monitoring.scm (zabbix-server-configuration) (zabbix-agent-configuration): Likewise. * gnu/services/networking.scm (opendht-configuration): Likewise. * gnu/services/pm.scm (tlp-configuration): Likewise. * gnu/services/telephony.scm (jami-configuration): Likewise. * gnu/services/virtualization.scm (libvirt-configuration) (qemu-guest-agent-configuration): Likewise. * gnu/services/vpn.scm (openvpn-client-configuration): Likewise. Tobias Geerinckx-Rice 2021-09-27services: database: Change postgresql default socket....Adapt to the postgresql default socket directory set to /var/run/postgresql. * gnu/services/databases.scm (<postgresql-config-file>)[socket-directory]: Set to /var/run/postgresql. (<postgresql-role-configuration>): Ditto. * gnu/tests/databases.scm (run-postgresql-test): Adapt it. Mathieu Othacehe 2021-04-27services: mysql: Add extra-environment as configuration option....* gnu/services/databases.scm (mysql-configuration): Add extra-environment (mysql-service): Use #:log-file and #:environment-variables * doc/guix.texi: Document it. Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at> methuselah-0 2021-04-14Revert "services: mysql: Add extra-environment as configuration option."...This reverts commit f3626119d738f30b5ab59e76c105fd7b4c077ddc. This commit inadvertently broke a string freeze. Let's be nice to our translators and not do that. Leo Prikler 2021-04-13services: postgresql: Use "/tmp" host directory....This is a follow-up of c311147bd16aa0e5746d9cbf31502f5fd61e470c. * gnu/services/databases.scm (<postgresql-role-configuration>)[host]: Set to "/tmp" which the default Postgresql socket directory. Mathieu Othacehe 2021-04-13services: mysql: Add extra-environment as configuration option....* gnu/services/databases.scm (mysql-configuration): Add extra-environment (mysql-service): Use #:log-file and #:environment-variables * doc/guix.texi: Document it. Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at> methuselah-0 2021-04-12services: postgresql: Change service default socket directory....Fixes <https://bugs.gnu.org/46737>. PostgreSQL running with a different socket directory to the default one in the package itself breaks some services, this commit restores the previous behaviour where PostgreSQL by default will run with a socket directory that matches the default used by PostgreSQL packaged for Guix. Switching to a different default value can happen, but only alongside changing the PostgreSQL package. * gnu/services/databases.scm (<postgresql-config-file>)[socket-directory]: Change default to #false. * doc/guix.texi (Database Services): Update documentation, and specify a different value for disabling connections via sockets. * gnu/tests/guix.scm (%guix-data-service-os): Use default PostgreSQL behaviour. * gnu/tests/monitoring.scm (%zabbix-os): Likewise. * gnu/tests/web.scm (patchwork-os): Likewise. Signed-off-by: Leo Famulari <leo@famulari.name> Christopher Baines 2021-03-16gnu: Remove MongoDB....mongodb 3.4.10 has unpatched CVEs and mongodb 3.4.24 has some files in the release tarball under the SSPL, therefore we cannot provide mongodb while upholding to good security standards. It turns out feff80cec3c97a3df2c20d300be12d67f79d4f22 was right since while the main license file wasnt altered to SSPL, some files in the tree contain SSPL headers. * gnu/packages/databases.scm (go-gopkg.in-mgo.v2): Remove. * gnu/packages/databases.scm (mongo-tools): Remove. * doc/guix.texi (mongodb-service-type): Remove. * gnu/tests/databases.scm (%test-mongodb, %mongodb-os, run-mongodb-test): Remove. * gnu/services/databases.scm (mongodb-configuration, mongodb-configuration?, mongodb-configuration-mongodb, mongodb-configuration-config-file, mongodb-configuration-data-directory, mongodb-service-type, %default-mongodb-configuration-file, %mongodb-accounts, mongodb-activation, mongodb-shepherd-service): Remove. * gnu/packages/databases.scm (mongodb): Remove. Léo Le Bouter 2021-02-23services: postgresql-roles: Fix race condition....Make sure that the postgresql-roles script is completed before declaring the postgresql-roles service as started. * gnu/services/databases.scm (postgresql-create-roles): Return the command line instead of a program-file. (postgresql-role-shepherd-service): Use fork+exec-command to start the role creation script and wait for its completion before returning. Mathieu Othacehe 2021-02-22services: postgresql: Define a default value....* gnu/services/databases.scm (postgresql-service-type): Define a default value. Mathieu Othacehe 2021-02-06services: PostgreSQL: Quote database names....* gnu/services/databases.scm (postgresql-create-roles): Quote the name in the SQL query so that roles/usernames containing hyphens will work. Marius Bakke 2021-01-28services: postgresql: Add postgresql-role-service-type....* gnu/services/databases.scm (postgresql-role, postgresql-role?, postgresql-role-name, postgresql-role-permissions, postgresql-role-create-database?, postgresql-role-configuration, postgresql-role-configuration?, postgresql-role-configuration-host, postgresql-role-configuration-roles, postgresql-role-service-type): New procedures. * gnu/tests/databases.scm: Test it. * doc/guix.texi: Document it. Mathieu Othacehe 2021-01-28services: postgresql: Wrap long lines....* gnu/services/databases.scm: Wrap long lines, no functional change. Mathieu Othacehe 2021-01-28services: postgresql: Add log directory support....* gnu/services/databases.scm (postgresql-configuration-log-directory): New procedure. (<postgresql-configuration>)[log-directory]: New field. (postgresql-activation): Create the log directory. (postgresql-shepherd-service): Honor it. * gnu/tests/databases.scm (%postgresql-log-directory): New variable. (log-file): New test case. * doc/guix.texi (Database Services): Document it. Mathieu Othacehe 2021-01-28services: postgresql: Add socket directory support....* gnu/services/databases.scm (postgresql-config-file-socket-directory): New procedure. (<postgresql-config-file>)[socket-directory]: New field. (postgresql-config-file-compiler): Honor it. (postgresql-activation): Create the socket directory if needed. * doc/guix.texi (Database Services): Document it. * gnu/tests/guix.scm (%guix-data-service-os): Adapt it. * gnu/tests/monitoring.scm (%zabbix-os): Ditto. * gnu/tests/web.scm (patchwork-os): Ditto. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Mathieu Othacehe 2021-01-28services: postgresql: Use Guile datatypes....* gnu/services/databases.scm (postgresql-config-file-compiler): Support Guile datatypes in the "extra-config" field. * gnu/tests/databases.scm (%postgresql-os): Test it. * doc/guix.texi (Database Services): Document it. Mathieu Othacehe 2020-12-01services: MySQL: Fix indentation....* gnu/services/databases.scm (mysql-upgrade-wrapper): Adjust indentation. Marius Bakke 2020-12-01services: databases: Do not export record type descriptors....* gnu/services/databases.scm (<postgresql-config-file>, <postgresql-configuration>, <memcached-configuration>, <mongodb-configuration>): Remove exports. Marius Bakke 2020-11-28services: MySQL: Upgrade database schemas automatically....* gnu/services/databases.scm (<mysql-configuration>): Add AUTO-UPGRADE? field. (mysql-upgrade-wrapper, mysql-upgrade-shepherd-service, mysql-shepherd-services): New variables. (mysql-service-type): Use MYSQL-SHEPHERD-SERVICES instead of MYSQL-SHEPHERD-SERVICE. * doc/guix.texi (Database Services): Document the AUTO-UPGRADE? field of MYSQL-SERVICE-TYPE. * gnu/tests/databases.scm (run-mysql-test): Test that mysql_upgrade has run. Marius Bakke 2020-11-28services: MySQL: Make the socket configurable....* gnu/services/databases.scm (<mysql-configuration>): Add SOCKET field. (mysql-configuration-file): Adjust accordingly. * doc/guix.texi (Database Services): Likewise. Marius Bakke 2020-11-28services: MySQL: Bind to localhost only by default....* gnu/services/databases.scm (<mysql-configuration>): Add BIND-ADDRESS field. (mysql-configuration-file): Adjust accordingly. * doc/guix.texi (Database Services): Document it. Marius Bakke 2020-11-28services: MySQL: Deprecate 'mysql-service'....* gnu/services/databases.scm (mysql-service): Define in terms of DEFINE-DEPRECATED. * gnu/tests/databases.scm (%mysql-os): Adjust accordingly. * doc/guix.texi (Database Services): Adjust the MariaDB/MySQL section to document MYSQL-SERVICE-TYPE instead of MYSQL-SERVICE. While at it, document the EXTRA-CONTENT field. Marius Bakke 2020-10-20services: databases: Don't specify a default postgresql version....Currently, if the postgresql package major version changes, this is going to break the service upon upgrade, because PostgreSQL will reject the data files from the differing major version of the service. Because it's important to either keep running a particular major version, or intentionally upgrade, I think the configuration would be better with no default. I think this is also going to be helpful when trying to assist users upgrading PostgreSQL. * gnu/services/databases.scm (<postgresql-configuration>): Remove default for postgresql. (postgresql-service-type): Remove the default value. * gnu/tests/databases.scm (%postgresql-os): Update accordingly. * gnu/tests/guix.scm (%guix-data-service-os): Update accordingly. * gnu/tests/monitoring.scm (%zabbix-os): Update accordingly. * gnu/tests/web.scm (patchwork-os): Update accordingly. * doc/guix.texi (PostgreSQL): Update accordingly. Christopher Baines 2020-10-20services: databases: Deprecate the postgresql-service procedure....Using the service type directly is a better approach, making it easier to configure the service. * gnu/services/databases.scm (postgresql-service): Deprecate this procedure. * doc/guix.texi (PostgreSQL): Update the documentation for the use of (service postgresql-service-type). Christopher Baines 2020-08-01services: postgresql: Provide postgresql commands....* gnu/services/databases.scm (postgresql-service-type): Extend profile-service-type to provide postgresql commands. Pierre Neidhardt