diff options
| author | Leo Famulari <leo@famulari.name> | 2017-06-14 16:34:10 -0400 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2017-06-15 11:12:02 -0400 |
| commit | 0c5a8007fe3cfc792bf5f692342a84165f706441 (patch) | |
| tree | 6b62e65e6c063f37a2853fd0161ba5c4eb2ec446 /gnu/packages/patches/zziplib-CVE-2017-5975.patch | |
| parent | db90eb8c2bd447ab53bed80e5b0ea5105a928cdf (diff) | |
| download | guix-patches-0c5a8007fe3cfc792bf5f692342a84165f706441.tar guix-patches-0c5a8007fe3cfc792bf5f692342a84165f706441.tar.gz | |
gnu: zziplib: Fix CVE-2017-{5974,5975,5976,5978,5979,5981}.
* gnu/packages/patches/zziplib-CVE-2017-5974.patch,
gnu/packages/patches/zziplib-CVE-2017-5975.patch,
gnu/packages/patches/zziplib-CVE-2017-5976.patch,
gnu/packages/patches/zziplib-CVE-2017-5978.patch,
gnu/packages/patches/zziplib-CVE-2017-5979.patch,
gnu/packages/patches/zziplib-CVE-2017-5981.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/zip.scm (zziplib)[source]: Use them.
Diffstat (limited to 'gnu/packages/patches/zziplib-CVE-2017-5975.patch')
| -rw-r--r-- | gnu/packages/patches/zziplib-CVE-2017-5975.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/gnu/packages/patches/zziplib-CVE-2017-5975.patch b/gnu/packages/patches/zziplib-CVE-2017-5975.patch new file mode 100644 index 0000000000..fad174b056 --- /dev/null +++ b/gnu/packages/patches/zziplib-CVE-2017-5975.patch @@ -0,0 +1,32 @@ +Fix CVE-2017-5975: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5975 + +Patch copied from Debian. + +Index: zziplib-0.13.62/zzip/memdisk.c +=================================================================== +--- zziplib-0.13.62.orig/zzip/memdisk.c ++++ zziplib-0.13.62/zzip/memdisk.c +@@ -173,6 +173,8 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI + return 0; /* errno=ENOMEM; */ + ___ struct zzip_file_header *header = + zzip_disk_entry_to_file_header(disk, entry); ++ if (!header) ++ { free(item); return 0; } + /* there is a number of duplicated information in the file header + * or the disk entry block. Theoretically some part may be missing + * that exists in the other, ... but we will prefer the disk entry. +Index: zziplib-0.13.62/zzip/mmapped.c +=================================================================== +--- zziplib-0.13.62.orig/zzip/mmapped.c ++++ zziplib-0.13.62/zzip/mmapped.c +@@ -289,6 +289,8 @@ zzip_disk_entry_to_file_header(ZZIP_DISK + (disk->buffer + zzip_disk_entry_fileoffset(entry)); + if (disk->buffer > file_header || file_header >= disk->endbuf) + return 0; ++ if (ZZIP_GET32(file_header) != ZZIP_FILE_HEADER_MAGIC) ++ return 0; + return (struct zzip_file_header *) file_header; + } + |