mirror of
https://codeberg.org/guix/guix.git
synced 2025-10-02 02:15:12 +00:00
gnu: unzip: Add patches from Fedora [security fixes].
Non-exhaustively fixes CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384, and CVE-2019-13232. * gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch, gnu/packages/patches/unzip-CVE-2016-9844.patch, gnu/packages/patches/unzip-CVE-2018-1000035.patch, gnu/packages/patches/unzip-CVE-2018-18384.patch, gnu/packages/patches/unzip-case-insensitive.patch, gnu/packages/patches/unzip-alt-iconv-utf8-print.patch, gnu/packages/patches/unzip-alt-iconv-utf8.patch, gnu/packages/patches/unzip-close.patch, gnu/packages/patches/unzip-exec-shield.patch, gnu/packages/patches/unzip-fix-recmatch.patch, gnu/packages/patches/unzip-manpage-fix.patch, gnu/packages/patches/unzip-overflow.patch, gnu/packages/patches/unzip-symlink.patch, gnu/packages/patches/unzip-timestamp.patch, gnu/packages/patches/unzip-valgrind.patch, gnu/packages/patches/unzip-x-option.patch, gnu/packages/patches/unzip-zipbomb-manpage.patch, gnu/packages/patches/unzip-zipbomb-part1.patch, gnu/packages/patches/unzip-zipbomb-part2.patch, gnu/packages/patches/unzip-zipbomb-part3.patch: New patches. * gnu/local.mk (dist_patch_DATA): Register them. * gnu/packages/compression.scm (unzip/fixed): New variable. Apply patches. (unzip)[replacement]: Graft.
This commit is contained in:
Léo Le Bouter
parent
92d0949a26
commit
31d289a475
22 changed files with 2540 additions and 0 deletions
28
gnu/packages/patches/unzip-x-option.patch
Normal file
28
gnu/packages/patches/unzip-x-option.patch
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
--- ./process.c.orig 2009-03-06 02:25:10.000000000 +0100
|
||||
+++ ./process.c 2013-09-12 10:51:16.000000000 +0200
|
||||
@@ -2901,9 +2901,9 @@
|
||||
*/
|
||||
|
||||
#ifdef IZ_HAVE_UXUIDGID
|
||||
- if (eb_len >= EB_UX3_MINLEN
|
||||
- && z_uidgid != NULL
|
||||
- && (*((EB_HEADSIZE + 0) + ef_buf) == 1)
|
||||
+ if ((eb_len >= EB_UX3_MINLEN)
|
||||
+ && (z_uidgid != NULL)
|
||||
+ && ((*((EB_HEADSIZE + 0) + ef_buf) == 1)))
|
||||
/* only know about version 1 */
|
||||
{
|
||||
uch uid_size;
|
||||
@@ -2915,10 +2915,10 @@
|
||||
flags &= ~0x0ff; /* ignore any previous UNIX field */
|
||||
|
||||
if ( read_ux3_value((EB_HEADSIZE + 2) + ef_buf,
|
||||
- uid_size, z_uidgid[0])
|
||||
+ uid_size, &z_uidgid[0])
|
||||
&&
|
||||
read_ux3_value((EB_HEADSIZE + uid_size + 3) + ef_buf,
|
||||
- gid_size, z_uidgid[1]) )
|
||||
+ gid_size, &z_uidgid[1]) )
|
||||
{
|
||||
flags |= EB_UX2_VALID; /* signal success */
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue