aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2017-06-20 00:25:59 -0400
committerMark H Weaver <mhw@netris.org>2017-06-20 00:25:59 -0400
commit9815739e9bc5de4a4fbcc710221c2cee377664d4 (patch)
treecbbbc05fff4acdfdb05d9b1e5ae5f5eea6fdefbd /gnu/packages/patches
parente46e9573855d5ee4f71db0ce77159bbc636330c1 (diff)
parent16b0f205cf03eb94ef228d763d94718342027117 (diff)
downloadgnu-guix-9815739e9bc5de4a4fbcc710221c2cee377664d4.tar
gnu-guix-9815739e9bc5de4a4fbcc710221c2cee377664d4.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/exim-CVE-2017-1000369.patch59
-rw-r--r--gnu/packages/patches/miniupnpc-CVE-2017-8798.patch55
2 files changed, 59 insertions, 55 deletions
diff --git a/gnu/packages/patches/exim-CVE-2017-1000369.patch b/gnu/packages/patches/exim-CVE-2017-1000369.patch
new file mode 100644
index 0000000000..a67a8afb0e
--- /dev/null
+++ b/gnu/packages/patches/exim-CVE-2017-1000369.patch
@@ -0,0 +1,59 @@
+Fix CVE-2017-1000369:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369
+https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+
+Patch adapted from upstream source repository:
+
+https://git.exim.org/exim.git/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
+
+From 65e061b76867a9ea7aeeb535341b790b90ae6c21 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
+Date: Wed, 31 May 2017 23:08:56 +0200
+Subject: [PATCH] Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)
+
+---
+ doc/doc-docbook/spec.xfpt | 3 ++-
+ src/src/exim.c | 19 +++++++++++++++++--
+ 2 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/src/src/exim.c b/src/src/exim.c
+index 67583e58..88e11977 100644
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++)
+
+ /* -oMr: Received protocol */
+
+- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
++ else if (Ustrcmp(argrest, "Mr") == 0)
++
++ if (received_protocol)
++ {
++ fprintf(stderr, "received_protocol is set already\n");
++ exit(EXIT_FAILURE);
++ }
++ else received_protocol = argv[++i];
+
+ /* -oMs: Set sender host name */
+
+@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++)
+
+ if (*argrest != 0)
+ {
+- uschar *hn = Ustrchr(argrest, ':');
++ uschar *hn;
++
++ if (received_protocol)
++ {
++ fprintf(stderr, "received_protocol is set already\n");
++ exit(EXIT_FAILURE);
++ }
++
++ hn = Ustrchr(argrest, ':');
+ if (hn == NULL)
+ {
+ received_protocol = argrest;
+--
+2.13.1
+
diff --git a/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch b/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch
deleted file mode 100644
index 24eed60af9..0000000000
--- a/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Fix CVE-2017-8798.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8798
-http://seclists.org/oss-sec/2017/q2/247
-
-Patch copied from upstream source repository, with Changelog entry removed:
-
-https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229
-
-diff --git a/miniwget.c b/miniwget.c
-index 37cb47b..1eda57c 100644
---- a/miniwget.c
-+++ b/miniwget.c
-@@ -284,11 +284,12 @@ getHTTPResponse(int s, int * size, int * status_code)
- goto end_of_stream;
- }
- }
-- bytestocopy = ((int)chunksize < (n - i))?chunksize:(unsigned int)(n - i);
-+ /* it is guaranteed that (n >= i) */
-+ bytestocopy = (chunksize < (unsigned int)(n - i))?chunksize:(unsigned int)(n - i);
- if((content_buf_used + bytestocopy) > content_buf_len)
- {
- char * tmp;
-- if(content_length >= (int)(content_buf_used + bytestocopy)) {
-+ if((content_length >= 0) && ((unsigned int)content_length >= (content_buf_used + bytestocopy))) {
- content_buf_len = content_length;
- } else {
- content_buf_len = content_buf_used + bytestocopy;
-@@ -313,14 +314,15 @@ getHTTPResponse(int s, int * size, int * status_code)
- {
- /* not chunked */
- if(content_length > 0
-- && (int)(content_buf_used + n) > content_length) {
-+ && (content_buf_used + n) > (unsigned int)content_length) {
- /* skipping additional bytes */
- n = content_length - content_buf_used;
- }
- if(content_buf_used + n > content_buf_len)
- {
- char * tmp;
-- if(content_length >= (int)(content_buf_used + n)) {
-+ if(content_length >= 0
-+ && (unsigned int)content_length >= (content_buf_used + n)) {
- content_buf_len = content_length;
- } else {
- content_buf_len = content_buf_used + n;
-@@ -340,7 +342,7 @@ getHTTPResponse(int s, int * size, int * status_code)
- }
- }
- /* use the Content-Length header value if available */
-- if(content_length > 0 && (int)content_buf_used >= content_length)
-+ if(content_length > 0 && content_buf_used >= (unsigned int)content_length)
- {
- #ifdef DEBUG
- printf("End of HTTP content\n");