diff options
author | Mark H Weaver <mhw@netris.org> | 2017-06-20 00:25:59 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2017-06-20 00:25:59 -0400 |
commit | 9815739e9bc5de4a4fbcc710221c2cee377664d4 (patch) | |
tree | cbbbc05fff4acdfdb05d9b1e5ae5f5eea6fdefbd /gnu/packages/patches | |
parent | e46e9573855d5ee4f71db0ce77159bbc636330c1 (diff) | |
parent | 16b0f205cf03eb94ef228d763d94718342027117 (diff) | |
download | gnu-guix-9815739e9bc5de4a4fbcc710221c2cee377664d4.tar gnu-guix-9815739e9bc5de4a4fbcc710221c2cee377664d4.tar.gz |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/exim-CVE-2017-1000369.patch | 59 | ||||
-rw-r--r-- | gnu/packages/patches/miniupnpc-CVE-2017-8798.patch | 55 |
2 files changed, 59 insertions, 55 deletions
diff --git a/gnu/packages/patches/exim-CVE-2017-1000369.patch b/gnu/packages/patches/exim-CVE-2017-1000369.patch new file mode 100644 index 0000000000..a67a8afb0e --- /dev/null +++ b/gnu/packages/patches/exim-CVE-2017-1000369.patch @@ -0,0 +1,59 @@ +Fix CVE-2017-1000369: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369 +https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt + +Patch adapted from upstream source repository: + +https://git.exim.org/exim.git/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21 + +From 65e061b76867a9ea7aeeb535341b790b90ae6c21 Mon Sep 17 00:00:00 2001 +From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> +Date: Wed, 31 May 2017 23:08:56 +0200 +Subject: [PATCH] Cleanup (prevent repeated use of -p/-oMr to avoid mem leak) + +--- + doc/doc-docbook/spec.xfpt | 3 ++- + src/src/exim.c | 19 +++++++++++++++++-- + 2 files changed, 19 insertions(+), 3 deletions(-) + +diff --git a/src/src/exim.c b/src/src/exim.c +index 67583e58..88e11977 100644 +--- a/src/exim.c ++++ b/src/exim.c +@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++) + + /* -oMr: Received protocol */ + +- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i]; ++ else if (Ustrcmp(argrest, "Mr") == 0) ++ ++ if (received_protocol) ++ { ++ fprintf(stderr, "received_protocol is set already\n"); ++ exit(EXIT_FAILURE); ++ } ++ else received_protocol = argv[++i]; + + /* -oMs: Set sender host name */ + +@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++) + + if (*argrest != 0) + { +- uschar *hn = Ustrchr(argrest, ':'); ++ uschar *hn; ++ ++ if (received_protocol) ++ { ++ fprintf(stderr, "received_protocol is set already\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ hn = Ustrchr(argrest, ':'); + if (hn == NULL) + { + received_protocol = argrest; +-- +2.13.1 + diff --git a/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch b/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch deleted file mode 100644 index 24eed60af9..0000000000 --- a/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch +++ /dev/null @@ -1,55 +0,0 @@ -Fix CVE-2017-8798. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8798 -http://seclists.org/oss-sec/2017/q2/247 - -Patch copied from upstream source repository, with Changelog entry removed: - -https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229 - -diff --git a/miniwget.c b/miniwget.c -index 37cb47b..1eda57c 100644 ---- a/miniwget.c -+++ b/miniwget.c -@@ -284,11 +284,12 @@ getHTTPResponse(int s, int * size, int * status_code) - goto end_of_stream; - } - } -- bytestocopy = ((int)chunksize < (n - i))?chunksize:(unsigned int)(n - i); -+ /* it is guaranteed that (n >= i) */ -+ bytestocopy = (chunksize < (unsigned int)(n - i))?chunksize:(unsigned int)(n - i); - if((content_buf_used + bytestocopy) > content_buf_len) - { - char * tmp; -- if(content_length >= (int)(content_buf_used + bytestocopy)) { -+ if((content_length >= 0) && ((unsigned int)content_length >= (content_buf_used + bytestocopy))) { - content_buf_len = content_length; - } else { - content_buf_len = content_buf_used + bytestocopy; -@@ -313,14 +314,15 @@ getHTTPResponse(int s, int * size, int * status_code) - { - /* not chunked */ - if(content_length > 0 -- && (int)(content_buf_used + n) > content_length) { -+ && (content_buf_used + n) > (unsigned int)content_length) { - /* skipping additional bytes */ - n = content_length - content_buf_used; - } - if(content_buf_used + n > content_buf_len) - { - char * tmp; -- if(content_length >= (int)(content_buf_used + n)) { -+ if(content_length >= 0 -+ && (unsigned int)content_length >= (content_buf_used + n)) { - content_buf_len = content_length; - } else { - content_buf_len = content_buf_used + n; -@@ -340,7 +342,7 @@ getHTTPResponse(int s, int * size, int * status_code) - } - } - /* use the Content-Length header value if available */ -- if(content_length > 0 && (int)content_buf_used >= content_length) -+ if(content_length > 0 && content_buf_used >= (unsigned int)content_length) - { - #ifdef DEBUG - printf("End of HTTP content\n"); |