diff options
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch | 32 | ||||
-rw-r--r-- | gnu/packages/patches/hubbub-sort-entities.patch | 13 | ||||
-rw-r--r-- | gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch | 77 | ||||
-rw-r--r-- | gnu/packages/patches/netsurf-about.patch | 26 | ||||
-rw-r--r-- | gnu/packages/patches/netsurf-longer-test-timeout.patch | 20 | ||||
-rw-r--r-- | gnu/packages/patches/netsurf-system-utf8proc.patch | 64 | ||||
-rw-r--r-- | gnu/packages/patches/netsurf-y2038-tests.patch | 25 | ||||
-rw-r--r-- | gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch | 33 | ||||
-rw-r--r-- | gnu/packages/patches/shadow-CVE-2017-2616.patch | 72 | ||||
-rw-r--r-- | gnu/packages/patches/util-linux-CVE-2017-2616.patch | 65 | ||||
-rw-r--r-- | gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch | 42 | ||||
-rw-r--r-- | gnu/packages/patches/vim-CVE-2017-5953.patch | 32 |
12 files changed, 350 insertions, 151 deletions
diff --git a/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch b/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch deleted file mode 100644 index 4c6c7ed06e..0000000000 --- a/gnu/packages/patches/gst-plugins-base-fix-test-on-32bit.patch +++ /dev/null @@ -1,32 +0,0 @@ -This fixes a test failure on i686. - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=5e2e111627871c566ffc6607eda8f4ef4699d040 - -From 5e2e111627871c566ffc6607eda8f4ef4699d040 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> -Date: Thu, 2 Feb 2017 14:56:39 +0200 -Subject: [PATCH] multifdsink: Make sure to use a 64 bit integer for the - units-max property - ---- - tests/check/elements/multifdsink.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/check/elements/multifdsink.c b/tests/check/elements/multifdsink.c -index af138cc92..951b1b9fa 100644 ---- a/tests/check/elements/multifdsink.c -+++ b/tests/check/elements/multifdsink.c -@@ -869,7 +869,7 @@ GST_START_TEST (test_client_kick) - gint i, initial_buffers = 3, num_buffers = 0; - - sink = setup_multifdsink (); -- g_object_set (sink, "units-max", initial_buffers, NULL); -+ g_object_set (sink, "units-max", (gint64) initial_buffers, NULL); - - fail_if (pipe (pfd1) == -1); - fail_if (pipe (pfd2) == -1); --- -2.11.0 - diff --git a/gnu/packages/patches/hubbub-sort-entities.patch b/gnu/packages/patches/hubbub-sort-entities.patch new file mode 100644 index 0000000000..012e3c3022 --- /dev/null +++ b/gnu/packages/patches/hubbub-sort-entities.patch @@ -0,0 +1,13 @@ +Traverse the entities hash's keys in sorted order to ensure reproducibility. + +--- libhubbub-0.3.3/build/make-entities.pl ++++ libhubbub-0.3.3/build/make-entities.pl +@@ -86,7 +86,7 @@ + + my $trie; + +-foreach my $key (keys %entities) { ++foreach my $key (sort keys %entities) { + $trie = insert_node($trie, $key, $entities{$key}); + } + diff --git a/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch b/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch deleted file mode 100644 index a5fdd7ffff..0000000000 --- a/gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch +++ /dev/null @@ -1,77 +0,0 @@ -Fix CVE-2016-0739 (Weak Diffie-Hellman secret generation in -dh_generate_x() and dh_generate_y()). - -"Due to a byte/bit confusion, the DH secret was too short. This file was -completely reworked and will be commited in a future version." -Source: -https://git.libssh.org/projects/libssh.git/commit/?id=f8d0026c65fc8a55748ae481758e2cf376c26c86 - -This patch was created by upstream for libssh-0.7.3, but applied without -modification to libssh-0.6.3 by Debian. In Guix, we apply it without -modification to libssh-0.6.5. - -References: -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0739 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739 -https://security-tracker.debian.org/tracker/CVE-2016-0739 - ---- - src/dh.c | 22 +++++++++++++++++----- - 1 file changed, 17 insertions(+), 5 deletions(-) - -diff --git a/src/dh.c b/src/dh.c -index e489a1d..d27b66e 100644 ---- a/src/dh.c -+++ b/src/dh.c -@@ -227,15 +227,21 @@ void ssh_crypto_finalize(void) { - } - - int dh_generate_x(ssh_session session) { -+ int keysize; -+ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { -+ keysize = 1023; -+ } else { -+ keysize = 2047; -+ } - session->next_crypto->x = bignum_new(); - if (session->next_crypto->x == NULL) { - return -1; - } - - #ifdef HAVE_LIBGCRYPT -- bignum_rand(session->next_crypto->x, 128); -+ bignum_rand(session->next_crypto->x, keysize); - #elif defined HAVE_LIBCRYPTO -- bignum_rand(session->next_crypto->x, 128, 0, -1); -+ bignum_rand(session->next_crypto->x, keysize, -1, 0); - #endif - - /* not harder than this */ -@@ -248,15 +254,21 @@ int dh_generate_x(ssh_session session) { - - /* used by server */ - int dh_generate_y(ssh_session session) { -- session->next_crypto->y = bignum_new(); -+ int keysize; -+ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { -+ keysize = 1023; -+ } else { -+ keysize = 2047; -+ } -+ session->next_crypto->y = bignum_new(); - if (session->next_crypto->y == NULL) { - return -1; - } - - #ifdef HAVE_LIBGCRYPT -- bignum_rand(session->next_crypto->y, 128); -+ bignum_rand(session->next_crypto->y, keysize); - #elif defined HAVE_LIBCRYPTO -- bignum_rand(session->next_crypto->y, 128, 0, -1); -+ bignum_rand(session->next_crypto->y, keysize, -1, 0); - #endif - - /* not harder than this */ --- -cgit v0.12 - diff --git a/gnu/packages/patches/netsurf-about.patch b/gnu/packages/patches/netsurf-about.patch deleted file mode 100644 index 1fb8eae824..0000000000 --- a/gnu/packages/patches/netsurf-about.patch +++ /dev/null @@ -1,26 +0,0 @@ ---- netsurf-all-3.5/netsurf/gtk/about.c -+++ netsurf-all-3.5/netsurf/gtk/about.c -@@ -79,11 +79,11 @@ - switch (response_id) { - - case ABOUT_RESPONSE_ID_LICENCE: -- about_open("about:credits"); -+ about_open("about:licence"); - break; - - case ABOUT_RESPONSE_ID_CREDITS: -- about_open("about:licence"); -+ about_open("about:credits"); - break; - } - ---- netsurf-all-3.5/netsurf/desktop/version.c -+++ netsurf-all-3.5/netsurf/desktop/version.c -@@ -20,6 +20,6 @@ - - #include "desktop/version.h" - --const char * const netsurf_version = "3.5 (6th April 1016)"; -+const char * const netsurf_version = "3.5 (6th April 2016)"; - const int netsurf_version_major = 3; - const int netsurf_version_minor = 5; diff --git a/gnu/packages/patches/netsurf-longer-test-timeout.patch b/gnu/packages/patches/netsurf-longer-test-timeout.patch new file mode 100644 index 0000000000..4dd5a8539f --- /dev/null +++ b/gnu/packages/patches/netsurf-longer-test-timeout.patch @@ -0,0 +1,20 @@ +Increase the timeout on dictionary tests to accommodate slower machines. + +--- netsurf-3.6/test/hashtable.c ++++ netsurf-3.6/test/hashtable.c +@@ -286,6 +286,7 @@ + tcase_add_checked_fixture(tc_dict_s, + dicts_hashtable_create, + dict_hashtable_teardown); ++ tcase_set_timeout(tc_dict_s, 30); + + tcase_add_test(tc_dict_s, hashtable_dict_test); + +@@ -297,6 +298,7 @@ + tcase_add_checked_fixture(tc_dict_l, + dictl_hashtable_create, + dict_hashtable_teardown); ++ tcase_set_timeout(tc_dict_l, 30); + + tcase_add_test(tc_dict_l, hashtable_dict_test); + diff --git a/gnu/packages/patches/netsurf-system-utf8proc.patch b/gnu/packages/patches/netsurf-system-utf8proc.patch new file mode 100644 index 0000000000..254bf52c93 --- /dev/null +++ b/gnu/packages/patches/netsurf-system-utf8proc.patch @@ -0,0 +1,64 @@ +Use upstream utf8proc package, as suggested in +http://source.netsurf-browser.org/libutf8proc.git/commit/?id=770e329cceaf0620c7b482589a9b17ed1d19c16d + +Work around upstream's lack of a pkg-config file and update API. + +--- netsurf-3.6/Makefile ++++ netsurf-3.6/Makefile +@@ -527,10 +527,9 @@ + $(eval $(call pkg_config_find_and_add,libcss,CSS)) + $(eval $(call pkg_config_find_and_add,libdom,DOM)) + $(eval $(call pkg_config_find_and_add,libnsutils,nsutils)) +-$(eval $(call pkg_config_find_and_add,libutf8proc,utf8proc)) + + # Common libraries without pkg-config support +-LDFLAGS += -lz ++LDFLAGS += -lz -lutf8proc + + # Optional libraries with pkgconfig + +--- netsurf-3.6/utils/idna.c ++++ netsurf-3.6/utils/idna.c +@@ -26,7 +26,7 @@ + #include <stdint.h> + #include <stdlib.h> + #include <string.h> +-#include <libutf8proc/utf8proc.h> ++#include <utf8proc.h> + + #include "utils/errors.h" + #include "utils/idna.h" +@@ -250,7 +250,7 @@ + return NSERROR_NOMEM; + } + +- nfc_size = utf8proc_normalise(nfc_label, nfc_size, ++ nfc_size = utf8proc_normalize_utf32(nfc_label, nfc_size, + UTF8PROC_STABLE | UTF8PROC_COMPOSE); + if (nfc_size < 0) { + return NSERROR_NOMEM; +@@ -565,7 +565,7 @@ + } + + /* Perform NFC normalisation */ +- ucs4_len = utf8proc_normalise(ucs4, u_ucs4_len, ++ ucs4_len = utf8proc_normalize_utf32(ucs4, u_ucs4_len, + UTF8PROC_STABLE | UTF8PROC_COMPOSE); + if (ucs4_len < 0) { + free(ucs4); +--- netsurf-3.6/test/Makefile ++++ netsurf-3.6/test/Makefile +@@ -112,11 +112,11 @@ + -D_XOPEN_SOURCE=600 \ + -Itest -Iinclude -Icontent/handlers -Ifrontends -I. -I.. \ + -Dnsgtk \ +- $(shell pkg-config --cflags libcurl libparserutils libwapcaplet libdom libnsutils libutf8proc libidn) \ ++ $(shell pkg-config --cflags libcurl libparserutils libwapcaplet libdom libnsutils libidn) \ + $(LIB_CFLAGS) \ + $(COV_CFLAGS) + +-TESTLDFLAGS := $(shell pkg-config --libs libcurl libparserutils libwapcaplet libdom libnsutils libutf8proc libidn) -lz \ ++TESTLDFLAGS := $(shell pkg-config --libs libcurl libparserutils libwapcaplet libdom libnsutils libidn) -lz -lutf8proc \ + $(LIB_LDFLAGS)\ + $(COV_LDFLAGS) + diff --git a/gnu/packages/patches/netsurf-y2038-tests.patch b/gnu/packages/patches/netsurf-y2038-tests.patch new file mode 100644 index 0000000000..407a5277c8 --- /dev/null +++ b/gnu/packages/patches/netsurf-y2038-tests.patch @@ -0,0 +1,25 @@ +These two test cases fail for us on i686. + +See https://en.wikipedia.org/wiki/Year_2038_problem + +--- netsurf-3.6/test/time.c ++++ netsurf-3.6/test/time.c +@@ -77,18 +77,10 @@ + .expected = "Tue, 12 Jun 2001 12:12:12 GMT" + }, + { +- .test = "Thu, 16 Jul 2207 12:45:12 GMT", +- .expected = "Thu, 16 Jul 2207 12:45:12 GMT" +- }, +- { + .test = "Thu, 16 Aug 2007 19:45:12 GMT", + .expected = "Thu, 16 Aug 2007 19:45:12 GMT" + }, + { +- .test = "Tue, 16 Sep 3456 00:45:12 GMT", +- .expected = "Tue, 16 Sep 3456 00:45:12 GMT" +- }, +- { + .test = "Sun, 16 Oct 1988 19:45:59 GMT", + .expected = "Sun, 16 Oct 1988 19:45:59 GMT" + }, diff --git a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch index 6edd676e38..83c9dbb3d4 100644 --- a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch +++ b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch @@ -2,25 +2,26 @@ Fix CVE-2017-0358: http://seclists.org/oss-sec/2017/q1/259 This patch was copied from the above URL. -diff -ur ntfs-3g.old/src/lowntfs-3g.c ntfs-3g/src/lowntfs-3g.c ---- ntfs-3g.old/src/lowntfs-3g.c 2017-02-09 15:01:04.074331542 -0500 -+++ ntfs-3g/src/lowntfs-3g.c 2017-02-09 15:06:35.757580937 -0500 -@@ -3827,13 +3827,14 @@ - struct stat st; - pid_t pid; - const char *cmd = "/sbin/modprobe"; +diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c +index 0bb38f9..c6d1dad 100644 +--- a/src/lowntfs-3g.c ++++ b/src/lowntfs-3g.c +@@ -3827,13 +3827,14 @@ static fuse_fstype load_fuse_module(void) + struct stat st; + pid_t pid; + const char *cmd = "/sbin/modprobe"; + char *env = (char*)NULL; - struct timespec req = { 0, 100000000 }; /* 100 msec */ - fuse_fstype fstype; - - if (!stat(cmd, &st) && !geteuid()) { - pid = fork(); - if (!pid) { + struct timespec req = { 0, 100000000 }; /* 100 msec */ + fuse_fstype fstype; + + if (!stat(cmd, &st) && !geteuid()) { + pid = fork(); + if (!pid) { - execl(cmd, cmd, "fuse", NULL); + execle(cmd, cmd, "fuse", NULL, &env); - _exit(1); - } else if (pid != -1) - waitpid(pid, NULL, 0); + _exit(1); + } else if (pid != -1) + waitpid(pid, NULL, 0); diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c --- ntfs-3g.old/src/ntfs-3g.c 2017-02-09 15:01:04.074331542 -0500 +++ ntfs-3g/src/ntfs-3g.c 2017-02-09 15:06:26.077252571 -0500 diff --git a/gnu/packages/patches/shadow-CVE-2017-2616.patch b/gnu/packages/patches/shadow-CVE-2017-2616.patch new file mode 100644 index 0000000000..f88aac40bc --- /dev/null +++ b/gnu/packages/patches/shadow-CVE-2017-2616.patch @@ -0,0 +1,72 @@ +Fix CVE-2017-2616: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616 +http://seclists.org/oss-sec/2017/q1/490 +http://seclists.org/oss-sec/2017/q1/474 + +Patch copied from upstream source repository: + +https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686 + +From 08fd4b69e84364677a10e519ccb25b71710ee686 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Thu, 23 Feb 2017 09:47:29 -0600 +Subject: [PATCH] su: properly clear child PID + +If su is compiled with PAM support, it is possible for any local user +to send SIGKILL to other processes with root privileges. There are +only two conditions. First, the user must be able to perform su with +a successful login. This does NOT have to be the root user, even using +su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL +can only be sent to processes which were executed after the su process. +It is not possible to send SIGKILL to processes which were already +running. I consider this as a security vulnerability, because I was +able to write a proof of concept which unlocked a screen saver of +another user this way. +--- + src/su.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/src/su.c b/src/su.c +index f20d230..d86aa86 100644 +--- a/src/su.c ++++ b/src/su.c +@@ -379,11 +379,13 @@ static void prepare_pam_close_session (void) + /* wake child when resumed */ + kill (pid, SIGCONT); + stop = false; ++ } else { ++ pid_child = 0; + } + } while (!stop); + } + +- if (0 != caught) { ++ if (0 != caught && 0 != pid_child) { + (void) fputs ("\n", stderr); + (void) fputs (_("Session terminated, terminating shell..."), + stderr); +@@ -393,9 +395,22 @@ static void prepare_pam_close_session (void) + snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n")); + + (void) signal (SIGALRM, kill_child); ++ (void) signal (SIGCHLD, catch_signals); + (void) alarm (2); + +- (void) wait (&status); ++ sigemptyset (&ourset); ++ if ((sigaddset (&ourset, SIGALRM) != 0) ++ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) { ++ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog); ++ kill_child (0); ++ } else { ++ while (0 == waitpid (pid_child, &status, WNOHANG)) { ++ sigsuspend (&ourset); ++ } ++ pid_child = 0; ++ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL); ++ } ++ + (void) fputs (_(" ...terminated.\n"), stderr); + } + diff --git a/gnu/packages/patches/util-linux-CVE-2017-2616.patch b/gnu/packages/patches/util-linux-CVE-2017-2616.patch new file mode 100644 index 0000000000..2c82fb06d2 --- /dev/null +++ b/gnu/packages/patches/util-linux-CVE-2017-2616.patch @@ -0,0 +1,65 @@ +Fix CVE-2017-2616: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616 +http://seclists.org/oss-sec/2017/q1/474 + +Patch copied from upstream source repository: + +https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=dffab154d29a288aa171ff50263ecc8f2e14a891 + +From b018571132cb8c9fece3d75ed240cc74cdb5f0f7 Mon Sep 17 00:00:00 2001 +From: Karel Zak <kzak@redhat.com> +Date: Wed, 1 Feb 2017 11:58:09 +0100 +Subject: [PATCH] su: properly clear child PID +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reported-by: Tobias Stöckmann <tobias@stoeckmann.org> +Signed-off-by: Karel Zak <kzak@redhat.com> +--- + login-utils/su-common.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +index 0ea4e40bd..b1720f037 100644 +--- a/login-utils/su-common.c ++++ b/login-utils/su-common.c +@@ -376,6 +376,9 @@ create_watching_parent (void) + } + else + status = WEXITSTATUS (status); ++ ++ /* child is gone, don't use the PID anymore */ ++ child = (pid_t) -1; + } + else if (caught_signal) + status = caught_signal + 128; +@@ -385,7 +388,7 @@ create_watching_parent (void) + else + status = 1; + +- if (caught_signal) ++ if (caught_signal && child != (pid_t)-1) + { + fprintf (stderr, _("\nSession terminated, killing shell...")); + kill (child, SIGTERM); +@@ -395,9 +398,12 @@ create_watching_parent (void) + + if (caught_signal) + { +- sleep (2); +- kill (child, SIGKILL); +- fprintf (stderr, _(" ...killed.\n")); ++ if (child != (pid_t)-1) ++ { ++ sleep (2); ++ kill (child, SIGKILL); ++ fprintf (stderr, _(" ...killed.\n")); ++ } + + /* Let's terminate itself with the received signal. + * +-- +2.11.1 + diff --git a/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch b/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch new file mode 100644 index 0000000000..03093e8330 --- /dev/null +++ b/gnu/packages/patches/vdirsyncer-test-suite-slow-machines.patch @@ -0,0 +1,42 @@ +Fix test failures caused by some build machines running more slowly than +expected, which manifest like this: + +------ +> raise FailedHealthCheck(message) +E hypothesis.errors.FailedHealthCheck: Data generation is extremely slow: Only produced 4 valid examples in 1.08 seconds (1 invalid ones and 0 exceeded maximum size). Try decreasing size of the data you're generating (with e.g.average_size or max_leaves parameters). +E See http://hypothesis.readthedocs.org/en/latest/healthchecks.html for more information about this. If you want to disable just this health check, add HealthCheck.too_slowto the suppress_health_check settings for this test. + +/gnu/store/b8d1r8bilvm3jkncgrpvmg3dni9cgcr1-python-hypothesis-3.1.0/lib/python3.5/site-packages/hypothesis/core.py:296: FailedHealthCheck +------ + +Patch copied from upstream source repository: + +https://github.com/pimutils/vdirsyncer/commit/10490a12f13f03495e0945eb9d45d7aed9ab0a6c + +From 10490a12f13f03495e0945eb9d45d7aed9ab0a6c Mon Sep 17 00:00:00 2001 +From: Markus Unterwaditzer <markus@unterwaditzer.net> +Date: Sat, 18 Feb 2017 15:45:06 +0100 +Subject: [PATCH] Unconditionally disable HealthCheck.too_slow + +--- + tests/conftest.py | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tests/conftest.py b/tests/conftest.py +index e0a07d5..3afd7cd 100644 +--- a/tests/conftest.py ++++ b/tests/conftest.py +@@ -26,10 +26,12 @@ def benchmark(): + else: + del pytest_benchmark + ++ ++settings.suppress_health_check = [HealthCheck.too_slow] ++ + settings.register_profile("ci", settings( + max_examples=1000, + verbosity=Verbosity.verbose, +- suppress_health_check=[HealthCheck.too_slow] + )) + settings.register_profile("deterministic", settings( + derandomize=True, diff --git a/gnu/packages/patches/vim-CVE-2017-5953.patch b/gnu/packages/patches/vim-CVE-2017-5953.patch new file mode 100644 index 0000000000..070f98c2cb --- /dev/null +++ b/gnu/packages/patches/vim-CVE-2017-5953.patch @@ -0,0 +1,32 @@ +Fix CVE-2017-5953: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953 +https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY + +This change is adapted from the upstream source repository: + +https://github.com/vim/vim/commit/6d3c8586fc81b022e9f06c611b9926108fb878c7 + +diff --git a/src/spellfile.c b/src/spellfile.c +index c7d87c6..00ef019 100644 +--- a/src/spellfile.c ++++ b/src/spellfile.c +@@ -1585,7 +1585,7 @@ spell_read_tree( + int prefixtree, /* TRUE for the prefix tree */ + int prefixcnt) /* when "prefixtree" is TRUE: prefix count */ + { +- int len; ++ long len; + int idx; + char_u *bp; + idx_T *ip; +@@ -1595,6 +1595,9 @@ spell_read_tree( + len = get4c(fd); + if (len < 0) + return SP_TRUNCERROR; ++ if (len >= LONG_MAX / (long)sizeof(int)) ++ /* Invalid length, multiply with sizeof(int) would overflow. */ ++ return SP_FORMERROR; + if (len > 0) + { + /* Allocate the byte array. */ |