diff options
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/unrtf-CVE-2016-10091.patch | 189 | ||||
-rw-r--r-- | gnu/packages/unrtf.scm | 30 |
3 files changed, 4 insertions, 216 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 7ccef8a75b..cd0414b41d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1215,7 +1215,6 @@ dist_patch_DATA = \ %D%/packages/patches/u-boot-pinebook-dts.patch \ %D%/packages/patches/u-boot-pinebook-syscon-node.patch \ %D%/packages/patches/u-boot-pinebook-video-bridge.patch \ - %D%/packages/patches/unrtf-CVE-2016-10091.patch \ %D%/packages/patches/unzip-CVE-2014-8139.patch \ %D%/packages/patches/unzip-CVE-2014-8140.patch \ %D%/packages/patches/unzip-CVE-2014-8141.patch \ diff --git a/gnu/packages/patches/unrtf-CVE-2016-10091.patch b/gnu/packages/patches/unrtf-CVE-2016-10091.patch deleted file mode 100644 index badd1b8ed6..0000000000 --- a/gnu/packages/patches/unrtf-CVE-2016-10091.patch +++ /dev/null @@ -1,189 +0,0 @@ -Fix CVE-2016-10091 (stack-based buffer overflows in cmd_* functions): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10091 -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849705 -http://seclists.org/oss-sec/2016/q4/787 - -Patch adapted from Debian: - -https://anonscm.debian.org/cgit/collab-maint/unrtf.git/commit/?h=jessie&id=7500a48fb0fbad3ab963fb17560b2f90a8a485c8 - -The Debian patch adapts this upstream commit so that it can be applied -to the 0.21.9 release tarball: - -http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406 - -From 7dd568ed8a6a5acb6c04f2b40f457d63a00435f3 Mon Sep 17 00:00:00 2001 -From: Willi Mann <willi@debian.org> -Date: Sat, 31 Dec 2016 20:31:38 +0100 -Subject: [PATCH] Add patch from upstream to fix CVE-2016-10091 (buffer - overflow in various cmd_ functions) - -diff --git a/src/attr.c b/src/attr.c -index 02b5c81..e2951ea 100644 ---- a/src/attr.c -+++ b/src/attr.c -@@ -746,7 +746,7 @@ char * - assemble_string(char *string, int nr) - { - -- char *s, tmp[12];/* Number of characters that can be in int type (including '\0') - AF */ -+ char *s, tmp[20]; - int i = 0, j = 0; - - if (string == NULL) -@@ -762,7 +762,7 @@ assemble_string(char *string, int nr) - } - - if (string[i] != '\0') { -- sprintf(tmp, "%d", nr); -+ snprintf(tmp, 20, "%d", nr); - strcpy(&s[j], tmp); - j = j + strlen(tmp); - } -diff --git a/src/convert.c b/src/convert.c -index c76d7d6..8eacdcb 100644 ---- a/src/convert.c -+++ b/src/convert.c -@@ -472,7 +472,7 @@ static const int fcharsetparmtocp(int parm) - } - - // Translate code page to encoding name hopefully suitable as iconv input --static char *cptoencoding(parm) -+static char *cptoencoding(int parm) - { - // Note that CP0 is supposed to mean current system default, which does - // not make any sense as a stored value, we don't handle it. -@@ -964,7 +964,7 @@ cmd_cf (Word *w, int align, char has_param, int num) - } - else - { -- sprintf(str,"#%02x%02x%02x", -+ snprintf(str, 40, "#%02x%02x%02x", - color_table[num].r, - color_table[num].g, - color_table[num].b); -@@ -993,7 +993,7 @@ cmd_cb (Word *w, int align, char has_param, int num) - } - else - { -- sprintf(str,"#%02x%02x%02x", -+ snprintf(str, 40, "#%02x%02x%02x", - color_table[num].r, - color_table[num].g, - color_table[num].b); -@@ -1018,7 +1018,7 @@ cmd_fs (Word *w, int align, char has_param, int points) { - /* Note, fs20 means 10pt */ - points /= 2; - -- sprintf(str,"%d",points); -+ snprintf(str, 20, "%d", points); - attr_push(ATTR_FONTSIZE,str); - - return FALSE; -@@ -1166,7 +1166,7 @@ cmd_f (Word *w, int align, char has_param, int num) - { - // TOBEDONE: WHAT'S THIS ??? - name = my_malloc(12); -- sprintf(name, "%d", num); -+ snprintf(name, 12, "%d", num); - } - - /* we are going to output entities, so should not output font */ -@@ -1218,7 +1218,7 @@ cmd_highlight (Word *w, int align, char has_param, int num) - } - else - { -- sprintf(str,"#%02x%02x%02x", -+ snprintf(str, 40, "#%02x%02x%02x", - color_table[num].r, - color_table[num].g, - color_table[num].b); -@@ -1373,9 +1373,9 @@ cmd_ftech (Word *w, int align, char has_param, int param) { - - static int - cmd_expand (Word *w, int align, char has_param, int param) { -- char str[10]; -+ char str[20]; - if (has_param) { -- sprintf(str, "%d", param/4); -+ snprintf(str, 20, "%d", param / 4); - if (!param) - attr_pop(ATTR_EXPAND); - else -@@ -1394,7 +1394,7 @@ cmd_expand (Word *w, int align, char has_param, int param) { - - static int - cmd_emboss (Word *w, int align, char has_param, int param) { -- char str[10]; -+ char str[20]; - if (has_param && !param) - #ifdef SUPPORT_UNNESTED - attr_find_pop(ATTR_EMBOSS); -@@ -1403,7 +1403,7 @@ cmd_emboss (Word *w, int align, char has_param, int param) { - #endif - else - { -- sprintf(str, "%d", param); -+ snprintf(str, 20, "%d", param); - attr_push(ATTR_EMBOSS, str); - } - return FALSE; -@@ -1419,12 +1419,12 @@ cmd_emboss (Word *w, int align, char has_param, int param) { - - static int - cmd_engrave (Word *w, int align, char has_param, int param) { -- char str[10]; -+ char str[20]; - if (has_param && !param) - attr_pop(ATTR_ENGRAVE); - else - { -- sprintf(str, "%d", param); -+ snprintf(str, 20, "%d", param); - attr_push(ATTR_ENGRAVE, str); - } - return FALSE; -@@ -1976,7 +1976,7 @@ static int cmd_u (Word *w, int align, char has_param, int param) { - - short done=0; - long unicode_number = (long) param; /* On 16bit architectures int is too small to store unicode characters. - AF */ -- char tmp[12]; /* Number of characters that can be in int type (including '\0'). If int size is greater than 4 bytes change this value. - AF */ -+ char tmp[20]; /* Number of characters that can be in int type (including '\0'). If int size is greater than 4 bytes change this value. - AF */ - const char *alias; - #define DEBUG 0 - #if DEBUG -@@ -2006,7 +2006,7 @@ static int cmd_u (Word *w, int align, char has_param, int param) { - /* RTF spec: Unicode values beyond 32767 are represented by negative numbers */ - unicode_number += 65536; - } -- sprintf(tmp, "%ld", unicode_number); -+ snprintf(tmp, 20, "%ld", unicode_number); - - if (safe_printf(1, op->unisymbol_print, tmp)) fprintf(stderr, TOO_MANY_ARGS, "unisymbol_print"); - done++; -diff --git a/src/output.c b/src/output.c -index 86d8b5c..4cdbfa6 100644 ---- a/src/output.c -+++ b/src/output.c -@@ -320,7 +320,7 @@ op_begin_std_fontsize (OutputPersonality *op, int size) - if (!found_std_expr) { - if (op->fontsize_begin) { - char expr[16]; -- sprintf (expr, "%d", size); -+ snprintf(expr, 16, "%d", size); - if (safe_printf (1, op->fontsize_begin, expr)) fprintf(stderr, TOO_MANY_ARGS, "fontsize_begin"); - } else { - /* If we cannot write out a change for the exact -@@ -440,7 +440,7 @@ op_end_std_fontsize (OutputPersonality *op, int size) - if (!found_std_expr) { - if (op->fontsize_end) { - char expr[16]; -- sprintf (expr, "%d", size); -+ snprintf(expr, 16, "%d", size); - if (safe_printf(1, op->fontsize_end, expr)) fprintf(stderr, TOO_MANY_ARGS, "fontsize_end"); - } else { - /* If we cannot write out a change for the exact -- -.11.0 - diff --git a/gnu/packages/unrtf.scm b/gnu/packages/unrtf.scm index 1d21a81a0e..de5ecf944a 100644 --- a/gnu/packages/unrtf.scm +++ b/gnu/packages/unrtf.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr> +;;; Copyright © 2019 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -31,37 +32,14 @@ (define-public unrtf (package (name "unrtf") - (version "0.21.9") + (version "0.21.10") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/unrtf/unrtf-" version ".tar.gz")) - (patches (search-patches "unrtf-CVE-2016-10091.patch")) (sha256 (base32 - "1pcdzf2h1prn393dkvg93v80vh38q0v817xnbwrlwxbdz4k7i8r2")) - (modules '((guix build utils))) - (snippet - #~(begin - ;; The tarball includes site-specific generated files. - ;; Remove them. - (for-each delete-file '("config.log" "config.h")) - (for-each delete-file - (find-files "." "^Makefile$")) - - ;; The config/ directory contains dangling symlinks to - ;; /usr/share/automake. - (for-each delete-file (find-files "config")) - - ;; Regenerate the whole thing. - (setenv "PATH" - (string-append #$autoconf "/bin:" - #$automake "/bin:" - #$m4 "/bin:" - #$grep "/bin:" #$sed "/bin:" - #$coreutils "/bin:" - (getenv "PATH"))) - (invoke "autoreconf" "-vfi"))))) + "1bil6z4niydz9gqm2j861dkxmqnpc8m7hvidsjbzz7x63whj17xl")))) (build-system gnu-build-system) (home-page "https://www.gnu.org/software/unrtf/") (synopsis "Convert Rich Text Format documents to other formats") @@ -69,4 +47,4 @@ "GNU UnRTF converts text documents from RTF to HTML, LaTeX, or troff. It supports changes in font characteristics, underlines and strikethroughs, superscripts and subscripts, and more.") - (license gpl2+))) + (license gpl3+))) |