mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: plib: Fix CVE-2011-4620, CVE-2012-4552.
* gnu/packages/game-development.scm (plib)[patches]: Add patches. * gnu/packages/patches/plib-CVE-2011-4620.patch, gnu/packages/patches/plib-CVE-2012-4552.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them.
This commit is contained in:
parent
ba70479753
commit
05f386f103
4 changed files with 75 additions and 1 deletions
|
@ -1182,6 +1182,8 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/pixman-CVE-2016-5296.patch \
|
%D%/packages/patches/pixman-CVE-2016-5296.patch \
|
||||||
%D%/packages/patches/plink-1.07-unclobber-i.patch \
|
%D%/packages/patches/plink-1.07-unclobber-i.patch \
|
||||||
%D%/packages/patches/plink-endian-detection.patch \
|
%D%/packages/patches/plink-endian-detection.patch \
|
||||||
|
%D%/packages/patches/plib-CVE-2011-4620.patch \
|
||||||
|
%D%/packages/patches/plib-CVE-2012-4552.patch \
|
||||||
%D%/packages/patches/plotutils-libpng-jmpbuf.patch \
|
%D%/packages/patches/plotutils-libpng-jmpbuf.patch \
|
||||||
%D%/packages/patches/podofo-cmake-3.12.patch \
|
%D%/packages/patches/podofo-cmake-3.12.patch \
|
||||||
%D%/packages/patches/portaudio-audacity-compat.patch \
|
%D%/packages/patches/portaudio-audacity-compat.patch \
|
||||||
|
|
|
@ -1434,7 +1434,9 @@ (define-public plib
|
||||||
"plib-" version ".tar.gz"))
|
"plib-" version ".tar.gz"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"0cha71mflpa10vh2l7ipyqk67dq2y0k5xbafwdks03fwdyzj4ns8"))))
|
"0cha71mflpa10vh2l7ipyqk67dq2y0k5xbafwdks03fwdyzj4ns8"))
|
||||||
|
(patches (search-patches "plib-CVE-2011-4620.patch"
|
||||||
|
"plib-CVE-2012-4552.patch"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(inputs
|
(inputs
|
||||||
`(("mesa" ,mesa)
|
`(("mesa" ,mesa)
|
||||||
|
|
13
gnu/packages/patches/plib-CVE-2011-4620.patch
Normal file
13
gnu/packages/patches/plib-CVE-2011-4620.patch
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/04_CVE-2011-4620.diff
|
||||||
|
|
||||||
|
--- a/src/util/ulError.cxx
|
||||||
|
+++ b/src/util/ulError.cxx
|
||||||
|
@@ -39,7 +39,7 @@
|
||||||
|
{
|
||||||
|
va_list argp;
|
||||||
|
va_start ( argp, fmt ) ;
|
||||||
|
- vsprintf ( _ulErrorBuffer, fmt, argp ) ;
|
||||||
|
+ vsnprintf ( _ulErrorBuffer, sizeof(_ulErrorBuffer), fmt, argp ) ;
|
||||||
|
va_end ( argp ) ;
|
||||||
|
|
||||||
|
if ( _ulErrorCB )
|
57
gnu/packages/patches/plib-CVE-2012-4552.patch
Normal file
57
gnu/packages/patches/plib-CVE-2012-4552.patch
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/05_CVE-2012-4552.diff
|
||||||
|
|
||||||
|
diff -up plib-1.8.5/src/ssg/ssgParser.cxx~ plib-1.8.5/src/ssg/ssgParser.cxx
|
||||||
|
--- plib-1.8.5/src/ssg/ssgParser.cxx~ 2008-03-11 03:06:23.000000000 +0100
|
||||||
|
+++ plib-1.8.5/src/ssg/ssgParser.cxx 2012-11-01 15:33:12.424483374 +0100
|
||||||
|
@@ -57,18 +57,16 @@ void _ssgParser::error( const char *form
|
||||||
|
char msgbuff[ 255 ];
|
||||||
|
va_list argp;
|
||||||
|
|
||||||
|
- char* msgptr = msgbuff;
|
||||||
|
- if (linenum)
|
||||||
|
- {
|
||||||
|
- msgptr += sprintf ( msgptr,"%s, line %d: ",
|
||||||
|
- path, linenum );
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
va_start( argp, format );
|
||||||
|
- vsprintf( msgptr, format, argp );
|
||||||
|
+ vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
|
||||||
|
va_end( argp );
|
||||||
|
|
||||||
|
- ulSetError ( UL_WARNING, "%s", msgbuff ) ;
|
||||||
|
+ if (linenum)
|
||||||
|
+ {
|
||||||
|
+ ulSetError ( UL_WARNING, "%s, line %d: %s", path, linenum, msgbuff ) ;
|
||||||
|
+ } else {
|
||||||
|
+ ulSetError ( UL_WARNING, "%s", msgbuff ) ;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@@ -78,18 +76,16 @@ void _ssgParser::message( const char *fo
|
||||||
|
char msgbuff[ 255 ];
|
||||||
|
va_list argp;
|
||||||
|
|
||||||
|
- char* msgptr = msgbuff;
|
||||||
|
- if (linenum)
|
||||||
|
- {
|
||||||
|
- msgptr += sprintf ( msgptr,"%s, line %d: ",
|
||||||
|
- path, linenum );
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
va_start( argp, format );
|
||||||
|
- vsprintf( msgptr, format, argp );
|
||||||
|
+ vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
|
||||||
|
va_end( argp );
|
||||||
|
|
||||||
|
- ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
|
||||||
|
+ if (linenum)
|
||||||
|
+ {
|
||||||
|
+ ulSetError ( UL_DEBUG, "%s, line %d: %s", path, linenum, msgbuff ) ;
|
||||||
|
+ } else {
|
||||||
|
+ ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
// Opens the file and does a few internal calculations based on the spec.
|
Loading…
Reference in a new issue