mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: lrzip: Fix CVE-2017-8842.
* gnu/packages/compression.scm (lrzip)[source]: Add patch. * gnu/packages/patches/lrzip-CVE-2017-8842.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it.
This commit is contained in:
parent
a440a6af09
commit
5400fdfd5d
3 changed files with 26 additions and 1 deletions
|
@ -885,6 +885,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \
|
%D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \
|
||||||
%D%/packages/patches/llvm-for-extempore.patch \
|
%D%/packages/patches/llvm-for-extempore.patch \
|
||||||
%D%/packages/patches/lm-sensors-hwmon-attrs.patch \
|
%D%/packages/patches/lm-sensors-hwmon-attrs.patch \
|
||||||
|
%D%/packages/patches/lrzip-CVE-2017-8842.patch \
|
||||||
%D%/packages/patches/lua-CVE-2014-5461.patch \
|
%D%/packages/patches/lua-CVE-2014-5461.patch \
|
||||||
%D%/packages/patches/lua-pkgconfig.patch \
|
%D%/packages/patches/lua-pkgconfig.patch \
|
||||||
%D%/packages/patches/lua51-liblua-so.patch \
|
%D%/packages/patches/lua51-liblua-so.patch \
|
||||||
|
|
|
@ -1017,7 +1017,8 @@ (define-public lrzip
|
||||||
"http://ck.kolivas.org/apps/lrzip/lrzip-" version ".tar.bz2"))
|
"http://ck.kolivas.org/apps/lrzip/lrzip-" version ".tar.bz2"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"0mb449vmmwpkalq732jdyginvql57nxyd31sszb108yps1lf448d"))))
|
"0mb449vmmwpkalq732jdyginvql57nxyd31sszb108yps1lf448d"))
|
||||||
|
(patches (search-patches "lrzip-CVE-2017-8842.patch"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(native-inputs
|
(native-inputs
|
||||||
`(;; nasm is only required when building for 32-bit x86 platforms
|
`(;; nasm is only required when building for 32-bit x86 platforms
|
||||||
|
|
23
gnu/packages/patches/lrzip-CVE-2017-8842.patch
Normal file
23
gnu/packages/patches/lrzip-CVE-2017-8842.patch
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
From 38386bd482c0a8102a79958cb3eddcb97a167ca3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Con Kolivas <kernel@kolivas.org>
|
||||||
|
Date: Fri, 9 Mar 2018 17:39:40 +1100
|
||||||
|
Subject: [PATCH] CVE-2017-8842 Fix divide-by-zero in bufRead::get
|
||||||
|
|
||||||
|
---
|
||||||
|
libzpaq/libzpaq.h | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libzpaq/libzpaq.h b/libzpaq/libzpaq.h
|
||||||
|
index 93387da..cbe211d 100644
|
||||||
|
--- a/libzpaq/libzpaq.h
|
||||||
|
+++ b/libzpaq/libzpaq.h
|
||||||
|
@@ -465,7 +465,8 @@ struct bufRead: public libzpaq::Reader {
|
||||||
|
|
||||||
|
int get() {
|
||||||
|
if (progress && !(*s_len % 128)) {
|
||||||
|
- int pct = (total_len - *s_len) * 100 / total_len;
|
||||||
|
+ int pct = (total_len > 0) ?
|
||||||
|
+ (total_len - *s_len) * 100 / total_len : 100;
|
||||||
|
|
||||||
|
if (pct / 10 != *last_pct / 10) {
|
||||||
|
int i;
|
Loading…
Reference in a new issue