Commit d031b70d authored by Natanael Copa's avatar Natanael Copa

community/zutils: security fix (CVE-2018-1000637)

fixes #9332
parent 1db02dd1
......@@ -9,7 +9,9 @@ arch="all"
license="GPL-2.0"
subpackages="$pkgname-doc"
checkdepends="bzip2"
source="http://download.savannah.gnu.org/releases/$pkgname/$pkgname-$pkgver.tar.lz"
source="http://download.savannah.gnu.org/releases/$pkgname/$pkgname-$pkgver.tar.lz
CVE-2018-1000637.patch
"
builddir="$srcdir/$pkgname-$pkgver"
build() {
......@@ -28,4 +30,5 @@ package() {
make DESTDIR="$pkgdir" install
}
sha512sums="eaf49d9aefb21460635eb6d0f1ae49ddc51b5a4e5d6d0943637194351ef910471203908d6bfe93ad37ca62ceacebe5b208d12b4bb8dda68cd9dbcdb7c7f848e1 zutils-1.7.tar.lz"
sha512sums="eaf49d9aefb21460635eb6d0f1ae49ddc51b5a4e5d6d0943637194351ef910471203908d6bfe93ad37ca62ceacebe5b208d12b4bb8dda68cd9dbcdb7c7f848e1 zutils-1.7.tar.lz
de30e5458b294175cfb3ab9c2031e80c7a4269cf7cf5968e08690ea363bc057a4b052d3a6979d577e8e2182a0a74bc02997c1ba074baa97223b23057b73d6799 CVE-2018-1000637.patch"
--- zutils-1.7/zcat.cc 2018-02-13 19:10:41.000000000 +0000
+++ zutils-1.8-pre2/zcat.cc 2018-07-31 21:49:02.000000000 +0000
@@ -227,10 +230,11 @@
const Cat_options & cat_options )
{
enum { buffer_size = 4096 };
- // buffer with space for sentinel newline at the end
+ // buffer with space for sentinel newline at the end
uint8_t * const inbuf = new uint8_t[buffer_size+1];
- // buffer with space for character quoting and 255-digit line number
- uint8_t * const outbuf = new uint8_t[(4*buffer_size)+256];
+ // buffer with space for character quoting, 255-digit line number and
+ // worst case flushing respect to inbuf.
+ uint8_t * const outbuf = new uint8_t[(5*buffer_size)+256];
int retval = 0;
Children children;
if( !set_data_feeder( input_filename, &infd, children, format_index ) )
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment