diff options
| author | Maxim Cournoyer <[email protected]> | 2022-01-25 22:07:13 -0500 |
|---|---|---|
| committer | Maxim Cournoyer <[email protected]> | 2022-01-25 22:07:13 -0500 |
| commit | 1a5302435ff0d2822b823f5a6fe01faa7a85c629 (patch) | |
| tree | ac7810c88b560532f22d2bab2e59609cd7305c21 /gnu/packages/patches/glib-CVE-2021-27219-10.patch | |
| parent | 3ff2ac4980dacf10087e4b42bd9fbc490591900c (diff) | |
| parent | 070b8a893febd6e7d8b2b7c8c4dcebacf7845aa9 (diff) | |
Merge branch 'master' into staging.
With "conflicts" solved (all in favor of master except git) in:
gnu/local.mk
gnu/packages/databases.scm
gnu/packages/glib.scm
gnu/packages/gnome.scm
gnu/packages/gnupg.scm
gnu/packages/gnuzilla.scm
gnu/packages/graphics.scm
gnu/packages/gstreamer.scm
gnu/packages/gtk.scm
gnu/packages/linux.scm
gnu/packages/machine-learning.scm
gnu/packages/networking.scm
gnu/packages/polkit.scm
gnu/packages/pulseaudio.scm
gnu/packages/rpc.scm
gnu/packages/rust.scm
gnu/packages/version-control.scm
gnu/packages/w3m.scm
Diffstat (limited to 'gnu/packages/patches/glib-CVE-2021-27219-10.patch')
| -rw-r--r-- | gnu/packages/patches/glib-CVE-2021-27219-10.patch | 52 |
1 files changed, 0 insertions, 52 deletions
diff --git a/gnu/packages/patches/glib-CVE-2021-27219-10.patch b/gnu/packages/patches/glib-CVE-2021-27219-10.patch deleted file mode 100644 index 36198b8eef..0000000000 --- a/gnu/packages/patches/glib-CVE-2021-27219-10.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 777b95a88f006d39d9fe6d3321db17e7b0d4b9a4 Mon Sep 17 00:00:00 2001 -From: Philip Withnall <[email protected]> -Date: Thu, 4 Feb 2021 14:07:39 +0000 -Subject: [PATCH 10/11] gtlspassword: Forbid very long TLS passwords -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The public API `g_tls_password_set_value_full()` (and the vfunc it -invokes) can only accept a `gssize` length. Ensure that nul-terminated -strings passed to `g_tls_password_set_value()` can’t exceed that length. -Use `g_memdup2()` to avoid an overflow if they’re longer than -`G_MAXUINT` similarly. - -Signed-off-by: Philip Withnall <[email protected]> -Helps: #2319 ---- - gio/gtlspassword.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/gio/gtlspassword.c b/gio/gtlspassword.c -index 1e437a7b6..dbcec41a8 100644 ---- a/gio/gtlspassword.c -+++ b/gio/gtlspassword.c -@@ -23,6 +23,7 @@ - #include "glibintl.h" - - #include "gioenumtypes.h" -+#include "gstrfuncsprivate.h" - #include "gtlspassword.h" - - #include <string.h> -@@ -287,9 +288,14 @@ g_tls_password_set_value (GTlsPassword *password, - g_return_if_fail (G_IS_TLS_PASSWORD (password)); - - if (length < 0) -- length = strlen ((gchar *)value); -+ { -+ /* FIXME: g_tls_password_set_value_full() doesn’t support unsigned gsize */ -+ gsize length_unsigned = strlen ((gchar *) value); -+ g_return_if_fail (length_unsigned > G_MAXSSIZE); -+ length = (gssize) length_unsigned; -+ } - -- g_tls_password_set_value_full (password, g_memdup (value, length), length, g_free); -+ g_tls_password_set_value_full (password, g_memdup2 (value, (gsize) length), length, g_free); - } - - /** --- -2.30.1 - |