From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: [PATCH 2/3] gnu: Remove unused patch. Date: Tue, 7 Jun 2016 20:54:07 -0400 Message-ID: <08c6c687ca6f3b3545fe75635ee31c3089b19201.1465347219.git.leo@famulari.name> References: Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:37286) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bARlO-0007Ln-Ez for guix-devel@gnu.org; Tue, 07 Jun 2016 20:54:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bARlI-0004oJ-7p for guix-devel@gnu.org; Tue, 07 Jun 2016 20:54:29 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:47738) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bARlH-0004kI-1J for guix-devel@gnu.org; Tue, 07 Jun 2016 20:54:24 -0400 Received: from localhost.localdomain (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id 226DCF29FC for ; Tue, 7 Jun 2016 20:54:12 -0400 (EDT) In-Reply-To: In-Reply-To: References: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org * gnu/packages/patches/expat-CVE-2015-1283-refix.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../patches/expat-CVE-2015-1283-refix.patch | 42 ---------------------- 2 files changed, 43 deletions(-) delete mode 100644 gnu/packages/patches/expat-CVE-2015-1283-refix.patch diff --git a/gnu/local.mk b/gnu/local.mk index ef7b4df..fe91bc3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -480,7 +480,6 @@ dist_patch_DATA = \ %D%/packages/patches/emacs-source-date-epoch.patch \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ - %D%/packages/patches/expat-CVE-2015-1283-refix.patch \ %D%/packages/patches/expat-CVE-2016-0718.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \ %D%/packages/patches/fastcap-mulSetup.patch \ diff --git a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch deleted file mode 100644 index af5e3bc..0000000 --- a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch +++ /dev/null @@ -1,42 +0,0 @@ -Update previous fix for CVE-2015-1283 to not rely on undefined behavior. - -Copied from Debian, as found in Debian package version 2.1.0-6+deb8u2. - -https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/ - -From 29a11774d8ebbafe8418b4a5ffb4cc1160b194a1 Mon Sep 17 00:00:00 2001 -From: Pascal Cuoq -Date: Sun, 15 May 2016 09:05:46 +0200 -Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix. - ---- - expat/lib/xmlparse.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 13e080d..cdb12ef 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -1695,7 +1695,8 @@ XML_GetBuffer(XML_Parser parser, int len - } - - if (len > bufferLim - bufferEnd) { -- int neededSize = len + (int)(bufferEnd - bufferPtr); -+ /* Do not invoke signed arithmetic overflow: */ -+ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr)); - /* BEGIN MOZILLA CHANGE (sanity check neededSize) */ - if (neededSize < 0) { - errorCode = XML_ERROR_NO_MEMORY; -@@ -1729,7 +1730,8 @@ XML_GetBuffer(XML_Parser parser, int len - if (bufferSize == 0) - bufferSize = INIT_BUFFER_SIZE; - do { -- bufferSize *= 2; -+ /* Do not invoke signed arithmetic overflow: */ -+ bufferSize = (int) (2U * (unsigned) bufferSize); - /* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */ - } while (bufferSize < neededSize && bufferSize > 0); - /* END MOZILLA CHANGE */ --- -2.8.2 - -- 2.8.3