guix-devel/gnu/packages/patches/zziplib-CVE-2017-5979.patch

Fix CVE-2017-5979:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979

Patch copied from Debian.

Index: zziplib-0.13.62/zzip/fseeko.c
===================================================================
--- zziplib-0.13.62.orig/zzip/fseeko.c
+++ zziplib-0.13.62/zzip/fseeko.c
@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk)
         return 0;
     /* we read out chunks of 8 KiB in the hope to match disk granularity */
     ___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */
-    ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry));
+    ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry));
     if (! entry)
         return 0;
     ___ unsigned char *buffer = malloc(pagesize);
gnu: zziplib: Fix CVE-2017-{5974,5975,5976,5978,5979,5981}. * gnu/packages/patches/zziplib-CVE-2017-5974.patch, gnu/packages/patches/zziplib-CVE-2017-5975.patch, gnu/packages/patches/zziplib-CVE-2017-5976.patch, gnu/packages/patches/zziplib-CVE-2017-5978.patch, gnu/packages/patches/zziplib-CVE-2017-5979.patch, gnu/packages/patches/zziplib-CVE-2017-5981.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/zip.scm (zziplib)[source]: Use them. 2017-06-14 22:34:10 +02:00			`Fix CVE-2017-5979:`

			`https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979`

			`Patch copied from Debian.`

			`Index: zziplib-0.13.62/zzip/fseeko.c`
			`===================================================================`
			`--- zziplib-0.13.62.orig/zzip/fseeko.c`
			`+++ zziplib-0.13.62/zzip/fseeko.c`
			`@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk)`
			`return 0;`
			`/* we read out chunks of 8 KiB in the hope to match disk granularity */`
			`___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */`
			`- ___ ZZIP_ENTRY entry = malloc(sizeof(entry));`
			`+ ___ ZZIP_ENTRY entry = calloc(1, sizeof(entry));`
			`if (! entry)`
			`return 0;`
			`___ unsigned char *buffer = malloc(pagesize);`