mirror of
https://github.com/void-linux/void-packages.git
synced 2025-09-25 05:05:13 +02:00
765e304c4b
```sh
git grep -l '^patch_args=-Np0' "srcpkgs/$1*/template" |
while read template; do
for p in ${template%/template}/patches/*; do
sed -i '
\,^[+-][+-][+-] /dev/null,b
/^[*-]\+ [0-9]\+\(,[0-9]\+\)\? [*-]\+$/b
s,^[*][*][*] ,&a/,
/^--- /{
s,\(^--- \)\(./\)*,\1a/,
s,[.][Oo][Rr][Ii][Gg]\([ /]\),\1,
s/[.][Oo][Rr][Ii][Gg]$//
s/[.]patched[.]\([^.]\)/.\1/
h
}
/^+++ -/{
g
s/^--- a/+++ b/
b
}
s,\(^+++ \)\(./\)*,\1b/,
' "$p"
done
sed -i '/^patch_args=/d' $template
done
```
33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
# HG changeset patch
|
|
# User Adam Lackorzynski <adam@os.inf.tu-dresden.de>
|
|
# Date 1492510834 -7200
|
|
# Node ID c33d24938f3ed3dc2b7d328fe255794468a814eb
|
|
# Parent c72edf0e43bca463239ea15594d128ecbc0d2574
|
|
Fix CVE-2017-7467, a remote exploitalbe out of bound access
|
|
|
|
This fixes an out of bounds data access that can lead to a
|
|
remotely exploitable code execution.
|
|
|
|
This issue was found by Solar Designer of Openwall during a
|
|
security audit of the Virtuozzo 7 product, which contains
|
|
derived downstream code in its prl-vzvncserver component.
|
|
The corresponding Virtuozzo 7 fix is:
|
|
|
|
https://src.openvz.org/projects/OVZ/repos/prl-vzvncserver/commits/6d95404e75b98f36b1cc85ee23df99dcf06ca13f
|
|
|
|
Openwall would like to thank the Virtuozzo company for
|
|
funding the effort.
|
|
|
|
diff -r c72edf0e43bc -r c33d24938f3e src/vt100.c
|
|
--- a/src/vt100.c Sat Sep 17 02:17:37 2016 +0200
|
|
+++ b/src/vt100.c Tue Apr 18 12:20:34 2017 +0200
|
|
@@ -427,7 +427,7 @@
|
|
}
|
|
/* Separation between numbers ? */
|
|
if (c == ';') {
|
|
- if (ptr < 7)
|
|
+ if (ptr < (int)ARRAY_SIZE(escparms) - 1)
|
|
ptr++;
|
|
return;
|
|
}
|
|
|