mirror of
https://github.com/NixOS/nixpkgs.git
synced 2026-07-06 17:13:24 -05:00
parent
12425f1be9
commit
a7a6bd99a2
3 changed files with 92 additions and 0 deletions
52
pkgs/tools/compression/gzip/CVE-2026-41991.patch
Normal file
52
pkgs/tools/compression/gzip/CVE-2026-41991.patch
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
From 4e6f8b24ab823146ab8776f0b7fe486ab34d4269 Mon Sep 17 00:00:00 2001
|
||||
From: Paul Eggert <eggert@cs.ucla.edu>
|
||||
Date: Thu, 16 Apr 2026 12:11:44 -0700
|
||||
Subject: gzexe: use -C if lacking mktemp
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
(Problem reported by Michał Majchrowicz.)
|
||||
* gzexe.in: If mktemp is needed but not installed,
|
||||
use ‘set -C’ to avoid a race when creating a temporary file.
|
||||
* zdiff.in: Use the same pattern here, even though the old
|
||||
code was probably OK anyway.
|
||||
---
|
||||
gzexe.in | 1 +
|
||||
zdiff.in | 7 +++----
|
||||
2 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/gzexe.in b/gzexe.in
|
||||
index ea4ef94..f3d46cc 100644
|
||||
--- a/gzexe.in
|
||||
+++ b/gzexe.in
|
||||
@@ -127,6 +127,7 @@ for i do
|
||||
tmp=`mktemp "${dir}gzexeXXXXXXXXX"`
|
||||
else
|
||||
tmp=${dir}gzexe$$
|
||||
+ (umask 77; set -C; > "$tmp")
|
||||
fi && { cp -p "$file" "$tmp" 2>/dev/null || cp "$file" "$tmp"; } || {
|
||||
res=$?
|
||||
printf >&2 '%s\n' "$0: cannot copy $file"
|
||||
diff --git a/zdiff.in b/zdiff.in
|
||||
index 289e466..53266df 100644
|
||||
--- a/zdiff.in
|
||||
+++ b/zdiff.in
|
||||
@@ -156,12 +156,11 @@ case $file2 in
|
||||
*) TMPDIR=/tmp/;;
|
||||
esac
|
||||
if command -v mktemp >/dev/null 2>&1; then
|
||||
- tmp=`mktemp "${TMPDIR}zdiffXXXXXXXXX"` ||
|
||||
- exit 2
|
||||
+ tmp=`mktemp "${TMPDIR}zdiffXXXXXXXXX"`
|
||||
else
|
||||
- set -C
|
||||
tmp=${TMPDIR}zdiff$$
|
||||
- fi
|
||||
+ (umask 77; set -C; > "$tmp")
|
||||
+ fi &&
|
||||
'gzip' -cdfq -- "$file2" > "$tmp" || exit 2
|
||||
gzip_status=$(
|
||||
exec 4>&1
|
||||
--
|
||||
cgit v1.2.3
|
||||
35
pkgs/tools/compression/gzip/CVE-2026-41992.patch
Normal file
35
pkgs/tools/compression/gzip/CVE-2026-41992.patch
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
From 63dbf6b3b9e6e781df1a6a64e609b10e23969681 Mon Sep 17 00:00:00 2001
|
||||
From: Paul Eggert <eggert@cs.ucla.edu>
|
||||
Date: Wed, 15 Apr 2026 12:00:17 -0700
|
||||
Subject: gzip: don’t mishandle .lzh after .Z
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Problem reported by Michał Majchrowicz.
|
||||
* unlzh.c (read_c_len): Clear left and right when n == 0.
|
||||
---
|
||||
unlzh.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
(limited to 'unlzh.c')
|
||||
|
||||
diff --git a/unlzh.c b/unlzh.c
|
||||
index 3320196..a6cf109 100644
|
||||
--- a/unlzh.c
|
||||
+++ b/unlzh.c
|
||||
@@ -232,6 +232,12 @@ read_c_len ()
|
||||
c = getbits(CBIT);
|
||||
for (i = 0; i < NC; i++) c_len[i] = 0;
|
||||
for (i = 0; i < 4096; i++) c_table[i] = c;
|
||||
+
|
||||
+ /* Needed in case LEFT and RIGHT are reused from a previous
|
||||
+ LZW decompression. It may be overkill to clear all of both
|
||||
+ arrays, but nobody has had time to analyze this carefully. */
|
||||
+ memzero(left, (2 * NC - 1) * sizeof *left);
|
||||
+ memzero(right, (2 * NC - 1) * sizeof *left);
|
||||
} else {
|
||||
i = 0;
|
||||
while (i < n) {
|
||||
--
|
||||
cgit v1.3
|
||||
|
|
@ -25,6 +25,11 @@ stdenv.mkDerivation (finalAttrs: {
|
|||
hash = "sha256-Aae4gb0iC/32Ffl7hxj4C9/T9q3ThbmT3Pbv0U6MCsY=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
./CVE-2026-41991.patch
|
||||
./CVE-2026-41992.patch
|
||||
];
|
||||
|
||||
outputs = [
|
||||
"out"
|
||||
"man"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue