gnu: file: Fix CVE-2017-1000249.
* gnu/packages/file.scm (file)[replacement]: New field. (file/fixed): New variable. * gnu/packages/commencement.scm (file-boot0): Use package/inherit. * gnu/packages/patches/file-CVE-2017-1000249.patch. * gnu/local.mk (dist_patch_DATA): Register it.
This commit is contained in:
parent
5cf0997a0b
commit
f1597427f2
@ -603,6 +603,7 @@ dist_patch_DATA = \
|
||||
%D%/packages/patches/fasthenry-spFactor.patch \
|
||||
%D%/packages/patches/fcgi-2.4.0-gcc44-fixes.patch \
|
||||
%D%/packages/patches/fcgi-2.4.0-poll.patch \
|
||||
%D%/packages/patches/file-CVE-2017-1000249.patch \
|
||||
%D%/packages/patches/findutils-localstatedir.patch \
|
||||
%D%/packages/patches/findutils-gnulib-multi-core.patch \
|
||||
%D%/packages/patches/findutils-test-xargs.patch \
|
||||
|
@ -112,8 +112,7 @@
|
||||
|
||||
(define file-boot0
|
||||
(package-with-bootstrap-guile
|
||||
(package-with-explicit-inputs (package
|
||||
(inherit file)
|
||||
(package-with-explicit-inputs (package/inherit file
|
||||
(name "file-boot0"))
|
||||
`(("make" ,gnu-make-boot0)
|
||||
,@%bootstrap-inputs)
|
||||
|
@ -1,7 +1,7 @@
|
||||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
|
||||
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
|
||||
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
|
||||
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
@ -27,7 +27,8 @@
|
||||
|
||||
(define-public file
|
||||
(package
|
||||
(name "file")
|
||||
(replacement file/fixed)
|
||||
(name "file")
|
||||
(version "5.30")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
@ -51,3 +52,9 @@ of the file.")
|
||||
(license bsd-2)
|
||||
(home-page "http://www.darwinsys.com/file/")))
|
||||
|
||||
(define file/fixed
|
||||
(package
|
||||
(inherit file)
|
||||
(source (origin
|
||||
(inherit (package-source file))
|
||||
(patches (search-patches "file-CVE-2017-1000249.patch"))))))
|
||||
|
27
gnu/packages/patches/file-CVE-2017-1000249.patch
Normal file
27
gnu/packages/patches/file-CVE-2017-1000249.patch
Normal file
@ -0,0 +1,27 @@
|
||||
https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793.patch
|
||||
http://openwall.com/lists/oss-security/2017/09/05/3
|
||||
|
||||
The patch is minorly modified to apply to file-5.30
|
||||
|
||||
From 35c94dc6acc418f1ad7f6241a6680e5327495793 Mon Sep 17 00:00:00 2001
|
||||
From: Christos Zoulas <christos@zoulas.com>
|
||||
Date: Sun, 27 Aug 2017 07:55:02 +0000
|
||||
Subject: [PATCH] Fix always true condition (Thomas Jarosch)
|
||||
|
||||
---
|
||||
src/readelf.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/readelf.c b/src/readelf.c
|
||||
index 81451827..5f425c97 100644
|
||||
--- a/src/readelf.c
|
||||
+++ b/src/readelf.c
|
||||
@@ -511,7 +511,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
|
||||
size_t noff, size_t doff, int *flags)
|
||||
{
|
||||
if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
|
||||
- type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) {
|
||||
+ type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) {
|
||||
uint8_t desc[20];
|
||||
const char *btype;
|
||||
uint32_t i;
|
Loading…
Reference in New Issue
Block a user