diff options
| author | Leo Famulari <leo@famulari.name> | 2017-12-20 19:53:40 -0500 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2017-12-21 14:17:35 -0500 |
| commit | 9c3ad422d0f4f2e552dcb73aae98c7db1fc2e584 (patch) | |
| tree | 70eb99c103c52a7913708f0746b068210d4c62ed | |
| parent | 5dc0e0b055ce2ab12c40066cee34511cd7a5cf03 (diff) | |
gnu: libgxps: Fix CVE-2017-11590.
* gnu/packages/patches/libgxps-CVE-2017-11590.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (libgxps)[source]: Use it.
| -rw-r--r-- | gnu/local.mk | 1 | ||||
| -rw-r--r-- | gnu/packages/gnome.scm | 1 | ||||
| -rw-r--r-- | gnu/packages/patches/libgxps-CVE-2017-11590.patch | 48 |
3 files changed, 50 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 20b3c3e366..ea9c42449a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -810,6 +810,7 @@ dist_patch_DATA = \ %D%/packages/patches/libgit2-0.25.1-mtime-0.patch \ %D%/packages/patches/libgdata-fix-tests.patch \ %D%/packages/patches/libgdata-glib-duplicate-tests.patch \ + %D%/packages/patches/libgxps-CVE-2017-11590.patch \ %D%/packages/patches/libffi-3.2.1-complex-alpha.patch \ %D%/packages/patches/libjxr-fix-function-signature.patch \ %D%/packages/patches/libjxr-fix-typos.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 7b93ddd14e..b7f57b030e 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -395,6 +395,7 @@ access the common Google services, and has full asynchronous support.") (uri (string-append "mirror://gnome/sources/" name "/" (version-major+minor version) "/" name "-" version ".tar.xz")) + (patches (search-patches "libgxps-CVE-2017-11590.patch")) (sha256 (base32 "184r06s8g20cfigg7m169n42jjsc9wmzzlycr4g1fxxhr72r8x9y")))) diff --git a/gnu/packages/patches/libgxps-CVE-2017-11590.patch b/gnu/packages/patches/libgxps-CVE-2017-11590.patch new file mode 100644 index 0000000000..9caa79b6f0 --- /dev/null +++ b/gnu/packages/patches/libgxps-CVE-2017-11590.patch @@ -0,0 +1,48 @@ +Fix CVE-2017-11590: + +https://bugzilla.gnome.org/show_bug.cgi?id=785479 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11590 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/libgxps/commit/?id=9d5d292055250ed298f3b89dc332d6db4003a031 + +From 9d5d292055250ed298f3b89dc332d6db4003a031 Mon Sep 17 00:00:00 2001 +From: Marek Kasik <mkasik@redhat.com> +Date: Wed, 26 Jul 2017 16:23:37 +0200 +Subject: archive: Check for pathname being NULL before dereferencing + +Check whether "archive_entry_pathname ()" returns a non-NULL pathname +before using it to avoid a NULL pointer being dereferenced. + +https://bugzilla.gnome.org/show_bug.cgi?id=785479 +--- + libgxps/gxps-archive.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c +index acf8d7d..e763773 100644 +--- a/libgxps/gxps-archive.c ++++ b/libgxps/gxps-archive.c +@@ -257,6 +257,7 @@ gxps_archive_initable_init (GInitable *initable, + GXPSArchive *archive; + ZipArchive *zip; + struct archive_entry *entry; ++ const gchar *pathname; + + archive = GXPS_ARCHIVE (initable); + +@@ -281,7 +282,9 @@ gxps_archive_initable_init (GInitable *initable, + + while (gxps_zip_archive_iter_next (zip, &entry)) { + /* FIXME: We can ignore directories here */ +- g_hash_table_add (archive->entries, g_strdup (archive_entry_pathname (entry))); ++ pathname = archive_entry_pathname (entry); ++ if (pathname != NULL) ++ g_hash_table_add (archive->entries, g_strdup (pathname)); + archive_read_data_skip (zip->archive); + } + +-- +cgit v0.12 + |