diff options
author | Mark H Weaver <mhw@netris.org> | 2014-08-26 12:00:26 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2014-08-26 12:05:37 -0400 |
commit | 48abd130217bd1645fefc4ca1817862672c6d782 (patch) | |
tree | bcb7bb4ab869d1303ff53484b7cff98a98b6b523 | |
parent | 5cc4517590d4d517bf9e29db5d9c5e03e4e0ad26 (diff) |
gnu: file: Update to 5.19; add fix for CVE-2014-3587.
* gnu/packages/patches/file-CVE-2014-3587.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/file.scm (file): Update to 5.19. Add patch.
-rw-r--r-- | gnu-system.am | 1 | ||||
-rw-r--r-- | gnu/packages/file.scm | 5 | ||||
-rw-r--r-- | gnu/packages/patches/file-CVE-2014-3587.patch | 16 |
3 files changed, 20 insertions, 2 deletions
diff --git a/gnu-system.am b/gnu-system.am index 86937749c7..f24da850c2 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -299,6 +299,7 @@ dist_patch_DATA = \ gnu/packages/patches/doxygen-test.patch \ gnu/packages/patches/doxygen-tmake.patch \ gnu/packages/patches/emacs-configure-sh.patch \ + gnu/packages/patches/file-CVE-2014-3587.patch \ gnu/packages/patches/findutils-absolute-paths.patch \ gnu/packages/patches/flashrom-use-libftdi1.patch \ gnu/packages/patches/flex-bison-tests.patch \ diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm index 067f20e67c..601b158128 100644 --- a/gnu/packages/file.scm +++ b/gnu/packages/file.scm @@ -27,13 +27,14 @@ (define-public file (package (name "file") - (version "5.18") + (version "5.19") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.astron.com/pub/file/file-" version ".tar.gz")) (sha256 (base32 - "01xz106biz6x4h5ilymg5v3367djvgnfp4lm87132cjqdmqgn6b5")))) + "0z1sgrcfy6d285kj5izy1yypf371bjl3247plh9ppk0svaxv714l")) + (patches (list (search-patch "file-CVE-2014-3587.patch"))))) (build-system gnu-build-system) (synopsis "file, a file type guesser") (description diff --git a/gnu/packages/patches/file-CVE-2014-3587.patch b/gnu/packages/patches/file-CVE-2014-3587.patch new file mode 100644 index 0000000000..cf88bf5f3e --- /dev/null +++ b/gnu/packages/patches/file-CVE-2014-3587.patch @@ -0,0 +1,16 @@ +Fixes CVE-2014-3587. Copied from upstream commit +0641e56be1af003aa02c7c6b0184466540637233. + +--- file-5.19/src/cdf.c.orig 2014-06-09 09:04:37.000000000 -0400 ++++ file-5.19/src/cdf.c 2014-08-26 11:55:23.887118898 -0400 +@@ -824,6 +824,10 @@ + q = (const uint8_t *)(const void *) + ((const char *)(const void *)p + ofs + - 2 * sizeof(uint32_t)); ++ if (q < p) { ++ DPRINTF(("Wrapped around %p < %p\n", q, p)); ++ goto out; ++ } + if (q > e) { + DPRINTF(("Ran of the end %p > %p\n", q, e)); + goto out; |