mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 05:18:07 -05:00
gnu: file: Update to 5.20.
* gnu/packages/file.scm (file): Update to 5.20. (file-5.20): Remove. * gnu/packages/patches/file-CVE-2014-3587.patch: Remove. * gnu-system.am (dist_patch_DATA): Adjust accordingly. * gnu/packages/patchutils.scm (quilt): Use FILE instead of FILE-5.20. * gnu/packages/version-control.scm (aegis): Ditto.
This commit is contained in:
parent
a5b60e3c6b
commit
0253ab3979
5 changed files with 10 additions and 37 deletions
|
@ -340,7 +340,6 @@ dist_patch_DATA = \
|
|||
gnu/packages/patches/duplicity-piped-password.patch \
|
||||
gnu/packages/patches/duplicity-test_selection-tmp.patch \
|
||||
gnu/packages/patches/eudev-rules-directory.patch \
|
||||
gnu/packages/patches/file-CVE-2014-3587.patch \
|
||||
gnu/packages/patches/findutils-absolute-paths.patch \
|
||||
gnu/packages/patches/flashrom-use-libftdi1.patch \
|
||||
gnu/packages/patches/flex-bison-tests.patch \
|
||||
|
|
|
@ -27,14 +27,14 @@ (define-module (gnu packages file)
|
|||
(define-public file
|
||||
(package
|
||||
(name "file")
|
||||
(version "5.19")
|
||||
(version "5.20")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "ftp://ftp.astron.com/pub/file/file-"
|
||||
version ".tar.gz"))
|
||||
(sha256 (base32
|
||||
"0z1sgrcfy6d285kj5izy1yypf371bjl3247plh9ppk0svaxv714l"))
|
||||
(patches (list (search-patch "file-CVE-2014-3587.patch")))))
|
||||
(sha256
|
||||
(base32
|
||||
"0iyjs9z8kp43gz7gva4j67h4p0n53f7q8x3ibai9s01sp3xnphsv"))))
|
||||
(build-system gnu-build-system)
|
||||
|
||||
;; When cross-compiling, this package depends upon a native install of
|
||||
|
@ -50,13 +50,3 @@ (define-public file
|
|||
(license bsd-2)
|
||||
(home-page "http://www.darwinsys.com/file/")))
|
||||
|
||||
(define-public file-5.20 ;fix for CVE-2014-3710
|
||||
(package (inherit file)
|
||||
(version "5.20")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "ftp://ftp.astron.com/pub/file/file-"
|
||||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0iyjs9z8kp43gz7gva4j67h4p0n53f7q8x3ibai9s01sp3xnphsv"))))))
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
Fixes CVE-2014-3587. Copied from upstream commit
|
||||
0641e56be1af003aa02c7c6b0184466540637233.
|
||||
|
||||
--- file-5.19/src/cdf.c.orig 2014-06-09 09:04:37.000000000 -0400
|
||||
+++ file-5.19/src/cdf.c 2014-08-26 11:55:23.887118898 -0400
|
||||
@@ -824,6 +824,10 @@
|
||||
q = (const uint8_t *)(const void *)
|
||||
((const char *)(const void *)p + ofs
|
||||
- 2 * sizeof(uint32_t));
|
||||
+ if (q < p) {
|
||||
+ DPRINTF(("Wrapped around %p < %p\n", q, p));
|
||||
+ goto out;
|
||||
+ }
|
||||
if (q > e) {
|
||||
DPRINTF(("Ran of the end %p > %p\n", q, e));
|
||||
goto out;
|
|
@ -96,7 +96,7 @@ (define-public quilt
|
|||
(build-system gnu-build-system)
|
||||
(inputs `(("perl" ,perl)
|
||||
("less" ,less)
|
||||
("file" ,file-5.20) ;work around CVE-2014-3710
|
||||
("file" ,file)
|
||||
("ed" ,ed)))
|
||||
(arguments
|
||||
'(#:parallel-tests? #f
|
||||
|
|
|
@ -507,7 +507,7 @@ (define-public aegis
|
|||
(inputs
|
||||
`(("e2fsprogs" ,e2fsprogs)
|
||||
("curl" ,curl)
|
||||
("file" ,file-5.20) ;work around CVE-2014-3710
|
||||
("file" ,file)
|
||||
("libxml2" ,libxml2)
|
||||
("zlib" ,zlib)
|
||||
("gettext" ,gnu-gettext)))
|
||||
|
|
Loading…
Reference in a new issue