mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 05:18:07 -05:00
gnu: file: Update to 5.19; add fix for CVE-2014-3587.
* gnu/packages/patches/file-CVE-2014-3587.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/file.scm (file): Update to 5.19. Add patch.
This commit is contained in:
parent
5cc4517590
commit
48abd13021
3 changed files with 20 additions and 2 deletions
|
@ -299,6 +299,7 @@ dist_patch_DATA = \
|
||||||
gnu/packages/patches/doxygen-test.patch \
|
gnu/packages/patches/doxygen-test.patch \
|
||||||
gnu/packages/patches/doxygen-tmake.patch \
|
gnu/packages/patches/doxygen-tmake.patch \
|
||||||
gnu/packages/patches/emacs-configure-sh.patch \
|
gnu/packages/patches/emacs-configure-sh.patch \
|
||||||
|
gnu/packages/patches/file-CVE-2014-3587.patch \
|
||||||
gnu/packages/patches/findutils-absolute-paths.patch \
|
gnu/packages/patches/findutils-absolute-paths.patch \
|
||||||
gnu/packages/patches/flashrom-use-libftdi1.patch \
|
gnu/packages/patches/flashrom-use-libftdi1.patch \
|
||||||
gnu/packages/patches/flex-bison-tests.patch \
|
gnu/packages/patches/flex-bison-tests.patch \
|
||||||
|
|
|
@ -27,13 +27,14 @@ (define-module (gnu packages file)
|
||||||
(define-public file
|
(define-public file
|
||||||
(package
|
(package
|
||||||
(name "file")
|
(name "file")
|
||||||
(version "5.18")
|
(version "5.19")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "ftp://ftp.astron.com/pub/file/file-"
|
(uri (string-append "ftp://ftp.astron.com/pub/file/file-"
|
||||||
version ".tar.gz"))
|
version ".tar.gz"))
|
||||||
(sha256 (base32
|
(sha256 (base32
|
||||||
"01xz106biz6x4h5ilymg5v3367djvgnfp4lm87132cjqdmqgn6b5"))))
|
"0z1sgrcfy6d285kj5izy1yypf371bjl3247plh9ppk0svaxv714l"))
|
||||||
|
(patches (list (search-patch "file-CVE-2014-3587.patch")))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(synopsis "file, a file type guesser")
|
(synopsis "file, a file type guesser")
|
||||||
(description
|
(description
|
||||||
|
|
16
gnu/packages/patches/file-CVE-2014-3587.patch
Normal file
16
gnu/packages/patches/file-CVE-2014-3587.patch
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
Fixes CVE-2014-3587. Copied from upstream commit
|
||||||
|
0641e56be1af003aa02c7c6b0184466540637233.
|
||||||
|
|
||||||
|
--- file-5.19/src/cdf.c.orig 2014-06-09 09:04:37.000000000 -0400
|
||||||
|
+++ file-5.19/src/cdf.c 2014-08-26 11:55:23.887118898 -0400
|
||||||
|
@@ -824,6 +824,10 @@
|
||||||
|
q = (const uint8_t *)(const void *)
|
||||||
|
((const char *)(const void *)p + ofs
|
||||||
|
- 2 * sizeof(uint32_t));
|
||||||
|
+ if (q < p) {
|
||||||
|
+ DPRINTF(("Wrapped around %p < %p\n", q, p));
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
if (q > e) {
|
||||||
|
DPRINTF(("Ran of the end %p > %p\n", q, e));
|
||||||
|
goto out;
|
Loading…
Reference in a new issue