mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 05:48:07 -05:00
gnu: rpm: Update to 4.13.0.1.
* gnu/packages/package-management.scm (rpm): Update to 4.13.0.1 [source]: Remove patch. Use 'version-major+minor' for url. * gnu/packages/patches/rpm-CVE-2014-8118.patch: Delete patch. * gnu/local.mk (dist_patch_DATA): Remove it.
This commit is contained in:
parent
52d445f130
commit
623cc34cd2
3 changed files with 4 additions and 30 deletions
|
@ -1011,7 +1011,6 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/reptyr-fix-gcc-7.patch \
|
%D%/packages/patches/reptyr-fix-gcc-7.patch \
|
||||||
%D%/packages/patches/ripperx-missing-file.patch \
|
%D%/packages/patches/ripperx-missing-file.patch \
|
||||||
%D%/packages/patches/rpcbind-CVE-2017-8779.patch \
|
%D%/packages/patches/rpcbind-CVE-2017-8779.patch \
|
||||||
%D%/packages/patches/rpm-CVE-2014-8118.patch \
|
|
||||||
%D%/packages/patches/rsem-makefile.patch \
|
%D%/packages/patches/rsem-makefile.patch \
|
||||||
%D%/packages/patches/ruby-concurrent-ignore-broken-test.patch \
|
%D%/packages/patches/ruby-concurrent-ignore-broken-test.patch \
|
||||||
%D%/packages/patches/ruby-concurrent-test-arm.patch \
|
%D%/packages/patches/ruby-concurrent-test-arm.patch \
|
||||||
|
|
|
@ -411,15 +411,15 @@ (define-public stow
|
||||||
(define-public rpm
|
(define-public rpm
|
||||||
(package
|
(package
|
||||||
(name "rpm")
|
(name "rpm")
|
||||||
(version "4.12.0.1")
|
(version "4.13.0.1")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "http://rpm.org/releases/rpm-4.12.x/rpm-"
|
(uri (string-append "http://ftp.rpm.org/releases/rpm-"
|
||||||
|
(version-major+minor version) ".x/rpm-"
|
||||||
version ".tar.bz2"))
|
version ".tar.bz2"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"0a82ym8phx7g0f3k6smvxnvzh7yv857l42xafk49689kzhld5pbp"))
|
"03cvbwbfrhm0fa02j7828k1qp05hf2m0fradwcf2nqhrsjkppz17"))))
|
||||||
(patches (search-patches "rpm-CVE-2014-8118.patch"))))
|
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
'(#:configure-flags '("--with-external-db" ;use the system's bdb
|
'(#:configure-flags '("--with-external-db" ;use the system's bdb
|
||||||
|
|
|
@ -1,25 +0,0 @@
|
||||||
Fix CVE-2014-8118 (integer overflow allowing arbitrary remote code
|
|
||||||
execution via crafted CPIO header).
|
|
||||||
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118
|
|
||||||
|
|
||||||
Source:
|
|
||||||
https://bugzilla.redhat.com/attachment.cgi?id=962159&action=diff
|
|
||||||
|
|
||||||
Adopted by Debian:
|
|
||||||
http://anonscm.debian.org/cgit/collab-maint/rpm.git/plain/debian/patches/CVE-2014-8118.patch
|
|
||||||
|
|
||||||
diff --git a/lib/cpio.c b/lib/cpio.c
|
|
||||||
index 253ff0f..600633a 100644
|
|
||||||
--- a/lib/cpio.c
|
|
||||||
+++ b/lib/cpio.c
|
|
||||||
@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, int * fx)
|
|
||||||
|
|
||||||
GET_NUM_FIELD(hdr.filesize, fsize);
|
|
||||||
GET_NUM_FIELD(hdr.namesize, nameSize);
|
|
||||||
+ if (nameSize <= 0 || nameSize > 4096) {
|
|
||||||
+ return RPMERR_BAD_HEADER;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
char name[nameSize + 1];
|
|
||||||
read = Fread(name, nameSize, 1, cpio->fd);
|
|
Loading…
Reference in a new issue