diff --git a/gnu/local.mk b/gnu/local.mk index edfecc7783..445d126c1b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -603,6 +603,7 @@ dist_patch_DATA = \ %D%/packages/patches/fasthenry-spFactor.patch \ %D%/packages/patches/fcgi-2.4.0-gcc44-fixes.patch \ %D%/packages/patches/fcgi-2.4.0-poll.patch \ + %D%/packages/patches/file-CVE-2017-1000249.patch \ %D%/packages/patches/findutils-localstatedir.patch \ %D%/packages/patches/findutils-gnulib-multi-core.patch \ %D%/packages/patches/findutils-test-xargs.patch \ diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 2b67881ede..7bbe1becd9 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -112,8 +112,7 @@ (define findutils-boot0 (define file-boot0 (package-with-bootstrap-guile - (package-with-explicit-inputs (package - (inherit file) + (package-with-explicit-inputs (package/inherit file (name "file-boot0")) `(("make" ,gnu-make-boot0) ,@%bootstrap-inputs) diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm index 050e6715b1..3bc8e1dcfe 100644 --- a/gnu/packages/file.scm +++ b/gnu/packages/file.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge ;;; Copyright © 2014, 2015 Mark H Weaver -;;; Copyright © 2016 Efraim Flashner +;;; Copyright © 2016, 2017 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -27,7 +27,8 @@ (define-module (gnu packages file) (define-public file (package - (name "file") + (replacement file/fixed) + (name "file") (version "5.30") (source (origin (method url-fetch) @@ -51,3 +52,9 @@ (define-public file (license bsd-2) (home-page "http://www.darwinsys.com/file/"))) +(define file/fixed + (package + (inherit file) + (source (origin + (inherit (package-source file)) + (patches (search-patches "file-CVE-2017-1000249.patch")))))) diff --git a/gnu/packages/patches/file-CVE-2017-1000249.patch b/gnu/packages/patches/file-CVE-2017-1000249.patch new file mode 100644 index 0000000000..505acf1592 --- /dev/null +++ b/gnu/packages/patches/file-CVE-2017-1000249.patch @@ -0,0 +1,27 @@ +https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793.patch +http://openwall.com/lists/oss-security/2017/09/05/3 + +The patch is minorly modified to apply to file-5.30 + +From 35c94dc6acc418f1ad7f6241a6680e5327495793 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Sun, 27 Aug 2017 07:55:02 +0000 +Subject: [PATCH] Fix always true condition (Thomas Jarosch) + +--- + src/readelf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/readelf.c b/src/readelf.c +index 81451827..5f425c97 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -511,7 +511,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, + size_t noff, size_t doff, int *flags) + { + if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 && +- type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) { ++ type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) { + uint8_t desc[20]; + const char *btype; + uint32_t i;