diff options
author | Léo Le Bouter <lle-bout@zaclys.net> | 2021-03-10 09:50:14 +0100 |
---|---|---|
committer | Léo Le Bouter <lle-bout@zaclys.net> | 2021-03-10 09:54:27 +0100 |
commit | b66fc0a64bbcf4c198c117f0eca1ee95661b5b4a (patch) | |
tree | c20b63aa7d2e0fa73374f6f8a3039d8a7e4ecb31 | |
parent | 207ef1a2b4f6ffd4781d1f5aab8e5984bc515f4c (diff) | |
download | guix-b66fc0a64bbcf4c198c117f0eca1ee95661b5b4a.tar.gz |
gnu: bsdiff: Fix CVE-2014-9862.
* gnu/packages/patches/bsdiff-CVE-2014-9862.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/compression.scm (bsdiff): Apply it.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/compression.scm | 3 | ||||
-rw-r--r-- | gnu/packages/patches/bsdiff-CVE-2014-9862.patch | 15 |
3 files changed, 18 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index bcee06a97a..dcee722e79 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -840,6 +840,7 @@ dist_patch_DATA = \ %D%/packages/patches/bazaar-CVE-2017-14176.patch \ %D%/packages/patches/bc-fix-cross-compilation.patch \ %D%/packages/patches/bear-disable-preinstall-tests.patch \ + %D%/packages/patches/bsdiff-CVE-2014-9862.patch \ %D%/packages/patches/bsd-games-2.17-64bit.patch \ %D%/packages/patches/bsd-games-add-configure-config.patch \ %D%/packages/patches/bsd-games-add-wrapper.patch \ diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 32fd358ac8..fbe3b06347 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -963,7 +963,8 @@ tarballs.") (uri (string-append home-page name "-" version ".tar.gz")) (sha256 (base32 - "0j2zm3z271x5aw63mwhr3vymzn45p2vvrlrpm9cz2nywna41b0hq")))) + "0j2zm3z271x5aw63mwhr3vymzn45p2vvrlrpm9cz2nywna41b0hq")) + (patches (search-patches "bsdiff-CVE-2014-9862.patch")))) (build-system gnu-build-system) (arguments `(#:make-flags (list "INSTALL=install" diff --git a/gnu/packages/patches/bsdiff-CVE-2014-9862.patch b/gnu/packages/patches/bsdiff-CVE-2014-9862.patch new file mode 100644 index 0000000000..7aab818090 --- /dev/null +++ b/gnu/packages/patches/bsdiff-CVE-2014-9862.patch @@ -0,0 +1,15 @@ +diff --git a/bspatch.c b/bspatch.c +index 8d95633..ab77722 100644 +--- a/bspatch.c ++++ b/bspatch.c + +@@ -187,6 +187,10 @@ + }; + + /* Sanity-check */ ++ if ((ctrl[0] < 0) || (ctrl[1] < 0)) ++ errx(1,"Corrupt patch\n"); ++ ++ /* Sanity-check */ + if(newpos+ctrl[0]>newsize) + errx(1,"Corrupt patch\n"); |