diff options
author | Leo Famulari <leo@famulari.name> | 2020-05-28 10:40:34 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2020-05-28 11:11:05 -0400 |
commit | 0d796201db2188e0a3abb6522f65458720b46fa6 (patch) | |
tree | 5b520ca170092f6d9a9e74a17bc2aafc085d9be6 | |
parent | 8ccac2c974223886e98417f7f49804d18388eaa9 (diff) | |
download | guix-0d796201db2188e0a3abb6522f65458720b46fa6.tar.gz |
gnu: Transmission: Fix CVE-2018-10756.
* gnu/packages/patches/transmission-CVE-2018-10756.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/bittorrent.scm (transmission)[source]: Use it.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/bittorrent.scm | 1 | ||||
-rw-r--r-- | gnu/packages/patches/transmission-CVE-2018-10756.patch | 71 |
3 files changed, 73 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 80cefe5b63..de51c21014 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1531,6 +1531,7 @@ dist_patch_DATA = \ %D%/packages/patches/tipp10-fix-compiling.patch \ %D%/packages/patches/tipp10-remove-license-code.patch \ %D%/packages/patches/tk-find-library.patch \ + %D%/packages/patches/transmission-CVE-2018-10756.patch \ %D%/packages/patches/ttf2eot-cstddef.patch \ %D%/packages/patches/ttfautohint-source-date-epoch.patch \ %D%/packages/patches/tomb-fix-errors-on-open.patch \ diff --git a/gnu/packages/bittorrent.scm b/gnu/packages/bittorrent.scm index 947537b231..8b041cb3f5 100644 --- a/gnu/packages/bittorrent.scm +++ b/gnu/packages/bittorrent.scm @@ -73,6 +73,7 @@ (uri (string-append "https://github.com/transmission/transmission-releases/raw/" "master/transmission-" version ".tar.xz")) + (patches (search-patches "transmission-CVE-2018-10756.patch")) (sha256 (base32 "0zbbj7rlm6m7vb64x68a64cwmijhsrwx9l63hbwqs7zr9742qi1m")))) diff --git a/gnu/packages/patches/transmission-CVE-2018-10756.patch b/gnu/packages/patches/transmission-CVE-2018-10756.patch new file mode 100644 index 0000000000..f9bdcf60aa --- /dev/null +++ b/gnu/packages/patches/transmission-CVE-2018-10756.patch @@ -0,0 +1,71 @@ +Fix CVE-2018-10756: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10756 + +Patch copied from Fedora: + +https://src.fedoraproject.org/rpms/transmission/blob/master/f/2123adf8e5e1c2b48791f9d22fc8c747e974180e.patch + +--- a/libtransmission/variant.c 2018-05-01 12:21:08.000000000 -0500 ++++ b/libtransmission/variant.c 2020-05-18 10:21:27.554214128 -0500 +@@ -820,7 +820,7 @@ + struct SaveNode + { + const tr_variant * v; +- tr_variant sorted; ++ tr_variant* sorted; + size_t childIndex; + bool isVisited; + }; +@@ -849,26 +849,33 @@ + + qsort (tmp, n, sizeof (struct KeyIndex), compareKeyIndex); + +- tr_variantInitDict (&node->sorted, n); ++ node->sorted = tr_new(tr_variant, 1); ++ tr_variantInitDict (node->sorted, n); + for (i=0; i<n; ++i) +- node->sorted.val.l.vals[i] = *tmp[i].val; ++ node->sorted->val.l.vals[i] = *tmp[i].val; + node->sorted.val.l.count = n; + + tr_free (tmp); + +- node->v = &node->sorted; ++ v = node->sorted; + } + else + { +- node->v = v; ++ node->sorted = NULL; + } ++ ++ node->v = v; + } + + static void + nodeDestruct (struct SaveNode * node) + { +- if (node->v == &node->sorted) +- tr_free (node->sorted.val.l.vals); ++ //TR_ASSERT(node != NULL); ++ if (node->sorted != NULL) ++ { ++ tr_free(node->sorted->val.l.vals); ++ tr_free(node->sorted); ++ } + } + + /** +--- a/libtransmission/variant.c 2020-05-18 10:21:49.000000000 -0500 ++++ b/libtransmission/variant.c 2020-05-18 10:24:34.673648865 -0500 +@@ -853,7 +853,7 @@ + tr_variantInitDict (node->sorted, n); + for (i=0; i<n; ++i) + node->sorted->val.l.vals[i] = *tmp[i].val; +- node->sorted.val.l.count = n; ++ node->sorted->val.l.count = n; + + tr_free (tmp); + + |