summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-12-20 19:53:40 -0500
committerLeo Famulari <leo@famulari.name>2017-12-21 14:17:35 -0500
commit9c3ad422d0f4f2e552dcb73aae98c7db1fc2e584 (patch)
tree70eb99c103c52a7913708f0746b068210d4c62ed
parent5dc0e0b055ce2ab12c40066cee34511cd7a5cf03 (diff)
downloadguix-9c3ad422d0f4f2e552dcb73aae98c7db1fc2e584.tar.gz
gnu: libgxps: Fix CVE-2017-11590.
* gnu/packages/patches/libgxps-CVE-2017-11590.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnome.scm (libgxps)[source]: Use it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/gnome.scm1
-rw-r--r--gnu/packages/patches/libgxps-CVE-2017-11590.patch48
3 files changed, 50 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 20b3c3e366..ea9c42449a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -810,6 +810,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libgit2-0.25.1-mtime-0.patch		\
   %D%/packages/patches/libgdata-fix-tests.patch			\
   %D%/packages/patches/libgdata-glib-duplicate-tests.patch	\
+  %D%/packages/patches/libgxps-CVE-2017-11590.patch		\
   %D%/packages/patches/libffi-3.2.1-complex-alpha.patch		\
   %D%/packages/patches/libjxr-fix-function-signature.patch	\
   %D%/packages/patches/libjxr-fix-typos.patch			\
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 7b93ddd14e..b7f57b030e 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -395,6 +395,7 @@ access the common Google services, and has full asynchronous support.")
               (uri (string-append "mirror://gnome/sources/" name "/"
                                   (version-major+minor version) "/"
                                   name "-" version ".tar.xz"))
+              (patches (search-patches "libgxps-CVE-2017-11590.patch"))
               (sha256
                (base32
                 "184r06s8g20cfigg7m169n42jjsc9wmzzlycr4g1fxxhr72r8x9y"))))
diff --git a/gnu/packages/patches/libgxps-CVE-2017-11590.patch b/gnu/packages/patches/libgxps-CVE-2017-11590.patch
new file mode 100644
index 0000000000..9caa79b6f0
--- /dev/null
+++ b/gnu/packages/patches/libgxps-CVE-2017-11590.patch
@@ -0,0 +1,48 @@
+Fix CVE-2017-11590:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=785479
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11590
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libgxps/commit/?id=9d5d292055250ed298f3b89dc332d6db4003a031
+
+From 9d5d292055250ed298f3b89dc332d6db4003a031 Mon Sep 17 00:00:00 2001
+From: Marek Kasik <mkasik@redhat.com>
+Date: Wed, 26 Jul 2017 16:23:37 +0200
+Subject: archive: Check for pathname being NULL before dereferencing
+
+Check whether "archive_entry_pathname ()" returns a non-NULL pathname
+before using it to avoid a NULL pointer being dereferenced.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=785479
+---
+ libgxps/gxps-archive.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c
+index acf8d7d..e763773 100644
+--- a/libgxps/gxps-archive.c
++++ b/libgxps/gxps-archive.c
+@@ -257,6 +257,7 @@ gxps_archive_initable_init (GInitable     *initable,
+ 	GXPSArchive          *archive;
+ 	ZipArchive           *zip;
+ 	struct archive_entry *entry;
++	const gchar          *pathname;
+ 
+ 	archive = GXPS_ARCHIVE (initable);
+ 
+@@ -281,7 +282,9 @@ gxps_archive_initable_init (GInitable     *initable,
+ 
+         while (gxps_zip_archive_iter_next (zip, &entry)) {
+                 /* FIXME: We can ignore directories here */
+-                g_hash_table_add (archive->entries, g_strdup (archive_entry_pathname (entry)));
++                pathname = archive_entry_pathname (entry);
++                if (pathname != NULL)
++                        g_hash_table_add (archive->entries, g_strdup (pathname));
+                 archive_read_data_skip (zip->archive);
+         }
+ 
+-- 
+cgit v0.12
+