Merge branch 'master' into staging

author: Marius Bakke <mbakke@fastmail.com> 2018-04-16 18:15:28 +0200
committer: Marius Bakke <mbakke@fastmail.com> 2018-04-16 18:15:28 +0200
commit: 5d904d63f4d43e3f0e4be38c5f5404e029c00a22 (patch)
tree: b2893eceae99c967e0f49cdbfe084f6c7d4767c4 /gnu/packages/patches/sharutils-CVE-2018-1000097.patch
parent: bab5f3a7f62150ae009e78d03c4b1f5b1646104c (diff)
parent: d0ee11b2f000c3c027fd8370bc2195266398444f (diff)
download: guix-5d904d63f4d43e3f0e4be38c5f5404e029c00a22.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/gnu/packages/patches/sharutils-CVE-2018-1000097.patch b/gnu/packages/patches/sharutils-CVE-2018-1000097.patch
new file mode 100644
index 0000000000..8d58218184
--- /dev/null
+++ b/gnu/packages/patches/sharutils-CVE-2018-1000097.patch
@@ -0,0 +1,21 @@
+Fix CVE-2018-1000097:
+
+https://security-tracker.debian.org/tracker/CVE-2018-1000097
+https://nvd.nist.gov/vuln/detail/CVE-2018-1000097
+
+Patch taken from upstream bug report:
+https://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00005.html
+
+diff --git a/src/unshar.c b/src/unshar.c
+index 80bc3a9..0fc3773 100644
+--- a/src/unshar.c
++++ b/src/unshar.c
+@@ -240,7 +240,7 @@ find_archive (char const * name, FILE * file, off_t start)
+       off_t position = ftello (file);
+ 
+       /* Read next line, fail if no more and no previous process.  */
+-      if (!fgets (rw_buffer, BUFSIZ, file))
++      if (!fgets (rw_buffer, rw_base_size, file))
+ 	{
+ 	  if (!start)
+ 	    error (0, 0, _("Found no shell commands in %s"), name);
author	Marius Bakke <mbakke@fastmail.com>	2018-04-16 18:15:28 +0200
committer	Marius Bakke <mbakke@fastmail.com>	2018-04-16 18:15:28 +0200
commit	5d904d63f4d43e3f0e4be38c5f5404e029c00a22 (patch)
tree	b2893eceae99c967e0f49cdbfe084f6c7d4767c4 /gnu/packages/patches/sharutils-CVE-2018-1000097.patch
parent	bab5f3a7f62150ae009e78d03c4b1f5b1646104c (diff)
parent	d0ee11b2f000c3c027fd8370bc2195266398444f (diff)
download	guix-5d904d63f4d43e3f0e4be38c5f5404e029c00a22.tar.gz