summary refs log tree commit diff
path: root/gnu/packages
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2015-10-08 10:55:04 -0400
committerMark H Weaver <mhw@netris.org>2015-10-08 10:55:52 -0400
commitb5881775ac2db345bf5826d6351366346ff03275 (patch)
tree1698c3ccad42c6cd8f317bff4f9232d06c1af1b1 /gnu/packages
parentf956d661add890acb41592482a8a0c3fd90afd76 (diff)
downloadguix-b5881775ac2db345bf5826d6351366346ff03275.tar.gz
gnu: libunwind: Add fix for CVE-2015-3239.
* gnu/packages/patches/libunwind-CVE-2015-3239.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/libunwind.scm (libunwind)[source]: Add patch.
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/libunwind.scm5
-rw-r--r--gnu/packages/patches/libunwind-CVE-2015-3239.patch17
2 files changed, 21 insertions, 1 deletions
diff --git a/gnu/packages/libunwind.scm b/gnu/packages/libunwind.scm
index 5e813e55c1..ab3496277a 100644
--- a/gnu/packages/libunwind.scm
+++ b/gnu/packages/libunwind.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -18,6 +19,7 @@
 
 (define-module (gnu packages libunwind)
   #:use-module (guix packages)
+  #:use-module (gnu packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
   #:use-module (guix licenses))
@@ -32,7 +34,8 @@
                                  version ".tar.gz"))
              (sha256
               (base32
-               "16nhx2pahh9d62mvszc88q226q5lwjankij276fxwrm8wb50zzlx"))))
+               "16nhx2pahh9d62mvszc88q226q5lwjankij276fxwrm8wb50zzlx"))
+             (patches (list (search-patch "libunwind-CVE-2015-3239.patch")))))
     (build-system gnu-build-system)
     (arguments
      ;; FIXME: As of glibc 2.17, we get 3 out of 34 test failures.
diff --git a/gnu/packages/patches/libunwind-CVE-2015-3239.patch b/gnu/packages/patches/libunwind-CVE-2015-3239.patch
new file mode 100644
index 0000000000..3f11ac7337
--- /dev/null
+++ b/gnu/packages/patches/libunwind-CVE-2015-3239.patch
@@ -0,0 +1,17 @@
+Copied from Fedora.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1232265
+http://pkgs.fedoraproject.org/cgit/libunwind.git/tree/libunwind-1.1-fix-CVE-2015-3239.patch
+
+diff -up libunwind-1.1/include/dwarf_i.h.CVE20153239 libunwind-1.1/include/dwarf_i.h
+--- libunwind-1.1/include/dwarf_i.h.CVE20153239	2015-07-10 13:38:36.404996748 -0400
++++ libunwind-1.1/include/dwarf_i.h	2015-07-10 13:39:25.050707613 -0400
+@@ -20,7 +20,7 @@
+ extern const uint8_t dwarf_to_unw_regnum_map[DWARF_REGNUM_MAP_LENGTH];
+ /* REG is evaluated multiple times; it better be side-effects free!  */
+ # define dwarf_to_unw_regnum(reg)					  \
+-  (((reg) <= DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0)
++  (((reg) < DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0)
+ #endif
+ 
+ #ifdef UNW_LOCAL_ONLY