summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2020-05-28 10:40:34 -0400
committerLeo Famulari <leo@famulari.name>2020-05-28 11:11:05 -0400
commit0d796201db2188e0a3abb6522f65458720b46fa6 (patch)
tree5b520ca170092f6d9a9e74a17bc2aafc085d9be6 /gnu
parent8ccac2c974223886e98417f7f49804d18388eaa9 (diff)
downloadguix-0d796201db2188e0a3abb6522f65458720b46fa6.tar.gz
gnu: Transmission: Fix CVE-2018-10756.
* gnu/packages/patches/transmission-CVE-2018-10756.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/bittorrent.scm (transmission)[source]: Use it.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/bittorrent.scm1
-rw-r--r--gnu/packages/patches/transmission-CVE-2018-10756.patch71
3 files changed, 73 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 80cefe5b63..de51c21014 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1531,6 +1531,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/tipp10-fix-compiling.patch		\
   %D%/packages/patches/tipp10-remove-license-code.patch		\
   %D%/packages/patches/tk-find-library.patch			\
+  %D%/packages/patches/transmission-CVE-2018-10756.patch	\
   %D%/packages/patches/ttf2eot-cstddef.patch			\
   %D%/packages/patches/ttfautohint-source-date-epoch.patch	\
   %D%/packages/patches/tomb-fix-errors-on-open.patch		\
diff --git a/gnu/packages/bittorrent.scm b/gnu/packages/bittorrent.scm
index 947537b231..8b041cb3f5 100644
--- a/gnu/packages/bittorrent.scm
+++ b/gnu/packages/bittorrent.scm
@@ -73,6 +73,7 @@
               (uri (string-append
                     "https://github.com/transmission/transmission-releases/raw/"
                     "master/transmission-" version ".tar.xz"))
+              (patches (search-patches "transmission-CVE-2018-10756.patch"))
               (sha256
                (base32
                 "0zbbj7rlm6m7vb64x68a64cwmijhsrwx9l63hbwqs7zr9742qi1m"))))
diff --git a/gnu/packages/patches/transmission-CVE-2018-10756.patch b/gnu/packages/patches/transmission-CVE-2018-10756.patch
new file mode 100644
index 0000000000..f9bdcf60aa
--- /dev/null
+++ b/gnu/packages/patches/transmission-CVE-2018-10756.patch
@@ -0,0 +1,71 @@
+Fix CVE-2018-10756:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10756
+
+Patch copied from Fedora:
+
+https://src.fedoraproject.org/rpms/transmission/blob/master/f/2123adf8e5e1c2b48791f9d22fc8c747e974180e.patch
+
+--- a/libtransmission/variant.c	2018-05-01 12:21:08.000000000 -0500
++++ b/libtransmission/variant.c	2020-05-18 10:21:27.554214128 -0500
+@@ -820,7 +820,7 @@
+ struct SaveNode
+ {
+   const tr_variant * v;
+-  tr_variant sorted;
++  tr_variant* sorted;
+   size_t childIndex;
+   bool isVisited;
+ };
+@@ -849,26 +849,33 @@
+ 
+       qsort (tmp, n, sizeof (struct KeyIndex), compareKeyIndex);
+ 
+-      tr_variantInitDict (&node->sorted, n);
++      node->sorted = tr_new(tr_variant, 1);
++      tr_variantInitDict (node->sorted, n);
+       for (i=0; i<n; ++i)
+-        node->sorted.val.l.vals[i] = *tmp[i].val;
++        node->sorted->val.l.vals[i] = *tmp[i].val;
+       node->sorted.val.l.count = n;
+ 
+       tr_free (tmp);
+ 
+-      node->v = &node->sorted;
++      v = node->sorted;
+     }
+   else
+     {
+-      node->v = v;
++      node->sorted = NULL;
+     }
++    
++    node->v = v;
+ }
+ 
+ static void
+ nodeDestruct (struct SaveNode * node)
+ {
+-  if (node->v == &node->sorted)
+-    tr_free (node->sorted.val.l.vals);
++    //TR_ASSERT(node != NULL);
++    if (node->sorted != NULL)
++    {
++        tr_free(node->sorted->val.l.vals);
++        tr_free(node->sorted);    
++    }
+ }
+ 
+ /**
+--- a/libtransmission/variant.c	2020-05-18 10:21:49.000000000 -0500
++++ b/libtransmission/variant.c	2020-05-18 10:24:34.673648865 -0500
+@@ -853,7 +853,7 @@
+       tr_variantInitDict (node->sorted, n);
+       for (i=0; i<n; ++i)
+         node->sorted->val.l.vals[i] = *tmp[i].val;
+-      node->sorted.val.l.count = n;
++      node->sorted->val.l.count = n;
+ 
+       tr_free (tmp);
+ 
+