From f1597427f220b0799b9c8847768d2f5a93fe3730 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 5 Sep 2017 23:02:56 +0300 Subject: gnu: file: Fix CVE-2017-1000249. * gnu/packages/file.scm (file)[replacement]: New field. (file/fixed): New variable. * gnu/packages/commencement.scm (file-boot0): Use package/inherit. * gnu/packages/patches/file-CVE-2017-1000249.patch. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/packages/patches/file-CVE-2017-1000249.patch | 27 ++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 gnu/packages/patches/file-CVE-2017-1000249.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/file-CVE-2017-1000249.patch b/gnu/packages/patches/file-CVE-2017-1000249.patch new file mode 100644 index 0000000000..505acf1592 --- /dev/null +++ b/gnu/packages/patches/file-CVE-2017-1000249.patch @@ -0,0 +1,27 @@ +https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793.patch +http://openwall.com/lists/oss-security/2017/09/05/3 + +The patch is minorly modified to apply to file-5.30 + +From 35c94dc6acc418f1ad7f6241a6680e5327495793 Mon Sep 17 00:00:00 2001 +From: Christos Zoulas +Date: Sun, 27 Aug 2017 07:55:02 +0000 +Subject: [PATCH] Fix always true condition (Thomas Jarosch) + +--- + src/readelf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/readelf.c b/src/readelf.c +index 81451827..5f425c97 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -511,7 +511,7 @@ do_bid_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type, + size_t noff, size_t doff, int *flags) + { + if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 && +- type == NT_GNU_BUILD_ID && (descsz >= 4 || descsz <= 20)) { ++ type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) { + uint8_t desc[20]; + const char *btype; + uint32_t i; -- cgit v1.2.3