diff options
author | Leo Famulari <leo@famulari.name> | 2016-05-29 23:36:37 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2016-05-29 23:46:21 -0400 |
commit | d8862778c1b334cefafb92cc88e158b2cdf82a76 (patch) | |
tree | 482255edb4185a6ee0db54cc6f3862cb2fb61dc3 | |
parent | b3d20b82809a2895402936a162e0ddc5725cb1cd (diff) | |
download | guix-d8862778c1b334cefafb92cc88e158b2cdf82a76.tar guix-d8862778c1b334cefafb92cc88e158b2cdf82a76.tar.gz |
gnu: graphicsmagick: Fix CVE-2016-5118.
* gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/imagemagick.scm (graphicsmagick): Use it.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/imagemagick.scm | 1 | ||||
-rw-r--r-- | gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch | 19 |
3 files changed, 21 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 00acfbccf6..8844d1dbdc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -518,6 +518,7 @@ dist_patch_DATA = \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ %D%/packages/patches/gobject-introspection-cc.patch \ %D%/packages/patches/gobject-introspection-girepository.patch \ + %D%/packages/patches/graphicsmagick-CVE-2016-5118.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ %D%/packages/patches/grub-CVE-2015-8370.patch \ %D%/packages/patches/grub-gets-undeclared.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index a7bbe0cce0..c356a47148 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -160,6 +160,7 @@ script.") (uri (string-append "ftp://ftp.graphicsmagick.org/pub/" "GraphicsMagick/" (version-major+minor version) "/GraphicsMagick-" version ".tar.xz")) + (patches (search-patches "graphicsmagick-CVE-2016-5118.patch")) (sha256 (base32 "03g6l2h8cmf231y1vma0z7x85070jm1ysgs9ppqcd3jj56jka9gx")))) diff --git a/gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch b/gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch new file mode 100644 index 0000000000..ddd1ce93f4 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch @@ -0,0 +1,19 @@ +Fix CVE-2016-5118 (popen() shell vulnerability via filename). + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118 + +Upstream patch copied from the bug announcement: +http://seclists.org/oss-sec/2016/q2/432 +https://marc.info/?l=oss-security&m=146455222600609&w=2 + +diff -r 33200fc645f6 magick/blob.c +--- a/magick/blob.c Sat Nov 07 14:49:16 2015 -0600 ++++ b/magick/blob.c Sun May 29 14:12:57 2016 -0500 +@@ -68,6 +68,7 @@ + */ + #define DefaultBlobQuantum 65541 + ++#undef HAVE_POPEN + + /* + Enum declarations. |