diff options
author | Leo Famulari <leo@famulari.name> | 2018-03-19 17:13:26 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2018-03-20 17:14:22 -0400 |
commit | af23710ff522bb4e6cedf841c4fb977d96c9d8b3 (patch) | |
tree | eeeccdee27c9ed1460ee973dafb376155cee9911 | |
parent | 8023f0fd038b0168185431d1a0f2254f38be0bb3 (diff) | |
download | guix-af23710ff522bb4e6cedf841c4fb977d96c9d8b3.tar guix-af23710ff522bb4e6cedf841c4fb977d96c9d8b3.tar.gz |
gnu: util-linux: Fix CVE-2018-7738 without grafting.
* gnu/packages/linux.scm (util-linux)[replacement]: Remove field.
(util-linux-2.31.1): New variable.
* gnu/system.scm (%base-packages): Use util-linux-2.31.1.
-rw-r--r-- | gnu/packages/linux.scm | 34 | ||||
-rw-r--r-- | gnu/system.scm | 4 |
2 files changed, 28 insertions, 10 deletions
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 6dc45bfced..dc9dfbbd7d 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -18,8 +18,8 @@ ;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org> ;;; Copyright © 2016 Carlos Sánchez de La Lama <csanchezdll@gmail.com> -;;; Copyright © 2016, 2017 Nils Gillmann <ng0@n0.is> -;;; Copyright © 2017 Leo Famulari <leo@famulari.name> +;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org> +;;; Copyright © 2017, 2018 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.com> ;;; Copyright © 2017 Gábor Boskovits <boskovits@gmail.com> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> @@ -547,7 +547,6 @@ providing the system administrator with some help in common tasks.") (define-public util-linux (package (name "util-linux") - (replacement util-linux/fixed) (version "2.31") (source (origin (method url-fetch) @@ -635,14 +634,31 @@ block devices, UUIDs, TTYs, and many other tools.") (license (list license:gpl3+ license:gpl2+ license:gpl2 license:lgpl2.0+ license:bsd-4 license:public-domain)))) -(define util-linux/fixed +;; The patch 'util-linux-CVE-2018-7738.patch' fixes a security bug in +;; the Bash completions for `mount`. Since this bug doesn't affect +;; other programs that link against libraries from util-linux, we don't +;; need to use a graft to make the fix available. Instead, users +;; installing util-linux will get the fix in this newer version, and +;; (@ (gnu system) %base-packages) takes care to use this package. +;; This solution was suggested here: +;; <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=30827#13> +(define-public util-linux-2.31.1 (package (inherit util-linux) - (source - (origin - (inherit (package-source util-linux)) - (patches (append (origin-patches (package-source util-linux)) - (search-patches "util-linux-CVE-2018-7738.patch"))))))) + (name "util-linux") + ;; XXX Don't update this without also updating %base-packages! + (version "2.31.1") + (source (origin + (inherit (package-source util-linux)) + (uri (string-append "mirror://kernel.org/linux/utils/" + name "/v" (version-major+minor version) "/" + name "-" version ".tar.xz")) + (sha256 + (base32 + "04fzrnrr3pvqskvjn9f81y0knh0jvvqx4lmbz5pd4lfdm5pv2l8s")) + (patches + (append (origin-patches (package-source util-linux)) + (search-patches "util-linux-CVE-2018-7738.patch"))))))) (define-public ddate (package diff --git a/gnu/system.scm b/gnu/system.scm index eb4b63c428..592a0ea58a 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -515,7 +515,9 @@ explicitly appear in OS." ;; required for basic administrator tasks. (cons* procps psmisc which less zile nano pciutils usbutils - util-linux inetutils isc-dhcp + ;; temporary package to fix CVE-2018-7738 without a graft + util-linux-2.31.1 + inetutils isc-dhcp (@ (gnu packages admin) shadow) ;for 'passwd' ;; wireless-tools is deprecated in favor of iw, but it's still what |