aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorLéo Le Bouter <lle-bout@zaclys.net>2021-03-10 09:50:14 +0100
committerLéo Le Bouter <lle-bout@zaclys.net>2021-03-10 09:54:27 +0100
commitb66fc0a64bbcf4c198c117f0eca1ee95661b5b4a (patch)
treec20b63aa7d2e0fa73374f6f8a3039d8a7e4ecb31 /gnu
parent207ef1a2b4f6ffd4781d1f5aab8e5984bc515f4c (diff)
downloadguix-b66fc0a64bbcf4c198c117f0eca1ee95661b5b4a.tar
guix-b66fc0a64bbcf4c198c117f0eca1ee95661b5b4a.tar.gz
gnu: bsdiff: Fix CVE-2014-9862.
* gnu/packages/patches/bsdiff-CVE-2014-9862.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/compression.scm (bsdiff): Apply it.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/compression.scm3
-rw-r--r--gnu/packages/patches/bsdiff-CVE-2014-9862.patch15
3 files changed, 18 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index bcee06a97a..dcee722e79 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -840,6 +840,7 @@ dist_patch_DATA = \
%D%/packages/patches/bazaar-CVE-2017-14176.patch \
%D%/packages/patches/bc-fix-cross-compilation.patch \
%D%/packages/patches/bear-disable-preinstall-tests.patch \
+ %D%/packages/patches/bsdiff-CVE-2014-9862.patch \
%D%/packages/patches/bsd-games-2.17-64bit.patch \
%D%/packages/patches/bsd-games-add-configure-config.patch \
%D%/packages/patches/bsd-games-add-wrapper.patch \
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 32fd358ac8..fbe3b06347 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -963,7 +963,8 @@ tarballs.")
(uri (string-append home-page name "-" version ".tar.gz"))
(sha256
(base32
- "0j2zm3z271x5aw63mwhr3vymzn45p2vvrlrpm9cz2nywna41b0hq"))))
+ "0j2zm3z271x5aw63mwhr3vymzn45p2vvrlrpm9cz2nywna41b0hq"))
+ (patches (search-patches "bsdiff-CVE-2014-9862.patch"))))
(build-system gnu-build-system)
(arguments
`(#:make-flags (list "INSTALL=install"
diff --git a/gnu/packages/patches/bsdiff-CVE-2014-9862.patch b/gnu/packages/patches/bsdiff-CVE-2014-9862.patch
new file mode 100644
index 0000000000..7aab818090
--- /dev/null
+++ b/gnu/packages/patches/bsdiff-CVE-2014-9862.patch
@@ -0,0 +1,15 @@
+diff --git a/bspatch.c b/bspatch.c
+index 8d95633..ab77722 100644
+--- a/bspatch.c
++++ b/bspatch.c
+
+@@ -187,6 +187,10 @@
+ };
+
+ /* Sanity-check */
++ if ((ctrl[0] < 0) || (ctrl[1] < 0))
++ errx(1,"Corrupt patch\n");
++
++ /* Sanity-check */
+ if(newpos+ctrl[0]>newsize)
+ errx(1,"Corrupt patch\n");