From b5881775ac2db345bf5826d6351366346ff03275 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 8 Oct 2015 10:55:04 -0400 Subject: gnu: libunwind: Add fix for CVE-2015-3239. * gnu/packages/patches/libunwind-CVE-2015-3239.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/libunwind.scm (libunwind)[source]: Add patch. --- gnu/packages/libunwind.scm | 5 ++++- gnu/packages/patches/libunwind-CVE-2015-3239.patch | 17 +++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libunwind-CVE-2015-3239.patch (limited to 'gnu') diff --git a/gnu/packages/libunwind.scm b/gnu/packages/libunwind.scm index 5e813e55c1..ab3496277a 100644 --- a/gnu/packages/libunwind.scm +++ b/gnu/packages/libunwind.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014 Ludovic Courtès +;;; Copyright © 2015 Mark H Weaver ;;; ;;; This file is part of GNU Guix. ;;; @@ -18,6 +19,7 @@ (define-module (gnu packages libunwind) #:use-module (guix packages) + #:use-module (gnu packages) #:use-module (guix download) #:use-module (guix build-system gnu) #:use-module (guix licenses)) @@ -32,7 +34,8 @@ (define-public libunwind version ".tar.gz")) (sha256 (base32 - "16nhx2pahh9d62mvszc88q226q5lwjankij276fxwrm8wb50zzlx")))) + "16nhx2pahh9d62mvszc88q226q5lwjankij276fxwrm8wb50zzlx")) + (patches (list (search-patch "libunwind-CVE-2015-3239.patch"))))) (build-system gnu-build-system) (arguments ;; FIXME: As of glibc 2.17, we get 3 out of 34 test failures. diff --git a/gnu/packages/patches/libunwind-CVE-2015-3239.patch b/gnu/packages/patches/libunwind-CVE-2015-3239.patch new file mode 100644 index 0000000000..3f11ac7337 --- /dev/null +++ b/gnu/packages/patches/libunwind-CVE-2015-3239.patch @@ -0,0 +1,17 @@ +Copied from Fedora. + +https://bugzilla.redhat.com/show_bug.cgi?id=1232265 +http://pkgs.fedoraproject.org/cgit/libunwind.git/tree/libunwind-1.1-fix-CVE-2015-3239.patch + +diff -up libunwind-1.1/include/dwarf_i.h.CVE20153239 libunwind-1.1/include/dwarf_i.h +--- libunwind-1.1/include/dwarf_i.h.CVE20153239 2015-07-10 13:38:36.404996748 -0400 ++++ libunwind-1.1/include/dwarf_i.h 2015-07-10 13:39:25.050707613 -0400 +@@ -20,7 +20,7 @@ + extern const uint8_t dwarf_to_unw_regnum_map[DWARF_REGNUM_MAP_LENGTH]; + /* REG is evaluated multiple times; it better be side-effects free! */ + # define dwarf_to_unw_regnum(reg) \ +- (((reg) <= DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0) ++ (((reg) < DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0) + #endif + + #ifdef UNW_LOCAL_ONLY -- cgit v1.2.3