diff options
author | Brendan Tildesley <brendan.tildesley@openmailbox.org> | 2017-11-24 02:57:00 +1100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2017-11-23 22:55:58 +0100 |
commit | 327620dc7213362cf329a80992a873445bcb1624 (patch) | |
tree | efd9cd2c42515f92c39b1a96a88d849fb42e2df5 | |
parent | 0dcad042a5180d275a96d2870092f40a4f7542ec (diff) | |
download | patches-327620dc7213362cf329a80992a873445bcb1624.tar patches-327620dc7213362cf329a80992a873445bcb1624.tar.gz |
gnu: pcmanfm: Fix CVE-2017-8934.
* gnu/packages/patches/pcmanfm-CVE-2017-8934.patch: New file. This patch was
imported from Arch Linux.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/lxde.scm (pcmanfm)[source]: Use it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/lxde.scm | 1 | ||||
-rw-r--r-- | gnu/packages/patches/pcmanfm-CVE-2017-8934.patch | 56 |
3 files changed, 58 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 0993c45873..e8ad12295e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -945,6 +945,7 @@ dist_patch_DATA = \ %D%/packages/patches/patchelf-rework-for-arm.patch \ %D%/packages/patches/patchutils-xfail-gendiff-tests.patch \ %D%/packages/patches/patch-hurd-path-max.patch \ + %D%/packages/patches/pcmanfm-CVE-2017-8934.patch \ %D%/packages/patches/pcre-CVE-2017-7186.patch \ %D%/packages/patches/pcre2-CVE-2017-7186.patch \ %D%/packages/patches/pcre2-CVE-2017-8786.patch \ diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm index 44e5da444d..7d0aaa6503 100644 --- a/gnu/packages/lxde.scm +++ b/gnu/packages/lxde.scm @@ -215,6 +215,7 @@ speed up the access to freedesktop.org defined application menus.") (uri (string-append "mirror://sourceforge/" name "/" "PCManFM%20%2B%20Libfm%20%28tarball%20release" "%29/PCManFM/" name "-" version ".tar.xz")) + (patches (search-patches "pcmanfm-CVE-2017-8934.patch")) (sha256 (base32 "0rxdh0dfzc84l85c54blq42gczygq8adhr3l9hqzy1dp530cm1hc")))) diff --git a/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch b/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch new file mode 100644 index 0000000000..489d22c83b --- /dev/null +++ b/gnu/packages/patches/pcmanfm-CVE-2017-8934.patch @@ -0,0 +1,56 @@ +From bc8c3d871e9ecc67c47ff002b68cf049793faf08 Mon Sep 17 00:00:00 2001 +From: Andriy Grytsenko <andrej@rep.kiev.ua> +Date: Sun, 14 May 2017 21:35:40 +0300 +Subject: [PATCH] Fix potential access violation, use runtime user dir instead + of tmp dir. + +--- + NEWS | 4 ++++ + src/single-inst.c | 7 ++++++- + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index 8c2049a..876f7f3 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,3 +1,7 @@ ++* Fixed potential access violation, use runtime user dir instead of tmp dir ++ for single instance socket. ++ ++ + Changes on 1.2.5 since 1.2.4: + + * Removed options to Cut, Remove and Rename from context menu on mounted +diff --git a/src/single-inst.c b/src/single-inst.c +index 62c37b3..aaf84ab 100644 +--- a/src/single-inst.c ++++ b/src/single-inst.c +@@ -2,7 +2,7 @@ + * single-inst.c: simple IPC mechanism for single instance app + * + * Copyright 2010 Hong Jen Yee (PCMan) <pcman.tw@gmail.com> +- * Copyright 2012 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua> ++ * Copyright 2012-2017 Andriy Grytsenko (LStranger) <andrej@rep.kiev.ua> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -404,11 +404,16 @@ static void get_socket_name(SingleInstData* data, char* buf, int len) + } + else + dpynum = 0; ++#if GLIB_CHECK_VERSION(2, 28, 0) ++ g_snprintf(buf, len, "%s/%s-socket-%s-%d", g_get_user_runtime_dir(), ++ data->prog_name, host ? host : "", dpynum); ++#else + g_snprintf(buf, len, "%s/.%s-socket-%s-%d-%s", + g_get_tmp_dir(), + data->prog_name, + host ? host : "", + dpynum, + g_get_user_name()); ++#endif + } + +-- +2.1.4 + |