diff options
-rw-r--r-- | gnu-system.am | 1 | ||||
-rw-r--r-- | gnu/packages/base.scm | 3 | ||||
-rw-r--r-- | gnu/packages/patches/grep-CVE-2015-1345.patch | 17 |
3 files changed, 20 insertions, 1 deletions
diff --git a/gnu-system.am b/gnu-system.am index 561b66cec0..6849b9c618 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -398,6 +398,7 @@ dist_patch_DATA = \ gnu/packages/patches/gobject-introspection-absolute-shlib-path.patch \ gnu/packages/patches/gobject-introspection-cc.patch \ gnu/packages/patches/gobject-introspection-girepository.patch \ + gnu/packages/patches/grep-CVE-2015-1345.patch \ gnu/packages/patches/grub-gets-undeclared.patch \ gnu/packages/patches/gstreamer-0.10-bison3.patch \ gnu/packages/patches/gstreamer-0.10-silly-test.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index dae9ff067b..698a6b6e03 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -73,7 +73,8 @@ command-line arguments, multiple languages, and so on.") version ".tar.xz")) (sha256 (base32 - "1pp5n15qwxrw1pibwjhhgsibyv5cafhamf8lwzjygs6y00fa2i2j")))) + "1pp5n15qwxrw1pibwjhhgsibyv5cafhamf8lwzjygs6y00fa2i2j")) + (patches (list (search-patch "grep-CVE-2015-1345.patch"))))) (build-system gnu-build-system) (synopsis "Print lines matching a pattern") (description diff --git a/gnu/packages/patches/grep-CVE-2015-1345.patch b/gnu/packages/patches/grep-CVE-2015-1345.patch new file mode 100644 index 0000000000..b0d0c8e5dc --- /dev/null +++ b/gnu/packages/patches/grep-CVE-2015-1345.patch @@ -0,0 +1,17 @@ +Fix CVE-2015-1345. From upstream commit +83a95bd8c8561875b948cadd417c653dbe7ef2e2 +by Yuliy Pisetsky <ypisetsky@fb.com>. + +diff --git a/src/kwset.c b/src/kwset.c +index 4003c8d..376f7c3 100644 +--- a/src/kwset.c ++++ b/src/kwset.c +@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size) + if (! tp) + return -1; + tp++; ++ if (ep <= tp) ++ break; + } + } + } |