From 0253ab39794ce5d9cf051ac70c632c378a732d8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Sat, 22 Nov 2014 12:24:41 +0100 Subject: gnu: file: Update to 5.20. * gnu/packages/file.scm (file): Update to 5.20. (file-5.20): Remove. * gnu/packages/patches/file-CVE-2014-3587.patch: Remove. * gnu-system.am (dist_patch_DATA): Adjust accordingly. * gnu/packages/patchutils.scm (quilt): Use FILE instead of FILE-5.20. * gnu/packages/version-control.scm (aegis): Ditto. --- gnu/packages/file.scm | 26 ++++++++------------------ gnu/packages/patches/file-CVE-2014-3587.patch | 16 ---------------- gnu/packages/patchutils.scm | 2 +- gnu/packages/version-control.scm | 2 +- 4 files changed, 10 insertions(+), 36 deletions(-) delete mode 100644 gnu/packages/patches/file-CVE-2014-3587.patch (limited to 'gnu') diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm index 070695ec2c..7d8504b74a 100644 --- a/gnu/packages/file.scm +++ b/gnu/packages/file.scm @@ -27,14 +27,14 @@ (define-public file (package (name "file") - (version "5.19") - (source (origin - (method url-fetch) - (uri (string-append "ftp://ftp.astron.com/pub/file/file-" - version ".tar.gz")) - (sha256 (base32 - "0z1sgrcfy6d285kj5izy1yypf371bjl3247plh9ppk0svaxv714l")) - (patches (list (search-patch "file-CVE-2014-3587.patch"))))) + (version "5.20") + (source (origin + (method url-fetch) + (uri (string-append "ftp://ftp.astron.com/pub/file/file-" + version ".tar.gz")) + (sha256 + (base32 + "0iyjs9z8kp43gz7gva4j67h4p0n53f7q8x3ibai9s01sp3xnphsv")))) (build-system gnu-build-system) ;; When cross-compiling, this package depends upon a native install of @@ -50,13 +50,3 @@ of the file.") (license bsd-2) (home-page "http://www.darwinsys.com/file/"))) -(define-public file-5.20 ;fix for CVE-2014-3710 - (package (inherit file) - (version "5.20") - (source (origin - (method url-fetch) - (uri (string-append "ftp://ftp.astron.com/pub/file/file-" - version ".tar.gz")) - (sha256 - (base32 - "0iyjs9z8kp43gz7gva4j67h4p0n53f7q8x3ibai9s01sp3xnphsv")))))) diff --git a/gnu/packages/patches/file-CVE-2014-3587.patch b/gnu/packages/patches/file-CVE-2014-3587.patch deleted file mode 100644 index cf88bf5f3e..0000000000 --- a/gnu/packages/patches/file-CVE-2014-3587.patch +++ /dev/null @@ -1,16 +0,0 @@ -Fixes CVE-2014-3587. Copied from upstream commit -0641e56be1af003aa02c7c6b0184466540637233. - ---- file-5.19/src/cdf.c.orig 2014-06-09 09:04:37.000000000 -0400 -+++ file-5.19/src/cdf.c 2014-08-26 11:55:23.887118898 -0400 -@@ -824,6 +824,10 @@ - q = (const uint8_t *)(const void *) - ((const char *)(const void *)p + ofs - - 2 * sizeof(uint32_t)); -+ if (q < p) { -+ DPRINTF(("Wrapped around %p < %p\n", q, p)); -+ goto out; -+ } - if (q > e) { - DPRINTF(("Ran of the end %p > %p\n", q, e)); - goto out; diff --git a/gnu/packages/patchutils.scm b/gnu/packages/patchutils.scm index 3dbf72435e..48f4d29584 100644 --- a/gnu/packages/patchutils.scm +++ b/gnu/packages/patchutils.scm @@ -96,7 +96,7 @@ listing the files modified by a patch.") (build-system gnu-build-system) (inputs `(("perl" ,perl) ("less" ,less) - ("file" ,file-5.20) ;work around CVE-2014-3710 + ("file" ,file) ("ed" ,ed))) (arguments '(#:parallel-tests? #f diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 931297cf2a..0b52f0c2e5 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -507,7 +507,7 @@ accessed and migrated on modern systems.") (inputs `(("e2fsprogs" ,e2fsprogs) ("curl" ,curl) - ("file" ,file-5.20) ;work around CVE-2014-3710 + ("file" ,file) ("libxml2" ,libxml2) ("zlib" ,zlib) ("gettext" ,gnu-gettext))) -- cgit v1.2.3