mirror/guix
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2025-01-31 23:06:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: file: Update to 5.37 [fixes CVE-2019-18218].

Browse source 
* gnu/packages/file.scm (file): Update to 5.37.
* gnu/packages/patches/file-CVE-2019-18218.patch: New file.
* gnu/packages/patches/file-CVE-2018-10360.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
This commit is contained in:
Leo Famulari 2019-10-26 17:19:57 -04:00
parent 7da3e81aa1
commit 1051facc81
No known key found for this signature in database
GPG key ID: 2646FA30BACA7F08
4 changed files with 59 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
gnu/local.mk
View file

@ -822,7 +822,7 @@ dist_patch_DATA = \
%D%/packages/patches/fcgi-2.4.0-poll.patch \
%D%/packages/patches/fifo-map-fix-flags-for-gcc.patch \
%D%/packages/patches/fifo-map-remove-catch.hpp.patch \
%D%/packages/patches/file-CVE-2018-10360.patch \
%D%/packages/patches/file-CVE-2019-18218.patch \
%D%/packages/patches/findutils-gnulib-libio.patch \
%D%/packages/patches/findutils-localstatedir.patch \
%D%/packages/patches/findutils-makedev.patch \

6
gnu/packages/file.scm
View file

@ -30,15 +30,15 @@ (define-module (gnu packages file)
(define-public file
(package
(name "file")
(version "5.33")
(version "5.37")
(source (origin
(method url-fetch)
(uri (string-append "ftp://ftp.astron.com/pub/file/file-"
version ".tar.gz"))
(patches (search-patches "file-CVE-2018-10360.patch"))
(patches (search-patches "file-CVE-2019-18218.patch"))
(sha256
(base32
"1iipnwjkag7q04zjkaqic41r9nlw0ml6mhqian6qkkbisb1whlhw"))))
"0zz0p9bqnswfx0c16j8k62ivjq1m16x10xqv4hy9lcyxyxkkkhg9"))))
(build-system gnu-build-system)
;; When cross-compiling, this package depends upon a native install of

27
gnu/packages/patches/file-CVE-2018-10360.patch
View file

@ -1,27 +0,0 @@
https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22.patch
The leading part of the patch starting at line 27 was trimmed off.
This patch should be OK to drop with file@5.35.
From a642587a9c9e2dd7feacdf513c3643ce26ad3c22 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Sat, 9 Jun 2018 16:00:06 +0000
Subject: [PATCH] Avoid reading past the end of buffer (Rui Reis)
---
src/readelf.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/readelf.c b/src/readelf.c
index 79c83f9f5..1f41b4611 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -842,7 +842,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, uint32_t type,
cname = (unsigned char *)
&nbuf[doff + prpsoffsets(i)];
- for (cp = cname; *cp && isprint(*cp); cp++)
+ for (cp = cname; cp < nbuf + size && *cp
+ && isprint(*cp); cp++)
continue;
/*
* Linux apparently appends a space at the end

55
gnu/packages/patches/file-CVE-2019-18218.patch Normal file
View file

@ -0,0 +1,55 @@
Fix CVE-2019-18218:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218
Patch copied from upstream source repository:
https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Mon, 26 Aug 2019 14:31:39 +0000
Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
---
src/cdf.c | 9 ++++-----
src/cdf.h | 1 +
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/cdf.c b/src/cdf.c
index 9d6396742..bb81d6374 100644
--- a/src/cdf.c
+++ b/src/cdf.c
@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
goto out;
}
nelements = CDF_GETUINT32(q, 1);
- if (nelements == 0) {
- DPRINTF(("CDF_VECTOR with nelements == 0\n"));
+ if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
+ DPRINTF(("CDF_VECTOR with nelements == %"
+ SIZE_T_FORMAT "u\n", nelements));
goto out;
}
slen = 2;
@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
goto out;
inp += nelem;
}
- DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
- nelements));
for (j = 0; j < nelements && i < sh.sh_properties;
j++, i++)
{
diff --git a/src/cdf.h b/src/cdf.h
index 2f7e554b7..05056668f 100644
--- a/src/cdf.h
+++ b/src/cdf.h
@@ -48,6 +48,7 @@
typedef int32_t cdf_secid_t;
#define CDF_LOOP_LIMIT 10000
+#define CDF_ELEMENT_LIMIT 100000
#define CDF_SECID_NULL 0
#define CDF_SECID_FREE -1