guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: file: Update to 5.37 [fixes CVE-2019-18218].


From: guix-commits
Subject: 01/01: gnu: file: Update to 5.37 [fixes CVE-2019-18218].
Date: Mon, 28 Oct 2019 12:48:16 -0400 (EDT)

lfam pushed a commit to branch core-updates
in repository guix.

commit 1051facc8108110e582f2c0a9d8a5fd38b1486b6
Author: Leo Famulari <address@hidden>
Date:   Sat Oct 26 17:19:57 2019 -0400

    gnu: file: Update to 5.37 [fixes CVE-2019-18218].
    
    * gnu/packages/file.scm (file): Update to 5.37.
    * gnu/packages/patches/file-CVE-2019-18218.patch: New file.
    * gnu/packages/patches/file-CVE-2018-10360.patch: Delete file.
    * gnu/local.mk (dist_patch_DATA): Adjust accordingly.
---
 gnu/local.mk                                   |  2 +-
 gnu/packages/file.scm                          |  6 +--
 gnu/packages/patches/file-CVE-2018-10360.patch | 27 -------------
 gnu/packages/patches/file-CVE-2019-18218.patch | 55 ++++++++++++++++++++++++++
 4 files changed, 59 insertions(+), 31 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index e46d74b..336be3c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -822,7 +822,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/fcgi-2.4.0-poll.patch                   \
   %D%/packages/patches/fifo-map-fix-flags-for-gcc.patch                \
   %D%/packages/patches/fifo-map-remove-catch.hpp.patch         \
-  %D%/packages/patches/file-CVE-2018-10360.patch               \
+  %D%/packages/patches/file-CVE-2019-18218.patch               \
   %D%/packages/patches/findutils-gnulib-libio.patch            \
   %D%/packages/patches/findutils-localstatedir.patch           \
   %D%/packages/patches/findutils-makedev.patch                 \
diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm
index 9ba51d1..cf77029 100644
--- a/gnu/packages/file.scm
+++ b/gnu/packages/file.scm
@@ -30,15 +30,15 @@
 (define-public file
   (package
     (name "file")
-    (version "5.33")
+    (version "5.37")
     (source (origin
               (method url-fetch)
               (uri (string-append "ftp://ftp.astron.com/pub/file/file-";
                                   version ".tar.gz"))
-              (patches (search-patches "file-CVE-2018-10360.patch"))
+              (patches (search-patches "file-CVE-2019-18218.patch"))
               (sha256
                (base32
-                "1iipnwjkag7q04zjkaqic41r9nlw0ml6mhqian6qkkbisb1whlhw"))))
+                "0zz0p9bqnswfx0c16j8k62ivjq1m16x10xqv4hy9lcyxyxkkkhg9"))))
    (build-system gnu-build-system)
 
    ;; When cross-compiling, this package depends upon a native install of
diff --git a/gnu/packages/patches/file-CVE-2018-10360.patch 
b/gnu/packages/patches/file-CVE-2018-10360.patch
deleted file mode 100644
index 9285611..0000000
--- a/gnu/packages/patches/file-CVE-2018-10360.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22.patch
-The leading part of the patch starting at line 27 was trimmed off.
-This patch should be OK to drop with file@5.35.
-
-From a642587a9c9e2dd7feacdf513c3643ce26ad3c22 Mon Sep 17 00:00:00 2001
-From: Christos Zoulas <address@hidden>
-Date: Sat, 9 Jun 2018 16:00:06 +0000
-Subject: [PATCH] Avoid reading past the end of buffer (Rui Reis)
-
----
- src/readelf.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/readelf.c b/src/readelf.c
-index 79c83f9f5..1f41b4611 100644
---- a/src/readelf.c
-+++ b/src/readelf.c
-@@ -842,7 +842,8 @@ do_core_note(struct magic_set *ms, unsigned char *nbuf, 
uint32_t type,
- 
-                               cname = (unsigned char *)
-                                   &nbuf[doff + prpsoffsets(i)];
--                              for (cp = cname; *cp && isprint(*cp); cp++)
-+                              for (cp = cname; cp < nbuf + size && *cp
-+                                  && isprint(*cp); cp++)
-                                       continue;
-                               /*
-                                * Linux apparently appends a space at the end
diff --git a/gnu/packages/patches/file-CVE-2019-18218.patch 
b/gnu/packages/patches/file-CVE-2019-18218.patch
new file mode 100644
index 0000000..2106982
--- /dev/null
+++ b/gnu/packages/patches/file-CVE-2019-18218.patch
@@ -0,0 +1,55 @@
+Fix CVE-2019-18218:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218
+
+Patch copied from upstream source repository:
+
+https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
+
+From 46a8443f76cec4b41ec736eca396984c74664f84 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <address@hidden>
+Date: Mon, 26 Aug 2019 14:31:39 +0000
+Subject: [PATCH] Limit the number of elements in a vector (found by oss-fuzz)
+
+---
+ src/cdf.c | 9 ++++-----
+ src/cdf.h | 1 +
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/cdf.c b/src/cdf.c
+index 9d6396742..bb81d6374 100644
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -1027,8 +1027,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const 
cdf_header_t *h,
+                               goto out;
+                       }
+                       nelements = CDF_GETUINT32(q, 1);
+-                      if (nelements == 0) {
+-                              DPRINTF(("CDF_VECTOR with nelements == 0\n"));
++                      if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
++                              DPRINTF(("CDF_VECTOR with nelements == %"
++                                  SIZE_T_FORMAT "u\n", nelements));
+                               goto out;
+                       }
+                       slen = 2;
+@@ -1070,8 +1071,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const 
cdf_header_t *h,
+                                       goto out;
+                               inp += nelem;
+                       }
+-                      DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
+-                          nelements));
+                       for (j = 0; j < nelements && i < sh.sh_properties;
+                           j++, i++)
+                       {
+diff --git a/src/cdf.h b/src/cdf.h
+index 2f7e554b7..05056668f 100644
+--- a/src/cdf.h
++++ b/src/cdf.h
+@@ -48,6 +48,7 @@
+ typedef int32_t cdf_secid_t;
+ 
+ #define CDF_LOOP_LIMIT                                        10000
++#define CDF_ELEMENT_LIMIT                             100000
+ 
+ #define CDF_SECID_NULL                                        0
+ #define CDF_SECID_FREE                                        -1



reply via email to

[Prev in Thread] Current Thread [Next in Thread]